├── LICENSE
├── README.md
└── images
    ├── new-icon-gif.jpg
    └── ssrf.jpg


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2019 jdonsec
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # AllThingsSSRF
  2 | **This is a collection of writeups, cheatsheets, videos, related to SSRF in one single location**
  3 | 
  4 | This is currently work in progress I will add more resources as I find them.
  5 | 
  6 | ![SSRF Logo](/images/ssrf.jpg)
  7 | 
  8 | ### Created By [@jdonsec](https://twitter.com/jdonsec)
  9 | 
 10 | ---
 11 | #### Learn What is SSRF
 12 | 
 13 | - [Vickie Li: Intro to SSRF](https://medium.com/swlh/intro-to-ssrf-beb35857771f)
 14 | 
 15 | - [Vickie Li: Exploiting SSRFs](https://medium.com/@vickieli/exploiting-ssrfs-b3a29dd7437)
 16 | 
 17 | - [Detectfy - What is server side request forgery (SSRF)?](https://blog.detectify.com/2019/01/10/what-is-server-side-request-forgery-ssrf/)
 18 | 
 19 | - [What is SSRF By Netsparker](https://www.netsparker.com/blog/web-security/server-side-request-forgery-vulnerability-ssrf/)
 20 | 
 21 | - [Hackerone How To: Server-Side Request Forgery(SSRF)](https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF)
 22 | 
 23 | - [Nahamsec/Daeken - OWNING THE CLOUT THROUGH SSRF AND PDF GENERATORS](https://docs.google.com/presentation/d/1JdIjHHPsFSgLbaJcHmMkE904jmwPM4xdhEuwhy2ebvo/edit#slide=id.p)
 24 | 
 25 | - [Orange Tsai A New Era of SSRF - Exploiting URL Parser in
 26 | Trending Programming Languages!](https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf)
 27 | 
 28 | - [Infosec Institute SSRF Introduction](https://resources.infosecinstitute.com/the-ssrf-vulnerability/)
 29 | 
 30 | - [SSRF bible](https://repo.zenk-security.com/Techniques%20d.attaques%20%20.%20%20Failles/SSRFbible%20Cheatsheet.pdf)
 31 | 
 32 | - [Book of Bugbounty Tips](https://gowsundar.gitbook.io/book-of-bugbounty-tips/ssrf)
 33 | 
 34 | - [Cujanovic - SSRF Testing](https://github.com/cujanovic/SSRF-Testing)
 35 | 
 36 | - [EdOverflow - Bugbounty-Cheatsheet](https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/ssrf.md)
 37 | 
 38 | - [@ONsec_lab SSRF pwns: New techniques and stories](https://conference.hitb.org/hitbsecconf2013ams/materials/D1T1%20-%20Vladimir%20Vorontsov%20and%20Alexander%20Golovko%20-%20SSRF%20PWNs%20-%20New%20Techniques%20and%20Stories.pdf)
 39 | 
 40 | - [Swissky - Payload All The Things SSRF](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery)
 41 | 
 42 | - [HAHWUL](https://www.hahwul.com/p/ssrf-open-redirect-cheat-sheet.html)
 43 | 
 44 | - [Acunetix - What is Server Side Request Forgery(SSRF)?](https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/)
 45 | 
 46 | - [xI17dev - SSRF Tips](https://blog.safebuff.com/2016/07/03/SSRF-Tips/)
 47 | 
 48 | - [SaN ThosH SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1](https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978)
 49 | 
 50 | - [SaN ThosH SSRF — Server Side Request Forgery (Types and ways to exploit it) Part-2](https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-2-a085ec4332c0)
 51 | 
 52 | - [AUXY Blog - SSRF in Depth](http://www.auxy.xyz/research/2017/07/06/all-ssrf-knowledge.html)
 53 | 
 54 | - [CTF Wiki -  SSRF Introduction](https://ctf-wiki.github.io/ctf-wiki/web/ssrf/)
 55 | 
 56 | - [Orangetw - CTF SSRF Writeup](https://github.com/orangetw/My-CTF-Web-Challenges/blob/master/README.md#ssrfme)
 57 | 
 58 | 
 59 | #### Writeups
 60 | 
 61 | - [@albinowax Cracking the lens: targeting HTTP's hidden attack-surface](https://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface) [NEW Credit to  @atul_hax]
 62 | 
