Ssrf

SSRFire

Automated SSRF finder with options for XSS and open redirects

gaussrf

A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.

httprebind

Automatic tool for DNS rebinding-based SSRF attacks

surf

A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.

extended-ssrf-search

A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.

SSRFmap

Automatic SSRF fuzzer and exploitation tool

sentrySSRF

A tool to search for Sentry config on a page or in JavaScript files and check for blind SSRF

SSRF-Sheriff

A simple SSRF-testing sheriff written in Go

lorsrf

A fast CLI tool to find SSRF or Out-of-band resource load

B-XSSRF

A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities

Damn Vulnerable Web Services

An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.

Grafana SSRF

Authenticated SSRF in Grafana

Gopherus

A tool for exploiting SSRF and gaining RCE in various servers

Xtreme Vulnerable Web Application (XVWA)

XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.

Ground Control

A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities

Metabadger

Metabadger automates the upgrade of AWS EC2 instances to use the more secure Instance Metadata Service v2 (IMDSv2) to prevent SSRF attacks and reduce attack surface.

Joi Security

A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.