ssrf-to-internal-service-breach
OfficialProve SSRF reaches internal services
Legal & Compliance#ssrf#cloud metadata#cwe-918#vulnerability reporting#credential exposure#internal services#oast
Authorvigolium
Version1.0.0
Installs0
System Documentation
What problem does it solve?
SSRF findings often stop at “the app fetches a user-supplied URL,” but that does not prove real internal exposure or impact.
Core Features & Use Cases
- Confirm egress with OAST: Detect whether the server can reach your controlled endpoint over HTTP or DNS so you can reliably determine SSRF reality.
- Escalate to high-value internal targets: Probe common metadata services and internal-only ports/services to turn a suspected SSRF into a measurable breach.
- Extract and report impact responsibly: Capture one concrete high-value artifact (e.g., masked credential or token) and report severity sized to the highest-value asset reached.
Quick Start
Use the skill to confirm SSRF outbound reachability with an OAST canary, then pivot to cloud metadata and internal services to report the highest-value accessible impact.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ssrf-to-internal-service-breach Download link: https://github.com/vigolium/vigolium/archive/main.zip#ssrf-to-internal-service-breach Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.