reddit hackernews mail facebook facebook linkedin


Checks for SSRF using custom payloads after fetching URLs from sources & applying complex patterns.

SSRFPwned is a Penetration Testing and Bug Bounty Offensive Security Tool that automates the process of testing for Server Side Request Forgery (SSRF) vulnerabilities. SSRF is a type of vulnerability that allows attackers to make unauthorized requests to internal resources of a server by manipulating user-supplied input. SSRFMap automates the testing of thousands of URLs to identify potential SSRF vulnerabilities. It does this by injecting payloads into the query parameters of each URL and checking the response code to determine if a vulnerability exists. The Payloads are custom ones with multiple attack vectors, and you could also add more wordlists in case you want to even test for more, as it will copy the wordlist, merge them then start the attack.

- Automatic testing of thousands of URLs for SSRF vulnerabilities
- Supports multiple sources for URL discovery
- Automatic payload injection into query parameters of each URL
- Customizable payload list for testing specific types of SSRF vulnerabilities
- Supports HTTP and HTTPS protocols
- Provides detailed output including vulnerable URLs and payload used
- Saves results in an easily readable format for further analysis