Nova Security Stands For Peace and With the Palestinian People 🇵🇸

Contact Sales

Your Advanced SSRF Scanner

Scan for Full as well as Blind SSRF Vulnerabilities

  • Full and Blind SSRF Vulnerabilities
  • Dynamically-Generated Payload Set
  • Integrated Out-of-Band (OOB) Server
  • Blazing Fast Scans
  • No False Positives (All Identified Vulnerabilities Are Linked To An OOB Interaction)
Scan for SSRF

Advanced. In so many ways.

Let me show you.

S9R Product Image
Simulate a Penetration Tester
Perform an automated series of effective tests to identify, exploit and verify an SSRF vulnerability.
Blazing Fast
Scan multiple URLs concurrently with our multi-threaded scanner.
False-Positive Free
Our integrated Validator Engine drops false-positive rates to 0%. It tries to link each SSRF vulnerability it identified with an OOB server invocation.
Advanced Payload Set
With over 50 personalized payloads generated for each target, more than capable of evading strict patterns and WAF rules.
Detailed Reports
Receive detailed reports with actionable steps.
Instant Notifications
Receive instant notifications once a server-side request forgery vulnerability is discovered. Regardless of the scans' progress status.
Try S9R


Frequently asked questions

S9R is capable of identifying and verifying full server-side request forgery vulnerabilities as well as blind SSRF vulnerabilities.

Yes, you can manually supply multiple URLs at the same time.

Additionally, you can also initiate a Deep Scan and automate the whole process from content discovery to scanning for CWE-918!

Yes it is! You can easily supply request headers (including any authentication headers) to reach parts behind a login form!

Yes, of course! Nova Security comes included with your own OOB server for OAST! Everything is managed for you and the setup process only takes less than 30 seconds!

Contact usUse S9R Now