ssti

There are 3 repositories under ssti topic.

• nemesida-waf / waf-bypass

  Check your WAF before an attacker does

  api-security-testingbypassgraphql-injectionlfinosql-injectionpath-traversalpythonpython3rcerfisqli-injectionsstiwafwaf-bypass-toolwaf-testingxss
  Language:Python 1248
• SSTImap

  vladko312 / SSTImap

  Automatic SSTI detection tool with interactive interface

  information-securitypenetration-testingpenetration-testing-toolspentestpentest-toolpentestingpentesting-toolsrcesstipython
  Language:Python 765

• Marven11 / Fenjing

  专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

  ctfjinja2pythonscannersecuritysstiwaf
  Language:Python 605

• payloadbox / ssti-payloads

  🎯 Server Side Template Injection Payloads

  bountybugbountybugbountytipscodecode-securityinjectionpayloadpayloadboxpayloadssecuritysecurity-auditserver-side-template-injectionsourcesource-code-analysissstiwebwebsecurity
  591

• Adamkadaban / CTFs

  CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done

  binary-exploitationcheatsheetcloudcryptocryptographycryptohackctfctf-challengesctf-toolsctf-writeupscybersecurityhacktheboxpentestingpwnresourcesreverse-engineeringreversingsstisteganographytryhackme
  Language:C 540

• DiogoMRSilva / websitesVulnerableToSSTI

  Simple websites vulnerable to Server Side Template Injections(SSTI)

  sstisecurity
  Language:PHP 373

• Yt1g3r / CVE-2019-3396_EXP

  CVE-2019-3396 confluence SSTI RCE

  confluencecve-2019-3396expssti
  Language:Python 173

• Err0r-ICA / SCANter

  Websites Vulnerability Scanner

  rcerce-exploitrce-scannerscannerserver-side-template-injectionsql-injectionsql-scannersqlisstissti-payloadsxssxss-attacksxss-detectionxss-exploitationxss-scannerxss-vulnerability
  Language:Python 65
• ronin-vulns

  ronin-rb / ronin-vulns

  Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

  rfironin-rbrubylfivulnerability-detectionsql-injectionsqlixssopen-redirectsstipentest-toolpentestingsecurityvulnerability-scannershacktoberfestweb-security
  Language:Ruby 59

• darklotuskdb / SSTI-XSS-Finder

  XSS Finder Via SSTI

  xsssstibugbountybugbountytipsbugbounty-tooltoolhackingvulnerabilitybugdorks
  Language:Shell 54

• knassar702 / hacking-lab

  Small Vulnerable Web App

  hacking-labhackablesqlinjectionxsssstiopenredirectbugbountyflaskpythoncmdinjectionssrfuploadfile
  Language:HTML 51

• cokeBeer / go-sec-code

  Go-sec-code is a project for learning Go vulnerability code.

  gosqlissrfxssxxesecuritycorsjsonpssti
  Language:Go 34
• CVE-2018-16341

  mpgn / CVE-2018-16341

  CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection

  sstirce
  Language:Python 24
• ssti-flask-hacking-playground

  filipkarc / ssti-flask-hacking-playground

  App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.

  bugbountycybersecurityflaskhackinghackinglabshacktheboxinfosecoscposwepentestingpythonsstissti-payloadsbug-bountyowaspowasp-top-10appsecpenetration-testinghacking-labtemplate-injection
  Language:Python 14

• DEMON1A / Blinder

  A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers

  python3blinderbugbounty-toolbugbountyxssautomationtoolsstixsshunter
  Language:Python 10

• muneebwanee / SubScanner

  An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

  gf-patternssubjackassetfindersstigauautomationdomainxssssrfinjectionparameterstoolscanssub-domainopen-source
  Language:Shell 9

• RiteshPuvvada / riteshpuvvada.github.io

  Vulnerability Walkthrough

  ssticybersecuritysql-injection-exploitationbypassing-upload-filterscyber-security-awarenesslog4jlog4shell
  Language:HTML 8