 63 | - [NoGe: Serer Side Request Forgery (SSRF) Testing](https://medium.com/bugbountywriteup/server-side-request-forgery-ssrf-testing-b9dfe57cca35)
 64 | 
 65 | - [@leonmugen: SSRF Reading Local Files from DownNotifier server](https://www.openbugbounty.org/blog/leonmugen/ssrf-reading-local-files-from-downnotifier-server/)
 66 | 
 67 | - [Fireshell Security Team: SunshineCTF - Search Box Writeup](https://fireshellsecurity.team/sunshinectf-search-box/)
 68 | 
 69 | - [SSRF vulnerability via FFmpeg HLS processing](https://medium.com/@valeriyshevchenko/ssrf-vulnerability-via-ffmpeg-hls-processing-f3823c16f3c7)
 70 | 
 71 | - [Escalating SSRF to RCE](https://medium.com/cesppa/escalating-ssrf-to-rce-f28c482eb8b9)
 72 | 
 73 | - [Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!](https://medium.com/@zain.sabahat/exploiting-ssrf-like-a-boss-c090dc63d326)
 74 | 
 75 | - [Chris Young: SSRF - Server Side Request Forgery](https://chris-young.net/2018/04/13/ssrf-server-side-request-forgery/)
 76 | 
 77 | - [Day Labs: SSRF attack using Microsoft's bing webmaster central](https://blog.0daylabs.com/2015/08/09/SSRF-in-Microsoft-bing/)
 78 | 
 79 | - [Elber Andre:  SSRF Tips SSRF/XSPA in Microsoft’s Bing Webmaster Central](https://medium.com/@elberandre/ssrf-trick-ssrf-xspa-in-microsofts-bing-webmaster-central-8015b5d487fb)
 80 | 
 81 | - [Valeriy Shevchenko: SSRF Vulnerability due to Sentry misconfiguration](https://medium.com/@valeriyshevchenko/ssrf-vulnerability-due-to-sentry-misconfiguration-5e758bdb4e44)
 82 | 
 83 | - [Vickie Li: Bypassing SSRF Protection](https://medium.com/@vickieli/bypassing-ssrf-protection-e111ae70727b)
 84 | 
 85 | - [Vickie Li: SSRF in the Wild](https://medium.com/swlh/ssrf-in-the-wild-e2c598900434)
 86 | 
 87 | - [Tug Pun: From SSRF to Local File Disclosure](https://medium.com/@tungpun/from-ssrf-to-local-file-disclosure-58962cdc589f)
 88 | 
 89 | - [Neeraj Sonaniya: Reading Internal Files using SSRF vulnerability](https://medium.com/@neerajedwards/reading-internal-files-using-ssrf-vulnerability-703c5706eefb)
 90 | 
 91 | - [Pratik yadav: Ssrf to Read Local Files and Abusing the AWS metadata](https://medium.com/@pratiky054/ssrf-to-read-local-files-and-abusing-the-aws-metadata-8621a4bf382)
 92 | 
 93 | - [Shorebreak Security: SSRF’s up! Real World Server-Side Request Forgery (SSRF)](https://www.shorebreaksecurity.com/blog/ssrfs-up-real-world-server-side-request-forgery-ssrf/)
 94 | 
 95 | - [Hack-Ed: A Nifty SSRF Bug Bounty Write Up](https://hack-ed.net/2017/11/07/a-nifty-ssrf-bug-bounty-write-up/)
 96 | 
 97 | - [abcdsh Asis 2019 Quals - Baby SSRF](https://abcdsh.blogspot.com/2019/04/writeup-asis-2019-quals-baby-ssrf.html)
 98 | 
 99 | - [W00troot: How I found SSRF on TheFacebook.com](https://w00troot.blogspot.com/2017/12/how-i-found-ssrf-on-thefacebookcom.html)
100 | 
101 | - [Deepak Holani: Server Side Request Forgery(SSRF){port issue hidden approch }](https://medium.com/@w_hat_boy/server-side-request-forgery-ssrf-port-issue-hidden-approch-f4e67bd8cc86)
102 | 
103 | - [Brett Buerhaus: SSRF Writeups](https://buer.haus/tag/ssrf/)
104 | 
105 | - [GeneralEG: Escalating SSRF to RCE](https://generaleg0x01.com/2019/03/10/escalating-ssrf-to-rce/)
106 | 
107 | - [Coen Goedegebure: How I got access to local AWS info via Jira](https://www.coengoedegebure.com/how-i-got-access-to-local-aws-info-via-jira/)
108 | 
109 | - [Corben Leo: Hacking the Hackers: Leveraging an SSRF in HackerTarget](https://www.corben.io/hackertarget/)
110 | 
111 | - [Orange Tsai: How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!](https://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html)
112 | 
