Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⛏️ Write test for executing port scanning via SSRF #134

Closed
6 tasks
aktoboy opened this issue Mar 6, 2023 · 1 comment · Fixed by #223
Closed
6 tasks

⛏️ Write test for executing port scanning via SSRF #134

aktoboy opened this issue Mar 6, 2023 · 1 comment · Fixed by #223
Assignees
@aktoboy
Labels
feature request Requesting a new feature good first issue Good for newcomers SSRF SSRF test test

Comments

@aktoboy
Copy link
Contributor

aktoboy commented Mar 6, 2023
edited

💭 Introduction:
We want to test whether api's which take in url as a param are vulnerable to port scanning attack using SSRF. You can refer this blog for more details about the attack.

🎯 Requirements:
This test should only run for APIs which are taking url as a parameter in input.
The test should correctly detect whether the port scanning vulnerability can be exploited.

✅ Task summary:

  • Ask to be assigned to the issue.
  • Wait to be assigned. We will try to assign in less than 2 hours.
  • Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
  • Fork the akto repo, create a new branch and commit changes related to running test via the yaml template created in the previous step.
  • Write unit tests to test your changes.
  • Submit both the PRs here.

✌🏻 Hints:
You can build the yaml template by referring this link
You can refer the PR here for changes to be done in akto repo: link

🙋🏼‍♂️ Questions:
If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.
@aktoboy aktoboy added good first issue Good for newcomers feature request Requesting a new feature hackfest Hackathon - 24th march to 3rd april labels Mar 6, 2023
@Ankita28g Ankita28g changed the title ⚡️Write test for executing port scanning via SSRF ⛏️ Write test for executing port scanning via SSRF Mar 6, 2023
@Ankita28g Ankita28g added test SSRF SSRF test labels Mar 8, 2023
This was linked to pull requests Mar 23, 2023
Changes for 2 tests: Port Scanning + Fetch sensitive tests via SSRF #223
Merged
Nuclei templates for port scanning and fetch sensitive files via SSRF akto-api-security/tests-library#13
Closed
@aktoboy aktoboy self-assigned this Mar 23, 2023
@aktoboy aktoboy removed the hackfest Hackathon - 24th march to 3rd april label Mar 23, 2023
@ankush-jain-akto
Copy link
Contributor

This is implemented already. Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aktoboy aktoboy

Labels
feature request Requesting a new feature good first issue Good for newcomers SSRF SSRF test test
Projects
None yet
Milestone
No milestone
3 participants
@ankush-jain-akto @Ankita28g @aktoboy