Automatic SSRF fuzzer and exploitation tool
-
Updated
Feb 26, 2025 - Python
#
server-side-request-forgery
Here are 19 public repositories matching this topic...
SSRF (Server Side Request Forgery) testing resources
-
Updated
Oct 12, 2024 - Python
This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
-
Updated
Aug 21, 2023 - PHP
A ruby gem for defending against Server Side Request Forgery (SSRF) attacks
-
Updated
May 10, 2025 - Ruby
Proof-of-Concept for Server Side Request Forgery (SSRF) in request-baskets (<= v.1.2.1)
-
Updated
Aug 9, 2023 - Shell
Module to prevent SSRF when sending requests in NodeJS. Blocks request to local and private IP addresses
nodejs http security block filter requests axios request node-js node-module ssrf preventive-measures server-side-request-forgery ssrf-req-filter
-
Updated
Jul 21, 2025 - JavaScript
An ongoing & curated collection of awesome web vulnerability - Server-side request forgery software practices and remediation, libraries and frameworks, best guidelines and technical resources about SSRF
security cybersecurity vulnerability vulnerabilities vulnerability-detection vulnerability-management server-side vulnerability-assessment ssrf mitigation remediation security-tools server-side-request-forgery
-
Updated
Feb 22, 2022 - Python
Example exploitable scenarios for CVE-2024-22243 affecting the Spring framework (open redirect & SSRF).
url java web spring uri vulnerability ctf ssrf server-side-request-forgery open-redirect cve-2024-22243
-
Updated
Oct 22, 2024 - Java
this a ssrf scripts
http attack scanner scripts python3 fuzzing pentesting ssrf web-scanner server-side-request-forgery out-of-band bug-bounty-hunting oob-attack
-
Updated
Jun 16, 2022 - Python
Server-Side Request Forgery (SSRF) protection plugin for HTTPlug
-
Updated
Jan 6, 2025 - PHP
Gopher HTTP requests (POST/GET)
web hacking penetration-testing bugbounty offensive-security ssrf owasp-top-10 server-side-request-forgery webhacking
-
Updated
Nov 22, 2024 - Python
CloudSSRFer tests SSRF on Amazon AWS cloud to extract sensitive information.
-
Updated
Oct 23, 2023 - Python
A comprehensive browser extension designed for authorized security testing and penetration testing activities. CyberInject provides quick access to common security payloads across multiple vulnerability categories.
extension sql xss cybersecurity penetration-testing bug-bounty sql-injection offensive-security ethical-hacking xss-attacks red-team ssrf lfi server-side-request-forgery cross-site-scripting sql-injection-attacks google-extension vulnerbility cybersecurity-tools cybersecurity-projects
-
Updated
Jul 28, 2025 - HTML
CVE-2019-9849: Remote bullet graphics retrieved in “stealth mode” in LibreOffice
-
Updated
Jun 24, 2024
Spring boot application developed to learn how to use the framework and understand how vulnerabilities are manifested in the application and how to prevent them.
white-box-testing code-review mass-assignment secure-coding server-side-request-forgery crosssitescripting
-
Updated
Sep 8, 2023 - Java
node package to use ssrfproxy.com for protection against server side request forgery
-
Updated
Jun 14, 2023 - TypeScript
The repository includes various vulnerbilities, their types, identification, exploitation and mitigations along with payloads. Includes: Cross-Site Scripting (XSS) SQL Injection (SQLi) Directory Traversal Command Injection
sql-injection directory-traversal command-injection server-side-request-forgery cross-site-scripting cross-site-request-forgery
-
Updated
Sep 18, 2024
Merged exploit to abuse SSRF for delivering RCE through websockets.
proof-of-concept websockets poc rce ssrf havoc server-side-request-forgery remote-code-execution havoc2 havoc-framework
-
Updated
Jun 5, 2025 - Python
Improve this page
Add a description, image, and links to the server-side-request-forgery topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the server-side-request-forgery topic, visit your repo's landing page and select "manage topics."