113 | - [Peter Adkins: Pivoting from blind SSRF to RCE with HashiCorp Consul](https://www.kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html)
114 | 
115 | - [pwntester: hackyou2014 Web400 write-up](http://www.pwntester.com/tag/ssrf/)
116 | 
117 | - [Azure Assassin Alliance SSRF Me](https://ctftime.org/writeup/16067)
118 | 
119 | - [003Random’s Blog: H1-212 CTF ~ Write-Up](https://poc-server.com/blog/2017/11/20/h1-212-ctf-write-up/)
120 | 
121 | - [Bubounty POC SSRF Bypass in private website](https://bugbountypoc.com/ssrf-bypass-in-private-website/)
122 | 
123 | - [Peerlyst: Top SSRF Posts](https://www.peerlyst.com/tags/ssrf)
124 | 
125 | - [Elber "f0lds" Tavares: $1.000 SSRF in Slack](https://fireshellsecurity.team/1000-ssrf-in-slack/)
126 | 
127 | - [Kongweinbin: Write-up for Gemini Inc: 1](https://kongwenbin.com/write-up-for-gemini-inc-1/#more-1548)
128 | 
129 | - [LiveOverFlow: SSRF targeting redis for RCE via IPv6/IPv4 address embedding chained with CLRF injection in the git:// protocol.](https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/)
130 | 
131 | - [GitLab SSRF in project integrations (webhook)](https://gitlab.com/gitlab-org/gitlab-ce/issues/53242)
132 | 
133 | - [Maxime Leblanc: Server-Side Request Forgery (SSRF) Attacks - Part 1: The basics](https://medium.com/poka-techblog/server-side-request-forgery-ssrf-attacks-part-1-the-basics-a42ba5cc244a)
134 | 
135 | - [Maxime Leblanc: Server-Side Request Forgery (SSRF) Attacks — Part 2: Fun with IPv4 addresses](https://medium.com/poka-techblog/server-side-request-forgery-ssrf-attacks-part-2-fun-with-ipv4-addresses-eb51971e476d)
136 | 
137 | - [Maxime Leblanc: Server-Side Request Forgery (SSRF) — Part 3: Other advanced techniques](https://medium.com/poka-techblog/server-side-request-forgery-ssrf-part-3-other-advanced-techniques-3f48cbcad27e)
138 | 
139 | - [Maxime Leblanc: Privilege escalation in the Cloud: From SSRF to Global Account Administrator](https://medium.com/poka-techblog/privilege-escalation-in-the-cloud-from-ssrf-to-global-account-administrator-fd943cf5a2f6)
140 | 
141 | - [Asterisk Labs: Server-side request forgery in Sage MicrOpay ESP](https://labs.asteriskinfosec.com.au/tag/ssrf/)
142 | 
143 | - [EdOverflow: Operation FGTNY 🗽 - Solving the H1-212 CTF](https://edoverflow.com/2017/h1-212-ctf/)
144 | 
145 | - [Alyssa Herrera: Piercing the Veil: Server Side Request Forgery to NIPRNet access](https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a)
146 | 
147 | - [Alyssa Herrera: Wappalyzer SSRF Write up](https://medium.com/@alyssa.o.herrera/wappalyzer-ssrf-write-up-2dab4df064ae)
148 | 
149 | - [Contribution by $root: Whomai -  Harsh Jaiswal: Vimeo SSRF with code execution potential.](https://medium.com/@rootxharsh_90844/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e)
150 | 
151 | - [Agarri: Server-side browsing considered harmful](https://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf)
152 | 
153 | #### Hackerone Reports
154 | 
155 | - [#223203 SVG Server Side Request Forgery (SSRF)](https://hackerone.com/reports/223203)
156 | 
157 | - [115857 SSRF and local file read in video to gif converter](https://hackerone.com/reports/115857)
158 | 
159 | - [237381 SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing](https://hackerone.com/reports/237381)
160 | 
161 | - [228377 SSRF in upload IMG through URL](https://hackerone.com/reports/228377)
162 | 
163 | - [302885 ImageMagick GIF coder vulnerability leading to memory disclosure](https://hackerone.com/reports/302885)
164 | 
165 | - [392859 Sending Emails from DNSDumpster - Server-Side Request Forgery to Internal SMTP Access](https://hackerone.com/reports/392859)
166 | 
