A list of resources for those interested in getting started in bug bounties
-
Updated
Jun 2, 2020
#
ssrf
Here are 45 public repositories matching this topic...
SSRF (Server Side Request Forgery) testing resources
-
Updated
May 25, 2020 - Python
Automatic SSRF fuzzer and exploitation tool
-
Updated
Jan 28, 2020 - Python
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
-
Updated
Oct 21, 2019 - PHP
SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.
-
Updated
Jan 1, 2018 - Ruby
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
python
middleware
proxy
waf
xss
penetration-testing
sql-injection
bypass
hacking-tool
ssrf
security-tools
websecurity
-
Updated
Jan 5, 2020 - Python
Redis 4.x/5.x RCE
-
Updated
May 21, 2020 - Python
Solutions and write-ups from security-based competitions also known as Capture The Flag competition
-
Updated
Dec 30, 2019 - HTML
Simple Server Side Request Forgery services enumeration tool.
-
Updated
Aug 23, 2018 - Ruby
A ruby gem for defending against Server Side Request Forgery (SSRF) attacks
-
Updated
Dec 10, 2019 - Ruby
Collection of Twitter Bug Bounty Tips and Tricks
security
twitter
bug
hacking
xss
enumeration
vulnerability
csrf
bugbounty
pentest
bypass
ssrf
sqlinjection
xxe
bugbountytips
bugbountytricks
twitter-tips
hacking-tips
yournextbugtip
-
Updated
Apr 20, 2020
A clj-http middleware to prevent SSRF attacks
-
Updated
Apr 19, 2018 - Clojure
Small Vulnerable Web
python
flask
xss
bugbounty
ssrf
sqlinjection
hackable
uploadfile
openredirect
hacking-lab
ssti
cmdinjection
-
Updated
Sep 13, 2019 - HTML
bradh
commented
Jan 1, 2017
There are a few places where the documentation says "seconds of hour", but the range (0-59) reflects seconds of minute. Its an easy fix, however that "seconds of hour" is present in the spec.
Should we fix in lib-openssrf, or wait for spec adjustment first? Do you have a contact at the MC4EB secretariat to send this kind of editorial fix to?
Improve this page
Add a description, image, and links to the ssrf topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the ssrf topic, visit your repo's landing page and select "manage topics."
pycurl has a hook that can run whenever a socket is opened, with one of the parameters being the resolved IP of the address to connect to (at least according to this unit test.)
If you check the address passed into the callback against the IP whitelist / b