dreadlocked / Ssrfmap
Simple Server Side Request Forgery services enumeration tool.
Stars: ✭ 50
Programming Languages
ruby
36898 projects - #4 most used programming language
Projects that are alternatives of or similar to Ssrfmap
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+14392%)
Mutual labels: pentesting, bug-bounty, enumeration
Php Enum
Simple and fast implementation of enumerations with native PHP
Stars: ✭ 446 (+792%)
Mutual labels: enumeration, map
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+664%)
Mutual labels: pentesting, enumeration
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+918%)
Mutual labels: pentesting, bug-bounty
Offensive Docker
Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.
Stars: ✭ 328 (+556%)
Mutual labels: pentesting, bug-bounty
Black Hat Rust
Applied offensive security with Rust - Early access - https://academy.kerkour.com/black-hat-rust?coupon=GITHUB
Stars: ✭ 331 (+562%)
Mutual labels: pentesting, bug-bounty
Dostoevsky Pentest Notes
Notes for taking the OSCP in 2097. Read in book form on GitBook
Stars: ✭ 495 (+890%)
Mutual labels: pentesting, enumeration
Dumpall
一款信息泄漏利用工具,适用于.git/.svn源代码泄漏和.DS_Store泄漏
Stars: ✭ 250 (+400%)
Mutual labels: pentesting, bug-bounty
Sn0int
Semi-automatic OSINT framework and package manager
Stars: ✭ 814 (+1528%)
Mutual labels: pentesting, bug-bounty
Subover
A Powerful Subdomain Takeover Tool
Stars: ✭ 607 (+1114%)
Mutual labels: pentesting, bug-bounty
Injuredandroid
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Stars: ✭ 317 (+534%)
Mutual labels: pentesting, bug-bounty
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+1640%)
Mutual labels: pentesting, enumeration
Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (+438%)
Mutual labels: pentesting, bug-bounty
Aiodnsbrute
Python 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (+640%)
Mutual labels: pentesting, enumeration
Webanalyze
Port of Wappalyzer (uncovers technologies used on websites) to automate mass scanning.
Stars: ✭ 311 (+522%)
Mutual labels: pentesting, enumeration
Nullinux
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Stars: ✭ 451 (+802%)
Mutual labels: pentesting, enumeration
roboxtractor
Extract endpoints marked as disallow in robots files to generate wordlists.
Stars: ✭ 40 (-20%)
Mutual labels: enumeration, bug-bounty
sub404
A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (+310%)
Mutual labels: bug-bounty, pentesting
Bugcrowd Levelup Subdomain Enumeration
This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Stars: ✭ 513 (+926%)
Mutual labels: pentesting, enumeration
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 859 (+1618%)
Mutual labels: pentesting, enumeration
SSRFmap
A simple service scanner for Server Side Request Forgery vulnerabilities.
Installation
bundle install
Options
-u, --url URL [Required] Vulnerable URL
-r, --range TARGET RANGE [Optional] Target IP range to scan by CIDR (default: 127.0.0.1/32
-t, --target TARGET URL [Optional] Target URL address or hostname
-d, --data POST_PARAMETERS [Optional] POST parameters quoted: 'param1=a¶m2=b'
-m, --method METHOD [Optional] HTTP Verb to use, default is GET
--regex REGEX [Optional] String to identify false results (in case target always returns 200 OK)
-l, --length LENGTH [Optional] Response length to identify false results (in case target always returns 200 OK)
-T, --threads LEVEL [Optional] Aggressivity level [1,2,3,4,5], more aggressive means more requests per second. (default: 3)
-p, --port PORT [Optional] Scans for one port
-A, --all [Optional] Scan all ports (only in scan mode)
--base64 [Optional] Encode payload in base64
-h, --help Prints this help
Usage examples
Request a single resource via GET request
ruby ssrfmap.rb --url http://www.example.com/controller?url=_SSRF_ --target http://169.254.169.254/
Request a single resource via POST request
ruby ssrfmap.rb --url http://www.example.com/controller --data "url=_SSRF_" --target http://169.254.169.254/
Default range scan on 127.0.0.1/32 via GET requests
ruby ssrfmap.rb --url http://www.example.com/controller?url=_SSRF_
Range scan on 192.168.0.0/24 via GET requests
ruby ssrfmap.rb --url http://www.example.com/controller?url=_SSRF_ --range 192.168.0.0/24
Specify a regex for those website who always return 200 OK
ruby ssrfmap.rb --url http://www.example.com --data "{\"url\":\"_SSRF_\"}" --regex "Example Domain"
Dependencies
Gem | Version |
---|---|
typhoeus | * |
netaddr | 1.5.1 |
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].