Merge pull request swisskyrepo#515 from vladko312/patch-1

Added a new SSTI tool
gvillegass · Sep 7, 2022 · e11a37e · e11a37e
2 parents d24e3f2 + 7b79bce
commit e11a37e
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md
@@ -76,7 +76,10 @@
 
 ## Tools
 
-Recommended tool: [Tplmap](https://github.com/epinna/tplmap)
+Recommended tools: 
+
+[Tplmap](https://github.com/epinna/tplmap) - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
+
 e.g:
 
 ```powershell
@@ -85,6 +88,16 @@ python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=*&comment=supercomm
 python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment=A&link" --level 5 -e jade
 ```
 
+[SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface based on [Tplmap](https://github.com/epinna/tplmap)
+
+e.g:
+
+```powershell
+python3 ./sstimap.py -u 'https://example.com/page?name=John' -s
+python3 ./sstimap.py -u 'https://example.com/page?name=Vulnerable*&message=My_message' -l 5 -e jade
+python3 ./sstimap.py -i -A -m POST -l 5 -H 'Authorization: Basic bG9naW46c2VjcmV0X3Bhc3N3b3Jk'
+```
+
 ## Methodology
 
 ![SSTI cheatsheet workflow](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Images/serverside.png?raw=true)