ssti
CommunityUncover Server-Side Template Injection vulnerabilities.
AuthorSnailSploit
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security professionals identify and exploit Server-Side Template Injection (SSTI) vulnerabilities, a common web application flaw that can lead to remote code execution.
Core Features & Use Cases
- Engine Identification: Detects various template engines like Jinja2, Twig, FreeMarker, and more.
- Payload Generation: Provides payloads for RCE, file exfiltration, and information disclosure.
- Bypass Techniques: Offers methods to circumvent WAFs and character blacklists.
- Use Case: When testing a web application, use this Skill to systematically probe for SSTI by injecting common polyglots and engine-specific payloads, ultimately aiming to gain shell access.
Quick Start
Use the ssti skill to test the input field 'comment' on the target URL 'http://example.com/vulnerable_app' for Server-Side Template Injection.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ssti Download link: https://github.com/SnailSploit/Claude-Red/archive/main.zip#ssti Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.