autoSSRF
autoSSRF is your best ally for identifying SSRF vulnerabilities at scale. Different from other ssrf automation tools, this one comes with the two following original features :
-
Smart fuzzing on relevant SSRF GET parameters
When fuzzing, autoSSRF only focuses on the common parameters related to SSRF (?url=, ?uri=, ..) and doesn’t interfere with everything else. This ensures that the original URL is still correctly understood by the tested web application, something that might doesn’t happen with a tool that is blindly spraying query parameters.
-
Context-based dynamic payloads generation
For the given URL: https://host.com/?fileURL=https://authorizedhost.com, autoSSRF would recognize authorizedhost.com as a potentially white-listed host for the web application, and generate payloads dynamically based on that, attempting to bypass the white-listing validation. It would result in interesting payloads such as http://authorizedhost.attacker.com, http://authorizedhost%252F@attacker.com, etc.
Furthermore, this tool guarantees almost no false-positives. The detection relies on the great ProjectDiscovery’s interactsh, allowing autoSSRF to confidently identify out-of-band DNS/HTTP interactions.
Install
git clone https://github.com/Th0h0/autossrf.git
cd autossrf
pip install -r requirements.txt
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest
Use
Single URL target:
python3 autossrf.py -u https://www.host.com/?param1=X¶m2=Y¶m2=Z
Multiple URLs target with verbose:
python3 autossrf.py -f urls.txt -v
Copyright (C) 2022 Th0h0
Source: https://github.com/Th0h0/
