Projects in Awesome Lists tagged with ssrf
A curated list of projects in awesome lists tagged with ssrf .
https://github.com/nahamsec/resources-for-beginner-bug-bounty-hunters
A list of resources for those interested in getting started in bug bounties
bug-bounty bug-bounty-hunters bugbounty education hackers hacking learn2hack pentest ssrf web-security xss
Last synced: 25 Mar 2025
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
A list of resources for those interested in getting started in bug bounties
bug-bounty bug-bounty-hunters bugbounty education hackers hacking learn2hack pentest ssrf web-security xss
Last synced: 28 Mar 2025
https://github.com/swisskyrepo/ssrfmap
Automatic SSRF fuzzer and exploitation tool
ctf exploitation hacktoberfest pentest server-side-request-forgery ssrf ssrfmap vulnerability
Last synced: 23 Apr 2025
https://github.com/swisskyrepo/SSRFmap
Automatic SSRF fuzzer and exploitation tool
ctf exploitation hacktoberfest pentest server-side-request-forgery ssrf ssrfmap vulnerability
Last synced: 02 Apr 2025
https://github.com/tarunkant/gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
fastcgi github-rce gopher memcache mysql postgresql rce redis smtp ssrf zabbix
Last synced: 15 May 2025
https://github.com/tarunkant/Gopherus
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
fastcgi github-rce gopher memcache mysql postgresql rce redis smtp ssrf zabbix
Last synced: 02 Apr 2025
https://github.com/cujanovic/ssrf-testing
SSRF (Server Side Request Forgery) testing resources
pentest pentest-tool pentesting server-side-request-forgery ssrf
Last synced: 02 Apr 2025
https://github.com/cujanovic/SSRF-Testing
SSRF (Server Side Request Forgery) testing resources
pentest pentest-tool pentesting server-side-request-forgery ssrf
Last synced: 13 Mar 2025
https://github.com/incredibleindishell/ssrf_vulnerable_lab
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
attack exploitation hacking lab server-side-request-forgery ssrf web-security
Last synced: 02 Apr 2025
https://github.com/incredibleindishell/SSRF_Vulnerable_Lab
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
attack exploitation hacking lab server-side-request-forgery ssrf web-security
Last synced: 22 Apr 2025
https://github.com/YagamiiLight/Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
bypass hacking-tool middleware penetration-testing proxy python security-tools sql-injection ssrf waf websecurity xss
Last synced: 15 May 2025
https://github.com/dliv3/redis-rogue-server
Redis 4.x/5.x RCE
rce redis redis-rogue-server redis-unauthorized-access remote-code-execution ssrf
Last synced: 05 Apr 2025
https://github.com/Dliv3/redis-rogue-server
Redis 4.x/5.x RCE
rce redis redis-rogue-server redis-unauthorized-access remote-code-execution ssrf
Last synced: 11 Jul 2025
https://github.com/Li4n0/revsuit
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
bug-bounty dnslog oob out-of-band pentest-tool rce reverse-connection ssrf xxe
Last synced: 11 Jul 2025
https://github.com/chennqqi/godnslog
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
dnslog rce rfi ssrf vulnerability webscan xss xxe
Last synced: 05 Apr 2025
https://github.com/bcoles/ssrf_proxy
SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
Last synced: 13 Apr 2025
https://github.com/tangxiaofeng7/SecExample
JAVA 漏洞靶场 (Vulnerability Environment For Java)
cors csrf docker fastjson java rce springboot sqlinjection ssrf vulnerability xss-vulnerability
Last synced: 11 Jul 2025
https://github.com/pikpikcu/XRCross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
bugbounty bugbounty-tool check-subdomains cors cors-scanner lfi rce recon scanners sqli ssrf subdomain-enumeration takeover-subdomain xss-scanner xss-vulnerability
Last synced: 12 Jul 2025
https://github.com/teknogeek/ssrf-sheriff
A simple SSRF-testing sheriff written in Go
Last synced: 02 Apr 2025
https://github.com/mindpatch/lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
blindssrf bruteforce bugbounty fuzzing hacking penetration-testing pentesting rust ssrf websecurity
Last synced: 06 Apr 2025
https://github.com/MindPatch/lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
blindssrf bruteforce bugbounty fuzzing hacking penetration-testing pentesting rust ssrf websecurity
Last synced: 02 Apr 2025
https://github.com/Tr3jer/dnsAutoRebinding
ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6
Last synced: 15 May 2025
https://github.com/ryandamour/ssrfuzz
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities
Last synced: 11 Jul 2025
https://github.com/herwonowr/exprolog
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
cve-2021-26855 cve-2021-27065 microsoft-exchange microsoft-exchange-proxylogon poc proxylogon rce ssrf
Last synced: 25 Jul 2025
https://github.com/dwisiswant0/proxylogscan
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).
