• Stars
    star
    108
  • Rank 321,259 (Top 7 %)
  • Language
    Go
  • Created over 4 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.

ssrf-finder

Pass list of urls with FUZZ in and it will check if it has found a potential SSRF.

cat urls.txt | ./ssrf-finder

or

echo https://www.someting.com/?url=FUZZ&whatever=adsa&id=1  | ./ssrf-finder

if it generates a ssrf.log file then you have some SSRF's if not no SSRF.

URLs must look like.

http://www.something.com/url?=FUZZ&somethingelse=whatever

99% of this code is from @tomnomnom the hero!

raise issues if you have questions!

Use a VPS from DO

DigitalOcean Referral Badge

More Repositories

1

bruteforce-lists

Some files for bruteforcing certain things.
1,083
star
2

My-Shodan-Scripts

Collection of Scripts for shodan searching stuff.
Python
973
star
3

keywords

349
star
4

bugbounty-scans

aquatone results for sites with bug bountys
292
star
5

Jira-Scan

CVE-2017-9506 - SSRF
Python
185
star
6

cve-2020-0688

cve-2020-0688
Python
162
star
7

AWS-Scanner

Scans a list of websites for Cloudfront or S3 Buckets
Go
104
star
8

bugbountydork

Bug Bounty Dork
Python
66
star
9

mass-s3-bucket-tester

This tests a list of s3 buckets to see if they have dir listings enabled or if they are uploadable
Python
50
star
10

cloud-cidr

AWS,AZURE,GOOGLE CLOUD IP CIDRS
Shell
47
star
11

open-redirect

Open Redirect Finder.
Python
44
star
12

kube-scan

Kubernetes Scanner
Shell
42
star
13

metadata-one-liners

retrive metadata endpoint data with these one liners.
37
star
14

RPI-Control

Automated 433Mhz Control for Status Power Sockets using a Raspberry Pi
PHP
24
star
15

liferay-pwn

Vuln Liferay scanner & Exploit
Python
21
star
16

wheres-my-git

Wheres My Git - Find /.git/config files based on dirs found in home url
Shell
21
star
17

InfiniteWP-exploit

InfiniteWP Client < 1.9.4.5 - Authentication Bypass
Python
20
star
18

frida-docker

Dockerised Version of Frida
JavaScript
20
star
19

consul-pwn

Make a Consul Agent Grab Metadata endpoints
Python
19
star
20

grayhatwarfare-docs-finder

Finds Documents On Cloud Assets Using grayhatwarfare API for short urls
Python
17
star
21

s3-tko

AWS S3 Bucket Finder.
Go
15
star
22

mini-php-shells

Multiple Shells of the same code with different extentions.
PHP
15
star
23

S3-Listable

S3 Buckets that will let you list all files inside them
15
star
24

aquatone-docker

Docker Version of Aquatone
15
star
25

wpa-cracking

Command List for Hashcat and default keyspaces.
14
star
26

All-in-One-WP-Migration-Backup-Finder

All-in-One WP Migration-Backup-Finder
Python
14
star
27

bash-hacks

little scripts of bash stuff that i've found handy.
Shell
14
star
28

rb-recon

13
star
29

hamachi-pi

Install hamachi on your raspberry pi
Shell
13
star
30

wayback-saver

Saves pages to Wayback machine
Go
13
star
31

Hikvision-Brute-Force

Brute Force Hikvision Devices that only allow PIN passwords
Python
12
star
32

yahoo-bug-bounty

List of hosts from yahoo.com
12
star
33

wpa-masshandshakeextract

Needed a way to filter all my pwnagotchi handshakes.
Shell
11
star
34

firebaseio-checker-go

Firebase url checker in go
Go
11
star
35

cve-2019-6715

Go
11
star
36

redirector

Redirects any request with which ever http status code you want to a location of your choice
Python
10
star
37

jamf-log4j

Python
10
star
38

firebaseio-checker

Checks a list of firebaseio to confirm they are working and have dev access to them
Python
9
star
39

sms-command-server

Send a SMS to Control Your Linux Box
PHP
9
star
40

extract-m3u

Extract username and passwords from IPTV urls
Python
9
star
41

docker-massscan-webui

Masscan web gui
PHP
8
star
42

M3U-Generator

Add Stream links and generate a playlist.
PHP
8
star
43

twando

Twitter Multi Account
PHP
8
star
44

docker-dump

dumping random docker projects here
CSS
8
star
45

cve-2022-23131-exp

Zabbix SSO Bypass
Python
8
star
46

wifite2-docker

Docker of Wifite2
Dockerfile
8
star
47

What-Security

What-Security Home Page
CSS
8
star
48

Aircrack-NG_RaspberryPI

Installer for Aircrack-NG / Airoscript For Raspberry Pi
Shell
7
star
49

google-dork

This will grab a random dork and then save the output to a text file
Python
7
star
50

selenium-abuser

Abuse Open Selenium Gird or Node to get access to metadata endpoint.
Python
7
star
51

