SSRFmap

SSRFmap is a specialized security tool designed to automate the detection and exploitation of Server Side Request Forgery (SSRF) vulnerabilities. It takes as input a Burp request file and a user-specified parameter to fuzz, enabling you to fast-track the identification of SSRF attack surfaces. It includes multiple exploitation “modules” for common SSRF-based attacks or pivoting techniques, such as DNS zone transfers, MySQL/Postgres command execution, Docker API info leaks, and network scans. Because SSRF often leads to lateral movement or internal network access, SSRFmap is especially useful for red-teamers and pentesters who want to explore chains rather than just the vulnerability surface. The repository also demonstrates a pragmatic mindset; rather than just “find SSRF”, it tries to “exploit SSRF” for impact, helping security testers build full end-to-end workflows.

Features

Accepts Burp request files as fuzzing input
Module-based exploitation for SSRF chains (e.g., DNS AXFR, database RCE)
Parameter fuzzing for user-specified URL parameters
Internal network and port scanning capabilities built-in
Supports exploiting service-APIs (Redis, Docker, MySQL, Postgres) via SSRF pivoting
Command-line driven integration with pentest workflows

Project Samples

Project Activity

See All Activity >

License

MIT License

Follow SSRFmap

SSRFmap Web Site

Other Useful Business Software

Go from Code to Production URL in Seconds

Cloud Run deploys apps in any language instantly. Scales to zero. Pay only when code runs.

Skip the Kubernetes configs. Cloud Run handles HTTPS, scaling, and infrastructure automatically. Two million requests free per month.

Try it free

Rate This Project

User Reviews

Be the first to post a review of SSRFmap!

Additional Project Details

Programming Language

Python

Related Categories

Python Frameworks

Registered

2025-11-04

Similar Business Software

hapi

Build powerful, scalable applications, with minimal overhead and full out-of-the-box functionality, your code, your way. Developed initially to handle Walmart’s Black Friday sales, hapi continues to be the proven choice for enterprise-grade backend needs. When you install hapi, every single line...

See Software
TSQL.APP

TSQL.APP is a web-based SQL platform for building data-driven applications directly within SQL Server. Featuring a built-in IDE, it enables developers to create responsive web apps using SQL for backend logic and UI interactions. Key features include: Dynamic UI Components: Cards represent...

See Software
SvelteKit

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. It addresses common development challenges by providing solutions for routing, server-side rendering, data fetching, service workers, TypeScript integration, and more. SvelteKit apps are...

See Software
ASP.NET

Blazor is a feature of ASP.NET for building interactive web UIs using C# instead of JavaScript. Blazor gives you real .NET running in the browser on WebAssembly. .NET is a developer platform made up of tools, programming languages, and libraries for building many different types of applications....

See Software
Ruby on Rails

Over the past two decades, Rails has taken countless companies to millions of users and billions in market valuations. Over six thousand people have contributed code to Rails, and many more have served the community through evangelism, documentation, and bug reports. Rendering HTML templates,...

See Software
Expo

Expo is an open source platform that enables developers to create universal native apps using React,.It offers a comprehensive ecosystem of tools and services designed to streamline the development, review, and deployment processes. With Expo, developers can initialize new projects or integrate...

See Software