Lorsrf has been added to scant3r with useful additions (multi http method , multi content-type (json , query , xml , speed , large worlist and more)). Bruteforcing on Hidden parameters to find SSRF vulnerability using GET
and POST
Methods
Install
➜ git clone https://github.com/knassar702/lorsrf
➜ cd lorsrf
➜ sudo pip3 install requests flask
install ngrok tool
Steps
./ngrok http 9090
server.py
script and add ngrok port python3 server.py 9090
lorsrf.py
and add ngrok host using -s
option-s
option (without server.py
file)cat YOUR_LIST.txt | python3 lorsrf.py -t URL_TARGET -s YOUR_HOST -w wordlist.txt
Examples
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io
add threads
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io –threads=50
add timeout
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io —timeout=4
add cookies
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io -c ‘user=5&PHPSESSION=5232’
add headers from text file
$cat headers.txt
Cookie: test=1
Auth: Basic TG9yU3JmCg==
$cat parameters.txt | python3 lorsrf.py -f headers.txt -s ‘http://myhost.com’ -t ‘http://ssrf.hack.com’
GET /?parameter={YOUR_HOST} HTTP/1.1
Host: targer.com
Cookie: test=1
Auth: Basic TG9yU3JmCg==
Follow redirects
$ cat paramters.txt | python3 lorsrf.py -t http://target.com -s http://53252.ngrok.io -r
Testing
python3 lorsrf.py -t ‘http://testphp.vulnweb.com/showimage.php’ -s ‘https://YOUR_HOST.com’ -w parameters.txt
GIF
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…