cve-2021-26855 cve-2021-27065 microsoft-exchange microsoft-exchange-proxylogon microsoft-exchange-server proxylogon ssrf
Last synced: 23 Jul 2025
https://github.com/0xAwali/Blind-SSRF
Nuclei Templates to reproduce Cracking the lens's Research
blindssrf bugbounty nuclei nuclei-templates ssrf web-security
Last synced: 11 Jul 2025
https://github.com/doyensec/safeurl
A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.
Last synced: 29 Apr 2025
https://github.com/terjanq/flag-capture
Solutions and write-ups from security-based competitions also known as Capture The Flag competition
capture-the-flag competition csrf css-injection ctf sql-injection ssrf web xss-injection
Last synced: 12 Oct 2025
https://github.com/kljunowsky/CVE-2022-41040-POC
CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server
bug-bounty bugbounty cve-2022-41040 exploit hacking microsoft microsoft-exchange poc proof-of-concept security ssrf
Last synced: 12 Jul 2025
https://github.com/arkadiyt/ssrf_filter
A ruby gem for defending against Server Side Request Forgery (SSRF) attacks
gem ruby server-side-request-forgery ssrf
Last synced: 15 May 2025
https://github.com/assetnote/jira-mobile-ssrf-exploit
Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
cve-2022-26135 exploit jira ssrf
Last synced: 24 Jul 2025
https://github.com/al1ex/cve-2020-36179
CVE-2020-36179~82 Jackson-databind SSRF&RCE
cve-2020-36179 jackson-databind rce ssrf
Last synced: 18 Mar 2025
https://github.com/Al1ex/CVE-2020-36179
CVE-2020-36179~82 Jackson-databind SSRF&RCE
cve-2020-36179 jackson-databind rce ssrf
Last synced: 11 Jul 2025
https://github.com/aigptcode/ai-security-url
functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.
hacking kali python sqlinjection ssrf url webdevelopment xss
Last synced: 11 Apr 2025
https://github.com/dreadlocked/ssrfmap
Simple Server Side Request Forgery services enumeration tool.
bug-bounty enumeration map pentesting ssrf
Last synced: 08 Jul 2025
https://github.com/MindPatch/hacking-lab
Small Vulnerable Web App
bugbounty cmdinjection flask hackable hacking-lab openredirect python sqlinjection ssrf ssti uploadfile xss
Last synced: 11 Jul 2025
https://github.com/mindpatch/hacking-lab
Small Vulnerable Web App
bugbounty cmdinjection flask hackable hacking-lab openredirect python sqlinjection ssrf ssti uploadfile xss
Last synced: 21 Jun 2025
https://github.com/hanover-computing/got-ssrf
Protect untrusted requests from SSRF
client got http http-client https https-client https-proxy javascript nodejs npm-package security ssrf
Last synced: 05 Apr 2025
https://github.com/R0X4R/ssrf-tool
An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.
bugbounty bugbounty-tool bugbountytips go ssrf ssrf-tool tools
Last synced: 11 Jul 2025
https://github.com/e1abrador/Burp-Encode-IP
Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.
bugbounty bugbounty-tool bugbountytips bypass open-redirect red-team red-team-tools ssrf
Last synced: 13 May 2025
https://github.com/junnlikestea/bulkssrf
Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.
async bugbounty-tool rust ssrf tokio-rs
Last synced: 12 Jul 2025
https://github.com/mtk911/khata
WebHook for Red Team
hacking hacking-tool hackingtool loganalyzer logger logger-interface logging offensive-security pentest pentesting pentesting-tools php ssrf vulnerability vulnerability-assessment webhook webhook-receiver webhooks xss xss-scanner
Last synced: 28 Apr 2025
https://github.com/astteam/ssrf
《深入理解WEB漏洞之SSRF漏洞》Server-Side Request Forgery.
