Automatic SSRF fuzzer and exploitation tool

SSRF (Server Side Request Forgery) testing resources

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

A ruby gem for defending against Server Side Request Forgery (SSRF) attacks

Proof-of-Concept for Server Side Request Forgery (SSRF) in request-baskets (<= v.1.2.1)

An ongoing & curated collection of awesome web vulnerability - Server-side request forgery software practices and remediation, libraries and frameworks, best guidelines and technical resources about SSRF

Module to prevent SSRF when sending requests in NodeJS. Blocks request to local and private IP addresses

A comprehensive browser extension designed for authorized security testing and penetration testing activities. CyberInject provides quick access to common security payloads across multiple vulnerability categories.

Example exploitable scenarios for CVE-2024-22243 affecting the Spring framework (open redirect & SSRF).

CVE-2021-40438 Apache <= 2.4.48 SSRF exploit

this a ssrf scripts

Server-Side Request Forgery (SSRF) protection plugin for HTTPlug

Gopher HTTP requests (POST/GET)

CloudSSRFer tests SSRF on Amazon AWS cloud to extract sensitive information.

Lightweight SSRF (Server-Side Request Forgery) protection for HttpClient in .NET microservices.

Header-based SSRF (scanner-for-debugging) fuzzing utility inspired by a HackerOne Blind SSRF report. Automates injection of Forwarded-type headers, detects time-delay behavior and 429 responses, supports authenticated flows, logs results, and optionally integrates Telegram notifications for controlled security testing.

Merged exploit to abuse SSRF for delivering RCE through websockets.

CVE-2019-9849: Remote bullet graphics retrieved in “stealth mode” in LibreOffice

Spring boot application developed to learn how to use the framework and understand how vulnerabilities are manifested in the application and how to prevent them.

node package to use ssrfproxy.com for protection against server side request forgery