ssti

There are 2 repositories under ssti topic.

• nemesida-waf / waf-bypass

  Check your WAF before an attacker does

  api-security-testingbypassgraphql-injectionlfinosql-injectionpath-traversalpythonpython3rcerfisqli-injectionsstiwafwaf-bypass-toolwaf-testingxss
  Language:Python 1107
• SSTImap

  vladko312 / SSTImap

  Automatic SSTI detection tool with interactive interface

  information-securitypenetration-testingpenetration-testing-toolspentestpentest-toolpentestingpentesting-toolsrcesstipython
  Language:Python 659

• payloadbox / ssti-payloads

  🎯 Server Side Template Injection Payloads

  server-side-template-injectionsstiinjectionpayloadpayloadspayloadboxbugbountybountybugbountytipswebsecuritywebsecuritysecurity-auditsourcecodesource-code-analysiscode-security
  566

• Adamkadaban / CTFs

  CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done

  ctfctf-writeupsctf-challengesctf-toolshacktheboxtryhackmecybersecuritysteganographyreverse-engineeringreversingcryptographycryptopwnbinary-exploitationcryptohackcheatsheetsstiresourcespentestingcloud
  Language:C 462

• Marven11 / Fenjing

  专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

  ctfjinja2pythonsstiwafscannersecurity
  Language:Python 428

• DiogoMRSilva / websitesVulnerableToSSTI

  Simple websites vulnerable to Server Side Template Injections(SSTI)

  sstisecurity
  Language:PHP 362

• Yt1g3r / CVE-2019-3396_EXP

  CVE-2019-3396 confluence SSTI RCE

  cve-2019-3396confluencesstiexp
  Language:Python 173

• Err0r-ICA / SCANter

  Websites Vulnerability Scanner

  rcerce-exploitrce-scannerscannerserver-side-template-injectionsql-injectionsql-scannersqlisstissti-payloadsxssxss-attacksxss-detectionxss-exploitationxss-scannerxss-vulnerability
  Language:Python 57

• darklotuskdb / SSTI-XSS-Finder

  XSS Finder Via SSTI

  xsssstibugbountybugbountytipsbugbounty-tooltoolhackingvulnerabilitybugdorks
  Language:Shell 56
• ronin-vulns

  ronin-rb / ronin-vulns

  Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

  hacktoberfestlfiopen-redirectpentest-toolpentestingrfironin-rbrubysecuritysql-injectionsqlisstivulnerability-detectionvulnerability-scannersweb-securityxss
  Language:Ruby 53

• knassar702 / hacking-lab

  Small Vulnerable Web App

  hacking-labhackablesqlinjectionxsssstiopenredirectbugbountyflaskpythoncmdinjectionssrfuploadfile
  Language:HTML 50

• cokeBeer / go-sec-code

  Go-sec-code is a project for learning Go vulnerability code.

  gosqlissrfxssxxesecuritycorsjsonpssti
  Language:Go 33
• CVE-2018-16341

  mpgn / CVE-2018-16341

  CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection

  sstirce
  Language:Python 25
• ssti-flask-hacking-playground

  filipkarc / ssti-flask-hacking-playground

  App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.

  bugbountycybersecurityflaskhackinghackinglabshacktheboxinfosecoscposwepentestingpythonsstissti-payloadsbug-bountyowaspowasp-top-10appsecpenetration-testinghacking-labtemplate-injection
  Language:Python 14

• DEMON1A / Blinder

  A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers

  python3blinderbugbounty-toolbugbountyxssautomationtoolsstixsshunter
  Language:Python 10

• muneebwanee / SubScanner

  An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

  gf-patternssubjackassetfindersstigauautomationdomainxssssrfinjectionparameterstoolscanssub-domainopen-source
  Language:Shell 9

• RiteshPuvvada / riteshpuvvada.github.io

  Vulnerability Walkthrough

  bypassing-upload-filterscyber-security-awarenesscybersecuritylog4jlog4shellsql-injection-exploitationssti
  Language:HTML 8

