一键导入
ssrf
Deep-dive SSRF testing — bypass filters, hit cloud metadata, chain to RCE/credential disclosure. Use when a target parameter clearly accepts a URL or hostname.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Deep-dive SSRF testing — bypass filters, hit cloud metadata, chain to RCE/credential disclosure. Use when a target parameter clearly accepts a URL or hostname.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Insecure-deserialization playbook — fingerprint the language/format (Java serialized, .NET BinaryFormatter, Python pickle, PHP unserialize, Node serialize, YAML/JSON-with-types), then build a working gadget chain with ysoserial / ysoserial.net / phpggc / custom pickle. Use when you see serialized blobs (rO0/AC ED, base64 ViewState, PHP O:) or a parameter/cookie that deserializes user input.
GraphQL pentest playbook — find the endpoint, dump the schema (introspection or field-suggestion fallback), then test for authorization gaps, query batching, alias overload, depth-based DoS, and SQLi/NoSQLi in resolver arguments. Use when the target exposes a /graphql endpoint, GraphiQL, Apollo, or accepts GraphQL queries.
JWT attack playbook — algorithm confusion (alg=none, HS/RS confusion), kid path traversal/SQLi, jku/x5u SSRF, weak HS256 cracking, and embedded JWK trickery. Use when the target uses JWTs for auth (header.payload.signature).
Race condition / TOCTOU playbook — limit overrun (one-time codes used twice, gift cards spent twice), single-packet attack (last-byte sync) to force parallel processing, and state-confusion races (file upload + read, order before payment). Use when timing-sensitive logic could be abused — one-time codes, coupons/gift cards, balance or limit checks, double-spend.
External recon playbook for a web target — subdomain enumeration, live-host probing, tech fingerprinting, and a first pass at content discovery. Use when the user gives you a root domain or apex and wants attack surface mapping.
Server-Side Template Injection — fingerprint the engine first (Jinja2 / Twig / Velocity / Freemarker / ERB / Smarty / Mako / Handlebars / Pug), then escalate the engine-specific primitive to RCE or sandbox escape. Use when user input is reflected through a template engine (Jinja2/Twig/Velocity/Freemarker/ERB/Smarty/Mako/Handlebars/Pug) or {{7*7}} evaluates to 49.
| name | ssrf |
| description | Deep-dive SSRF testing — bypass filters, hit cloud metadata, chain to RCE/credential disclosure. Use when a target parameter clearly accepts a URL or hostname. |
| allowed-tools | ["http","shell","file_write"] |
You suspect a parameter is being fetched server-side. Confirm it, escalate it, prove impact.
Execution rule: use the actual parameter, callback host, and target URL before running commands. Never write literal placeholders such as <endpoint> or <role> to files; if the collaborator/canary host is missing, ask once.
Send the http request with the parameter pointing to:
If the canary fires, you have at minimum a blind SSRF.
Probe how the server validates the URL. For each probe, capture status and body:
http://127.0.0.1, http://localhost, http://0.0.0.0http://[::1], http://[::ffff:127.0.0.1]http://2130706433, http://0177.0.0.1gopher://, file:///etc/passwd, dict://, ftp://Group probes by outcome to fingerprint the parser (Python urllib? Java URL? curl? net/http?).
If you suspect AWS:
GET http://169.254.169.254/latest/meta-data/iam/security-credentials/
GET http://169.254.169.254/latest/meta-data/iam/security-credentials/<role>
If IMDSv2 is enforced, attempt to obtain the token via the same SSRF if the primitive supports headers.
For GCP: http://metadata.google.internal/computeMetadata/v1/ with Metadata-Flavor: Google.
For Azure: http://169.254.169.254/metadata/instance?api-version=2021-02-01 with Metadata: true.
With the SSRF confirmed, sweep common internal ports/paths from the victim's perspective: :80, :443, :6379 (Redis), :9200 (Elastic), :8500 (Consul), :2375 (Docker), :25 (SMTP). Use response time + body fingerprint.
file:// or internal HTTP.Write a report to findings/ssrf-<endpoint>.md with the exact request, the exact response, and the impact you proved. Stop there.