incredibleindishell/SSRF_Vulnerable_Lab external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

incredibleindishell/SSRF_Vulnerable_Lab

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/incredibleindishell/SSRF_Vulnerable_Lab)

Close

incredibleindishell / SSRF_Vulnerable_LabView on GitHubMore

• External links
• Readme badge

This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

☆762Aug 21, 2023Updated 2 years ago

Alternatives and similar repositories for SSRF_Vulnerable_Lab

Users that are interested in SSRF_Vulnerable_Lab are comparing it to the libraries listed below

• jdonsec / AllThingsSSRF

  View on GitHub
  This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
  ☆1,361Jan 24, 2021Updated 5 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,483Oct 12, 2024Updated last year
• incredibleindishell / CORS-vulnerable-Lab

  View on GitHub
  Sample vulnerable code and its exploit code
  ☆190Mar 14, 2021Updated 4 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,774Apr 26, 2024Updated last year
• swisskyrepo / SSRFmap

  View on GitHub
  Automatic SSRF fuzzer and exploitation tool
  ☆3,487Sep 4, 2025Updated 5 months ago
• m6a-UdS / ssrf-lab

  View on GitHub
  Lab for exploring SSRF vulnerabilities
  ☆247May 30, 2021Updated 4 years ago
• dogangcr / vulnerable-sso

  View on GitHub
  vulnerable single sign on
  ☆150Aug 1, 2024Updated last year
• teknogeek / ssrf-sheriff

  View on GitHub
  A simple SSRF-testing sheriff written in Go
  ☆336Oct 31, 2024Updated last year
• In3tinct / See-SURF

  View on GitHub
  Security tool (now AI powered 🤖) to find potential vulnerable Server Side Request Forgery (SSRF) parameters.
  ☆355Feb 13, 2026Updated 2 weeks ago
• tarunkant / Gopherus

  View on GitHub
  This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
  ☆3,302Apr 18, 2023Updated 2 years ago
• jaeles-project / jaeles

  View on GitHub
  The Swiss Army knife for automated Web Application Testing
  ☆2,322May 8, 2024Updated last year
• snoopysecurity / awesome-burp-extensions

  View on GitHub
  A curated list of amazingly awesome Burp Extensions
  ☆3,369Feb 17, 2026Updated last week
• enjoiz / XXEinjector

  View on GitHub
  Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
  ☆1,710Dec 1, 2024Updated last year
• ZeddYu / HTTP-Smuggling-Lab

  View on GitHub
  Use HTTP Smuggling Lab to learn HTTP Smuggling.
  ☆346Nov 20, 2022Updated 3 years ago
• GrrrDog / Java-Deserialization-Cheat-Sheet

  View on GitHub
  The cheat sheet about Java Deserialization vulnerabilities
  ☆3,164May 26, 2023Updated 2 years ago
• SpiderMate / B-XSSRF

  View on GitHub
  Toolkit to detect and keep track on Blind XSS, XXE & SSRF
  ☆293Aug 23, 2019Updated 6 years ago
• RenwaX23 / XSS-Payloads

  View on GitHub
  List of XSS Vectors/Payloads
  ☆1,364Jan 14, 2026Updated last month
• s0md3v / Arjun

  View on GitHub
  HTTP parameter discovery suite.
  ☆6,091Feb 20, 2025Updated last year
• GerbenJavado / LinkFinder

  View on GitHub
  A python script that finds endpoints in JavaScript files
  ☆4,286Apr 13, 2024Updated last year
• c0ny1 / xxe-lab

  View on GitHub
  一个包含php,java,python,C#等各种语言版本的XXE漏洞Demo
  ☆816Nov 28, 2022Updated 3 years ago
• nccgroup / BurpSuiteHTTPSmuggler

  View on GitHub
  A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
  ☆736May 4, 2019Updated 6 years ago
• 1N3 / IntruderPayloads

  View on GitHub
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,901Sep 27, 2021Updated 4 years ago
• ssl / ezXSS

  View on GitHub
  ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
  ☆2,244Jan 8, 2026Updated last month
• 0xInfection / Awesome-WAF

  View on GitHub
  Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥
  ☆7,372Aug 28, 2025Updated 6 months ago
• gwen001 / pentest-tools

  View on GitHub
  A collection of custom security tools for quick needs.
  ☆3,284May 1, 2023Updated 2 years ago
• epinna / tplmap

  View on GitHub
  Server-Side Template Injection and Code Injection Detection and Exploitation Tool
  ☆4,120Apr 21, 2024Updated last year
• PortSwigger / http-request-smuggler

  View on GitHub
  ☆1,187Jan 21, 2026Updated last month
• luisfontes19 / xxexploiter

  View on GitHub
  Tool to help exploit XXE vulnerabilities
  ☆590Feb 4, 2023Updated 3 years ago
• ameenmaali / qsfuzz

  View on GitHub
  qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
  ☆303Feb 12, 2023Updated 3 years ago
• m4ll0k / Atlas

  View on GitHub
  Quick SQLMap Tamper Suggester
  ☆1,395Jul 18, 2022Updated 3 years ago
• jbarone / xxelab

  View on GitHub
  A simple web app with a XXE vulnerability.
  ☆231Nov 10, 2021Updated 4 years ago
• securityidiots / CollabOzark

  View on GitHub
  CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.
  ☆135Sep 25, 2019Updated 6 years ago
• gquere / pwn_jenkins

  View on GitHub
  Notes about attacking Jenkins servers
  ☆2,090Jul 10, 2024Updated last year
• cujanovic / Open-Redirect-Payloads

  View on GitHub
  Open Redirect Payloads
  ☆654Oct 12, 2024Updated last year
• streaak / keyhacks

  View on GitHub
  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  ☆6,075Aug 14, 2024Updated last year
• RhinoSecurityLabs / SleuthQL

  View on GitHub
  Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
  ☆469Nov 14, 2019Updated 6 years ago
• orangetw / awesome-jenkins-rce-2019

  View on GitHub
  There is no pre-auth RCE in Jenkins since May 2017, but this is the one!
  ☆607May 17, 2019Updated 6 years ago
• fcavallarin / domdig

  View on GitHub
  DOM XSS scanner for Single Page Applications
  ☆416Nov 15, 2025Updated 3 months ago
• daeken / httprebind

  View on GitHub
  Automatic tool for DNS rebinding-based SSRF attacks
  ☆304Aug 21, 2020Updated 5 years ago