hunt-ssrf (Claude-BugHunter)
SSRF-hunting skill from 15 public reports incl. AWS/GCP/Azure metadata and gopher-to-Redis-RCE chains.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for hunt-ssrf (Claude-BugHunter), derived from its capabilities.
AIVSS 8.7 ยท High
View MAESTRO 7-layer threat model โOverview
An offensive skill for hunting Server-Side Request Forgery, built from 15 disclosed reports covering AWS/GCP/Azure metadata SSRF, DNS rebinding, gopher-protocol-to-Redis-RCE, link-preview and headless-browser PDF SSRF chains. Mandates out-of-band Collaborator confirmation for blind cases. Surface: guides crafting SSRF payloads and OOB exfil against live targets.
Key features
- 15 report-derived SSRF patterns
- Cloud metadata + DNS-rebinding + gopher-RCE chains
- Mandatory OOB confirmation for blind SSRF
Use cases
- Test an authorized target for SSRF
- Escalate SSRF to cloud metadata credential theft