Server-Side Request Forgery Scanner
Evidence-Based SSRF Vulnerability Scanner
Evidence-Based SSRF Scanning At Scale
With Dynamically-Generated Payload List
Simulate Penetration Tester's Behaviour
Perform an automated series of effective tests to identify, exploit and verify an SSRF vulnerability.
Blazing Fast
Scan multiple URLs concurrently with our multi-threaded scanners.
False-Positive Free
Our integrated <span className='text-indigo-600'>Validator Engine</span> drops false-positive rates to 0%.
Advanced Payload Set
With our specially crafted payload list generated for each context, it is more than capable of evading strict patterns and WAF rules.
Detailed Reports
Receive detailed reports with actionable steps. Even for edge-cases requiring multiple steps from the end-user, for example a click or a mouse enter event.
Instant Notifications
Receive instant notifications once an server-side request forgery vulnerability is discovered. Regardless of the scans' progress status.
FAQ
Frequently asked questions
What types of SSRF can S9R detect?
What types of SSRF can S9R detect?
S9R is capable of identifying and verifying full server-side request forgery vulnerabilities as well as blind SSRF vulnerabilities.
Can I scan multiple URLs at the same time?
Can I scan multiple URLs at the same time?
Yes, you can manually supply multiple URLs at the same time.
Additionally, you can also initiate a Deep Scan and automate the whole process from content discovery to scanning for CWE-918!
Is S9R capable of scanning authenticated parts of my website?
Is S9R capable of scanning authenticated parts of my website?
Yes it is! You can easily supply request headers (including any authentication headers) to reach parts behind a login form!
Does the Out-of-Band Server come with it?
Does the Out-of-Band Server come with it?
Yes, of course! BLACKBIRD Technologies comes included with your own OOB server for OAST! Everything is managed for you and the setup process only takes less than 30 seconds!