SMS-PI

SMS PI - Send a SMS via Your Raspberry PI UK SMS ONLY!
6
star
52

CVE-2019-7616

POC for CVE-2019-7616 / ESA-2019-09
Python
6
star
53

wordlist-extractor

Extracts unique file and folder names from a list of urls.
Python
6
star
54

g-suite-check

Checks if the domains MX records point at G-suite
Python
6
star
55

csp-report-buckets

Grabs Storage Bucket Urls from CSP headers
Go
6
star
56

urlscan-search

urlscan.io search for domains
Go
6
star
57

salesforce-ssrf

Python
5
star
58

CVE-2019-5418

Go
5
star
59

CVE-2019-18935

CVE-2019-18935
5
star
60

My-Binary-Edge

Tools i've made to help with working with data from https://www.binaryedge.io
Python
5
star
61

XSS-image

XSS via images
Python
5
star
62

xupnpd-raspberry-armhf

Deb of xupnpd for raspberry pi
4
star
63

js-source-mapper

Take JS files in and get .map versions if possible.
Go
4
star
64

clippy-finalurl

Go
4
star
65

githack

Python
4
star
66

Dropbox-Mysql-Upload

Backup Mysql to Dropbox
4
star
67

bulk_ssl_expire

Check a text file of domains for any expired SSL Certificates
Shell
4
star
68

squid-anon-docker

Squid Proxy that is classed as anon
Dockerfile
4
star
69

github-about-me

Enter a Github Key and tell me about you
HTML
3
star
70

iptv-buster

Some horrible code i made a while back
Go
3
star
71

screenshot-heroki

JavaScript
3
star
72

mot-checker

UK MOT/TAX checker for UK registered Vehicles
Python
3
star
73

gcr-finder

Find Google GCR Repo's
Shell
3
star
74

PiCam-image-requester

Send a SMS and Your Raspberry Pi cam and it will send a MMS or Email or Tweet of the pic for you
PHP
3
star
75

popplugin

WordPress Plugin for Use in Testing for PHP Object Injection
Ruby
3
star
76

rubbish-links

Junk or gold
2
star
77

UniFi-Network-ipad-blocker

Script to block childs ipads from the internet using UniFi Network setup.
Python
2
star
78

Netgear-DGN1000---DGN2200---Remote-Password-Finder

PHP to get admin username and password of DGN1000 to DGN2000
PHP
2
star
79

elastic-tko

Elasticbean Stalk TKO
Python
2
star
80

serverless-whatismyip

Go
2
star
81

pir-bullet

Raspberry Pi PIR Intruder Alerts Via Push Bullet
Python
2
star
82

tko-random-robbie

Serverless page for my subdomain takeovers.
HTML
2
star
83

host-scanner

Go
2
star
84

django-splitter

ignore for now
Go
2
star
85

csp-report-extractor

Extracts CSP reports
Go
2
star
86

RTMP_NGINX_SHOW

View Streams From Your Nginx Server
CSS
2
star
87

xsstrike-docker

XSStrike in Docker
Dockerfile
2
star
88

Python-Tweet-Dump

Dumping My Twitter Python Scripts
Python
2
star
89

yahoo-bugbountyscans

aquatone-scans of yahoo
HTML
2
star
90

netk8t

container to deploy for attacking k8s
Dockerfile
2
star
91

spoofssid-docker

Docker container to spoof popular SSID's
2
star
92

wpscan-help

Output of WPSCAN --hh
2
star
93

selenium-metadata-grabber

Selenium Metadata Endpoint Grabber
Python
2
star
94

censysio-ip-search

Provides a list of IP's for your search.
Go
2
star
95

wp-engine

WP-Engine Disclosure
Python
2
star
96

beerfarmers-bot

Python
1
star
97

phonegap_smspi

SMSPI Phone Gap App
JavaScript
1
star
98

Pir-tweet

Tweet's when motion detected
Python
1
star
99

Flask-Ask-Docker

Flask-Ask Docker container with sample app that will automatically connect ngrok for use as an alexa skill
Python
1
star
100

docker-http-auth

A HTTP Auth Docker Honeypot using python
1
star