Check your WAF before an attacker does
-
Updated
Sep 10, 2024 - Python
Check your WAF before an attacker does
Automatic SSTI detection tool with interactive interface
🎯 Server Side Template Injection Payloads
CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done
Websites Vulnerability Scanner
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
XSS Finder Via SSTI
Small Vulnerable Web App
App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.
A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
Vulnerability Walkthrough
Voyager.js is a Node.js script designed for testing URLs for template injection vulnerabilities. It automates the process of appending known injection strings to URLs and monitors the responses for signs of successful injection.
iTop < 2.7.6 - (Authenticated) Remote command execution
Add a description, image, and links to the ssti topic page so that developers can more easily learn about it.
To associate your repository with the ssti topic, visit your repo's landing page and select "manage topics."