• anger / voyager-js

  Voyager.js is a Node.js script designed for testing URLs for template injection vulnerabilities. It automates the process of appending known injection strings to URLs and monitors the responses for signs of successful injection.

  bugbountyctf-toolssstissti-payloadswebhacking
  Language:JavaScript 6

• Acceis / exploit-CVE-2022-24780

  iTop < 2.7.6 - (Authenticated) Remote command execution

  exploitcvercessticve-2022-24780
  Language:Ruby 5
• WebSecurityEmpire

  LOIC-only-one / WebSecurityEmpire

  Concernant le projet WebSecurityEmpire : Il s'agit de scripts pour tester la sécurité de site internet, cette collection peut être utilisé pour faire des présentations.

  cyberpythonwebxsscrsfowaspowasp-top-10presentationprojectsqlisstistudent
  Language:Python 4

• phanatagama / Web-CTF-Cheatsheet

  Web CTF CheatSheet 🐈

  phpsstixss-exploitationsqlinjectionssrf-payloadcsrf-attacksgraphqlcheatsheet
  Language:Ruby 3

• LeoFVO / gossti

  GoSSTI is a SSTI scanner for web application. Developed in Go.

  cybersecurityscannerssti
  Language:Go 2

• Marven11 / FenJing-Legacy

  A payload generator for Jinja SSTI

  ctfjinja2pythonsstiwafmodule
  Language:Python 2

• RobinTrigon / ertssti

  simple server site template injection scanner !

  server-side-template-injectionssti
  Language:Shell 2

• DanielAzulayy / FlaskyCTF-2020

  The CTF requires an understanding of how Flask works in order to exploit an SSTI.

  sstictf
  Language:CSS 1

• dotPY-hax / ssti-checker

  rudimentary checker/scanner for server side template injection

  pythonssti
  Language:Python 1

• dr34mhacks / Ginger-juice-shop

  An Intentionally Vulnerable SSTI application for a beginner to an experienced.

  sstissti-payloads
  Language:Python 1

• storenth / lazyParam

  A simple automation tool to detect LFI, RCE and SSTI vulnerability. Forked for PR and customization

  lfi-detectionssti
  Language:Python 1

• TargetPackage / lazyParam

  A simple automation tool to detect LFI, RCE and SSTI vulnerabilities.

  lfircescannersstivulnerability-scanners
  Language:Python 1

• testivy / wangding_2022_ctf_findit

  2022 网鼎杯 玄武 web ctf thymeleaf SSTI bypass and memshell

  bypassspringsstithymeleaf
  Language:Java 1

• TheWation / NodeJsSSTI

  Express app with Pug templates demonstrating SSTI vulnerability and secure implementation for educational purposes.

  nodejsserver-side-template-injectionssti
  Language:JavaScript 1

• TrueBad0ur / ssti_java_concat_payload_generator

  Simple ssti payload generator for java using concat technique

  payloadpayload-generatorpythonssti
  Language:Python 1

• JVWAC / JGVWA

  Java General Vulnerable Web Application

  javasecurityvulhubwebjndircessrfsstixxevuln
  Language:Java 0

• gunzf0x / Grav-CMS-RCE-Authenticated

  Exploit against Grav CMS (versions below 1.7.45) that allows Remote Code Execution for an authenticated user.

  exploitgrav-cmspayloadrceremote-code-executionserver-side-template-injectionsstissti-payloadscve-2024-28116
  Language:Python

• http406 / ServerSide-Template-Injection

  Server-side template injections (SSTI) are vulnerabilities that let the attacker inject code into such server-side templates. In simple terms, the attacker can introduce code that is actually processed by the server-side template. A sample cyber security project.

  cyber-securitycybersecurityssti

• Subhashis360 / PayloadsAll

  403-bypassfuzzinglogfileopenredirectpayloadpayloadspaylodssqlinjectionssrfsstissti-payloadsxss-attacksxss-exploitationxsspayloadxxe-injectionxxe-payloadsauthbypssdirectrytravarsalphpinjection