An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters. Requirements: Go Language, Python 2.7 or Python 3. System requirements: Recommended to run on vps with 1VCPU and 2GB ram. Tools used – You must need to install these tools to use this script SubFinderRead More
This is an SSRF testing sheriff written in Go. It was originally created for the Uber H1-4420 2019 London Live Hacking Event, but it is now being open-sourced for other organizations to implement and contribute back to.Features Repsond to any HTTP method (GET, POST, PUT, DELETE, etc.) Configurable secret token (see base.example.yaml) Content-specific responses WithRead More
This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters). First stepRename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp collaborator. Then you can add your urls to config/url-to-test.txt. Here the script acceptsRead More
A Python based scanner to find potential SSRF parameters in a web application. Motivation SSRF being one of the critical vulnerabilities out there in web, I see there was no tool which would automate finding potential vulnerable parameters. See-SURF can be added to your arsenal for recon while doing bug hunting/web security testing. Tech/framework usedBuiltRead More
