Skip to content
/ CloudSSRFer Public

CloudSSRFer tests SSRF on Amazon AWS cloud to extract sensitive information.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TheWation/CloudSSRFer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
CloudSSRFer.py
CloudSSRFer.py
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CloudSSRFer

made-with-python built-with-love

CloudSSRFer aims to develop a tool that detects SSRF (Server-Side Request Forgery) vulnerabilities in URLs and determines if the target host is hosted on AWS cloud services. The tool will further attempt to extract sensitive data from metadata internal endpoints and display the results in a formatted output.

Features

1. SSRF Vulnerability Detection

The tool will analyze URLs provided by the user and check for SSRF vulnerability. SSRF vulnerabilities occur when an attacker can manipulate a server's request to access internal resources or services.

2. AWS Cloud Services Detection

The tool will identify if the target host is hosted on AWS cloud services. This detection can help in understanding the potential attack surface and the associated risks.

3. Sensitive Data Extraction

If the target host is hosted on AWS cloud services and an SSRF vulnerability is present, the tool will attempt to extract sensitive data from metadata internal endpoints. AWS metadata contains valuable information about the instance, such as access keys, security group configurations, and more.

4. Formatted Output

The tool will provide a formatted output that clearly presents the results. This output can include detailed information about the detected vulnerabilities, AWS services identification, and any extracted sensitive data.

Note

This tool is designed to work exclusively with IMDSv1 (Instance Metadata Service version 1), ensuring compatibility and accurate extraction of sensitive data from metadata internal endpoints.

Usage

Prerequisites

Make sure you have Python 3 installed on your system. You can download Python from the official website: Python.org

  1. Clone the project repository:
git clone https://github.com/TheWation/CloudSSRFer
  1. Navigate to the project directory:
cd CloudSSRFer
  1. Install the required dependencies using pip:
pip install -r requirements.txt
  1. Run the CloudSSRFer script:
python CloudSSRFer.py https://vulnerable.com/?url=

Disclaimer

For educational purposes only. Do not use for illegal activities. Use at your own risk. By using this tool, you agree to comply with all applicable laws and regulations. Unauthorized use is strictly prohibited. Always obtain permission before using this tool. No warranties.

License

CloudSSRFer is made with ♥ by Wation and it's released under the MIT license.

About

CloudSSRFer tests SSRF on Amazon AWS cloud to extract sensitive information.

Topics

aws aws-s3 ssrf server-side-request-forgery

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages