Skip to content

CerberusMrXi/CerberusSSRFExploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸš€ Cerberus SSRFExploit v3.0

Advanced SSRF (Server-Side Request Forgery) Testing Tool

Python
Security

πŸ” Discover SSRF vulnerabilities with cloud metadata, internal networks, and blind OOB detection!


πŸ“œ Description

Cerberus SSRFExploit is an advanced, feature-rich penetration testing tool designed to identify and exploit Server-Side Request Forgery (SSRF) vulnerabilities in modern web applications. Built with Python 3.7+, this professional-grade security tool provides comprehensive testing capabilities for ethical hackers, penetration testers, and security researchers. Key Features

  1. Comprehensive Payload Library

    Cloud Metadata Endpoints: Pre-configured payloads for AWS, GCP, Azure, and Alibaba Cloud Internal Network Probes: Automatic scanning of RFC1918 private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) Protocol Smuggling: Support for dangerous protocols (file://, gopher://, dict://, ftp://) Encoding Variants: Multiple IP encoding formats (hex, octal, decimal, mixed-case)

  2. Advanced Testing Capabilities

    Blind SSRF Detection: Integration with Interact.sh and Burp Collaborator DNS Rebinding: Automatic testing with rbndr.us payloads Automated Parameter Discovery: Intelligent crawling for injectable parameters Cloud Metadata Verification: Specialized checks for AWS IMDSv1/v2

  3. Professional Reporting

    Multi-Format Reports: Generate detailed findings in JSON, HTML, and PDF CVSS Scoring: Automatic severity assessment for vulnerabilities Mitigation Guidance: Built-in remediation recommendations

  4. Operational Flexibility

    Dual Interface: Interactive wizard mode and CLI automation Proxy Support: Seamless integration with Burp Suite and OWASP ZAP Performance Controls: Configurable request throttling Stealth Options: Randomized User-Agents and request patterns

Use Cases

βœ” Web Application Security Assessments βœ” Cloud Infrastructure Hardening βœ” Bug Bounty Hunting βœ” Red Team Operations βœ” Security Research Ethical Considerations

Cerberus SSRFExploit is designed for authorized security testing only. Always obtain proper permission before scanning any systems. Unauthorized use may violate laws like the Computer Fraud and Abuse Act (CFAA) and similar international regulations.


πŸ›  Installation

image
# **1. Clone the Repository**

git clone https://github.com/CerberusMrX/Cerberus-SSRFExploit.git
cd Cerberus-SSRFExploit

# **2. Set Up a Virtual Environment (Recommended)
python3 -m venv venv
source venv/bin/activate  # Linux/macOS
venv\Scripts\activate    # Windows

# **3. Install Dependencies
pip install -r requirements.txt

# **4. Set Up an OOB Server (For Blind SSRF)
Cerberus supports Interact.sh (free) or Burp Collaborator (Pro):

# **5. All Set
python3 cerberus_ssrf_exploit.py "https://example.com/api?url=test" "url" \
  --method GET \
  --oob https://your-id.interact.sh \
  --output results.json

---

About

Cerberus SSRFExploit v3.0 - Advanced SSRF testing tool with cloud metadata, internal network scanning, and blind OOB detection via Interact.sh/Burp. Supports multiple protocols (file://, gopher://) and generates JSON/HTML/PDF reports. Ethical use only! πŸš€

Resources

Stars

6 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages