Show HN: Dssrf – 专为 Node.js 设计的、安全构建的 SSRF 防御库
2 分•作者: relunsec•16 天前
我开发了 dssrf,一个为 Node.js 应用构建的、安全可靠的 SSRF 防御库。
大多数现有的 SSRF 库依赖黑名单或正则表达式检查,这些都容易被绕过。dssrf 采用了不同的方法,基于规范化、DNS 解析、重定向验证和 IP 分类。
主要特性:
- 兼容 RFC 的 URL 规范化
- DNS 解析 + IP 分类
- 重定向链验证
- IPv4/IPv6 安全性
- 重绑定检测
- 协议限制
- 包含 TypeScript 类型
其目标是消除整个类别的经典 SSRF 漏洞,并通过绕过而非修补单个 payload 来实现。
GitHub: https://github.com/HackingRepo/dssrf-js
npm: https://www.npmjs.com/package/dssrf
欢迎社区提供反馈、边缘案例和贡献。
查看原文
I built dssrf, a safe-by-construction SSRF defense library for Node.js apps.<p>Most existing SSRF libraries rely on blacklists or regex checks, which are easy to bypass. dssrf takes a different approach based on normalization, DNS resolution, redirect validation, and IP classification.<p>Key features:
– URL normalization RFC compliant
– DNS resolution + IP classification
– Redirect chain validation
– IPv4/IPv6 safety
– Rebinding detection
– Protocol restrictions
– TypeScript types included<p>The goal is to eliminate entire classes of classic SSRF vulnerability and it bypasses rather than patching individual payloads.<p>GitHub: https://github.com/HackingRepo/dssrf-js
npm: https://www.npmjs.com/package/dssrf<p>I love feedback, edge cases, and contributions from the community.