#Ssrf
Showing 31 of 31 repositories tagged #ssrf, ranked by stars
A list of resources for those interested in getting started in bug bounties
Top disclosed reports from HackerOne
Automatic SSRF fuzzer and exploitation tool
Java web common vulnerabilities and security code which is base on springboot and spring security
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
Open-source AI agent firewall for MCP security and agent egress. Scans mediated HTTP, MCP, A2A, and WebSocket traffic for exfiltration, SSRF, and prompt injection, and emits mediator-signed action receipts: verifiable audit evidence from outside the agent.
156 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with browser fingerprint evasion, anti-bot bypass, hardcoded credential hunting, SCADA/ICS enumeration.
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
JAVA 漏洞靶场 (Vulnerability Environment For Java)
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
Smart context-based SSRF vulnerability scanner.
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Solutions and write-ups from security-based competitions also known as Capture The Flag competition
functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server
HTTP client with built-in SSRF protection, compatible with Tesla and HTTPoison
A Complete SSRF (Server Side Request Forgery) Scanner.
A comprehensive browser extension designed for authorized security testing and penetration testing activities. CyberInject provides quick access to common security payloads across multiple vulnerability categories.
ParamX is a tool designed to extract and categorize interesting subdomains and parameters from URLs.
An AI-powered web application vulnerability scanner that automates the detection of common security flaws and provides AI-driven insights for impact assessment and remediation suggestions.
Proof-of-Concept for Server Side Request Forgery (SSRF) in request-baskets (<= v.1.2.1)
CatchClaw v5.3.0 — 多平台 AI Agent 安全评估工具,支持 OpenClaw / Dify / FastGPT / LobeChat / NextChat / AnythingLLM / Flowise / RagFlow 等 9 大平台。78 条 DAG 攻击链 | 78 个 Exploit 模块 | ATT&CK 阶段映射 | 多平台指纹识别 | Async Tokio 引擎 | 攻击图可视化
WebHook for Red Team
An ongoing & curated collection of awesome web vulnerability - Server-side request forgery software practices and remediation, libraries and frameworks, best guidelines and technical resources about SSRF
This Lab contain the sample codes Basic Labs related to Server-Side Request Forgery attack
CTF programs and writeups
🎯 VISTA — AI-Powered Security Testing Assistant for Burp Suite. Real-time traffic analysis, 12 expert vulnerability templates, 80+ payloads, WAF detection & bypass. Supports OpenAI, Azure, and OpenRouter (FREE). Zero dependencies.
Example exploitable scenarios for CVE-2024-22243 affecting the Spring framework (open redirect & SSRF).