ssrfuzz
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities
Details
Category: Vulnerabilities
Publisher: trickest-mhmdiaa
Created Date: 2/5/2022
Container: quay.io/trickest/ssrfuzz:34f0e89
Source URL: https://github.com/ryandamour/ssrfuzz
Parameters
delay
string
Command:
--delay
- The time each threads waits between requests in milliseconds (default 100)cookie
string
Command:
--cookie
- Cookie to use for requeststhreads
string
Command:
--threads
- Number of threads to run ssrfuzz on (default 50)timeout
string
Command:
--timeout
- The amount of time needed to close a connection that could be hung (default 10)verbose
string
Command:
--verbose
- Verbose outputcrlf-path
string
Command:
--crlf-path
- Add CRLF payloads to all available paths (ie: site.com/%0Atest.php)skip-crlf
boolean
Command:
--skip-crlf
- Skip CRLF fuzzinghttp-method
string
Command:
--http-method
- HTTP Method - GET or POST (default GET)skip-scheme
boolean
Command:
--skip-scheme
- Skip scheme fuzzingskip-network
boolean
Command:
--skip-network
- Skip network fuzzingslack-webhook
string
Command:
--slack-webhook
- Slack webhook to send findings to a channeltarget-domains
file
requiredCommand:
--domains
- Location of domains with PARAMETERS to scancustom-user-agent
string
Command:
--user-agent
- User agent for requests (default Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36)