SSRF Server Side Request Forgery

• SSRFmap - Automatic SSRF fuzzer and exploitation tool

• Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

• ground-control - A collection of scripts that run on my web server. Mainly for debugging SSRF, blind XSS, and XXE vulnerabilities.

• SSRFire - An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects

• httprebind - Automatic tool for DNS rebinding-based SSRF attacks

• ssrf-sheriff - A simple SSRF-testing sheriff written in Go

• B-XSSRF - Toolkit to detect and keep track on Blind XSS, XXE & SSRF

• extended-ssrf-search - Smart ssrf scanner using different methods like parameter brute forcing in post and get...

• gaussrf - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.

• ssrfDetector - Server-side request forgery detector

• grafana-ssrf - Authenticated SSRF in Grafana

• sentrySSRF - Tool to searching sentry config on page or in javascript files and check blind SSRF

• lorsrf - Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods

• singularity - A DNS rebinding attack framework.

• whonow - A "malicious" DNS server for executing DNS Rebinding attacks on the fly (public instance running on rebind.network:53)

• dns-rebind-toolkit - A front-end JavaScript toolkit for creating DNS rebinding attacks.

• dref - DNS Rebinding Exploitation Framework

• rbndr - Simple DNS Rebinding Service

• httprebind - Automatic tool for DNS rebinding-based SSRF attacks

• [dnsFookup](DNS rebinding toolkit) - https://github.com/makuga01/dnsFook