SSRFmap

Automatic SSRF fuzzer and exploitation tool

Description

SSRFmap automates the process of detecting and exploiting SSRF vulnerabilities. It includes multiple exploitation modules for internal service discovery and data exfiltration.

Installation

BASH

                            git clone https://github.com/swisskyrepo/SSRFmap.git
cd SSRFmap
pip install -r requirements.txt
                        

Basic Usage

BASH

                            # Detect and exploit SSRF
python ssrfmap.py -r request.txt -p url -m portscan
python ssrfmap.py -r request.txt -p url -m readfiles
                        

Advanced Usage

BASH

                            # Available modules: portscan, readfiles, redis, mysql, fastcgi, memcache, smtp, docker, github
python ssrfmap.py -r request.txt -p url -m redis
python ssrfmap.py -r request.txt -p url -m fastcgi
                        

Back to Exploitation