See-SURF – Python Based Scanner To Find Potential SSRF Parameters
SSRF(Server-side request forgery) is a trending vulnerability identified in most web applications in which attackers can cause server-side applications to make HTTP requests to arbitrary domains or subdomains. See-SURF tool is an automated approach cyber security tool that can find the potential SSRF parameters in the web application by crawling the website. This tool is developed in the Python language and is also available on the GitHub platform for free. This tool can be used as a scanner in the phase of Vulnerability Scanning.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux
Installation of See-SURF Tool on Kali Linux OS
Step 1: Use the following command to install the tool in your Kali Linux operating system.
git clone https://github.com/In3tinct/See-SURF.git
Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.
Step 3: You are in the directory of the See-SURF. Now you have to install the BeautifulSoup4 package using the following command.
sudo pip3 install BeautifulSoup4
Step 4: Now you have to install the requests package using the following command
sudo pip3 install requests
Step 5: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.
python3 see-surf.py --help
Working with See-SURF Tool on Kali Linux OS
Example 1: Run with default threads=10, no cookies/session, and NO verbose mode
python3 see-surf.py -H https://www.google.com
This is the basic usage of the See-SURF tool.
Example 2: Space separate Cookies can be supplied for an authenticated session crawling
python3 see-surf.py -H https://www.google.com -c cookie_name1=value1 cookie_name2=value2
We can pass the cookies values in the -c flag.
Example 3: Supplying no. of threads and verbose mode (Verbose Mode Is Not Recommended If You Don’t Want To Spend Longer Time But The Possibility Of Bug Finding Increases)
python3 see-surf.py -H https://www.google.com -c cookie_name1=value1 cookie_name2=value2 -t 20 -v
For getting the output in a more readable format we can use the -v flag.