Automatic SSRF fuzzer and exploitation tool
翻译 - 自动SSRF模糊器和开发工具
SSRF (Server Side Request Forgery) testing resources
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
翻译 - 本实验包含易受服务器端请求伪造攻击的示例代码
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
Server-side request forgery detector
SSRF plugin for burp Automates SSRF Detection in all of the Request
翻译 - burp的SSRF插件可在所有请求中自动进行SSRF检测
CVE-2017-9506 - SSRF
Authenticated SSRF in Grafana
Apache Solr SSRF(CVE-2021-27905)
Some Attacks of Exchange SSRF ProxyLogon&ProxyShell
ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6
ProxyLogon Pre-Auth SSRF To Arbitrary File Write
Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.
Jira未授权SSRF漏洞
VMware vCenter 7.0.2.00100 unauth Arbitrary File Read + SSRF + Reflected XSS
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
Toolkit to detect and keep track on Blind XSS, XXE & SSRF
翻译 - 用于检测和跟踪Blind XSS,XXE和SSRF的工具包