ssrf

There are 147 repositories under ssrf topic.

  • nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

    A list of resources for those interested in getting started in bug bounties

    10.3k569261.9k

  • reddelexc/hackerone-reports

    Top disclosed reports from HackerOne

    Language:Python3.3k1359628

  • swisskyrepo/SSRFmap

    Automatic SSRF fuzzer and exploitation tool

    Language:Python2.8k5823495

  • tarunkant/Gopherus

    This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

    Language:Python2.7k2213359

  • cujanovic/SSRF-Testing

    SSRF (Server Side Request Forgery) testing resources

    Language:Python2.3k741471

  • JoyChou93/java-sec-code

    Java web common vulnerabilities and security code which is base on springboot and spring security

    Language:Java2.3k4628622

  • cn-panda/JavaCodeAudit

    Getting started with java code auditing 代码审计入门的小项目

    Language:JavaScript850181116

  • incredibleindishell/SSRF_Vulnerable_Lab

    This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

    Language:PHP659195175

  • YagamiiLight/Cerberus

    一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

    Language:Python6401612130
  • xxexploiter

    luisfontes19/xxexploiter

    Tool to help exploit XXE vulnerabilities

    Language:TypeScript52514569

  • Li4n0/revsuit

    RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

    Language:Go49791961

  • Dliv3/redis-rogue-server

    Redis 4.x/5.x RCE

    Language:Python48870143

  • chennqqi/godnslog

    An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

    Language:Go46993575

  • bcoles/ssrf_proxy

    SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.

    Language:Ruby43110576

  • tangxiaofeng7/SecExample

    JAVA 漏洞靶场 (Vulnerability Environment For Java)

    Language:HTML413112100

  • sqlsec/ssrf-vuls

    国光的手把手带你用 SSRF 打穿内网靶场源码

    Language:PHP3384057

  • pikpikcu/XRCross

    XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

    Language:Shell32311970

  • Th0h0/autossrf

    Smart context-based SSRF vulnerability scanner.

    Language:Python3202440

  • teknogeek/ssrf-sheriff

    A simple SSRF-testing sheriff written in Go

    Language:Go30515261

  • knassar702/lorsrf

    Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:

    Language:Rust2845646

  • Tr3jer/dnsAutoRebinding

    ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6

    Language:Python2166148
  • Egyscan

    dragonked2/Egyscan

    Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

    Language:Python20831336

  • ImAyrix/fallparams

    Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

    Language:Go1852223

  • random-robbie/Jira-Scan

    CVE-2017-9506 - SSRF

    Language:Python1855044

  • ryandamour/ssrfuzz

    SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities

    Language:Go1806323

  • herwonowr/exprolog

    ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

    Language:Python1624541

  • dwisiswant0/proxylogscan

    A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

    Language:Go1559223

  • storenth/lazyrecon

    Wicked sick v2.0 script is intended to automate your reconnaissance process in an organized fashion.

    Language:Shell1393247

  • 0xAwali/Blind-SSRF

    Nuclei Templates to reproduce Cracking the lens's Research

    1234020

  • BitTheByte/Eagle

    Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

    Language:Python10511134

  • blackhatethicalhacking/SSRFPwned

    Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF

    Language:Shell992120

  • terjanq/Flag-Capture

    Solutions and write-ups from security-based competitions also known as Capture The Flag competition

    Language:HTML989014

  • kljunowsky/CVE-2022-41040-POC

    CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server

    Language:Python892513

  • doyensec/safeurl

    A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.

    Language:Go88438

  • assetnote/jira-mobile-ssrf-exploit

    Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)

    Language:Python876018

  • Al1ex/CVE-2020-36179

    CVE-2020-36179~82 Jackson-databind SSRF&RCE

    79329