Nandix

Nothing passes without inspection

The digital gatekeeper for APIs, websites, and AI systems

SCAN TYPE

SSRF scanning tests API endpoints that accept a URL as input (e.g. link previewers, webhook handlers, file importers). Enter the API endpoint and the parameter name that accepts the URL. This scanner is not for scanning regular websites — use Security Headers, Exposed Files, or Cookie Security for that.

52 VECTORS · 6 CATEGORIES

Cloud Metadata
AWS / GCP / Azure instance metadata endpoints
Internal Network
Loopback, private ranges, IPv6
Scheme Abuse
file://, gopher://, dict://
Bypass Techniques
Decimal / hex / octal IPs, encoding, @-bypass
Redirect Chain
Open redirects into internal hosts
DNS Rebinding
Hostnames resolving to loopback