surf
Host scanner
A tool that identifies and filters potential Server-Side Request Forgery (SSRF) vulnerabilities in cloud environments by probing external hosts.
Escalate your SSRF vulnerabilities on Modern Cloud Environments. surf allows you to filter a list of hosts, returning a list of viable SSRF candidates.
599 stars
8 watching
42 forks
Language: Go
last commit: almost 2 years ago
Linked from 1 awesome list
vavkamil/awesome-bugbounty-toolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 kathanp19/gaussrf | A tool for identifying potential vulnerabilities in websites by fetching known URLs and filtering out ones with open redirects or SSRF parameters. | 168 |
 emo-crab/observer_ward | A tool for identifying vulnerabilities in web applications and services by analyzing patterns of web servers and services | 1,295 |
 serain/mailspoof | A tool to analyze and report on SPF and DMARC record issues for potential email spoofing vulnerabilities. | 128 |
 ksharinarayanan/ssrfire | An automated tool to discover potential Server-Side Request Forgery (SSRF) vulnerabilities in web applications by scanning the domain for open redirects and testing for cross-site scripting (XSS) | 953 |
 mindpatch/lorsrf | A tool designed to identify parameters in web applications that can be exploited for SSRF or out-of-band resource load attacks. | 291 |
 whwlsfb/log4j2scan | A tool that scans websites for Log4j2 remote code execution vulnerabilities using multiple DNS log platforms and supports various scan types | 776 |
 spidermate/b-xssrf | A toolkit to detect and track vulnerabilities in web applications | 295 |
 damian89/extended-ssrf-search | An SSRF scanner written in Python to identify potential vulnerabilities by scanning predefined settings in URLs and request headers. | 276 |
 moduscreateorg/beep | An account security scanner that detects vulnerabilities in online accounts by hashing credentials and checking against data breaches. | 157 |
 codingo/vhostscan | A tool for discovering and scanning virtual hosts to identify potential vulnerabilities | 1,208 |
 maxcountryman/flask-seasurf | An extension that helps protect against cross-site request forgery attacks in web applications | 190 |
| codingo/reconnoitre | Automates reconnaissance and service enumeration of network hosts to gather information and write recommendations for further testing. | 2,124 |
 r0075h3ll/oralyzer | A tool to identify vulnerabilities in web applications by probing for Open Redirections and other types of attacks. | 758 |
 secdec/attack-surface-detector-burp | Identifies web app endpoints and parameters to help detect vulnerabilities | 98 |
 osamahamad/cve-2020-9484-mass-scan | A tool designed to scan a list of URLs against Apache Tomcat deserialization vulnerabilities that could lead to Remote Code Execution. | 32 |