167 | - [395521 SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS)](https://hackerone.com/reports/395521)
168 | 
169 | - [285380 www.threatcrowd.org - SSRF : AWS private key disclosure](https://hackerone.com/reports/285380)
170 | 
171 | - [287762 SSRF protection bypass](https://hackerone.com/reports/287762)
172 | 
173 | - [115748 SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748)
174 | 
175 | - [508459 SSRF in webhooks leads to AWS private keys disclosure](https://hackerone.com/reports/508459)
176 | 
177 | - [643622 SSRF In Get Video Contents](https://hackerone.com/reports/643622)
178 | 
179 | - [398641 D0nut: SSRF on duckduckgo.com/iu/](https://hackerone.com/reports/398641)
180 | 
181 | - [398799 Jobert Abma (jobert): Unauthenticated blind SSRF in OAuth Jira authorization controller](https://hackerone.com/reports/398799)
182 | 
183 | - [369451 Dylan Katz (plazmaz): SSRF in CI after first run](https://hackerone.com/reports/369451)
184 | 
185 | - [341876 André Baptista (0xacb): SSRF in Exchange leads to ROOT access in all instances](https://hackerone.com/reports/341876)
186 | 
187 | - [374737 ruvlol (ruvlol): Blind SSRF on errors.hackerone.net due to Sentry misconfiguration](https://hackerone.com/reports/374737)
188 | 
189 | - [386292 Elb (elber): Bypass of the SSRF protection in Event Subscriptions parameter](https://hackerone.com/reports/386292)
190 | 
191 | - [411865 Robinooklay: Blind SSRF at https://chaturbate.com/notifications/update_push/](https://hackerone.com/reports/411865)
192 | 
193 | - [517461 Ninja: Blind SSRF/XSPA on dashboard.lob.com + blind code injection](https://hackerone.com/reports/517461)
194 | 
195 | - [410882 Steven Seeley: Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical)](https://hackerone.com/reports/410882)
196 | 
197 | - [395521 Predrag Cujanović: SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS)](https://hackerone.com/reports/395521)
198 | 
199 | - [223203 floyd: SVG Server Side Request Forgery (SSRF)](https://hackerone.com/reports/223203)
200 | 
201 | - [301924 jax: SSRF vulnerability in gitlab.com webhook](https://hackerone.com/reports/301924)
202 | 
203 | - [204513 Skansing: Infrastructure - Photon - SSRF](https://hackerone.com/reports/204513)
204 | 
205 | - [115748 Eugene Farfel: SSRF in https://imgur.com/vidgif/url](https://hackerone.com/reports/115748)
206 | 
207 | - [263169 Tung Pun: New Relic - Internal Ports Scanning via Blind SSRF](https://hackerone.com/reports/263169)
208 | 
209 | - [280511 Suresh Narvaneni: Server Side Request Forgery on JSON Feed](https://hackerone.com/reports/280511)
210 | 
211 | - [281950 Tung Pun: Infogram - Internal Ports Scanning via Blind SSRF](https://hackerone.com/reports/281950)
212 | 
213 | - [289187 Predrag Cujanović: DNS pinning SSRF](https://hackerone.com/reports/289187)
214 | 
215 | - [288183 Dr.Jones: SSRF bypass for https://hackerone.com/reports/285380 (query AWS instance)](https://hackerone.com/reports/288183)
216 | 
217 | - [288537 e3xpl0it: Server Side Request Forgery protection bypass № 2](https://hackerone.com/reports/288537)
218 | 
219 | - [141304 ylujion: Blind SSRF on synthetics.newrelic.com](https://hackerone.com/reports/141304)
220 | 
221 | - [128685 Nicolas Grégoire: SSRF on testing endpoint](https://hackerone.com/reports/128685)
222 | 
223 | - [145524 paglababa: Server side request forgery (SSRF) on nextcloud implementation.](https://hackerone.com/reports/145524)
224 | 
225 | - [115857 Slim Shady: SSRF and local file read in video to gif converter](https://hackerone.com/reports/115857)
226 | 
227 | 
228 | #### Videos/POC
229 | 
230 | - [Black Hat: Viral Video - Exploiting SSRF in Video Converters](https://www.youtube.com/watch?v=tZil9j7TTps&feature=youtu.be)
231 | 
232 | - [Hackerone: Hacker101 - SSRF](https://www.youtube.com/watch?v=66ni2BTIjS8)
233 | 
234 | - [Bugcrowd University: Server Side Request Forgery](https://www.bugcrowd.com/resources/webinars/server-side-request-forgery/)
235 | 
236 | - [Muhammad Junaid: Yahoo SSRF and Local File Disclosure via FFmpeg](https://www.youtube.com/watch?v=3Z_f69OIQuw)
237 | 
238 | - [Muhammad Junaid: Flickr (Yahoo!) SSRF and Local File Disclosure](https://www.youtube.com/watch?v=v3YQqTb5geU)
239 | 
240 | - [Corben Leo: SMTP Access via SSRF in HackerTarget API](https://www.youtube.com/watch?v=F_sC_OrSkIc)
241 | 
242 | - [Nikhil Mittal: HootSuite SSRF Vulnerability POC](https://www.youtube.com/watch?v=L9bGSNmlJXU)
243 | 
244 | - [Hack In The Box Security Conference: HITBGSEC 2017 SG Conf D1 - A New Era Of SSRF - Exploiting Url Parsers - Orange Tsai](https://www.youtube.com/watch?v=D1S-G8rJrEk)
245 | 
246 | - [Crazy Danish Hacker: Server-Side Request Forgery (SSRF) - Web Application Security Series #1](https://www.youtube.com/watch?v=K_ElxRc9LLk)
247 | 
248 | - [LiveOverFlow: PHP include and bypass SSRF protection with two DNS A records - 33c3ctf list0r (web 400)](https://www.youtube.com/watch?v=PKbxK2JH23Y)
249 | 
250 | - [Nahamsec: Owning the Clout through SSRF & PDF Generators - Defcon 27 - (SSRF on ads.snapchat.com)](https://www.youtube.com/watch?v=Gcab8sLBmnk)
251 | 
252 | - [Tutorials Point (India) Pvt. Ltd: Penetration Testing - Server Side Request Forgery (SSRF)](https://www.youtube.com/watch?v=_IVjvNelzMw)
253 | 
254 | - [Hack In The Box Security Conference: HITBGSEC 2017 SG Conf D1 - A New Era Of SSRF - Exploiting Url Parsers - Orange Tsai](https://www.youtube.com/watch?v=D1S-G8rJrEk)
255 | 
256 | - [AppSec EU15 - Nicolas Gregoire - Server-Side Browsing Considered Harmful](https://www.youtube.com/watch?v=8t5-A4ASTIU)
257 | 
258 | #### Tools
259 |  
260 | - [Bcoles - SSRF Proxy](https://bcoles.github.io/ssrf_proxy/)
261 | 
262 | - [Daeken - SSRFTest](https://github.com/daeken/SSRFTest)
263 | 
264 | - [Daeken - httptrebind](https://github.com/daeken/httprebind)
265 | 
266 | #### CTF/Labs
267 | 
268 | - [Bugbounty Notes SSRF Challenge](https://www.bugbountynotes.com/challenge?id=33)
269 | 
270 | - [Portswigger SSRF labs](https://portswigger.net/web-security/ssrf)
271 | 
272 | - [m6a-UdS SSRF Lab](https://github.com/m6a-UdS/ssrf-lab)
273 | 
274 | - [Pentester Lab Pro account: Essential: Server Side Request Forgery 01](https://pentesterlab.com/exercises/ssrf_01/course)
275 | 
276 | - [Pentester Lab Pro account: Essential: Server Side Request Forgery 02](https://pentesterlab.com/exercises/ssrf_02/course)
277 | 
278 | - [Pentester Lab Pro account: Essential: Server Side Request Forgery 03](https://pentesterlab.com/exercises/ssrf_03/course)
279 | 
280 | - [Pentester Lab Pro account: Essential: Server Side Request Forgery 04](https://pentesterlab.com/exercises/ssrf_04/course)
281 | 
282 | - [Se8S0n SSRF Lab Guide](https://se8s0n.github.io/2019/05/19/SSRF-LABS%E6%8C%87%E5%8D%97/)
283 | 


--------------------------------------------------------------------------------
/images/new-icon-gif.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jdonsec/AllThingsSSRF/abb2ed278926456552a1f93c57554ffa13763592/images/new-icon-gif.jpg


--------------------------------------------------------------------------------
/images/ssrf.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jdonsec/AllThingsSSRF/abb2ed278926456552a1f93c57554ffa13763592/images/ssrf.jpg


--------------------------------------------------------------------------------