performing-ssrf-vulnerability-exploitation

$npx mdskill add mukul975/Anthropic-Cybersecurity-Skills/performing-ssrf-vulnerability-exploitation

Exploit SSRF flaws by probing metadata and internal services.

  • Detects unauthorized access to cloud metadata and internal networks.
  • Uses Python requests to probe specific IP addresses and protocols.
  • Tests URL parameters for dangerous schemes like file or gopher.
  • Reports findings through structured security assessment outputs.

SKILL.md

.github/skills/performing-ssrf-vulnerability-exploitationView on GitHub ↗
---
name: performing-ssrf-vulnerability-exploitation
description: >-
  Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints,
  internal network services, and protocol handlers through user-controllable URL parameters.
  Tests AWS/GCP/Azure metadata APIs (169.254.169.254), internal port scanning via HTTP,
  URL scheme bypass techniques, and DNS rebinding detection.
domain: cybersecurity
subdomain: security-operations
tags: [performing, ssrf, vulnerability, exploitation]
version: "1.0"
author: mahipal
license: Apache-2.0
---


## When to Use

- When conducting security assessments that involve performing ssrf vulnerability exploitation
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing

## Prerequisites

- Familiarity with security operations concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities

## Instructions

1. Install dependencies: `pip install requests`
2. Identify URL parameters in the target application that accept URLs or hostnames.
3. Test SSRF payloads:
   - Cloud metadata: `http://169.254.169.254/latest/meta-data/`
   - Internal services: `http://127.0.0.1:port/`, `http://10.0.0.1/`
   - Protocol handlers: `file:///etc/passwd`, `gopher://`, `dict://`
   - Bypass techniques: IP encoding, DNS rebinding, URL redirects
4. Analyze responses for information disclosure or internal access confirmation.
5. Generate a vulnerability assessment report.

```bash
# For authorized penetration testing and lab environments only
python scripts/agent.py --target-url https://app.example.com/fetch?url= --output ssrf_report.json
```

## Examples

### AWS Metadata SSRF
```
GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/
```
If the response contains AWS credentials (AccessKeyId, SecretAccessKey), SSRF is confirmed with critical impact.

More from mukul975/Anthropic-Cybersecurity-Skills

SkillDescription
acquiring-disk-image-with-dd-and-dcflddCreate forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.
analyzing-active-directory-acl-abuseDetect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths
analyzing-android-malware-with-apktoolPerform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.
analyzing-api-gateway-access-logs>
analyzing-apt-group-with-mitre-navigatorAnalyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
analyzing-azure-activity-logs-for-threats>
analyzing-bootkit-and-rootkit-samples>
analyzing-browser-forensics-with-hindsightAnalyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
analyzing-campaign-attribution-evidenceCampaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr
analyzing-certificate-transparency-for-phishingMonitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.