SSRF payload generator which takes an IPv4 address as input and outputs notation variants of that same address (e.g. shorthand notation, decimal etc). Other features include:
- Generation of bypass/redirection-related SSRF payloads using an expected allow-listed domain (
-a) as input. - Generate payloads with less-common URI schemes (
-sG) using irsdl's source of Windows-centric schemes, IANA official schemes and unofficial-but-seen URIs referenced here. - Include common cloud-related endpoints in payload outputs (using cujanovic's curated cloud-metadata.txt list), even if unrelated to original IP address input.
Basic usage is as follows:
./ssrf-payload-generator.py -i 127.0.0.1The --cloud_payloads (-cP) and --scheme_generation (-sG) features depend on files included in this script's root directory (cloud-payloads.txt and schemes.txt).
Huge thanks to cujanovic for their excellent SSRF-Testing repository; this tool builds upon the ip.py script and other references from that repo.