ssrf-testing
SSRF Testing & Prevention
Overview
Find, exploit, and fix Server-Side Request Forgery. SSRF tricks the server into making HTTP requests to unintended destinations -- accessing internal services, cloud metadata, or other systems that the server can reach but the attacker cannot.
Normal flow:
User -> Server -> External API (intended)
SSRF attack:
User sends: url=http://169.254.169.254/latest/meta-data/
Server -> AWS Metadata Service (unintended)
Server returns: IAM credentials, instance info, etc.
Quick Reference
More from lu1sdv/skillsmd
glitchtip
Use when deploying, configuring, integrating, or troubleshooting GlitchTip — including self-hosted installation, SDK setup, source maps, sentry-cli, uptime monitoring, alerting, environment variables, Docker Compose, Helm, social auth, and migration from Sentry
20zeroclaw
Use when building, configuring, deploying, or troubleshooting ZeroClaw AI agent infrastructure — including provider setup, channel binding, memory backends, config.toml authoring, CLI usage, Docker/native runtime, and migration from other agent frameworks
18vuln-research
>
10skillsmp-search
Use when finding, browsing, or installing community skills, or when a needed capability might exist as a marketplace skill. Triggers on "find a skill", "search skills", "install skill", "skillsmp", or "marketplace".
6zero-dof
>
3tavily-web
Web search, content extraction, site crawling, URL discovery, and AI-powered research using Tavily API via curl. Use when user needs web search results, current events, news, finance data, content from URLs, site-wide extraction, or multi-topic research with citations. Trigger phrases: 'search the web', 'find online', 'extract from URL', 'crawl site', 'research topic', 'latest news about', 'web search', 'tavily'.
3