AutoSSRF – Smart Context-based SSRF Vulnerability Scanner


autoSSRF is your best ally for identifying SSRF vulnerability scanner at scale.

Different from other ssrf automation tools, this one comes with the two following original features :

Smart fuzzing on relevant SSRF GET parameters

When fuzzing, autoSSRF only focuses on the common parameters related to SSRF (?url=, ?uri=, ..) and doesn’t interfere with everything else. This ensures that the original URL is still correctly understood by the tested web-application, something that might doesn’t happen with a tool which is blindly spraying query parameters.

Context-based dynamic payloads generation

For the given URL :, autoSSRF would recognize as a potentially white-listed host for the web-application, and generate payloads dynamically based on that, attempting to bypass the white-listing validation.

It would result to interesting payloads such as :, http://authorizedhost%[email protected], etc.

Furthermore, this tool guarantees almost no false-positives. The detection relies on the great ProjectDiscovery’s interactsh, allowing autoSSRF to confidently identify out-of-band DNS/HTTP interactions.


python3 -h

This displays help for the tool.

usage: [-h] [--file FILE] [--url URL] [--output] [--verbose]


-h, --help show this help message and exit
--file FILE, -f FILE file of all URLs to be tested against SSRF
--url URL, -u URL url to be tested against SSRF
--output, -o output file path
--verbose, -v activate verbose mode

Single URL target:

python3 -u

Multiple URLs target with verbose:

python3 -f urls.txt -v


1 – Clone

git clone

2 – Install requirements

Python libraries :

cd autossrf 
pip install -r requirements.txt

Interactsh-Client :

go install -v[email protected]

Download AutoSSRF

Also SEE –

Server Side Request Forgery SSRF Types And Ways To Exploit it (Part-1)

SSRF – Server Side Request Forgery Types And Ways To Exploit It (Part-2)

SSRF King- Burp Suit Plugin To Automates SSRF Detection

Previous Article
Identity Theft Check

How To Identify Who's Stealing Your Identity?

Next Article
Man Writing

7 Essay Writing Software You Need To Try in 2022

Related Posts
%d bloggers like this: