# SSRF Vulnerability Testing Tools > Search results for `exploit and analyze server-side request forgery flaws` on awesome-repositories.com. 107 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/exploit-and-analyze-server-side-request-forgery-flaws **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/exploit-and-analyze-server-side-request-forgery-flaws).** ## Results - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe - [1n3/sn1per](https://awesome-repositories.com/repository/1n3-sn1per.md) (10,049 ⭐) — Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan - [hackvertor/server-side-prototype-pollution](https://awesome-repositories.com/repository/hackvertor-server-side-prototype-pollution.md) (7 ⭐) — This extension identifies server side prototype pollution vulnerabilities, and requires Burp Suite v2021.9 or later. - [jetbrains/kotlin](https://awesome-repositories.com/repository/jetbrains-kotlin.md) (52,880 ⭐) — Kotlin is a statically typed, general-purpose programming language designed for type safety and concise syntax. It functions as a cross-platform development toolkit that enables the sharing of business logic across mobile, web, and server-side environments by compiling a unified intermediate representation into platform-specific machine code, bytecode, or source code. The project distinguishes itself through a multi-target build orchestration model that manages complex compilation units and hierarchical source sets. Developers can define common interface logic that is satisfied by platform-sp - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i - [47ng/nuqs](https://awesome-repositories.com/repository/47ng-nuqs.md) (10,591 ⭐) — nuqs is a TypeScript library for managing React component state through the browser's URL query string. It provides a type-safe hook-based approach that synchronizes component state with the address bar, enabling shareable and bookmarkable application states. The library handles parsing and serializing URL query parameters into typed JavaScript values, supporting integers, floats, booleans, dates, and custom types with bijectivity verification. The library distinguishes itself through its comprehensive approach to URL state management, combining batch URL updates that merge multiple parameter - [sevenwire/forgery](https://awesome-repositories.com/repository/sevenwire-forgery.md) (786 ⭐) — Easy and customizable generation of forged data. - [fuzzdb-project/fuzzdb](https://awesome-repositories.com/repository/fuzzdb-project-fuzzdb.md) (8,819 ⭐) — fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-s - [requests/requests](https://awesome-repositories.com/repository/requests-requests.md) (54,070 ⭐) — Requests is a simple, yet elegant, HTTP library. - [getgrav/grav](https://awesome-repositories.com/repository/getgrav-grav.md) (15,395 ⭐) — Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru - [daffainfo/allaboutbugbounty](https://awesome-repositories.com/repository/daffainfo-allaboutbugbounty.md) (6,644 ⭐) — AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co - [cursortouch/windows-mcp](https://awesome-repositories.com/repository/cursortouch-windows-mcp.md) (4,373 ⭐) — This is a Model Context Protocol server that exposes Windows desktop automation and system administration functions to large language models. It provides programmatic control of mouse, keyboard, windows, and UI elements on Windows through simulated user input, while also enabling LLMs to manage the Windows registry, processes, files, and execute PowerShell commands through a remote interface. The server supports multiple transport protocols including stdio, SSE, and streamable HTTP, allowing flexible integration with different language model clients. It implements OAuth 2.0 with PKCE for secu - [request/request](https://awesome-repositories.com/repository/request-request.md) (25,542 ⭐) — This is an HTTP client library used for sending and receiving network requests. It functions as an HTTP traffic replicator, a multipart form uploader, and an OAuth request signer, while also serving as an HTTP client capable of routing traffic through Unix domain sockets for local inter-process communication. The project distinguishes itself with the ability to import and parse HTTP Archive JSON files to reproduce recorded network traffic. It also provides cryptographic OAuth signing to secure API access using hashing algorithms and supports routing requests through Unix domain sockets using - [honojs/hono](https://awesome-repositories.com/repository/honojs-hono.md) (30,994 ⭐) — Hono is a lightweight web framework built on Web Standard APIs that executes across JavaScript runtimes including Cloudflare Workers, Deno, Bun, and Node.js. - [ibm/mcp-context-forge](https://awesome-repositories.com/repository/ibm-mcp-context-forge.md) (3,310 ⭐) — mcp-context-forge is a Model Context Protocol federation gateway that unifies diverse AI tool servers and APIs into a single consistent interface for discovery and execution. It acts as a centralized proxy that aggregates multiple servers and APIs, allowing AI agents to access and invoke a unified set of tools, prompts, and resources. The project distinguishes itself through a multi-protocol translation bridge that converts communication between standard I/O, SSE, gRPC, and REST to enable interoperability between disparate tool servers. It