hunt-ssrf
CommunityProve SSRF with OOB validation and impact.
System Documentation
What problem does it solve?
Eliminates false positives in SSRF hunting by enforcing out-of-band proof, then helps you systematically find high-impact SSRF sinks and validate real network reachability.
Core Features & Use Cases
- Out-of-band (OOB) gating for claims: Requires unique collaborator/canary callbacks before concluding SSRF, preventing “echoed URL” misreports.
- Target-focused SSRF hunting: Guides tests for common URL-fetch endpoints (preview, fetch, import, proxy, render, screenshot, export, validate) and JavaScript-driven fetch contexts.
- Cloud and internal pivot prioritization: Emphasizes metadata services (GCP/AWS/Azure), localhost/internal ports, and redirect-based bypasses to quantify blast radius for reporting.
Use case example: If a web app supports “link preview” or “URL import,” use this skill to confirm SSRF via a unique OOB marker and then determine whether it reaches cloud metadata, internal APIs, or headless-rendering network contexts.
Quick Start
Use the hunt-ssrf skill to validate SSRF on your target by planting an OOB callback, sending a URL/payload into the suspected preview or fetch parameter, and only reporting after a confirmed collaborator interaction.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-ssrf Download link: https://github.com/AKasem1/claude-bug-bounty/archive/main.zip#hunt-ssrf Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.