Skip to content

defensahacker/nodessrf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gcloudignore
.gcloudignore
 
 
.gitattributes
.gitattributes
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
app.yaml
app.yaml
 
 
package.json
package.json
 
 
server.js
server.js
 
 

Repository files navigation

nodessrf

Simple and vulnerable NodeJS app prone to Server Side Request Forgery (SSRF)

Usage

You can easily deploy it in your machine if you have Node.js already installed:

git clone https://github.com/defensahacker/nodessrf.git
cd nodessrf
npm install
npm start

Otherwise, run it on Google Cloud to fully understand the potential of SSRF with these commands:

$ gcloud init
$ gcloud projects create ssrf-lab$RANDOM
$ gcloud config set project ssrf-lab$RANDOM
$ gcloud projects describe ssrf-lab$RANDOM
$ gcloud app create --project=ssrf-lab$RANDOM
$ gcloud app deploy
$ gcloud app logs tail

Just to clarify, substitute $RANDOM for some unique string :)

About

Lab to understand and test SSRF attacks

pentestwiki.org/types-of-web-application-attacks/#ssrf-attacks

Topics

hacking pentesting bugbounty pentest-tool

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages