Skip to content

rotemreiss/ssrfuck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
headers.txt
headers.txt
 
 
parameters.txt
parameters.txt
 
 
ssrfuck.sh
ssrfuck.sh
 
 

Repository files navigation

SSRFuck

Fuzz for SSRF in a given URL. The tool is fuzzing both in common SSRF GET parameters and in HTTP headers.

The tool comes with two predefined wordlists. Feel free to use as is, manipulate or contribute ;)

Prerequisites

The tool is heavily based on ffuf.

Installation

Just clone the repo

git clone https://github.com/rotemreiss/ssrfuck.git

Usage

Just run the script with two arguments:

  • The URL to fuzz
  • Your burp collaborator URL (without the schema)

Example:

./ssrfuck.sh https://www.hackerone.com xxxxxxx.burpcollaborator.net

Multiple URLs example with Bash one-liner:

while read url; do ./ssrfuck.sh $url xxxxxxx.burpcollaborator.net;done < urls_list.txt

Found results in your Burp collaborator? Great!

The request information is in the subdomain, for example: Base-Url-www.hackerone.com.xxxxx.burpcollaborator.net. Also, all the logs from ffuf are saved to the ffuf-output directory.

Contribution

Pull requests are most welcome.

TODO

  • Add help/usage in the tool's CLI
  • Add some error handling
  • Add some options

License

License

About

Fuzz for SSRF in a given URL.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages