GitHub topics: ssti

Repositories

Marven11/Fenjing

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

Language: Python - Size: 10.2 MB - Last synced at: about 13 hours ago - Pushed at: about 14 hours ago - Stars: 1,084 - Forks: 69

TrixSec/waymap

Waymap is a fast and optimized web vulnerability scanner built for penetration testers. It helps in identifying vulnerabilities by testing against various payloads.

Language: Python - Size: 5.77 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 87 - Forks: 10

ronin-rb/ronin-vulns

Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.

Language: Ruby - Size: 421 KB - Last synced at: 1 day ago - Pushed at: 7 months ago - Stars: 77 - Forks: 19

SenujaD10/server_template

🛠️ Build a scalable Express.js server with authentication, error handling, and modular routing for a clear and efficient development experience.

Language: TypeScript - Size: 30.3 KB - Last synced at: 17 days ago - Pushed at: 17 days ago - Stars: 0 - Forks: 0

vladko312/SSTImap

Automatic SSTI detection tool with interactive interface

Language: Python - Size: 243 KB - Last synced at: 18 days ago - Pushed at: 18 days ago - Stars: 1,153 - Forks: 137

nikhilpatidar01/Web-Application-Penetration-Testing

🛡️ Web Penetration Testing is the process of testing websites or web apps for security flaws. 🔍 It helps find vulnerabilities like SQL injection, XSS, and authentication bypass. 🚨 Used to protect data, improve security, and prevent hacking attacks.

Size: 5.29 MB - Last synced at: 20 days ago - Pushed at: 20 days ago - Stars: 1 - Forks: 1

SoePhonePyae/ssti_echo

A sandbox application for learning Server-Side Template Injection (SSTI)

Language: CSS - Size: 5.86 KB - Last synced at: 22 days ago - Pushed at: 22 days ago - Stars: 0 - Forks: 0

Cycloctane/tplmap-ng Fork of epinna/tplmap

tplmap fork with better python3 support and other enhancement.

Language: Python - Size: 620 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0

Swastik1616/Cybersecurity-Internship-Cyber-Secured-India

This repository serves as the PoW of my 3-month remote internship cum training at Cyber Secured India

Language: HTML - Size: 31.4 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 1 - Forks: 0

nemesida-waf/waf-bypass

Check your WAF before an attacker does

Language: Python - Size: 733 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 1,387 - Forks: 172

MindPatch/hacking-lab

Small Vulnerable Web App

Language: HTML - Size: 7.63 MB - Last synced at: 3 months ago - Pushed at: 6 months ago - Stars: 49 - Forks: 12

darklotuskdb/SSTI-XSS-Finder

XSS Finder Via SSTI

Language: Shell - Size: 28.3 KB - Last synced at: about 2 months ago - Pushed at: almost 2 years ago - Stars: 56 - Forks: 12

yanard18/SSTI-CSTI-Exploits-Lab

Sandbox for studying Server-Side and Client-Side Template Injections (SSTI & CSTI) with Flask and AngularJS.

Language: Python - Size: 1000 Bytes - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0

mpgn/CVE-2018-16341

CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection

Language: Python - Size: 2.93 KB - Last synced at: about 2 months ago - Pushed at: over 6 years ago - Stars: 24 - Forks: 12

Err0r-ICA/SCANter

Websites Vulnerability Scanner

Language: Python - Size: 99.6 KB - Last synced at: 4 months ago - Pushed at: 11 months ago - Stars: 71 - Forks: 14

HackersParadisee/SSTI_Lab

This repository contains a colorful, interactive Flask-based web application that simulates an Event Creation platform. It includes a toggle switch to enable or disable Server-Side Template Injection (SSTI) vulnerability. Ideal for security researchers, ethical hackers, students for Study.

Language: HTML - Size: 19.5 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

Adamkadaban/CTFs

CTF Cheat Sheet + Writeups / Files for some of the Cyber CTFs that I've done

Language: C - Size: 359 MB - Last synced at: 5 months ago - Pushed at: 6 months ago - Stars: 645 - Forks: 50

Acceis/exploit-CVE-2022-24780

iTop < 2.7.6 - (Authenticated) Remote command execution

Language: Ruby - Size: 9.77 KB - Last synced at: about 2 months ago - Pushed at: about 3 years ago - Stars: 6 - Forks: 4

CandyCaneCapone/SSTI-Playground

A Flask-based Server-Side Template Injection lab with multiple challenge levels for security testing and learning.

Language: Python - Size: 4.06 MB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0

cokeBeer/go-sec-code

Go-sec-code is a project for learning Go vulnerability code.

Language: Go - Size: 648 KB - Last synced at: 5 months ago - Pushed at: over 2 years ago - Stars: 37 - Forks: 6

RiteshPuvvada/riteshpuvvada.github.io

Vulnerability Walkthrough

Language: HTML - Size: 16.2 MB - Last synced at: 3 months ago - Pushed at: almost 2 years ago - Stars: 8 - Forks: 0

payloadbox/ssti-payloads

🎯 Server Side Template Injection Payloads

Size: 33.2 KB - Last synced at: 6 months ago - Pushed at: about 1 year ago - Stars: 629 - Forks: 137

Marven11/FenJing-Legacy

A payload generator for Jinja SSTI

Language: Python - Size: 55.7 KB - Last synced at: 4 months ago - Pushed at: about 3 years ago - Stars: 4 - Forks: 0

bkhmelnitskiy/baim_ssti

Server Side Template Injection

Language: HTML - Size: 6.52 MB - Last synced at: about 2 months ago - Pushed at: 9 months ago - Stars: 0 - Forks: 0

DEMON1A/Blinder

A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers

Language: Python - Size: 41 KB - Last synced at: about 2 months ago - Pushed at: almost 3 years ago - Stars: 12 - Forks: 6

dr34mhacks/Ginger-juice-shop

An Intentionally Vulnerable SSTI application for a beginner to an experienced.

Language: Python - Size: 455 KB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 1 - Forks: 2

gunzf0x/Grav-CMS-RCE-Authenticated

Exploit against Grav CMS (versions below 1.7.45) that allows Remote Code Execution for an authenticated user.

Language: Python - Size: 10.7 KB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 0 - Forks: 0

Subhashis360/PayloadsAll

Size: 6.79 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

phanatagama/Web-CTF-Cheatsheet Fork of rhamaa/Web-CTF-Cheatsheet

Web CTF CheatSheet 🐈

Size: 184 KB - Last synced at: over 1 year ago - Pushed at: over 6 years ago - Stars: 3 - Forks: 1

dokDork/CommandInjectionShield

This script will prepare some tmux session precompiled to test command injection on some web page parameter (on a GET or POST request).

Size: 549 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

http406/ServerSide-Template-Injection

Server-side template injections (SSTI) are vulnerabilities that let the attacker inject code into such server-side templates. In simple terms, the attacker can introduce code that is actually processed by the server-side template. A sample cyber security project.

Size: 2.91 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

TheWation/NodeJsSSTI

Express app with Pug templates demonstrating SSTI vulnerability and secure implementation for educational purposes.

Language: JavaScript - Size: 2.93 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

TheWation/PythonSSTI

FastAPI app with Jinja2 SSTI vulnerability example to demonstrate security risks in web applications.

Language: Python - Size: 2.93 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

anger/voyager-js

Voyager.js is a Node.js script designed for testing URLs for template injection vulnerabilities. It automates the process of appending known injection strings to URLs and monitors the responses for signs of successful injection.

Language: JavaScript - Size: 7.81 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 6 - Forks: 0