• Stars
    star
    528
  • Rank 81,795 (Top 2 %)
  • Language
    Java
  • License
    MIT License
  • Created over 3 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

SSRF plugin for burp Automates SSRF Detection in all of the Request

🔥 ssrf-king 🔥

License: MIT

v1.12 Latest

SSRF plugin for burp that Automates SSRF Detection in all of the Request

alt text

If you are facing any problems or would like a new feature that is not listed below Please create a new issue below in this form

Create New Issue

Upcoming Features Checklist

  • ✔️ It will soon have a user Interface to specifiy your own call back payload
  • It will soon be able to test Json & XML
  • Test for SMTP SSRF

How to Install/Build

  • git clone https://github.com/ethicalhackingplayground/ssrf-king
  • gradle build
  • Now the file "ssrf-king.jar" could be found under build/libs which can then be imported Burpsuite.
  • Alternatively, goto releases to download the compiled file.

Features

  • ✔️ Test all of the request for any external interactions.
  • ✔️ Checks to see if any interactions are not the users IP if it is, it's an open redirect.
  • ✔️ Alerts the user for any external interactions with information such as:
    • Endpoint Vulnerable
    • Host
    • Location Found

It also performs the following tests based on this research:

Reference:

https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface

GET http://burpcollab/some/endpoint HTTP/1.1
Host: example.com
...

and

GET @burpcollab/some/endpoint HTTP/1.1
Host: example.com
...

and

GET /some/endpoint HTTP/1.1
Host: example.com:80@burpcollab
...

and

GET /some/endpoint HTTP/1.1
Host: burpcollab
...

and

GET /some/endpoint HTTP/1.1
Host: example.com
X-Forwarded-Host: burpcollab
...

Contributors

Scanning Options

  • ✔️ Supports Both Passive & Active Scanning.

Example

  • Load the website you want to test.

GitHub Logo

  • Add it as an inscope host in burp.

GitHub Logo

  • Load the plugin.

GitHub Logo

  • Keep note of the Burp Collab Payload.

GitHub Logo

  • Passively crawl the page, ssrf-king test everything in the request on the fly.

GitHub Logo

  • When it finds a vulnerabilitiy it logs the information and adds an alert.

GitHub Logo

From here onwards you would fuzz the parameter to test for SSRF.

GitHub Logo

Video Demonstration

Watch the video

If you get a bounty please support by buying me a coffee


Buy Me A Coffee

More Repositories

1

bxss

Go
182
star
2

TProxer

A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.
Python
170
star
3

ssrf-tool

Go
141
star
4

erebus

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.
Go
124
star
5

Bug-Bounty-Tools

The tools I have programmed to help me with bugbounty's
Python
111
star
6

wordlistgen

Generates target specific word lists for Fuzzing with fuff
Go
106
star
7

pathbuster

A path-normalization pentesting tool.
Rust
103
star
8

Zin

A Payload Injector for bugbounties written in go
Go
72
star
9

dorkX

Pipe different tools with google dork Scanner
Go
57
star
10

SubNuke

Subdomain Takeover tool with web UI
HTML
56
star
11

linkJS

Go
56
star
12

dnsresolver

A Lightning-Fast DNS Resolver written in Rust 🦀
Rust
54
star
13

xsspwn

Cross-Site-Scripting (XSS) Automatic Scanner
Python
43
star
14

mailsploit

Sends some one a malicious payload through smtp and starts a listener with metasploit.
Python
35
star
15

gocrawler

Go
34
star
16

tprox

TProx is a fast reverse proxy path traversal detector and directory bruteforcer.
Go
29
star
17

hrekt

A really fast http prober.
Rust
27
star
18

endzy

Endpoint monitor tool
Go
21
star
19

EvilPhisher

Social Media Phisher
HTML
19
star
20

aem-eye

A very simple AEM detector written in rust.🦀
Rust
17
star
21

erebus-templates

Community curated list of templates for the erebus engine to find security vulnerabilities.
17
star
22

bcaem

Fast AEM scope gathering tool for all your public and private BugCrowd Programs
Go
12
star
23

recon_db_scripts

Creating a Database for Mass Recon
11
star
24

pdtools

Install and upgrade projectdiscovery tools
Shell
10
star
25

corsX

Cross Origin Resource Sharing Scanner (CORS Scanner)
Go
9
star
26

fbkiller

Brute Forces A Facebook Account
Python
6
star
27

hostparser

A very fast hostparser.
Rust
6
star
28

facebookscraper

Python
3
star
29

hakku

Hakku is a android take over tool using various deployment options.
Python
2
star
30

specter

SMTP Password Bruteforcer
Python
2
star
31

subdomaintakeover

HTML
1
star
32

sha1decryper

Attempts to crack a sha1 hash
Python
1
star
33

nextjs-blog-theme

JavaScript
1
star
34

native-mockups

HTML
1
star
35

ethicalhackingplayground

1
star
36

JsX

Recon your way through java script with this tool finding subdomains, parameters, sinks & relative paths.
1
star
37

documents.uber.com

1
star
38

Electron-Boilerplate

CSS
1
star