Ssrf

SkillScan

Security scanner and verifier for AI agent tools, MCP servers, and plugins.

Ground Control

A collection of scripts for debugging SSRF, blind XSS, and XXE vulnerabilities

surf

A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.

lorsrf

A fast CLI tool to find SSRF or Out-of-band resource load

sentrySSRF

A tool to search for Sentry config on a page or in JavaScript files and check for blind SSRF

Grafana SSRF

Authenticated SSRF in Grafana

gaussrf

A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.

extended-ssrf-search

A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.

B-XSSRF

A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities

SSRF-Sheriff

A simple SSRF-testing sheriff written in Go

httprebind

Automatic tool for DNS rebinding-based SSRF attacks

SSRFire

Automated SSRF finder with options for XSS and open redirects

Gopherus

A tool for exploiting SSRF and gaining RCE in various servers

SSRFmap

Automatic SSRF fuzzer and exploitation tool

Metabadger

Metabadger automates the upgrade of AWS EC2 instances to use the more secure Instance Metadata Service v2 (IMDSv2) to prevent SSRF attacks and reduce attack surface.

Damn Vulnerable Web Services

An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.

Xtreme Vulnerable Web Application (XVWA)

XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.

Joi Security

A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.