🍀   SSTI FINDER TOOL   🍀

Written by TMRSWRR

Version 1.0.0

Instagram: TMRSWRR

📹 How to use 📹

Click on the image...

SSTI Finder is designed to detect and identify Server-Side Template Injection (SSTI) vulnerabilities in web applications. SSTI vulnerabilities occur when user-controlled input is directly or indirectly included in server-side templates, allowing an attacker to execute arbitrary code on the server.

Features:

Automated scanning: The tool performs automated scanning of web applications to identify potential SSTI vulnerabilities.
Template engine support: It supports multiple popular template engines commonly used in web applications, such as Jinja2, Twig, Freemarker, and more.
Payload injection: The tool injects custom payloads into user-controllable input fields and templates to detect potential SSTI vulnerabilities.
Context-aware detection: It leverages context-aware techniques to reduce false positives by analyzing the context of template injection points.
Reporting: It generates detailed reports highlighting the identified vulnerabilities, including vulnerable code snippets and recommendations for remediation.

Please note that this is a general description and the actual repository may contain additional features, documentation, and code examples.

📀 Installation 📀

git clone https://github.com/capture0x/SSTI-FINDER/
cd SSTI-FINDER
bash setup.sh
pip3 install -r requirements.txt
chmod -R 755 ssti.py

python3 ssti.py

THIS IS FOR LATEST GOOGLE CHROME VERSION

Bugs and enhancements

For bug reports or enhancements, please open an issue here.

Copyright 2023