BlogNews

SSRFire – an automated SSRF finder

An automated SSRF finder. Just give the domain name and your server and chill! 😉 It also has options to find XSS and open redirects.

SSRFIRE

domain.com —> The domain for which you want to test

yourserver.com —> Your server which detects SSRF. Eg. Burp collaborator

custom_file.txt —> Optional argument. You give your own custom URLs instead of using gau

cookies —> Optional argument. To send requests as an authenticated user

If you don’t have burpsuite professional, you can use interact sh by the awesome projectdiscovery team as your server.

https://github.com/lc/gau

ffuf – https://github.com/ffuf/ffuf

qspreplace – https://github.com/tomnomnom/qsreplace

OpenRedireX – https://github.com/devanshbatham/OpenRedireX

Thanks to all the authors of the tools.


Original repository: https://github.com/ksharinarayanan/SSRFire


Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button