Open In App

See-SURF – Python Based Scanner To Find Potential SSRF Parameters

Last Updated : 27 Jan, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

SSRF(Server-side request forgery) is a trending vulnerability identified in most web applications in which attackers can cause server-side applications to make HTTP requests to arbitrary domains or subdomains. See-SURF tool is an automated approach cyber security tool that can find the potential SSRF parameters in the web application by crawling the website. This tool is developed in the Python language and is also available on the GitHub platform for free. This tool can be used as a scanner in the phase of Vulnerability Scanning.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of See-SURF Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/In3tinct/See-SURF.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd See-SURF

Step 3: You are in the directory of the See-SURF. Now you have to install the BeautifulSoup4 package using the following command.

sudo pip3 install BeautifulSoup4

Step 4: Now you have to install the requests package using the following command

sudo pip3 install requests

Step 5: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 see-surf.py --help

Working with See-SURF Tool on Kali Linux OS

Example 1: Run with default threads=10, no cookies/session, and NO verbose mode 

python3 see-surf.py -H https://www.google.com

This is the basic usage of the See-SURF tool.

Example 2: Space separate Cookies can be supplied for an authenticated session crawling 

python3 see-surf.py -H https://www.google.com -c cookie_name1=value1 cookie_name2=value2

We can pass the cookies values in the -c flag.

Example 3: Supplying no. of threads and verbose mode (Verbose Mode Is Not Recommended If You Don’t Want To Spend Longer Time But The Possibility Of Bug Finding Increases)

python3 see-surf.py -H https://www.google.com -c cookie_name1=value1 cookie_name2=value2 -t 20 -v

For getting the output in a more readable format we can use the -v flag.


Like Article
Suggest improvement
Next
Dome – Python Script To Obtain Subdomains And Search For Open Ports
Share your thoughts in the comments

Similar Reads

GONET-Scanner - Golang Network Scanner With Arp Discovery And Own Parser
CyberCrowl - Python based Web Path Scanner Tool
FinDOM-XSS - Fast DOM Based XSS Vulnerability Scanner
Droopescan - CMS Based Web Applications Scanner
Jshole - JavaScript Components Vulnerability Scanner, Based On RetireJS
Profil3 - Find Potential Profiles of a Person in Kali Linux
JitterBug - Tool to Search Basic Info, Open Ports and Potential CVE’s
How to see cache statistics in Linux?
Admin-Scanner – Find Admin Panel Of Any Website By Using Custom Wordlist
Making a Port-Scanner in Kali Linux Terminal Using Python

G
gauravgandal
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox