michaellrowley/ssrf-detection.go

## ssrf-detection.go
package main

import (
	"fmt"
	"net"
)

// CIDR explanation: https://docs.netgate.com/pfsense/en/latest/network/cidr.html
var localHostnames = []string{
    // https://datatracker.ietf.org/doc/html/rfc5735
    "127.0.0.0/8", // Loopback
    "0.0.0.0/8", // "This" network
    "100.64.0.0/10", // Shared address space
    "169.254.0.0/16", // Link local
    "172.16.0.0/12", // Private-use networks
    "192.0.0.0/24", // IETF Protocol assignments
    "192.0.2.0/24", // TEST-NET-1
    "192.88.99.0/24", // 6to4 Relay anycast
    "192.168.0.0/16", // Private-use networks
    "198.18.0.0/15", // Network interconnect
    "198.51.100.0/24", // TEST-NET-2
    "203.0.113.0/24", // TEST-NET-3
//  "240.0.0.0/4", // Reserved for future use
    "255.255.255.255/32", // Limited broadcast
    // https://datatracker.ietf.org/doc/html/rfc1918
    "10.0.0.0/8", // Private-use networks
    // https://datatracker.ietf.org/doc/html/rfc6890
    "::1/128", // Loopback
    "FC00::/7", // Unique local address
    "FE80::/10", // Multicast address
}

func isPrivateAddress(host string) bool {
	resolvedAddress, dnsError := net.LookupIP(host)
	if dnsError != nil {
		return true
	}
	for _, iterativeAddress := range resolvedAddress {
		for _, localRangeStr := range localHostnames {
		    _, localRange, _ := net.ParseCIDR(localRangeStr)
		    if localRange.Contains(iterativeAddress) {
		        return true
		    }
		}
	}
	return false
}

func main() {
    if isPrivateAddress("::1") {
        fmt.Printf("Invalid address")
    } else {
        fmt.Printf("Valid address")
    }
}
	package main

	import (
	"fmt"
	"net"
	)

	// CIDR explanation: https://docs.netgate.com/pfsense/en/latest/network/cidr.html
	var localHostnames = []string{
	// https://datatracker.ietf.org/doc/html/rfc5735
	"127.0.0.0/8", // Loopback
	"0.0.0.0/8", // "This" network
	"100.64.0.0/10", // Shared address space
	"169.254.0.0/16", // Link local
	"172.16.0.0/12", // Private-use networks
	"192.0.0.0/24", // IETF Protocol assignments
	"192.0.2.0/24", // TEST-NET-1
	"192.88.99.0/24", // 6to4 Relay anycast
	"192.168.0.0/16", // Private-use networks
	"198.18.0.0/15", // Network interconnect
	"198.51.100.0/24", // TEST-NET-2
	"203.0.113.0/24", // TEST-NET-3
	// "240.0.0.0/4", // Reserved for future use
	"255.255.255.255/32", // Limited broadcast
	// https://datatracker.ietf.org/doc/html/rfc1918
	"10.0.0.0/8", // Private-use networks
	// https://datatracker.ietf.org/doc/html/rfc6890
	"::1/128", // Loopback
	"FC00::/7", // Unique local address
	"FE80::/10", // Multicast address
	}

	func isPrivateAddress(host string) bool {
	resolvedAddress, dnsError := net.LookupIP(host)
	if dnsError != nil {
	return true
	}
	for _, iterativeAddress := range resolvedAddress {
	for _, localRangeStr := range localHostnames {
	_, localRange, _ := net.ParseCIDR(localRangeStr)
	if localRange.Contains(iterativeAddress) {
	return true
	}
	}
	}
	return false
	}

	func main() {
	if isPrivateAddress("::1") {
	fmt.Printf("Invalid address")
	} else {
	fmt.Printf("Valid address")
	}
	}