Check your WAF before an attacker does

Automatic SSTI detection tool with interactive interface

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

🎯 Server Side Template Injection Payloads

CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done

Simple websites vulnerable to Server Side Template Injections(SSTI)

CVE-2019-3396 confluence SSTI RCE

Websites Vulnerability Scanner

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

XSS Finder Via SSTI

Small Vulnerable Web App

Go-sec-code is a project for learning Go vulnerability code.

Waymap is a fast and optimized web vulnerability scanner built for penetration testers. It helps in identifying vulnerabilities by testing against various payloads.

CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection

App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.

A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

is a PoC for CVE-2024-4040 tool for exploiting the SSTI vulnerability in CrushFTP

Vulnerability Walkthrough

iTop < 2.7.6 - (Authenticated) Remote command execution