
lorsrf
Bruteforcing on Hidden parameters to find SSRF vulnerability using GET
and POST
Methods
NOTE
- Lorsrf has been added to scant3r with useful additions (multi http method , multi content-type (json , query , xml , speed , large worlist and more))
- https://github.com/knassar702/scant3r/wiki/lorsrf
Installation
git clone https://github.com/knassar702/lorsrf cd lorsrf sudo pip3 install requests flask
Install NGROK
Steps :
Ngrok
- run your ngrok
./ngrok http 9090
- run
server.py
script and add ngrok portpython3 server.py 9090
- run
lorsrf.py
and add ngrok host using-s
option
requestbin.com
- login to https://requestbin.com
- copy your host and add it by using
-s
option (withoutserver.py
file)
How can i use it .?
cat YOUR_LIST.txt | python3 lorsrf.py -t URL_TARGET -s YOUR_HOST -w wordlist.txt
Click here to more usage demo