SSRFire - an automated SSRF finder

March 4, 2022
(847 views)

An automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects.

SSRFIRE

Syntax

./ssrfire.sh -d domain.com -s yourserver.com -f custom_file.txt -c cookies

domain.com ---> The domain for which you want to test

yourserver.com ---> Your server which detects SSRF. Eg. Burp collaborator

custom_file.txt ---> Optional argument. You give your own custom URLs instead of using gau

cookies ---> Optional argument. To send requests as an authenticated user

If you don't have burpsuite professional, you can use interact sh by the awesome projectdiscovery team as your server.

Requirements

Since this uses GAU, FFUF, qsreplace and OpenRedirex, you need GO and python 3.7+. You need not have the tools installed, as the script setup.sh will install everything. You just need to install python and GO. Even if you have the tools installed I would highly recommend you to install them again so that there no conflicts while setting the paths.

If you don't want to install the tools again, paste this code in your .profile in your home directory and source .profile them. Also, you have to make a small change in the ssrfire.sh....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.