Stats
Actions
Tags
From find-cve-agent
Detects Server-Side Request Forgery (SSRF) vulnerabilities where user-controlled URLs access internal services, cloud metadata, or bypass networks in JS/TS, Python, Go, Ruby code. Audits webhooks, URL previews, imports.
How this skill is triggered — by the user, by Claude, or both
Slash command
/find-cve-agent:ssrfThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit webhook handlers, URL preview generators, import-from-URL features, image proxy endpoints, PDF generators that fetch remote resources, and any endpoint that makes HTTP requests based on user-supplied URLs.
Audit webhook handlers, URL preview generators, import-from-URL features, image proxy endpoints, PDF generators that fetch remote resources, and any endpoint that makes HTTP requests based on user-supplied URLs.
# JavaScript
grep -rn "fetch(\|axios\|got(\|node-fetch\|http\.get\|https\.get\|request(" .
grep -rn "urllib\|url\.parse\|new URL(" .
# Python
grep -rn "requests\.get\|requests\.post\|urllib\.request\|urlopen\|httpx" .
# Go
grep -rn "http\.Get\|http\.Post\|http\.NewRequest\|httpClient" .
# Ruby
grep -rn "Net::HTTP\|open-uri\|Faraday\|HTTParty\|RestClient" .
Trace the URL parameter backwards:
grep -rn "isPrivate\|isInternal\|isLocalhost\|blocked\|allowlist\|blocklist" .
grep -rn "127\.0\.0\.1\|0\.0\.0\.0\|169\.254\|10\.\|172\.16\|192\.168" .
Common bypass techniques:
2130706433 = 127.0.0.10x7f000001 = 127.0.0.10177.0.0.1 = 127.0.0.1::ffff:127.0.0.1::1, 0:0:0:0:0:0:0:1http://127%2e0%2e0%2e10.0.0.0 on some systems maps to localhostlocaltest.me resolves to 127.0.0.1Dangerous protocols beyond http/https:
file:///etc/passwd -- local file readgopher:// -- arbitrary TCP data (SSRF amplifier)dict:// -- dictionary service probeftp:// -- FTP data exfiltrationIf the target runs on cloud infrastructure:
http://169.254.169.254/latest/meta-data/iam/security-credentials/http://metadata.google.internal/computeMetadata/v1/http://169.254.169.254/metadata/instancehttp://169.254.169.254/metadata/v1/npx claudepluginhub byamb4/find-cve-agentDetects SSRF vulnerabilities in HTTP requests to user-controlled URLs. Invoke when implementing webhook receivers, URL preview features, or proxying user-supplied URLs.
Analyzes PHP code for SSRF vulnerabilities. Detects unvalidated URLs, internal network access, DNS rebinding, cloud metadata access, URL parsing bypasses. Use for PHP web app security audits.
Tests for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal services, and protocol handlers. Useful for security assessments and penetration testing.