← Back to All Scanners
Web VulnerabilitiesCritical Severity

SSRF - Cloud Metadata Scanner

Exploits SSRF to access cloud provider metadata services (AWS, GCP, Azure).

Try This Scanner

What is SSRF - Cloud Metadata?

Cloud metadata SSRF specifically targets cloud provider metadata services (AWS: 169.254.169.254, GCP: metadata.google.internal, Azure: 169.254.169.254). These services provide instance credentials, API keys, and configuration data that can lead to complete cloud account compromise.

Why is This Important?

Cloud metadata contains temporary credentials (IAM roles), API keys, and sensitive configuration. A single SSRF vulnerability can compromise an entire cloud environment, leading to data breaches, resource abuse, and lateral movement.

How It Works

1. Web Crawling

Intelligent crawling discovers all endpoints, forms, parameters, and dynamic content across your web application.

2. Payload Injection

AI-powered payloads test each input vector for web vulnerabilities with context-aware attack patterns.

3. Response Analysis

Advanced analysis detects vulnerability signatures in responses, confirming exploitability with proof-of-concept.

Key Capabilities

Industry-leading web security testing powered by AI, trusted by security teams worldwide for accurate vulnerability detection.

  • Deep web crawling with JavaScript rendering support
  • Context-aware payload generation for each parameter
  • False positive elimination through response analysis
  • OWASP Top 10 and CWE compliance mapping
  • Seamless CI/CD and DevSecOps integration

Frequently Asked Questions

What data is in cloud metadata?

IAM role credentials, instance identity tokens, SSH keys, user-data scripts (often containing secrets), network configuration, and more.

How long are metadata credentials valid?

AWS temporary credentials from metadata typically last 1-6 hours but auto-refresh. Attackers can exfiltrate and use them before expiration.

What's IMDSv2 and does it help?

IMDSv2 requires a session token obtained via PUT request, making SSRF exploitation harder but not impossible if the application can make PUT requests.

How do I protect against metadata SSRF?

Use IMDSv2, implement egress filtering, validate user-supplied URLs, use allowlists for external requests, and apply least-privilege IAM roles.

Related Scanners

SQL Injection - Error BasedCritical
Learn more →
SQL Injection - Blind BooleanCritical
Learn more →
SQL Injection - Time BasedCritical
Learn more →
SQL Injection - Union BasedCritical
Learn more →

Ready to secure your application?

Start testing for ssrf - cloud metadata vulnerabilities today.

Get Started Free