SSRFmap

SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans. Because SSRF often leads to lateral movement or internal network access, SSRFmap is especially useful for red-teamers and pentesters who want to explore chains rather than just the vulnerability surface. The repository also demonstrates a pragmatic mindset; rather than just “find SSRF”, it tries to “exploit SSRF” for impact, helping security testers build full end-to-end workflows.

Features

Accepts Burp request files as fuzzing input
Module-based exploitation for SSRF chains (e.g., DNS AXFR, database RCE)
Parameter fuzzing for user-specified URL parameters
Internal network and port scanning capabilities built-in
Supports exploiting service-APIs (Redis, Docker, MySQL, Postgres) via SSRF pivoting
Command-line driven integration with pentest workflows

Project Samples

Project Activity

See All Activity >

License

MIT License

Follow SSRFmap

SSRFmap Web Site

Other Useful Business Software

Fully Managed MySQL, PostgreSQL, and SQL Server

Automatic backups, patching, replication, and failover. Focus on your app, not your database.

Cloud SQL handles your database ops end to end, so you can focus on your app.

Try Free

Rate This Project

User Reviews

Be the first to post a review of SSRFmap!

Additional Project Details

Programming Language

Python

Related Categories

Python Frameworks

Registered

2025-11-04

Similar Business Software

hapi

Build powerful, scalable applications, with minimal overhead and full out-of-the-box functionality, your code, your way. Developed initially to handle Walmart’s Black Friday sales, hapi continues to be the proven choice for enterprise-grade backend needs. When you install hapi, every single line...

See Software
Ionic

The Ionic Platform allows you to bring your apps to market faster with an integrated app platform built on the leading cross-platform mobile SDK. Build, secure, and deliver new mobile apps—and transform existing ones—across iOS, Android, and Web platforms from a single codebase. Full...

See Software
TSQL.APP

TSQL.APP is a web-based SQL platform for building data-driven applications directly within SQL Server. Featuring a built-in IDE, it enables developers to create responsive web apps using SQL for backend logic and UI interactions. Key features include: Dynamic UI Components: Cards represent...

See Software
SvelteKit

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. It addresses common development challenges by providing solutions for routing, server-side rendering, data fetching, service workers, TypeScript integration, and more. SvelteKit apps are...

See Software
ASP.NET

Blazor is a feature of ASP.NET for building interactive web UIs using C# instead of JavaScript. Blazor gives you real .NET running in the browser on WebAssembly. .NET is a developer platform made up of tools, programming languages, and libraries for building many different types of applications....

See Software
Ruby on Rails

Over the past two decades, Rails has taken countless companies to millions of users and billions in market valuations. Over six thousand people have contributed code to Rails, and many more have served the community through evangelism, documentation, and bug reports. Rendering HTML templates,...

See Software