agent security skill risk: high

SSRF Vulnerability Testing and Reporting Guide

The prompt provides step-by-step instructions to test for Server-Side Request Forgery by identifying URL parameters, probing with cloud metadata and internal service payloads, anal…

Policy sensitive
Human review
External action: high

SKILL 4 files · 2 folders

SKILL.md

Download

---
name: performing-ssrf-vulnerability-exploitation
description: "Test for Server-Side Request Forgery vulnerabilities by probing cloud metadata endpoints, internal network services,"
---
## When to Use

- When conducting security assessments that involve performing ssrf vulnerability exploitation
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing

## Prerequisites

- Familiarity with security operations concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities

## Instructions

1. Install dependencies: `pip install requests`
2. Identify URL parameters in the target application that accept URLs or hostnames.
3. Test SSRF payloads:
- Cloud metadata: `http://169.254.169.254/latest/meta-data/`
- Internal services: `http://127.0.0.1:port/`, `http://10.0.0.1/`
- Protocol handlers: `file:///etc/passwd`, `gopher://`, `dict://`
- Bypass techniques: IP encoding, DNS rebinding, URL redirects
4. Analyze responses for information disclosure or internal access confirmation.
5. Generate a vulnerability assessment report.

```bash
# For authorized penetration testing and lab environments only
python scripts/agent.py --target-url https://app.example.com/fetch?url= --output ssrf_report.json
```

## Examples

### AWS Metadata SSRF
```
GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/
```
If the response contains AWS credentials (AccessKeyId, SecretAccessKey), SSRF is confirmed with critical impact.

INPUTS

target-url REQUIRED

base URL with vulnerable parameter

e.g. https://app.example.com/fetch?url=

REQUIRED CONTEXT

target application URL
authorization for testing

OPTIONAL CONTEXT

lab environment access
specific ports or internal IPs

EXPECTED OUTPUT

Format

json

Constraints

generate vulnerability assessment report
valid JSON only

SUCCESS CRITERIA

Identify URL parameters in the target application that accept URLs or hostnames.
Test SSRF payloads including cloud metadata, internal services, protocol handlers and bypass techniques.
Analyze responses for information disclosure or internal access confirmation.
Generate a vulnerability assessment report.

EXAMPLES

Includes one AWS Metadata SSRF example with sample GET request and success condition.

CAVEATS

Dependencies

Familiarity with security operations concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

Missing context

Exact structure or schema for the vulnerability assessment report
Full list of Python dependencies beyond 'requests'

Ambiguities

The report generation step does not specify desired structure or content details.
'port' in internal services payload is an unspecified placeholder.

QUALITY

OVERALL: 0.70
CLARITY: 0.85
SPECIFICITY: 0.70
REUSABILITY: 0.60
COMPLETENESS: 0.65

IMPROVEMENT SUGGESTIONS

Add a dedicated 'Output Format' section that defines the required structure and fields for ssrf_report.json.
Replace the placeholder 'port' with concrete examples (e.g., 8080, 22, 3306).

USAGE

Copy the prompt above and paste it into your AI of choice — Claude, ChatGPT, Gemini, or anywhere else you're working. Replace any placeholder sections with your own context, then ask for the output.