Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF

an exploit of Server-side request forgery (SSRF)

An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.

A Complete SSRF (Server Side Request Forgery) Scanner.

Exploit Code, notes, and resources to accompany PortSwiggers' WebAcademy Labs.

POC for CVE-2021-22214: Gitlab SSRF

Abusing data source creation mechanism to scan hosts in the network

Just an automation of XSS, SSRF, and LFI tester for Web Application

Simple flask app to demonstrate Server-Side Request Forgery (SSRF) attack

SSRF Testing

SSRF stands for Server-Side Request Forgery. It's a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

Server-Side Request Forgery (SSRF) remains one of the most dangerous and evolving attack vectors in cybersecurity. As cloud-native architectures, AI-driven applications, and zero-trust models gain traction, SSRF techniques have adapted to bypass traditional defenses.

An automated tool for discovering vulnerabilities in GraphQL applications through fuzzing techniques, including OS Command Injection and XSS, with a focus on OWASP Top Ten vulnerabilities.