autossrf: Smart context-based SSRF vulnerabiltiy scanner
autoSSRF
autoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools, this one comes with the two following original features :
-
Smart fuzzing on relevant SSRF GET parameters
When fuzzing, autoSSRF only focuses on the common parameters related to SSRF (?url=, ?uri=, ..) and doesn’t interfere with everything else. This ensures that the original URL is still correctly understood by the tested web application, something that might doesn’t happen with a tool that is blindly spraying query parameters.
-
Context-based dynamic payloads generation
For the given URL: https://host.com/?fileURL=https://authorizedhost.com, autoSSRF would recognize authorizedhost.com as a potentially white-listed host for the web application, and generate payloads dynamically based on that, attempting to bypass the white-listing validation. It would result in interesting payloads such as http://authorizedhost.attacker.com, http://authorizedhost%252F@attacker.com, etc.
Furthermore, this tool guarantees almost no false-positives. The detection relies on the great ProjectDiscovery’s interactsh, allowing autoSSRF to confidently identify out-of-band DNS/HTTP interactions.
Install
git clone https://github.com/Th0h0/autossrf.git
cd autossrf
pip install -r requirements.txt
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest
Use
Single URL target:
python3 autossrf.py -u https://www.host.com/?param1=X¶m2=Y¶m2=Z
Multiple URLs target with verbose:
python3 autossrf.py -f urls.txt -v
Copyright (C) 2022 Th0h0
Source: https://github.com/Th0h0/
