Introducing dssrf: A Safe‑by‑Construction SSRF Defense Library for Node.js

RelunSec — Fri, 12 Dec 2025 15:33:00 +0000

Introducing dssrf - A Safe‑by‑Construction SSRF Defense Library for Node.js

Server-Side Request Forgery (SSRF) is one of the most dangerous and misunderstood vulnerabilities in modern web applications.

Most Node.js SSRF "solutions" rely on regex, blacklists, or string checks - and attackers bypass them easily.

So I built dssrf, a safe‑by‑construction SSRF defense library for Node.js that focuses on eliminating entire bug classes, not patching individual payloads.

GitHub: https://github.com/HackingRepo/dssrf-js

npm: https://www.npmjs.com/package/dssrf

Why SSRF Is Harder Than Developers Think

Most SSRF bypasses come from things developers don't expect:

DNS rebinding
Redirect chains
IPv6 edge cases
Encoded IPs
Unicode tricks
URL normalization inconsistencies
Alternative IP formats
Cloud metadata endpoints

A simple blacklist like:

if (url.includes("localhost")) reject();

…is not enough. Attackers can bypass it with:

http://127.1/

http://2130706433/

http://[::ffff:127.0.0.1]/

http://google.com@127.0.0.1/

http://google.com%00@127.0.0.1/

What dssrf Does Differently?

Instead of blacklists, dssrf uses a multi‑step, safe‑by‑construction approach:

URL normalization (RFC‑correct)
- Unicode normalization
- Backslash to slash conversion
- Credential stripping
- Scheme validation
- Canonicalization
DNS resolution + IP classification
- Detects internal IPs
- Detects cloud metadata IPs
- Detects IPv6 local addresses
- Detects IPv4/IPv6 rebinding
Redirect chain validation
- Every redirect target is validated with the same rules.
Protocol restrictions
- Only http and https are allowed.
TypeScript types included
- Full .d.ts support for modern Node.js projects.

New winaudit crate designed for Windows Security Assessment | Audit.

RelunSec — Tue, 25 Nov 2025 13:12:43 +0000

Hello everyone,

I released now a new Rust crate named winaudit and documentation in Docs

winaudit offers Windows system and security audit checks that can be integrated directly into your Win32 or Rust applications.

It is designed for

Windows developers
System utility creators
Security tools
Desktop software needing env checks
IT / sysadmin automation
Auditing and compliance tools

What it exposes?

winaudit exposes a collections of Windows system checks like:

OS informations.
Windows Updates availability.
Antiviruses status.
Firewalls status.
TPM And BitLocker detections.
UAC (User Account Control) configurations.
Secure Boot.
Network adapter checks (Requires "experimental" feature enabled in Cargo.toml).
Hardware audits (CPU, RAM, disks, etc ...).
Everything uses proper Win32 APIs.

Example Usage For Check is Windows Updates is Available:

use winaudit::is_update_available;

fn main() {
    match is_update_available() {
        Ok(true) => println!("Windows Update: updates are available."),
        Ok(false) => println!("Windows Update: system up to date."),
        Err(e) => eprintln!("An Error Occured: {e}"),
    }
}

Highlights:

100% native Win32 APIs usage.
Meaningful error reporting (Using custom WinAuditError).
No unsafe is required in the user code.
Strong Documententation (docs.rs now fully passing in v1.0.3).
Lightweight (no bloatwares of dependencies).
Designed for long-term extensions.

Stability:

A previous release v1.0.2 had docs issues, these problems are fully fixed in v0.1.3.
The crate builds cleanly with --all-features, examples work, and docs.rs passes.

Contributions

Any contributions are very welcome to Me in Github, I appreciate it i want my crate to be used in Real Win32 Entreprise grade or Non-Entreprise Windows Desktop Apps.

DEV Community: RelunSec