An automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to find XSS and open redirects.
Syntax
./ssrfire.sh -d domain.com -s yourserver.com -f custom_file.txt -c cookies
domain.com ---> The domain for which you want to test
yourserver.com ---> Your server which detects SSRF. Eg. Burp collaborator
custom_file.txt ---> Optional argument. You give your own custom URLs instead of using gau
cookies ---> Optional argument. To send requests as an authenticated user
If you don't have burpsuite professional, you can use interact sh by the awesome projectdiscovery team as your server.
Requirements
Since this uses GAU, FFUF, qsreplace and OpenRedirex, you need GO and python 3.7+. You need not have the tools installed, as the script setup.sh will install everything. You just need to install python and GO. Even if you have the tools installed I would highly recommend you to install them again so that there no conflicts while setting the paths.
If you don't want to install the tools again, paste this code in your .profile in your home directory and source .profile them. Also, you have to ..
Support the originator by clicking the read the rest link below.
