https://github.com/M1k0er/SSRF-SCAN

一款被动扫描ssrf的burpsuite插件
https://github.com/M1k0er/SSRF-SCAN

Last synced: about 1 month ago
JSON representation

一款被动扫描ssrf的burpsuite插件

• Host: GitHub
• URL: https://github.com/M1k0er/SSRF-SCAN
• Owner: M1k0er
• Created: 2022-12-13T15:05:39.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2022-12-30T06:01:36.000Z (over 1 year ago)
• Last Synced: 2024-05-13T19:32:13.212Z (4 months ago)
• Language: Java
• Size: 3.67 MB
• Stars: 20
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - M1k0er/SSRF-SCAN - 一款被动扫描ssrf的burpsuite插件 (Java)

README

        
# 描述

SSRF-SCAN是一款被动式扫描ssrf的burpsuite插件，通过eyes.sh来探测是否对外发起请求。

# 如何使用

首先需要在eyes.sh在注册一个账号，并获取你的token和请求地址

![](https://pingo78.oss-cn-hangzhou.aliyuncs.com/images/image-20221213223910640.png)

- git clone https://github.com/M1k0er/SSRF-SCAN.git

- mvn package

- 下载插件包并编译成jar包后，在burpsuite上安装

  ![](https://pingo78.oss-cn-hangzhou.aliyuncs.com/images/image-20221213224745638.png)

- 配置第一步请求地址和token

  ![](https://pingo78.oss-cn-hangzhou.aliyuncs.com/images/image-20221213224849157.png)

# 扫描效果

![](https://pingo78.oss-cn-hangzhou.aliyuncs.com/images/image-20221213225331848.png)