Skip to content
Related Articles

Related Articles

See-SURF – Python Based Scanner To Find Potential SSRF Parameters

View Discussion
Improve Article
Save Article
Like Article
  • Last Updated : 27 Jan, 2022

SSRF(Server-side request forgery) is a trending vulnerability identified in most web applications in which attackers can cause server-side applications to make HTTP requests to arbitrary domains or subdomains. See-SURF tool is an automated approach cyber security tool that can find the potential SSRF parameters in the web application by crawling the website. This tool is developed in the Python language and is also available on the GitHub platform for free. This tool can be used as a scanner in the phase of Vulnerability Scanning.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of See-SURF Tool on Kali Linux OS

Step 1: Use the following command to install the tool in your Kali Linux operating system.

git clone https://github.com/In3tinct/See-SURF.git

Step 2: Now use the following command to move into the directory of the tool. You have to move in the directory in order to run the tool.

cd See-SURF

Step 3: You are in the directory of the See-SURF. Now you have to install the BeautifulSoup4 package using the following command.

sudo pip3 install BeautifulSoup4

Step 4: Now you have to install the requests package using the following command

sudo pip3 install requests

Step 5: All the dependencies have been installed in your Kali Linux operating system. Now use the following command to run the tool and check the help section.

python3 see-surf.py --help

Working with See-SURF Tool on Kali Linux OS

Example 1: Run with default threads=10, no cookies/session, and NO verbose mode 

python3 see-surf.py -H https://www.google.com

This is the basic usage of the See-SURF tool.

Example 2: Space separate Cookies can be supplied for an authenticated session crawling 

python3 see-surf.py -H https://www.google.com -c cookie_name1=value1 cookie_name2=value2

We can pass the cookies values in the -c flag.

Example 3: Supplying no. of threads and verbose mode (Verbose Mode Is Not Recommended If You Don’t Want To Spend Longer Time But The Possibility Of Bug Finding Increases)

python3 see-surf.py -H https://www.google.com -c cookie_name1=value1 cookie_name2=value2 -t 20 -v

For getting the output in a more readable format we can use the -v flag.

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!