๐Ÿฆธ
PEN TESTING BOOK
  • ๐Ÿ“˜PENETRATION TESTING BOOK
  • โ˜ฎ๏ธPENTESTING PROCESS
    • 1๏ธโƒฃPre-Engagement
    • 2๏ธโƒฃIntelligence Gathering / Reconnaissance
    • 3๏ธโƒฃThreat Modeling
    • 4๏ธโƒฃVulnerability Assessment
    • 5๏ธโƒฃExploitation
    • 6๏ธโƒฃPost-Exploitation
    • 7๏ธโƒฃReporting
  • ๐ŸชŸWindows Privilege Escalation
    • ๐Ÿ› ๏ธWindows Exploit Suggester
    • ๐Ÿ„โ€โ™‚๏ธWindows-Privilege-Escalation
  • ๐ŸงLinux Privilege Escalation
    • ๐Ÿ„โ€โ™€๏ธLInux-Privilege-Escalation
  • ๐ŸงLinux Exploit Development Tools
    • ๐Ÿ”งExploit Development Tools
  • ๐Ÿ•ธ๏ธWeb Application Pentesting
    • ๐Ÿ“ˆgraphql injection
    • ๐Ÿฑcross site scripting
    • ๐Ÿ’‰Command Injection
    • ๐Ÿ—ƒ๏ธfile upload vulnerability
    • ๐Ÿถflask
    • ๐Ÿฆ•idor
    • ๐Ÿ“‚local file inclusion
    • ๐Ÿš›Sensitive Data Exposure Cheat Sheet
    • ๐Ÿดwordpress pentesting
    • โŒxxe attack
    • ๐Ÿ”“Authentication Bypass
    • ๐Ÿ•ธ๏ธWebshells
    • ๐Ÿ‚SSRF
    • ๐Ÿˆโ€โฌ›Git Exposure
    • โœ–๏ธXSS WAF Bypass
    • XPath Injection
  • ๐Ÿ”Reverse Engineering
    • ๐Ÿฒintro to ghidra
  • ๐Ÿฆนโ€โ™‚๏ธNetwork Pentesting 101
    • โ˜ข๏ธRouter Setup
      • Vyatta Router VM Setup Guide
    • ๐Ÿ”ขEnumeration
      • 22, 161, 162 - SSH, SNMP
    • ๐Ÿง™Brute Force Attacks
      • Brute Forcing Cheat sheet
    • ๐Ÿ›‚Post Exploitation
    • Firewall Pentesting
  • ๐Ÿ”…Internet of Things
    • ๐Ÿ“ณEnumerating IoT Devices
    • ๐Ÿ˜ทDissecting Embedded Devices
    • ๐Ÿ‘จโ€๐Ÿ’ปExploiting Embedded Devices
    • ๐ŸŽฎDynamic Analysis with Emulation
    • โ˜ฎ๏ธFirmware Analysis
      • Firmware Analysis
      • Bootloader testing
    • Drone Pentesting
      • Common Attacks
      • Threat Categories
    • Hacking Vending Machines
  • ๐Ÿš”Automotive Pentesting
    • ๐Ÿ”ŒVirtual CAN
      • Dump Traffic
  • ๐Ÿ—ณ๏ธContainer Pentesting
    • ๐Ÿณdocker pentesting
    • ๐Ÿ‹docker container escape
    • ๐Ÿ‹Docker CVE's
    • โ˜ธ๏ธkubernetes pentesting
  • ๐ŸŒ†SMART CITY PENTESTING
    • โ™พ๏ธProtocols
      • LoRa-WAN
  • ๐ŸชฆACTIVE DIRECTORY PENTESTING
    • ๐ŸŒŒActive Directory Post Exploitation
  • โ˜„๏ธCommand and Control
    • ๐ŸŒฉ๏ธC2 In The Cloud
    • ๐Ÿ”C2 HTTP Redictor
    • โ˜ธ๏ธHavoc C2
    • โ›ŽSliver C2
  • ๐Ÿฆ‹PENTESTING CISCO DEVICES
    • ๐Ÿ”ฆCisco-Torch : Enumeration
    • ๐Ÿ”“Password Attack (Type 5)
  • RED TEAMING
    • ๐Ÿฆ•Initial Access
      • โš”๏ธWeaponization
Powered by GitBook
On this page
  • SSRF Cheatsheet
  • Using localhost
  • Using 127.0.0.1
  • Using 0.0.0.0
  • Filter Bypass
  • Bypass Localhost with CIDR
  • Bypass using URL Shortners
  • Brutefoce Ports
  • Tools
  • REFERENCES

Was this helpful?

  1. Web Application Pentesting

SSRF

SSRF Cheatsheet

Using localhost

http://localhost:80
http://localhost:443
http://localhost:22

Using 127.0.0.1

http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22

Using 0.0.0.0

http://0.0.0.0:80
http://0.0.0.0:443
http://0.0.0.0:22

Filter Bypass

https://127.0.0.1/
https://localhost/
http://127.1/

Bypass Localhost with CIDR

http://127.127.127.127
http://127.0.1.3
http://127.0.0.0

Bypass using URL Shortners

https://free-url-shortener.rb.gy/

https://shorter.me/

Brutefoce Ports

http://127.0.0.1:1337

You can brute force the port field using burp intruder or any other tool

Tools

  • swisskyrepo/SSRFmap - Automatic SSRF fuzzer and exploitation tool

  • tarunkant/Gopherus - Generates gopher link for exploiting SSRF and gaining RCE in various servers

  • In3tinct/See-SURF - Python based scanner to find potential SSRF parameters

  • teknogeek/SSRF Sheriff - Simple SSRF-testing sheriff written in Go

  • assetnote/surf - Returns a list of viable SSRF candidates

  • dwisiswant0/ipfuscator - A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go.

REFERENCES

  • https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md#tools

  • https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery

  • https://portswigger.net/web-security/ssrf

  • https://shorter.me/

  • https://free-url-shortener.rb.gy/

PreviousWebshellsNextGit Exposure

Last updated 11 months ago

Was this helpful?

๐Ÿ•ธ๏ธ
๐Ÿ‚