• Acceis / exploit-CVE-2022-24780

  iTop < 2.7.6 - (Authenticated) Remote command execution

  cvecve-2022-24780exploitrcessti
  Language:Ruby 6

• anger / voyager-js

  Voyager.js is a Node.js script designed for testing URLs for template injection vulnerabilities. It automates the process of appending known injection strings to URLs and monitors the responses for signs of successful injection.

  bugbountyctf-toolssstissti-payloadswebhacking
  Language:JavaScript 6
• WebSecurityEmpire

  LOIC-only-one / WebSecurityEmpire

  Concernant le projet WebSecurityEmpire : Il s'agit de scripts pour tester la sécurité de site internet, cette collection peut être utilisé pour faire des présentations.

  cyberpythonwebxsscrsfowaspowasp-top-10presentationprojectsqlisstistudent
  Language:Python 4

• phanatagama / Web-CTF-Cheatsheet

  Web CTF CheatSheet 🐈

  phpsstixss-exploitationsqlinjectionssrf-payloadcsrf-attacksgraphqlcheatsheet
  Language:Ruby 3

• LeoFVO / gossti

  GoSSTI is a SSTI scanner for web application. Developed in Go.

  cybersecurityscannerssti
  Language:Go 2

• Marven11 / FenJing-Legacy

  A payload generator for Jinja SSTI

  ctfjinja2modulepythonsstiwaf
  Language:Python 2

• RobinTrigon / ertssti

  simple server site template injection scanner !

  server-side-template-injectionssti
  Language:Shell 2

• DanielAzulayy / FlaskyCTF-2020

  The CTF requires an understanding of how Flask works in order to exploit an SSTI.

  ctfssti
  Language:CSS 1

• dotPY-hax / ssti-checker

  rudimentary checker/scanner for server side template injection

  pythonssti
  Language:Python 1

• storenth / lazyParam

  A simple automation tool to detect LFI, RCE and SSTI vulnerability. Forked for PR and customization

  lfi-detectionssti
  Language:Python 1

• TargetPackage / lazyParam

  A simple automation tool to detect LFI, RCE and SSTI vulnerabilities.

  lfircescannersstivulnerability-scanners
  Language:Python 1

• TrueBad0ur / ssti_java_concat_payload_generator

  Simple ssti payload generator for java using concat technique

  payloadpayload-generatorpythonssti
  Language:Python 1

• lamyongxian / cs5331-ssti

  CS5331 Server-Side Template Injection Project

  appsecfreemarkerowaspsstitwigweb-security
  Language:Java 0

• dokDork / CommandInjectionShield

  This script will prepare some tmux session precompiled to test command injection on some web page parameter (on a GET or POST request).

  commandcommand-injectioninjectioninput-validationkalilfired-teamrfisql-injectionsstitmuxxss

• nezzzumi / java-payload-generator

  sstissti-payloads
  Language:Python

• s-u-n-n-y-404 / ServerSide-Template-Injection

  Server-side template injections (SSTI) are vulnerabilities that let the attacker inject code into such server-side templates. In simple terms, the attacker can introduce code that is actually processed by the server-side template. A sample cyber security project.

  cyber-securitycybersecurityssti

• testivy / wangding_2022_ctf_findit

  2022 网鼎杯 玄武 web ctf thymeleaf SSTI bypass and memshell

  bypassspringsstithymeleaf
  Language:Java

• TheWation / NodeJsSSTI

  Express app with Pug templates demonstrating SSTI vulnerability and secure implementation for educational purposes.

  nodejsserver-side-template-injectionssti
  Language:JavaScript

• TheWation / PythonSSTI

  FastAPI app with Jinja2 SSTI vulnerability example to demonstrate security risks in web applications.

  jinja2pythonserver-side-template-injectionssti
  Language:Python