Last synced: 22 Feb 2025
https://github.com/paulveillard/cybersecurity-ssrf
An ongoing & curated collection of awesome web vulnerability - Server-side request forgery software practices and remediation, libraries and frameworks, best guidelines and technical resources about SSRF
cybersecurity mitigation remediation security security-tools server-side server-side-request-forgery ssrf vulnerabilities vulnerability vulnerability-assessment vulnerability-detection vulnerability-management
Last synced: 08 Oct 2025
https://github.com/4xyy/ai-vuln-scanner
An AI-powered web application vulnerability scanner that automates the detection of common security flaws and provides AI-driven insights for impact assessment and remediation suggestions.
ai automation csrf cybersecurity machine-learning penetration-testing python security-tools sql-injection ssrf vulnerability-scanning web-security xss
Last synced: 30 Apr 2025
https://github.com/byt3n33dl3/ronin
🔱 Ronin the Shogun, WebApp parameter analysis and fuzzer for XSS and SSRF.
crlf cross-site-request-forgery cross-site-scripting injection-attacks ronin ssrf xss
Last synced: 12 Oct 2025
https://github.com/al1ex/cve-2021-21975
CVE-2021-21975 vRealize Operations Manager SSRF
cve-2021-21975 ssrf vrealize-operations-manager
Last synced: 29 Jun 2025
https://github.com/hanover-computing/canonicize-url
Get a stable, canonical version of any URL, with DNS and HTTPS checks, redirects, tracker stripping, and canonical link extraction!
amp canonical canonical-urls compare-urls javascript normalize-url npm-package privacy sanitize-url ssrf tracker tracking url-normalization
Last synced: 28 Jul 2025
https://github.com/entr0pie/cve-2023-27163
Proof-of-Concept for Server Side Request Forgery (SSRF) in request-baskets (<= v.1.2.1)
cybersecurity exploit go golang poc python3 request-baskets server-side-request-forgery ssrf
Last synced: 27 Apr 2025
https://github.com/tirkarthi/clj-http-ssrf
A clj-http middleware to prevent SSRF attacks
clj-http-middleware clojure ssrf
Last synced: 11 Sep 2025
https://github.com/boloto1979/code-sentinel
The project is a Python Code Sentinel that scans code files for potential security vulnerabilities. The goal is to identify suspicious patterns in the code that could indicate the presence of vulnerabilities.
csrf cybersecurity python sql sqlinjection ssrf xss xss-vulnerability
Last synced: 11 Apr 2025
https://github.com/hupe1980/gopherfy
Tool to generate gopher links for exploiting SSRF
exploit fastcgi gopher http mysql postgresql smtp ssrf
Last synced: 06 Jul 2025
https://github.com/j0k3r/httplug-ssrf-plugin
Server-Side Request Forgery (SSRF) protection plugin for HTTPlug
httplug php plugin server-side-request-forgery ssrf
Last synced: 23 Mar 2025
https://github.com/adeadfed/vulnapp-simple-ssrf
Simple SSRF app on Python Flask
cybersecurity hacking lab ssrf vulnerability
Last synced: 20 Feb 2025
https://github.com/elmigranto/safe-http-client
Drop-in replacemnet for `request` to protect from SSRF and similar attacks.
http-client javascript request safety ssrf
Last synced: 12 Aug 2025
https://github.com/vulnpire/replfuzz
Scan URLs for vulnerabilities by injecting custom payloads into parameters
fuzzing lfi open-redir parameters rce ssrf xss
Last synced: 03 Mar 2025
https://github.com/wh1t3fox/ssrf.page
SSRF Testing
security security-tools ssrf ssrf-payload ssrf-tool
Last synced: 24 Mar 2025
https://github.com/greenpixels/node-ssrf-example
Showcases the dangers of requesting URLs from user input
http http-server nodejs security ssrf
Last synced: 27 Feb 2025
https://github.com/0xsyr0/havoc-c2-ssrf-rce-exploit
Merged exploit to abuse SSRF for delivering RCE through websockets.
havoc havoc-framework havoc2 poc proof-of-concept rce remote-code-execution server-side-request-forgery ssrf websockets
Last synced: 10 Jun 2025
https://github.com/mccutchen/safedialer
A golang net.Dialer control function that allows only safe network connections
golang http networking security ssrf
Last synced: 14 Jul 2025
https://github.com/refiaa/sqli-xss-exploit_python
SQLi・XSS・SSRF just for study
csrf python sqli sqlinjection ssrf xss
Last synced: 10 Apr 2025
https://github.com/zaczero/httpx-secure
Drop-in SSRF protection for httpx
dns-cache httpx security server-side-request-forgery ssrf web-security
Last synced: 09 Sep 2025
https://github.com/9dl/whoareyou
Multi-functional Vulnerability Testing Tool in C#
lfi payload-generator payloads rfi ssrf vuln vulnerability-scanners xss
Last synced: 02 Apr 2025
