Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps with 1VCPU and 2GB ram. Tools used – You must need to install these tools to use this script SubFinderRead More

SSRF Sheriff – A Simple SSRF-testing Sheriff Written In Go

This is an SSRF testing sheriff written in Go. It was originally created for the Uber H1-4420 2019 London Live Hacking Event, but it is now being open-sourced for other organizations to implement and contribute back to.Features Repsond to any HTTP method (GET, POST, PUT, DELETE, etc.) Configurable secret token (see base.example.yaml) Content-specific responses WithRead More

Extended-SSRF-Search – Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get…

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters). First stepRename to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp collaborator. Then you can add your urls to config/url-to-test.txt. Here the script acceptsRead More

See-SURF – Python Based Scanner To Find Potential SSRF Parameters

A Python based scanner to find potential SSRF parameters in a web application. Motivation SSRF being one of the critical vulnerabilities out there in web, I see there was no tool which would automate finding potential vulnerable parameters. See-SURF can be added to your arsenal for recon while doing bug hunting/web security testing. Tech/framework usedBuiltRead More