HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

SSRFire: automated SSRF finder

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,456
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
ssrfire.png


SSRFIRE

An automated SSRF finder. Just give the domain name and your server and chill! 😉 It also has options to find XSS and open redirects.

Finding XSS

Warning: This generates a lot of traffic. Do not use this against the sites which you are not authorized to test

This tests all the URLs fetched, and based on how the input is reflected in the response, it adds that particular URL to the output/domain.com/xss-suspects.txt (This may contain false positives)

For further testing, you can input this list to the XSS detection tools like XSStrike to find XSS.
Finding open redirects

Just enter the path to a payload file or use the default payload. I personally prefer openredirex, as it is specifically designed to check for open redirects by loading the URLs from the list and it looks a lot cleaner, and doesn’t flood your terminal.

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top