Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fguisso/doryl-site-check
Just another vulnerable app. A Golang webapp that contains an example of a SSRF(Server Side Request Forgery) vulnerability and its main goal is to describe how a malicious user could exploit it.
https://github.com/fguisso/doryl-site-check
goat hacktoberfest hacktoberfest-accepted security vulnerable
Last synced: 1 day ago
JSON representation
Just another vulnerable app. A Golang webapp that contains an example of a SSRF(Server Side Request Forgery) vulnerability and its main goal is to describe how a malicious user could exploit it.
- Host: GitHub
- URL: https://github.com/fguisso/doryl-site-check
- Owner: fguisso
- Created: 2022-03-25T19:39:06.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2024-08-30T17:24:30.000Z (4 months ago)
- Last Synced: 2024-12-07T01:24:31.120Z (29 days ago)
- Topics: goat, hacktoberfest, hacktoberfest-accepted, security, vulnerable
- Language: HTML
- Homepage:
- Size: 22.5 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Doryl site-check
![image](https://user-images.githubusercontent.com/5755568/160461196-3803a87c-1768-473f-8383-692c4a16ebd4.png)
This is a simple Golang webapp that contains an example of a SSRF(Server Side Request Forgery) vulnerability and its main goal is to describe how a malicious user could exploit it.## What is SSRF?
*from ![PortSwigger Academy](https://portswigger.net/web-security/ssrf).*Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.
In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization's infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data such as authorization credentials.
## What is the impact of SSRF attacks?
A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution.
An SSRF exploit that causes connections to external third-party systems might result in malicious onward attacks that appear to originate from the organization hosting the vulnerable application.
## Setup
Require ![Docker](https://docs.docker.com/get-docker/)
```bash
git clone https://github.com/fguisso/doryl-site-check
cd doryl-site-check
docker build --tag doryl .# Running
docker run --rm -p 8080:8080 --name doryl -e PORT=8080 -e INTERNAL_PORT=3000 doryl
```
`PORT`: doryl webapp port.
`INTERNAL_PORT`: documents internal server port.Click here to access the running app: http://localhost:8080/