101 Switching Domain: Visit Our Brand New Domain! It's Shorter & More Powerful: blackbird.eu →

Your Advanced SSRF Scanner

Scan for Full as well as Blind SSRF Vulnerabilities

  • All SSRF Types (Full & Blind)
  • Dynamically-Generated Payload Set
  • Integrated Out-of-Band (OOB) Server
  • Scan for SSRF

    Advanced. In so many ways.

    Check out our demo video

    S9R Product Image
    Simulate Penetration Tester's Behaviour
    Perform an automated series of effective tests to identify, exploit and verify an SSRF vulnerability.
    Blazing Fast
    Scan multiple URLs concurrently with our multi-threaded scanners.
    False-Positive Free
    Our integrated <span className='text-indigo-600'>Validator Engine</span> drops false-positive rates to 0%.
    Advanced Payload Set
    With our specially crafted payload list generated for each context, it is more than capable of evading strict patterns and WAF rules.
    Detailed Reports
    Receive detailed reports with actionable steps. Even for edge-cases requiring multiple steps from the end-user, for example a click or a mouse enter event.
    Instant Notifications
    Receive instant notifications once an server-side request forgery vulnerability is discovered. Regardless of the scans' progress status.
    Try S9R

    FAQ

    Frequently asked questions

    S9R is capable of identifying and verifying full server-side request forgery vulnerabilities as well as blind SSRF vulnerabilities.

    Yes, you can manually supply multiple URLs at the same time.

    Additionally, you can also initiate a Deep Scan and automate the whole process from content discovery to scanning for CWE-918!

    Yes it is! You can easily supply request headers (including any authentication headers) to reach parts behind a login form!

    Yes, of course! BLACKBIRD Technologies comes included with your own OOB server for OAST! Everything is managed for you and the setup process only takes less than 30 seconds!

    Contact usScan for SSRF