SSRF

SSRF Cheatsheet

http://localhost:80
http://localhost:443
http://localhost:22

http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22

http://0.0.0.0:80
http://0.0.0.0:443
http://0.0.0.0:22

https://127.0.0.1/
https://localhost/
http://127.1/

http://127.127.127.127
http://127.0.1.3
http://127.0.0.0

https://free-url-shortener.rb.gy/

https://shorter.me/

http://127.0.0.1:1337

You can brute force the port field using burp intruder or any other tool

Last updated 11 months ago

Was this helpful?

http://localhost:80
http://localhost:443
http://localhost:22

http://127.0.0.1:80
http://127.0.0.1:443
http://127.0.0.1:22

http://0.0.0.0:80
http://0.0.0.0:443
http://0.0.0.0:22

https://127.0.0.1/
https://localhost/
http://127.1/

http://127.127.127.127
http://127.0.1.3
http://127.0.0.0

https://free-url-shortener.rb.gy/

https://shorter.me/

http://127.0.0.1:1337

You can brute force the port field using burp intruder or any other tool

- Automatic SSRF fuzzer and exploitation tool
- Generates gopher link for exploiting SSRF and gaining RCE in various servers
- Python based scanner to find potential SSRF parameters
- Simple SSRF-testing sheriff written in Go
- Returns a list of viable SSRF candidates
- A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go.

Last updated 11 months ago

Was this helpful?