Check your WAF before an attacker does
-
Updated
Nov 5, 2024 - Python
Check your WAF before an attacker does
Automatic SSTI detection tool with interactive interface
🎯 Server Side Template Injection Payloads
CTF Cheat Sheet Writeups / Files for some of the Cyber CTFs that I've done
Websites Vulnerability Scanner
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
XSS Finder Via SSTI
Small Vulnerable Web App
Waymap is a fast and optimized web vulnerability scanner built for penetration testers. It helps in identifying vulnerabilities by testing against various payloads.
App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.
A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
is a PoC for CVE-2024-4040 tool for exploiting the SSTI vulnerability in CrushFTP
Vulnerability Walkthrough
iTop < 2.7.6 - (Authenticated) Remote command execution
Add a description, image, and links to the ssti topic page so that developers can more easily learn about it.
To associate your repository with the ssti topic, visit your repo's landing page and select "manage topics."