SSRFire - an automated SSRF finder

March 4, 2022

An automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects.



./ -d -s -f custom_file.txt -c cookies ---> The domain for which you want to test ---> Your server which detects SSRF. Eg. Burp collaborator

custom_file.txt ---> Optional argument. You give your own custom URLs instead of using gau

cookies ---> Optional argument. To send requests as an authenticated user

If you don't have burpsuite professional, you can use interact sh by the awesome projectdiscovery team as your server.


Since this uses GAU, FFUF, qsreplace and OpenRedirex, you need GO and python 3.7+. You need not have the tools installed, as the script will install everything. You just need to install python and GO. Even if you have the tools installed I would highly recommend you to install them again so that there no conflicts while setting the paths.

If you don't want to install the tools again, paste this code in your .profile in your home directory and source .profile them. Also, you have to make a small change in the

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.