includes a comprehensive LLM evaluation framework for - [ant-design/ant-design](https://awesome-repositories.com/repository/ant-design-ant-design.md) (98,362 ⭐) — Ant Design is an enterprise-grade component library and design system framework built for developing complex, data-heavy web applications. It provides a comprehensive collection of pre-built, state-driven interface elements that map data properties to rendered components, ensuring consistent interaction patterns and visual language across large-scale projects. The library distinguishes itself through a robust styling architecture that utilizes design tokens and hierarchical configuration providers to propagate global settings like themes, locale, and layout direction. By employing component-l - [notselwyn/exploits](https://awesome-repositories.com/repository/notselwyn-exploits.md) (28 ⭐) — Custom exploits - [encode/httpx](https://awesome-repositories.com/repository/encode-httpx.md) (15,090 ⭐) — This project is a comprehensive Python network request framework designed for both synchronous and asynchronous HTTP communication. It provides a high-performance client capable of executing non-blocking requests within event-driven applications, while also supporting standard blocking calls for simpler scripts. The library is built to operate natively across diverse asynchronous runtimes, automatically detecting and utilizing the underlying event loop for concurrency. What distinguishes this library is its modular architecture, which decouples request construction from network execution thro - [windowsexploits/exploits](https://awesome-repositories.com/repository/windowsexploits-exploits.md) (1,302 ⭐) — Windows Exploits - [facebook/react](https://awesome-repositories.com/repository/facebook-react.md) (245,669 ⭐) — React is a JavaScript library for building user interfaces based on a component-driven architecture and unidirectional data flow. - [js-cookie/js-cookie](https://awesome-repositories.com/repository/js-cookie-js-cookie.md) (22,600 ⭐) — js-cookie is a lightweight JavaScript library and browser storage interface used to create, read, and delete cookies. It provides a programmatic API for managing client-side data persistence and maintaining browser state across page refreshes. The library includes capabilities for custom cookie encoding and the use of custom value converters to handle specific character formats. It also features a global attribute configuration system that allows default expiration, security, and scope rules to be applied automatically to all cookie operations. The tool covers general cookie management inclu - [owasp/cheatsheetseries](https://awesome-repositories.com/repository/owasp-cheatsheetseries.md) (32,298 ⭐) — The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral - [scannells/exploits](https://awesome-repositories.com/repository/scannells-exploits.md) (52 ⭐) — Some exploits I have written to showcase and to share - [bubka/2fauth](https://awesome-repositories.com/repository/bubka-2fauth.md) (3,779 ⭐) — 2FAuth is a self-hosted two-factor authentication server and credential vault. It functions as a web-based authenticator app used to organize and generate time-based one-time passwords and other security codes for multiple accounts in a central location. The system distinguishes itself as an API-driven security manager, allowing authentication codes to be integrated into automated workflows and external applications. It also supports shared security credentialing through the use of isolated vaults and shared folders for team collaboration. The project covers a broad range of security and dat - [questescape/exploit](https://awesome-repositories.com/repository/questescape-exploit.md) (120 ⭐) — Kernel exploits for the Oculus Quest - [fingerprintjs/fingerprintjs](https://awesome-repositories.com/repository/fingerprintjs-fingerprintjs.md) (27,334 ⭐) — Fingerprint is a visitor identification and fraud detection platform that generates persistent, unique identifiers by analyzing browser and device attributes. By extracting technical signals from the client environment, it enables reliable user tracking across sessions without relying on traditional cookies. The platform distinguishes itself through its focus on high-accuracy identification and security-first architecture. It employs edge-side proxying to bypass ad-blockers and privacy restrictions, ensuring consistent data collection. To maintain data integrity, it uses cryptographic payload - [requestly/requestly](https://awesome-repositories.com/repository/requestly-requestly.md) (6,341 ⭐) - [kamranahmedse/developer-roadmap](https://awesome-repositories.com/repository/kamranahmedse-developer-roadmap.md) (357,434 ⭐) — Developer Roadmap is a community-driven platform that provides structured, graph-based learning paths for software engineering. It serves as a comprehensive knowledge repository where technical domains are organized into visual sequences to guide professional skill acquisition and career growth. The project distinguishes itself through a collaborative ecosystem that enables users to contribute roadmaps, curate industry best practices, and maintain professional profiles. It integrates diagnostic assessment frameworks to evaluate technical proficiency, helping developers identify knowledge gaps - [etherdream/jsproxy](https://awesome-repositories.com/repository/etherdream-jsproxy.md) (9,339 ⭐) — jsproxy is a web traffic proxy designed to route requests through a ServiceWorker to bypass network restrictions while minimizing server-side processing overhead. It focuses on browser API virtualization, rewriting URL-related functions and properties so that proxied pages behave as if they are running on their original domains. The project utilizes a decoupled architecture that separates the static user interface from the data forwarding backend, allowing for deployment across multiple providers. It includes weight-based load balancing to distribute traffic across multiple proxy nodes and im - [papra-hq/papra](https://awesome-repositories.com/repository/papra-hq-papra.md) (3,838 ⭐) — Papra is a self-hosted document management system designed for digital archiving, organization, and retrieval. It serves as a centralized platform for storing files with a focus on security, providing an encrypted file archive using AES-256-GCM and a programmatic interface for managing documents and metadata via a REST API, SDK, and command line tools. The system distinguishes itself through an automated document ingestion engine that imports files via email forwarding, monitored folders, and webhook listeners. It further enhances discoverability by acting as an OCR document indexer, extracti - [nccgroup/requests-racer](https://awesome-repositories.com/repository/nccgroup-requests-racer.md) (162 ⭐) — Small Python library that makes it easy to exploit race conditions in web apps with Requests. - [angular/angular](https://awesome-repositories.com/repository/angular-angular.md) (100,360 ⭐) — Angular is a platform for building web applications using a component-based architecture. It provides a comprehensive suite of tools for managing encapsulated UI units, including hierarchical dependency injection, a declarative template system, and fine-grained reactivity through signals. The framework supports complex application requirements such as client-side routing, form management, and internationalization. The project includes a command-line interface for scaffolding and build automation, alongside a testing ecosystem for unit and integration verification. It offers multiple rendering - [voorivex/pentest-guide](https://awesome-repositories.com/repository/voorivex-pentest-guide.md) (2,761 ⭐) — This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-part - [dubinc/dub](https://awesome-repositories.com/repository/dubinc-dub.md) (23,722 ⭐) — This project is a comprehensive link management and marketing attribution platform designed for creating, tracking, and analyzing shortened URLs. It functions as a centralized hub for marketing analytics, providing tools to monitor link performance, visualize conversion funnels, and manage affiliate programs through a unified dashboard. The platform distinguishes itself by integrating advanced attribution modeling and partner management directly into the link infrastructure. It supports complex marketing workflows, including automated commission calculations, fraud detection, and payout distr - [wordpress/requests](https://awesome-repositories.com/repository/wordpress-requests.md) (3,574 ⭐) — Requests for PHP is a humble HTTP request library. It simplifies how you interact with other sites and takes away all your worries. - [bigskysoftware/htmx](https://awesome-repositories.com/repository/bigskysoftware-htmx.md) (48,210 ⭐) — HTMX is a hypermedia-driven frontend library that enables the creation of dynamic, asynchronous web applications by extending standard HTML attributes. It functions as a declarative engine that intercepts browser events to trigger network requests, allowing developers to update specific regions of the document with server-rendered HTML fragments. By shifting the logic of UI composition to the server, it minimizes the need for complex client-side state management and imperative JavaScript. The library distinguishes itself through a progressive enhancement workflow that ensures web interfaces r - [s0md3v/xsstrike](https://awesome-repositories.com/repository/s0md3v-xsstrike.md) (14,752 ⭐) — XSStrike is an automated security scanning engine designed for web application discovery, input - [mughees52/mysql-explain-analyzer](https://awesome-repositories.com/repository/mughees52-mysql-explain-analyzer.md) (4 ⭐) — Free, browser-based MySQL & MariaDB EXPLAIN analyzer with 49 detection rules, index recommendations, and query rewrites. 100% client-side. - [sundaysec/android-exploits](https://awesome-repositories.com/repository/sundaysec-android-exploits.md) (988 ⭐) — A collection of android Exploits and Hacks - [dandavison/delta](https://awesome-repositories.com/repository/dandavison-delta.md) (31,136 ⭐) — Delta is a command-line pager that enhances the readability of terminal output by applying syntax highlighting and structured formatting to text streams. It functions as a specialized interface for version control systems, transforming standard output into color-coded, human-readable views. The tool distinguishes itself through its ability to render side-by-side diff comparisons and visualize merge conflicts with clear, semantic highlighting. It dynamically calculates column widths and text alignment to fit complex file comparisons within the constraints of a terminal window, while allowing u - [commixproject/commix](https://awesome-repositories.com/repository/commixproject-commix.md) (5,757 ⭐) — Commix is an automated tool for detecting and exploiting OS command injection vulnerabilities in web applications. It probes user-supplied input vectors with heuristic test payloads, analyzes response differences to identify injection points, and then automates the execution of arbitrary operating system commands on the target server. The tool distinguishes itself through a multi-layer filter bypass engine that evaluates input constraints independently per filter type and composes tailored evasion strategies into a single payload. A modular payload tamper pipeline transforms raw injection str - [psf/requests](https://awesome-repositories.com/repository/psf-requests.md) (54,044 ⭐) — Requests is a high-level HTTP client library designed to simplify web communication and API integration. It provides an intuitive, human-readable interface for performing standard network operations, including request execution, connection pooling, and stateful session management. By encapsulating raw network data into structured objects, the library automates the complexities of headers, cookies, and payload transmission. The library distinguishes itself through a modular transport adapter layer that allows for custom protocol handling and extensible authentication hooks. It supports a wide - [sqlmapproject/sqlmap](https://awesome-repositories.com/repository/sqlmapproject-sqlmap.md) (37,676 ⭐) — This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris - [fincept-corporation/finceptterminal](https://awesome-repositories.com/repository/fincept-corporation-finceptterminal.md) (26,900 ⭐) — FinceptTerminal is a quantitative finance platform and financial engineering library designed for asset valuation, risk management, and fixed-income analytics. It provides a comprehensive suite for algorithmic trading and investment strategy automation, integrating specialized language model agents and node-based workflows to automate market research and alpha generation. The project distinguishes itself with a dedicated game theory analysis engine for calculating Nash equilibria and simulating strategic interactions in competitive markets. It also features a specialized credit risk modeling - [macbre/analyze-css](https://awesome-repositories.com/repository/macbre-analyze-css.md) (696 ⭐) — analyze-css - [mubix/post-exploitation](https://awesome-repositories.com/repository/mubix-post-exploitation.md) (1,582 ⭐) — Post Exploitation Collection - [florinpop17/app-ideas](https://awesome-repositories.com/repository/florinpop17-app-ideas.md) (95,036 ⭐) — App-ideas is a development platform that integrates autonomous AI agents into local environments to orchestrate code review, automated fix application, and workflow management. It functions as a command-line interface that connects external AI assistants to your codebase, enabling iterative development cycles through plugin-based integration and natural language triggers. The platform distinguishes itself through a robust static analysis engine that traverses syntax trees to enforce structural coding standards and identify violations. Users can define custom review rules, architectural prefer - [jakubroztocil/httpie](https://awesome-repositories.com/repository/jakubroztocil-httpie.md) (38,212 ⭐) — HTTPie is a command-line HTTP client and REST API debugger used for sending requests to web services. It functions as a network tool for managing headers, authentication sessions, and file uploads, with a specific focus on the transmission and reception of JSON data. The tool utilizes a custom parsing layer to translate simplified command-line input into structured HTTP parameters. It provides ANSI-based terminal formatting to apply color and structural indentation to raw responses, improving human readability for web debugging. The project covers request construction and previewing, multipa - [apple/foundationdb](https://awesome-repositories.com/repository/apple-foundationdb.md) (16,446 ⭐) — FoundationDB is an ACID-compliant distributed transactional key-value store. It functions as a scalable database engine that ensures strict serializability and data consistency across a cluster of servers using a shared-nothing architecture. The system is distinguished by its multi-region replication capabilities, allowing data to be synchronized across different datacenters for high availability and disaster recovery. It utilizes optimistic concurrency control to manage distributed transactions and employs a majority-based coordination system to maintain cluster state. The platform provides - [httpie/cli](https://awesome-repositories.com/repository/httpie-cli.md) (38,228 ⭐) — This project is a terminal-based HTTP client designed for interacting with web services, debugging APIs, and automating network requests. It provides a specialized command-line interface that simplifies the construction of complex HTTP exchanges, allowing users to test and inspect web services directly from the shell. The tool distinguishes itself through a declarative syntax engine that translates shorthand command-line tokens into fully formed HTTP requests, including headers, parameters, and body payloads. It features a modular, plugin-based architecture that enables users to extend core f