Instagram: TMRSWRR
Click on the image...
SSTI Finder is designed to detect and identify Server-Side Template Injection (SSTI) vulnerabilities in web applications. SSTI vulnerabilities occur when user-controlled input is directly or indirectly included in server-side templates, allowing an attacker to execute arbitrary code on the server.
Features:
Automated scanning: The tool performs automated scanning of web applications to identify potential SSTI vulnerabilities.
Template engine support: It supports multiple popular template engines commonly used in web applications, such as Jinja2, Twig, Freemarker, and more.
Payload injection: The tool injects custom payloads into user-controllable input fields and templates to detect potential SSTI vulnerabilities.
Context-aware detection: It leverages context-aware techniques to reduce false positives by analyzing the context of template injection points.
Reporting: It generates detailed reports highlighting the identified vulnerabilities, including vulnerable code snippets and recommendations for remediation.
Please note that this is a general description and the actual repository may contain additional features, documentation, and code examples.
git clone https://github.com/capture0x/SSTI-FINDER/
cd SSTI-FINDER
bash setup.sh
pip3 install -r requirements.txt
chmod -R 755 ssti.py
python3 ssti.py
THIS IS FOR LATEST GOOGLE CHROME VERSION
For bug reports or enhancements, please open an issue here.
Copyright 2023