rust → wasm · runs in your browser

SSRF Payload Generator

Paste a target and instantly get every useful SSRF spelling: numeric IP encodings, loopback bypasses, URL-parser-confusion allow-list bypasses, protocol smuggling (gopher/dict/file), and cloud metadata endpoints. Tell it what the target filters and every payload is graded bypass or blocked. Nothing leaves your browser — generation runs in a local Rust/WebAssembly core.

Generate payloads SSRF techniques & writeups

For authorized security testing and CTF use only. Only target systems you have explicit permission to test.

Target URL / IP / hostAllow-listed host (optional)

Presets:

What does the target block?

Each payload is graded against these rules.

Common:

Loading wasm generator…