Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/teknogeek/ssrf-sheriff

A simple SSRF-testing sheriff written in Go
https://github.com/teknogeek/ssrf-sheriff

bugbounty go ssrf

Last synced: 2 months ago
JSON representation

A simple SSRF-testing sheriff written in Go

Host: GitHub
URL: https://github.com/teknogeek/ssrf-sheriff
Owner: teknogeek
License: mit
Created: 2019-10-14T15:52:41.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2024-10-31T20:47:15.000Z (2 months ago)
Last Synced: 2024-10-31T21:27:58.506Z (2 months ago)
Topics: bugbounty, go, ssrf
Language: Go
Homepage:
Size: 7.81 KB
Stars: 314
Watchers: 15
Forks: 56
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

awesome-bugbounty-tools - ssrf-sheriff - A simple SSRF-testing sheriff written in Go (Exploitation / Server Side Request Forgery)
WebHackersWeapons - ssrf-sheriff - testing sheriff written in Go |![](https://img.shields.io/github/stars/teknogeek/ssrf-sheriff?label=%20)|[`ssrf`](/categorize/tags/ssrf.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| (Weapons / Tools)

README

# SSRF Sheriff

This is an SSRF testing sheriff written in Go. It was originally created for the [Uber H1-4420 2019 London Live Hacking Event](https://www.hackerone.com/blog/london-called-hackers-answered-recapping-h1-4420), but it is now being open-sourced for other organizations to implement and contribute back to.

## Features

- Respond to any HTTP method (`GET`, `POST`, `PUT`, `DELETE`, etc.)
- Configurable secret token (see [base.example.yaml](config/base.example.yaml))
- Content-specific responses
- With secret token in response body
- JSON
- XML
- HTML
- CSV
- TXT
- PNG
- JPEG
- Without token in response body
- GIF
- MP3
- MP4

## Usage

```bash
go get github.com/teknogeek/ssrf-sheriff
cd $GOPATH/src/github.com/teknogeek/ssrf-sheriff
cp config/base.example.yaml config/base.yaml

# ... configure ...

go run main.go
```

### Example Requests:

**Plaintext**
```
$ curl -sSD- http://127.0.0.1:8000/foobar
HTTP/1.1 200 OK
Content-Type: text/plain
X-Secret-Token: SUP3R_S3cret_1337_K3y
Date: Mon, 14 Oct 2019 16:37:36 GMT
Content-Length: 21

SUP3R_S3cret_1337_K3y
```

**XML**
```
$ curl -sSD- http://127.0.0.1:8000/foobar.xml
HTTP/1.1 200 OK
Content-Type: application/xml
X-Secret-Token: SUP3R_S3cret_1337_K3y
Date: Mon, 14 Oct 2019 16:37:41 GMT
Content-Length: 81

SUP3R_S3cret_1337_K3y
```

## TODO

- Dynamically generate valid responses with the secret token visible for
- GIF
- MP3
- MP4
- Secrets in HTTP response generated/created/signed per-request, instead of returning a single secret for all requests
- TLS support

## Credit

Inspired (and requested) by [Frans Rosén](https://twitter.com/fransrosen) during his [talk at BountyCon '19 Singapore](https://speakerdeck.com/fransrosen/live-hacking-like-a-mvh-a-walkthrough-on-methodology-and-strategies-to-win-big?slide=49)

-----

Released under the [MIT License](LICENSE.txt).