GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → teknogeek → Ssrf Sheriff

teknogeek / Ssrf Sheriff

Licence: mit
A simple SSRF-testing sheriff written in Go

Programming Languages

go
31211 projects - #10 most used programming language

Labels

bugbounty

Projects that are alternatives of or similar to Ssrf Sheriff

Awesome Vulnerable Apps
Awesome Vulnerable Applications
Stars: ✭ 180 (-18.55%)
Mutual labels:  bugbounty
Basecrack
Decode All Bases - Base Scheme Decoder
Stars: ✭ 196 (-11.31%)
Mutual labels:  bugbounty
Pdlist
A passive subdomain finder
Stars: ✭ 204 (-7.69%)
Mutual labels:  bugbounty
Garud
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
Stars: ✭ 183 (-17.19%)
Mutual labels:  bugbounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-14.03%)
Mutual labels:  bugbounty
Mad Metasploit
Metasploit custom modules, plugins, resource script and.. awesome metasploit collection
Stars: ✭ 200 (-9.5%)
Mutual labels:  bugbounty
Jwt Hack
🔩 jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
Stars: ✭ 172 (-22.17%)
Mutual labels:  bugbounty
Contact.sh
An OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (-2.26%)
Mutual labels:  bugbounty
Howtohunt
Tutorials and Things to Do while Hunting Vulnerability.
Stars: ✭ 2,996 (+1255.66%)
Mutual labels:  bugbounty
Wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+1652.49%)
Mutual labels:  bugbounty
Knary
A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams & Pushover support
Stars: ✭ 187 (-15.38%)
Mutual labels:  bugbounty
Getjs
A tool to fastly get all javascript sources/files
Stars: ✭ 190 (-14.03%)
Mutual labels:  bugbounty
Qsfuzz
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (-9.05%)
Mutual labels:  bugbounty
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-17.65%)
Mutual labels:  bugbounty
Can I Take Over Xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+1170.59%)
Mutual labels:  bugbounty
Xrcross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (-20.81%)
Mutual labels:  bugbounty
Slicer
A tool to automate the boring process of APK recon
Stars: ✭ 199 (-9.95%)
Mutual labels:  bugbounty
Dnsprobe
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Stars: ✭ 221 (+0%)
Mutual labels:  bugbounty
Onelistforall
Rockyou for web fuzzing
Stars: ✭ 213 (-3.62%)
Mutual labels:  bugbounty
Rfi Lfi Payload List
🎯 RFI/LFI Payload List
Stars: ✭ 202 (-8.6%)
Mutual labels:  bugbounty
View All Similar Projects ➔

SSRF Sheriff

This is an SSRF testing sheriff written in Go. It was originally created for the Uber H1-4420 2019 London Live Hacking Event, but it is now being open-sourced for other organizations to implement and contribute back to.

Features

  • Repsond to any HTTP method (GET, POST, PUT, DELETE, etc.)
  • Configurable secret token (see base.example.yaml)
  • Content-specific responses
    • With secret token in response body
      • JSON
      • XML
      • HTML
      • CSV
      • TXT
    • Without token in response body
      • GIF
      • PNG
      • JPEG
      • MP3
      • MP4

Usage

go get github.com/teknogeek/ssrf-sheriff
cd $GOPATH/src/github.com/teknogeek/ssrf-sheriff
cp config/base.example.yaml config/base.yaml

# ... configure ...

go run main.go

Example Requests:

Plaintext

$ curl -sSD- http://127.0.0.1:8000/foobar
HTTP/1.1 200 OK
Content-Type: text/plain
X-Secret-Token: SUP3R_S3cret_1337_K3y
Date: Mon, 14 Oct 2019 16:37:36 GMT
Content-Length: 21

SUP3R_S3cret_1337_K3y

XML

$ curl -sSD- http://127.0.0.1:8000/foobar.xml
HTTP/1.1 200 OK
Content-Type: application/xml
X-Secret-Token: SUP3R_S3cret_1337_K3y
Date: Mon, 14 Oct 2019 16:37:41 GMT
Content-Length: 81

<SerializableResponse><token>SUP3R_S3cret_1337_K3y</token></SerializableResponse>

TODO

  • Dynamically generate valid responses with the secret token visible for
    • GIF
    • PNG
    • JPEG
    • MP3
    • MP4
  • Secrets in HTTP response generated/created/signed per-request, instead of returning a single secret for all requests
  • TLS support

Credit

Inspired (and requested) by Frans Rosén during his talk at BountyCon '19 Singapore

Released under the MIT License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].