A hands-on SSRF (Server-Side Request Forgery) practice lab featuring 4 levels of flags for students to explore and exploit vulnerabilities. - mhrrmlixdic6-eng/ssrf.lab

Self-hosted MCP server for HermitHost — fs, http, and shell tools with SSRF protection and API-key auth - rdemeritt/pagurus

SSRF testing. Contribute to akashp49/SSRF_listener development by creating an account on GitHub.

An example vulnerable app (SSRF) with Laravel PHP web framework - lirantal/vulnerable-php-laravel

graphql ssrf. Contribute to itsgaldoron/graphql-ssrf-poc-1778715779 development by creating an account on GitHub.

Practical, code-first checklist for hardening REST APIs — auth, RBAC, input validation, webhooks, SSRF. Companion to my OWASP SaaS Hardening Guide. - batuhan-satilmis/api-security-checklist

Block the injection bugs LLMs ship past green tests — static taint analysis for Python, covering SQLi, command injection, SSRF, path traversal, XXE, and template injection. - nchantarotwong/heatche...

Neutrx is a security-first TypeScript HTTP client for Node.js. It keeps the daily API simple like axios while adding safer defaults: SSRF guardrails, input/output sanitization, retries, circuit bre...

OOB verifier for GHSA-c4j6-fc7j-m34r / CVE-2026-44578 (Next.js WebSocket-upgrade SSRF) - panchocosil/verify-ghsa-c4j6-fc7j-m34r

Advanced SSRF detection and exploitation framework — bypass payloads, cloud metadata harvesting, internal port scanning, gopher/dict/ldap attacks, and JSON reporting. - TheMursalin/SSRFKiller

A structured collection of my PortSwigger Web Security Academy lab writeups, organized by web attack categories such as SQL Injection, CSRF, XSS, SSRF, Authentication, Access Control, and more. Inc...

SEO auditor service written with huma (go) and nextjs - rizl123/seo_auditor

High-performance, hardened scraper microservice for Romanian municipal documents. Designed for multi-tenant production deployment with SSRF protection and async architecture. - lates-codrin/microse...

Hands-on web security practice including XSS, IDOR, SSRF, CSRF, JWT, and API testing labs. - satish-ayyaluri/portswigger

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically. -...

Contribute to KaatneWalaKutta/ssrfquestions development by creating an account on GitHub.

Hands-on web security practice including XSS, IDOR, SSRF, CSRF, JWT, and API testing labs. - akash9533/portswigger

Capture HTTP requests with ease! Create a private bucket, capture requests, and analyze the results. Useful for security and E2E testing. - seanmarpo/request-catcher

IDS Cybersecurity Training Labs - XSS, LFI, File Handling, SSRF, SQLi, and more - netracyber/ids-labs

Technical writeup of an SSRF vulnerability found on the utils.edu.stf node. Demonstrates exploitation via an unvalidated PDF conversion service to access internal network resources. - muhashali/wri...