A SSRF-Tool written in golang
Upcoming Features
- Fetch endpoints from Javascript files ✅
- Bruteforce parameters ✅
- Find SSRF in those parameters ✅
- Match multiple patterns in the response ✅
- Check Post Request ❌
- Check Headers ❌
Features
- Wordlist Creation
- Inject in every parameter one by one
- Very fast speed
- Inject into paths
- Silent Mode
- Fetch endpoints from Javascript files
- Bruteforce parameters
- Find SSRF in those parameters
- Match multiple patterns in the response
Note
Make sure when creating wordlists or finding ssrf with my tool that the domains are resolved. You can use:
- httpx
- httprobe
- massdns
To do so.
Also, Make sure to customerise your patterns file for greater results
"
"
Install
go get -u github.com/ethicalhackingplayground/ssrf-tool
Find SSRF in paths with Subfinder,httpx
subfinder -d yahoo.com -silent | httpx -silent >> domains | ssrf-tool -domains domains -payloads ssrf.txt -silent=false -paths=true -patterns patterns.txt
Examples
Wordlist Creation
echo "https://www.twitter.com" | getJS -complete | ssrf-tool -gen=true
Can be used with other tools like subfinder & amass
BruteForce For SSRF
echo "https://www.twitter.com" | getJS -complete | ssrf-tool -domains domains -silent=false -brute=true -gen=true -patterns patterns.txt -parameters params.txt
Can be used with other tools like subfinder & amass
Testing The Paths
ssrf-tool -domains domains -silent=false -patterns patterns.txt -paths=true -brute=false -payloads ssrf.txt
Can be used with other tools like subfinder & amass
Testing Parameters with waybackurls
echo "twitter.com" | waybackurls >> domains ; ssrf-tool -domains domains -silent=false -paths=false -payloads ssrf.txt
Can be used with other tools like subfinder & amass