Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/blackhatethicalhacking/ssrfpwned
Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF
https://github.com/blackhatethicalhacking/ssrfpwned
bugbounty hacking redteam ssrf ssrf-tool
Last synced: 4 days ago
JSON representation
Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF
- Host: GitHub
- URL: https://github.com/blackhatethicalhacking/ssrfpwned
- Owner: blackhatethicalhacking
- License: gpl-3.0
- Created: 2023-03-02T09:33:16.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-09-06T13:12:31.000Z (4 months ago)
- Last Synced: 2024-12-15T16:08:23.766Z (11 days ago)
- Topics: bugbounty, hacking, redteam, ssrf, ssrf-tool
- Language: Shell
- Homepage: https://www.blackhatethicalhacking.com
- Size: 61.5 KB
- Stars: 121
- Watchers: 2
- Forks: 23
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# BHEH's SSRFPwned
SSRFPwned is written by Chris "SaintDruG" Abou-Chabké from Black Hat Ethical Hacking and is designed for Offensive Security attacks.
Black Hat Ethical Hacking
# Description
SSRFPwned is a Penetration Testing and Bug Bounty Offensive Security Tool that automates the process of testing for Server Side Request Forgery (SSRF) vulnerabilities. SSRF is a type of vulnerability that allows attackers to make unauthorized requests to the internal resources of a server by manipulating user-supplied input. SSRFPwned automates the testing of thousands of URLs to identify potential SSRF vulnerabilities. It does this by injecting payloads into the query parameters of each URL and checking the response code to determine if a vulnerability exists. The Payloads are custom ones with multiple attack vectors, and you could also add more wordlists in case you want to even test for more, as it will copy the wordlist, merge them then start the attack.
# What Makes SSRFPwned Unique:
SSRFPwned is unique because it combines multiple sources for URL discovery, including the Wayback Machine, URLScan, and AlienVault. The tool is also highly customizable, allowing users to add their own payloads for testing specific types of SSRF vulnerabilities. Additionally, the tool is designed to be efficient and scalable, allowing users to test thousands of URLs at once. It is also special because of the way it filters the URLs based on using GF to specifically filter out with Regex only the ones that match the SSRF Pattern, but also cleaning the parameters from values so it can then inject it there. The way it checks also if it is vulnerable or not, checks also for reflected traces of the payload in the response and if it has 200 codes to give the result.
It is also Special well because you will:
# The Flow & Methodology
- Discovery - The tool begins by discovering URLs to test for SSRF vulnerabilities. It does this by using multiple sources including Wayback Machine, AlienVault, and URLScan.
- Filtering - The tool filters out URLs that are not relevant for testing SSRF vulnerabilities, such as image files or CSS files.
- It also greps using GF the patterns with Regex that matches the SSRF model and cleans the values of the parameters.
- Payload Injection - The tool then injects a variety of custom payloads into the query parameters of each URL. The payloads are designed to test for specific types of SSRF vulnerabilities.
- Testing - The tool tests each URL and payload combination by sending a request to the URL with the injected payload. It then checks the response code to determine if a vulnerability exists.
- Reporting - The tool generates a report of vulnerable URLs and the payloads that were successful in exploiting the vulnerability.
# Features:
- Automatic testing of thousands of URLs for SSRF vulnerabilities
- Supports multiple sources for URL discovery
- Automatic payload injection into query parameters of each URL
- Customizable payload list for testing specific types of SSRF vulnerabilities
- Supports HTTP and HTTPS protocols
- Provides detailed output including vulnerable URLs and payload used
- Saves results in an easily readable format for further analysis
# Expansion
Feel free to expand more Pocs, and integrate it, the idea is speed, and sending 1 curl, send a push!
# Requirements:
- waybackurls: This tool can be installed by running `go install github.com/tomnomnom/waybackurls@latest`
- cURL: This tool is commonly pre-installed on Kali Linux and Ubuntu, but can be installed by running `apt-get install curl` on Ubuntu or `brew install curl` on MacOS
- httpx: is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryable HTTP library. To install it: `go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest`
- lolcat: `pip install lolcat` for rainbow beauty
- gf: `go install -v github.com/tomnomnom/gf@latest`
# Installation
`git clone https://github.com/blackhatethicalhacking/SSRFPwned.git`
`cd SSRFPwned`
`chmod +x SSRFPwned.sh`
`./SSRFPwned.sh`
# Screenshot
# Compatibility:
This tool has been tested on Kali Linux, Ubuntu, and MacOS.
# Disclaimer
This tool is provided for educational and research purposes only. The author of this project is in no way responsible for any misuse of this tool.
We use it to test under NDA agreements with clients and their consents for pentesting purposes and we never encourage misuse or take responsibility for any damage caused!
BHEH Official Merch
Introducing our Merch Store, designed for the Offensive Security community. Explore a curated collection of apparel and drinkware, perfect for both professionals and enthusiasts. Our selection includes premium t-shirts, hoodies, and mugs, each featuring bold hacking-themed slogans and graphics that embody the spirit of red teaming and offensive security.
Hack with style and showcase your dedication to hacker culture with gear that’s as dynamic and resilient as you are. 😊
