Check your WAF before an attacker does

Automatic SSTI detection tool with interactive interface

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done

🎯 Server Side Template Injection Payloads

Simple websites vulnerable to Server Side Template Injections(SSTI)

CVE-2019-3396 confluence SSTI RCE

Waymap is a fast and optimized web vulnerability scanner built for penetration testers. It helps in identifying vulnerabilities by testing against various payloads.

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

Websites Vulnerability Scanner

XSS Finder Via SSTI

Small Vulnerable Web App

Go-sec-code is a project for learning Go vulnerability code.

CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection

App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers

is a PoC for CVE-2024-4040 tool for exploiting the SSTI vulnerability in CrushFTP

Vulnerability Walkthrough

iTop < 2.7.6 - (Authenticated) Remote command execution