SSRF Vulnerability Testing Tools
Identify and analyze server-side request forgery flaws using specialized security scanning and exploitation frameworks.
SSRF Vulnerability Testing Tools
Find the best repos with AI.We'll search the best matching repositories with AI.
- ffuf/ffuf
ffuf/ffuf
15,618View on GitHubThis tool is a command-line utility designed for automated web resource discovery, fuzzing, and application structure mapping. It functions as a security-focused scanner that identifies hidden files, directories, parameters, and virtual hosts by injecting payloads into HTTP requests. By systematically testing how servers handle various inputs, it assists in mapping the architecture of web applications and uncovering potential security vulnerabilities. The tool distinguishes itself through a highly concurrent engine that manages asynchronous request execution and recursive job orchestration. I
This is a general-purpose web fuzzer used for discovery and parameter testing, which can be configured to probe for SSRF but lacks the specialized payload generation and out-of-band monitoring features required for a dedicated SSRF exploitation tool.
GoAutomated Security ScannersHTTP Request CustomizationHTTP Request Utilities - projectdiscovery/nuclei
projectdiscovery/nuclei
29,189View on GitHubNuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ
Nuclei is a versatile, template-driven security scanning framework that can be configured with custom templates to perform SSRF payload generation, request manipulation, and out-of-band monitoring, making it a powerful tool for identifying SSRF vulnerabilities despite being a general-purpose scanner rather than an SSRF-exclusive utility.
GoAutomated Security ScannersVulnerability Assessment Frameworks - daeken/httprebind
daeken/httprebind
Automatic tool for DNS rebinding-based SSRF attacks
This tool automates DNS rebinding attacks to facilitate SSRF exploitation, providing a specialized approach to request manipulation and vulnerability testing that aligns with your security testing needs.
PythonServer Side Request Forgery - knassar702/lorsrf
knassar702/lorsrf
Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:
This is a command-line tool specifically built to identify parameters susceptible to SSRF and out-of-band resource loading, making it a focused utility for the requested security testing category.
RustServer Side Request Forgery - damian89/extended-ssrf-search
Damian89/extended-ssrf-search
Smart ssrf scanner using different methods like parameter brute forcing in post and get...
This tool is a dedicated SSRF scanner that automates parameter brute-forcing and request manipulation to identify vulnerabilities, fitting the core requirements of the category.
PythonServer Side Request Forgery - jacobreynolds/ssrfdetector
JacobReynolds/ssrfDetector
Server-side request forgery detector
This tool is specifically designed to detect Server-Side Request Forgery vulnerabilities, providing a focused utility for identifying and analyzing these flaws in web applications.
JavaScriptServer Side Request Forgery - assetnote/surf
assetnote/surf
Escalate your SSRF vulnerabilities on Modern Cloud Environments. surf allows you to filter a list of hosts, returning a list of viable SSRF candidates.
This tool is specifically designed to identify and escalate SSRF vulnerabilities in cloud environments by filtering hosts for potential exploitation, making it a focused utility for your security testing workflow.
GoServer Side Request Forgery - jobertabma/ground-control
jobertabma/ground-control
A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.
This repository provides a collection of scripts specifically designed for debugging and testing SSRF vulnerabilities, serving as a functional tool for identifying and analyzing these flaws.
RubyServer Side Request Forgery - micha3lb3n/ssrfire
micha3lb3n/SSRFire
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
This tool automates the discovery of SSRF vulnerabilities by generating payloads and testing domains, serving as a direct utility for identifying these flaws even though it lacks some of the more advanced request manipulation or cloud-specific exploitation features.
ShellServer Side Request Forgery
