Top disclosed reports from HackerOne

Automatic SSRF fuzzer and exploitation tool

This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

SSRF (Server Side Request Forgery) testing resources

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Redis 4.x/5.x RCE

Smart context-based SSRF vulnerability scanner.

Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6

CVE-2017-9506 - SSRF

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server

Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)

functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.

an exploit of Server-side request forgery (SSRF)

Burp Extender, ssrf scanner, 自动扫描ssrf漏洞

Burp Suite extension to encode an IP address focused to bypass application IP / domain blacklist.

Automatic Web Vulnerability Scanner.

本脚本旨在生成各类畸形URL链接，进行探测使用的payload，尝试绕过服务端ssrf限制。