#Ssrf

Showing 31 of 31 repositories tagged #ssrf, ranked by stars

nahamsec
nahamsec
Resources-for-Beginner-Bug-Bounty-Hunters

A list of resources for those interested in getting started in bug bounties

Score
100
★ 12.1k ⑂ 2.0k +7/day
reddelexc
reddelexc
hackerone-reports

Top disclosed reports from HackerOne

Score
100
★ 6.3k ⑂ 1.1k +14/day
Python
swisskyrepo
swisskyrepo
SSRFmap

Automatic SSRF fuzzer and exploitation tool

Score
92
★ 3.6k ⑂ 570 +4/day
Python
JoyChou93
JoyChou93
java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

Score
88
★ 2.7k ⑂ 754
Java
incredibleindishell
incredibleindishell
SSRF_Vulnerable_Lab

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

Score
80
★ 780 ⑂ 238
PHP
luckyPipewrench
luckyPipewrench
pipelock

Open-source AI agent firewall for MCP security and agent egress. Scans mediated HTTP, MCP, A2A, and WebSocket traffic for exfiltration, SSRF, and prompt injection, and emits mediator-signed action receipts: verifiable audit evidence from outside the agent.

Score
0
★ 751 ⑂ 87 +1/day
Go
uphiago
uphiago
recon-skills

156 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with browser fingerprint evasion, anti-bot bypass, hardcoded credential hunting, SCADA/ICS enumeration.

Score
96
★ 723 ⑂ 138 +146/day
Python
YagamiiLight
YagamiiLight
Cerberus

一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Score
76
★ 647 ⑂ 129
Python
tangxiaofeng7
tangxiaofeng7
SecExample

JAVA 漏洞靶场 (Vulnerability Environment For Java)

Score
0
★ 483 ⑂ 112
HTML
ImAyrix
ImAyrix
fallparams

Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

Score
72
★ 433 ⑂ 53
Go
Th0h0
Th0h0
autossrf

Smart context-based SSRF vulnerability scanner.

Score
50
★ 364 ⑂ 43
Python
dragonked2
dragonked2
Egyscan

Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

Score
84
★ 301 ⑂ 60
Python
MindPatch
MindPatch
lorsrf

Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:

Score
64
★ 297 ⑂ 45
Rust
blackhatethicalhacking
blackhatethicalhacking
SSRFPwned

Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF

Score
44
★ 133 ⑂ 26
Shell
BitTheByte
BitTheByte
Eagle

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Score
52
★ 128 ⑂ 36
Python
terjanq
terjanq
Flag-Capture

Solutions and write-ups from security-based competitions also known as Capture The Flag competition

Score
40
★ 105 ⑂ 15
HTML
AiGptCode
AiGptCode
Ai-Security-URL

functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.

Score
0
★ 93 ⑂ 16
Python
kljunowsky
kljunowsky
CVE-2022-41040-POC

CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server

Score
32
★ 91 ⑂ 12
Python
slab
slab
safeurl-elixir

HTTP client with built-in SSRF protection, compatible with Tesla and HTTPoison

Score
28
★ 72 ⑂ 2
Elixir
Dancas93
Dancas93
SSRF-Scanner

A Complete SSRF (Server Side Request Forgery) Scanner.

Score
56
★ 40 ⑂ 11
Python
CyberNilsen
CyberNilsen
CyberInject

A comprehensive browser extension designed for authorized security testing and penetration testing activities. CyberInject provides quick access to common security payloads across multiple vulnerability categories.

Score
68
★ 36 ⑂ 5 +5/day
HTML
cyinnove
cyinnove
paramx

ParamX is a tool designed to extract and categorize interesting subdomains and parameters from URLs.

Score
36
★ 33 ⑂ 9
Go
4xyy
4xyy
AI-Vuln-Scanner

An AI-powered web application vulnerability scanner that automates the detection of common security flaws and provides AI-driven insights for impact assessment and remediation suggestions.

Score
24
★ 32 ⑂ 9
Python
entr0pie
entr0pie
CVE-2023-27163

Proof-of-Concept for Server Side Request Forgery (SSRF) in request-baskets (<= v.1.2.1)

Score
20
★ 31 ⑂ 5
Shell
Coff0xc
Coff0xc
catchclaw

CatchClaw v5.3.0 — 多平台 AI Agent 安全评估工具,支持 OpenClaw / Dify / FastGPT / LobeChat / NextChat / AnythingLLM / Flowise / RagFlow 等 9 大平台。78 条 DAG 攻击链 | 78 个 Exploit 模块 | ATT&CK 阶段映射 | 多平台指纹识别 | Async Tokio 引擎 | 攻击图可视化

Score
60
★ 28 ⑂ 5
Rust
MTK911
MTK911
KHATA

WebHook for Red Team

Score
16
★ 26 ⑂ 7
PHP
paulveillard
paulveillard
cybersecurity-ssrf

An ongoing & curated collection of awesome web vulnerability - Server-side request forgery software practices and remediation, libraries and frameworks, best guidelines and technical resources about SSRF

Score
12
★ 25 ⑂ 5
Python
Captain-K-101
Captain-K-101
Ssrf-labs

This Lab contain the sample codes Basic Labs related to Server-Side Request Forgery attack

Score
4
★ 22 ⑂ 2
Hack
ryan-cd
ryan-cd
ctf

CTF programs and writeups

Score
8
★ 20 ⑂ 4
Python
Adw0rm-sec
Adw0rm-sec
VISTA

🎯 VISTA — AI-Powered Security Testing Assistant for Burp Suite. Real-time traffic analysis, 12 expert vulnerability templates, 80+ payloads, WAF detection & bypass. Supports OpenAI, Azure, and OpenRouter (FREE). Zero dependencies.

Score
48
★ 17 ⑂ 2
Java
SeanPesce
SeanPesce
CVE-2024-22243

Example exploitable scenarios for CVE-2024-22243 affecting the Spring framework (open redirect & SSRF).

Score
0
★ 13 ⑂ 2
Java
Related Topics
#xss#bugbounty#hacking#penetration-testing#security-tools#web-security#rce#security#sql-injection#server-side-request-forgery#vulnerability#python

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly