security 1 credit · ~$0.015 <5ms

URL / SSRF Gate

POST /v1/scan/url

The gate an agent calls before it fetches a URL or navigates a browser. It parses the URL, normalizes IP obfuscations (decimal, octal, hex, IPv6), and classifies the host against bundled reserved-range tables — flagging cloud instance-metadata endpoints, RFC-1918 private / loopback / link-local targets, denied schemes (file:, gopher:), credentials embedded in the URL, and punycode/homograph hosts. Fully offline by default; an optional DNS check catches rebinding to internal addresses.

Capabilities

  • Blocks cloud metadata endpoints (169.254.169.254) — the classic SSRF exfiltration
  • Classifies private / loopback / link-local / reserved targets
  • Decodes decimal / octal / hex / IPv6 IP obfuscation
  • Scheme, allow/deny-host, port, and credentials-in-URL policy
  • Deterministic and offline by default (opt-in DNS-rebinding check), with a certificate

Use cases

  • Gate outbound requests from tool-calling and browser agents
  • Prevent SSRF to cloud metadata and internal services
  • Egress allow-listing for autonomous agents
  • Catch obfuscated-IP and DNS-rebinding tricks pre-fetch
example
curl -X POST https://api.agent-toolbox.ai/v1/scan/url \
  -H "Content-Type: application/json" \
  -d '{"url": "http://169.254.169.254/latest/meta-data/"}'
response shape
{
  "verdict": "PASS" | "FLAG" | "BLOCK",
  // tool-specific findings…
  "certificate": "sha256:..."
}