Check your WAF before an attacker does

Automatic SSTI detection tool with interactive interface

专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF

CVE-2019-3396 confluence SSTI RCE

Waymap is a fast and optimized web vulnerability scanner built for penetration testers. It helps in identifying vulnerabilities by testing against various payloads.

Websites Vulnerability Scanner

CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection

App with Server Side Template Injection (SSTI) vulnerability - possible RCE - in Flask. Free vulnerable app for ethical hacking / penetration testing training.

A script written in python3 to spread blind cross-site scripting payloads on HTTP requests headers

is a PoC for CVE-2024-4040 tool for exploiting the SSTI vulnerability in CrushFTP

A payload generator for Jinja SSTI

Concernant le projet WebSecurityEmpire : Il s'agit de scripts pour tester la sécurité de site internet, cette collection peut être utilisé pour faire des présentations.

Serverside Template Injection (SSTI) RCE - THM challenge "whiterose"

FastAPI app with Jinja2 SSTI vulnerability example to demonstrate security risks in web applications.

An Intentionally Vulnerable SSTI application for a beginner to an experienced.

Vulnerable PWA

Test your SSTI skills in this CTF challenge running in Docker

Simple ssti payload generator for java using concat technique

rudimentary checker/scanner for server side template injection

A simple automation tool to detect LFI, RCE and SSTI vulnerability. Forked for PR and customization