AllThingsSSRF
This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
Install / Use
/learn @jdonsec/AllThingsSSRFREADME
AllThingsSSRF
This is a collection of writeups, cheatsheets, videos, related to SSRF in one single location
This is currently work in progress I will add more resources as I find them.
Created By @jdonsec
Learn What is SSRF
-
Nahamsec/Daeken - OWNING THE CLOUT THROUGH SSRF AND PDF GENERATORS
-
Orange Tsai A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
-
SaN ThosH SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1
-
SaN ThosH SSRF — Server Side Request Forgery (Types and ways to exploit it) Part-2
Writeups
-
@albinowax Cracking the lens: targeting HTTP's hidden attack-surface [NEW Credit to @atul_hax]
-
@leonmugen: SSRF Reading Local Files from DownNotifier server
-
Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!
-
Day Labs: SSRF attack using Microsoft's bing webmaster central
-
Elber Andre: SSRF Tips SSRF/XSPA in Microsoft’s Bing Webmaster Central
-
Valeriy Shevchenko: SSRF Vulnerability due to Sentry misconfiguration
-
Neeraj Sonaniya: Reading Internal Files using SSRF vulnerability
-
Pratik yadav: Ssrf to Read Local Files and Abusing the AWS metadata
-
Shorebreak Security: SSRF’s up! Real World Server-Side Request Forgery (SSRF)
-
Deepak Holani: Server Side Request Forgery(SSRF){port issue hidden approch }
-
Coen Goedegebure: How I got access to local AWS info via Jira
-
Corben Leo: Hacking the Hackers: Leveraging an SSRF in HackerTarget
-
Orange Tsai: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
-
Peter Adkins: Pivoting from blind SSRF to RCE with HashiCorp Consul
-
Maxime Leblanc: Server-Side Request Forgery (SSRF) Attacks - Part 1: The basics
-
Maxime Leblanc: Server-Side Request Forgery (SSRF) Attacks — Part 2: Fun with IPv4 addresses
-
Maxime Leblanc: Server-Side Request Forgery (SSRF) — Part 3: Other advanced techniques
-
Maxime Leblanc: Privilege escalation in the Cloud: From SSRF to Global Account Administrator
-
Asterisk Labs: Server-side request forgery in Sage MicrOpay ESP
-
Alyssa Herrera: Piercing the Veil: Server Side Request Forgery to NIPRNet access
-
Contribution by $root: Whomai - Harsh Jaiswal: Vimeo SSRF with code execution potential.
Hackerone Reports
-
[228377 SSRF in upload IMG through URL](https://h
Related Skills
qqbot-channel
345.9kQQ 频道管理技能。查询频道列表、子频道、成员、发帖、公告、日程等操作。使用 qqbot_channel_api 工具代理 QQ 开放平台 HTTP 接口,自动处理 Token 鉴权。当用户需要查看频道、管理子频道、查询成员、发布帖子/公告/日程时使用。
docs-writer
100.0k`docs-writer` skill instructions As an expert technical writer and editor for the Gemini CLI project, you produce accurate, clear, and consistent documentation. When asked to write, edit, or revie
model-usage
345.9kUse CodexBar CLI local cost usage to summarize per-model usage for Codex or Claude, including the current (most recent) model or a full model breakdown. Trigger when asked for model-level usage/cost data from codexbar, or when you need a scriptable per-model summary from codexbar cost JSON.
arscontexta
2.9kClaude Code plugin that generates individualized knowledge systems from conversation. You describe how you think and work, have a conversation and get a complete second brain as markdown files you own.
Security Score
Audited on Mar 27, 2026