😎 SSRF-Detector 😎

A SSRF-Tool written in golang

Version 1.0

🔥 Upcoming Features 🔥

• Fetch endpoints from Javascript files ✅
• Bruteforce parameters ✅
• Find SSRF in those parameters ✅
• Match multiple patterns in the response ✅
• Check Post Request ❌
• Check Headers ❌

Features

• Wordlist Creation
• Inject in every parameter one by one
• Very fast speed
• Inject into paths
• Silent Mode
• Fetch endpoints from Javascript files
• Bruteforce parameters
• Find SSRF in those parameters
• Match multiple patterns in the response

Note

Make sure when creating wordlists or finding ssrf with my tool that the domains are resolved. You can use:

• httpx
• httprobe
• massdns

To do so.

Also, Make sure to customerise your patterns file for greater results

Install

$ go get -u github.com/ethicalhackingplayground/ssrf-tool

Find SSRF in paths with Subfinder,httpx

$ subfinder -d yahoo.com -silent | httpx -silent >> domains | ssrf-tool -domains domains -payloads ssrf.txt -silent=false -paths=true -patterns patterns.txt

Wordlist Creation

$ echo "https://www.twitter.com" | getJS -complete | ssrf-tool -gen=true

Can be used with other tools like subfinder & amass

BruteForce For SSRF

$ echo "https://www.twitter.com" | getJS -complete | ssrf-tool -domains domains -silent=false -brute=true -gen=true -patterns patterns.txt -parameters params.txt

Can be used with other tools like subfinder & amass

Testing The Paths

$ ssrf-tool -domains domains -silent=false -patterns patterns.txt -paths=true -brute=false -payloads ssrf.txt

Can be used with other tools like subfinder & amass

Testing Parameters with waybackurls

$ echo "twitter.com" | waybackurls >> domains ; ssrf-tool -domains domains -silent=false -paths=false -payloads ssrf.txt

Can be used with other tools like subfinder & amass

If you get a bounty please support by buying me a coffee