pwnig all the (web)things

App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.

TechViper is an advanced web security scanner designed to detect various vulnerabilities in web applications.

Phishing framework for pentesting

The simplest example of a template injection vulnerability

C++ and VB implementation of microsoft template injection vulnerability.

A simple lab created for testing CSTI vulnerability in AngularJS version 1.0.8, 1.3.20 and 1.5.8 using Sandbox Escape.