Advanced SSRF (Server-Side Request Forgery) Testing Tool
π Discover SSRF vulnerabilities with cloud metadata, internal networks, and blind OOB detection!
Cerberus SSRFExploit is an advanced, feature-rich penetration testing tool designed to identify and exploit Server-Side Request Forgery (SSRF) vulnerabilities in modern web applications. Built with Python 3.7+, this professional-grade security tool provides comprehensive testing capabilities for ethical hackers, penetration testers, and security researchers. Key Features
-
Comprehensive Payload Library
Cloud Metadata Endpoints: Pre-configured payloads for AWS, GCP, Azure, and Alibaba Cloud Internal Network Probes: Automatic scanning of RFC1918 private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) Protocol Smuggling: Support for dangerous protocols (file://, gopher://, dict://, ftp://) Encoding Variants: Multiple IP encoding formats (hex, octal, decimal, mixed-case)
-
Advanced Testing Capabilities
Blind SSRF Detection: Integration with Interact.sh and Burp Collaborator DNS Rebinding: Automatic testing with rbndr.us payloads Automated Parameter Discovery: Intelligent crawling for injectable parameters Cloud Metadata Verification: Specialized checks for AWS IMDSv1/v2
-
Professional Reporting
Multi-Format Reports: Generate detailed findings in JSON, HTML, and PDF CVSS Scoring: Automatic severity assessment for vulnerabilities Mitigation Guidance: Built-in remediation recommendations
-
Operational Flexibility
Dual Interface: Interactive wizard mode and CLI automation Proxy Support: Seamless integration with Burp Suite and OWASP ZAP Performance Controls: Configurable request throttling Stealth Options: Randomized User-Agents and request patterns
Use Cases
β Web Application Security Assessments β Cloud Infrastructure Hardening β Bug Bounty Hunting β Red Team Operations β Security Research Ethical Considerations
Cerberus SSRFExploit is designed for authorized security testing only. Always obtain proper permission before scanning any systems. Unauthorized use may violate laws like the Computer Fraud and Abuse Act (CFAA) and similar international regulations.
# **1. Clone the Repository**
git clone https://github.com/CerberusMrX/Cerberus-SSRFExploit.git
cd Cerberus-SSRFExploit
# **2. Set Up a Virtual Environment (Recommended)
python3 -m venv venv
source venv/bin/activate # Linux/macOS
venv\Scripts\activate # Windows
# **3. Install Dependencies
pip install -r requirements.txt
# **4. Set Up an OOB Server (For Blind SSRF)
Cerberus supports Interact.sh (free) or Burp Collaborator (Pro):
# **5. All Set
python3 cerberus_ssrf_exploit.py "https://example.com/api?url=test" "url" \
--method GET \
--oob https://your-id.interact.sh \
--output results.json
---