Skip to content

microsoft/dusseldorf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

379 Commits
.github
.github
 
 
cli
cli
 
 
docs
docs
 
 
dusseldorf
dusseldorf
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
SUPPORT.md
SUPPORT.md
 
 

Repository files navigation

Dusseldorf

Dusseldorf is a private, customizable out-of-band application security testing (OAST) platform. It captures inbound network traffic across multiple protocols and lets you craft automated responses for security validation workflows.

It is designed for security professionals who need controlled infrastructure to detect and validate out-of-band vulnerabilities such as SSRF, XSS, SSTI, XXE, and related classes of defects.

This project is often stylized as duSSeldoRF, following a common practice within Microsoft to use place names as project names. The beautiful city Düsseldorf is one of the few places in the world with the letters SSRF in its name. For ease of use we substituted the umlaut character (alt-0252) ü for a normal u.

Dusseldorf deploys DNS, HTTP, and HTTPS network listeners and listens on a domain name, such as *.yourdomain.net. All requests to this domain name, and any subdomain in it (called zones, such as foo.yourdomain.net and foo.bar.yourdomain.net) are captured by these network listeners.

Using the protected graphical user interface (and corresponding REST API), you can see these captured requests and their responses. Furthermore, you can configure your own custom responses and filters.

Who This Is For

  • Security researchers and operators running private OAST infrastructure.
  • Developers and platform engineers extending listener behavior, API features, and automation.

Getting Started

Dusseldorf is designed to run on the Internet and is natively built for Azure deployments. To run Dusseldorf, you need the following prerequisites:

  • a machine on the Internet with one or more public IPv4 address(es)
  • a domain name with its NS record (name server) pointed at this IP address/addresses.

If you have this baseline setup, continue with the installation guide. The documentation supports both operator workflows and developer extensibility paths.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

About

Dusseldorf is an out-of-band security tool to help in security research.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

55 stars

Watchers

6 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages