ssrf
There are 147 repositories under ssrf topic.
nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
reddelexc/hackerone-reports
Top disclosed reports from HackerOne
swisskyrepo/SSRFmap
Automatic SSRF fuzzer and exploitation tool
tarunkant/Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
cujanovic/SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
JoyChou93/java-sec-code
Java web common vulnerabilities and security code which is base on springboot and spring security
cn-panda/JavaCodeAudit
Getting started with java code auditing 代码审计入门的小项目
incredibleindishell/SSRF_Vulnerable_Lab
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
YagamiiLight/Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
luisfontes19/xxexploiter
Tool to help exploit XXE vulnerabilities
Li4n0/revsuit
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
Dliv3/redis-rogue-server
Redis 4.x/5.x RCE
chennqqi/godnslog
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
bcoles/ssrf_proxy
SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
tangxiaofeng7/SecExample
JAVA 漏洞靶场 (Vulnerability Environment For Java)
sqlsec/ssrf-vuls
国光的手把手带你用 SSRF 打穿内网靶场源码
pikpikcu/XRCross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Th0h0/autossrf
Smart context-based SSRF vulnerability scanner.
teknogeek/ssrf-sheriff
A simple SSRF-testing sheriff written in Go
knassar702/lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
Tr3jer/dnsAutoRebinding
ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6
dragonked2/Egyscan
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
ImAyrix/fallparams
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
random-robbie/Jira-Scan
CVE-2017-9506 - SSRF
ryandamour/ssrfuzz
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities
herwonowr/exprolog
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
dwisiswant0/proxylogscan
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
storenth/lazyrecon
Wicked sick v2.0 script is intended to automate your reconnaissance process in an organized fashion.
0xAwali/Blind-SSRF
Nuclei Templates to reproduce Cracking the lens's Research
BitTheByte/Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
blackhatethicalhacking/SSRFPwned
Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF
terjanq/Flag-Capture
Solutions and write-ups from security-based competitions also known as Capture The Flag competition
kljunowsky/CVE-2022-41040-POC
CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server
doyensec/safeurl
A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
assetnote/jira-mobile-ssrf-exploit
Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
Al1ex/CVE-2020-36179
CVE-2020-36179~82 Jackson-databind SSRF&RCE