This is a comprehensive SSRF exploitation playbook that goes well beyond the basic 169.254.169.254 trick most models already know. It covers cloud metadata endpoint extraction across AWS, GCP, Azure, and Alibaba, IP filter bypass using octal, hex, and IPv6-mapped formats, and protocol abuse via gopher, dict, and file schemes to hit Redis, Elasticsearch, and local filesystems. The real value is in the chaining techniques, like SSRF to internal Redis to crontab RCE, and the URL parser differential tricks that exploit how Python urllib versus Java URL versus PHP parse_url handle the same malformed input differently. Load this when you're testing anything that fetches URLs, renders PDFs from HTML, or configures webhooks, and you need the full bypass arsenal instead of just the AWS metadata basics.
npx skills add https://github.com/yaklang/hack-skills --skill ssrf-server-side-request-forgery