Exploit server-side request forgery
offensive-ssrfskillsetup L2★2,144
SnailSploit/Claude-Red ↗What it does
Exploit SSRF to reach cloud metadata and internal services
Best for
AWS/GCP credential theft via IMDSv1 metadata endpoint and internal database access
Inputs
- · target_endpoint (avatar URL, webhook, proxy)
- · payload (file://, gopher://, cloud metadata IP)
Outputs
- · credentials_stolen (IAM tokens, API keys)
- · internal_data (database contents, private files)
Requires
- · HTTP client
- · Burp Intruder or curl with payload list
Preconditions
SSRF endpoint confirmed, internal network structure known, permission to test
Failure modes
- · Firewall blocks internal requests
- · Cloud metadata service disabled (IMDSv2)
- · URL validation bypasses exhausted
- · OOB channel blocked
Trust signals
- · Cloud metadata endpoint (169.254.169.254:80/latest/meta-data/iam/security-credentials/)
- · Filter bypass payloads (@ double encoding, //, etc.)
- · Gopher protocol for Redis/Memcached exploitation