Add file
This commit is contained in:
Laurent Destailleur
parent
5744b1e0a3
commit
9f0ca6f6fc
90
htdocs/core/data/cloud_metadata_for_ssrf_test.txt
Normal file
90
htdocs/core/data/cloud_metadata_for_ssrf_test.txt
Normal file
@ -0,0 +1,90 @@
|
||||
## This file is a list of predefined URLs to block when trying to access them from the application (in case
|
||||
## of application is used to get metadata).
|
||||
## Found at https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb
|
||||
|
||||
## IPv6 Tests
|
||||
http://[::ffff:169.254.169.254]
|
||||
http://[0:0:0:0:0:ffff:169.254.169.254]
|
||||
|
||||
## AWS
|
||||
# Amazon Web Services (No Header Required)
|
||||
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories
|
||||
http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy
|
||||
http://169.254.169.254/latest/user-data
|
||||
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
|
||||
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
|
||||
http://169.254.169.254/latest/meta-data/ami-id
|
||||
http://169.254.169.254/latest/meta-data/reservation-id
|
||||
http://169.254.169.254/latest/meta-data/hostname
|
||||
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
|
||||
http://169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key
|
||||
|
||||
# ECS Task : https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint-v2.html
|
||||
http://169.254.170.2/v2/credentials/
|
||||
|
||||
## Google Cloud (Header Sometimes Required)
|
||||
# https://cloud.google.com/compute/docs/metadata
|
||||
# - Requires the header "Metadata-Flavor: Google" or "X-Google-Metadata-Request: True" on API v1
|
||||
# - Most endpoints can be accessed via the v1beta API without a header
|
||||
http://169.254.169.254/computeMetadata/v1/
|
||||
http://metadata.google.internal/computeMetadata/v1/
|
||||
http://metadata/computeMetadata/v1/
|
||||
http://metadata.google.internal/computeMetadata/v1/instance/hostname
|
||||
http://metadata.google.internal/computeMetadata/v1/instance/id
|
||||
http://metadata.google.internal/computeMetadata/v1/project/project-id
|
||||
# kube-env; thanks to JackMc for the heads up on this (https://hackerone.com/reports/341876)
|
||||
http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env
|
||||
# Google allows recursive pulls
|
||||
http://metadata.google.internal/computeMetadata/v1/instance/disks/?recursive=true
|
||||
# returns root password for Google
|
||||
http://metadata.google.internal/computeMetadata/v1beta1/instance/attributes/?recursive=true&alt=json
|
||||
|
||||
## Digital Ocean (No Header Required)
|
||||
# https://developers.digitalocean.com/documentation/metadata/
|
||||
http://169.254.169.254/metadata/v1.json
|
||||
http://169.254.169.254/metadata/v1/
|
||||
http://169.254.169.254/metadata/v1/id
|
||||
http://169.254.169.254/metadata/v1/user-data
|
||||
http://169.254.169.254/metadata/v1/hostname
|
||||
http://169.254.169.254/metadata/v1/region
|
||||
http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address
|
||||
|
||||
## Packetcloud
|
||||
https://metadata.packet.net/userdata
|
||||
|
||||
# Azure (Header Required)
|
||||
# Header: "Metadata: true"
|
||||
# https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service
|
||||
# (Old: ) https://azure.microsoft.com/en-us/blog/what-just-happened-to-my-vm-in-vm-metadata-service/
|
||||
http://169.254.169.254/metadata/instance?api-version=2017-04-02
|
||||
http://169.254.169.254/metadata/instance/network/interface/0/ipv4/ipAddress/0/publicIpAddress?api-version=2017-04-02&format=text
|
||||
|
||||
# Oracle Cloud (No Header Required)
|
||||
# https://docs.us-phoenix-1.oraclecloud.com/Content/Compute/Tasks/gettingmetadata.htm
|
||||
http://169.254.169.254/opc/v1/instance/
|
||||
|
||||
# Updated from jhaddix fork ===
|
||||
## Alibaba
|
||||
# https://www.alibabacloud.com/help/faq-detail/49122.htm
|
||||
http://100.100.100.200/latest/meta-data/
|
||||
http://100.100.100.200/latest/meta-data/instance-id
|
||||
http://100.100.100.200/latest/meta-data/image-id
|
||||
# ===
|
||||
|
||||
## OpenStack/RackSpace
|
||||
# https://docs.openstack.org/nova/latest/user/metadata-service.html
|
||||
http://169.254.169.254/openstack
|
||||
|
||||
## Oracle Cloud
|
||||
# https://docs.oracle.com/en/cloud/iaas/compute-iaas-cloud/stcsg/retrieving-instance-metadata.html
|
||||
http://192.0.0.192/latest/
|
||||
http://192.0.0.192/latest/user-data/
|
||||
http://192.0.0.192/latest/meta-data/
|
||||
http://192.0.0.192/latest/attributes/
|
||||
|
||||
## Kubernetes
|
||||
# Debug Services (https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/)
|
||||
https://kubernetes.default.svc.cluster.local
|
||||
https://kubernetes.default
|
||||
# https://twitter.com/Random_Robbie/status/1072242182306832384
|
||||
https://kubernetes.default.svc/metrics
|
||||
Loading…
Reference in New Issue
Block a user