SSTImap

[pinkman]

SSTImap is a penetration testing software that can test websites for server-side code injection and template vulnerabilities and exploit them by providing access to the operating system itself.

Features

Interactive mode (-i) allowing for easier exploitation and detection
Simple evaluation payloads as response markers in case of payload reflection
Added new payloads for generic templates, as well as a way to speed up detection using --skip-generic
Base language eval()-like shell (-x) or single command (-X) execution
Added new payload for Smarty without enabled {php}{/php}. Old payload is available as Smarty_unsecure.
Added new payload for newer versions of Twig. Payload for older version is available as Twig_v1.
User-Agent can be randomly selected from a list of desktop browser agents using -A
SSL verification can now be enabled using --verify-ssl
Short versions added to many arguments
Some old command line arguments were changed, check -h for help
Code is changed to use newer python features
Burp Suite extension temporarily removed, as Jython doesn't support Python3
download:

To view the content, you need to Sign In or Register.

 

[KenzX £: Nudify]

++

 

[qwerty123]

SSTImap is a penetration testing software that can test websites for server-side code injection and template vulnerabilities and exploit them by providing access to the operating system itself.

Features

Interactive mode (-i) allowing for easier exploitation and detection
Simple evaluation payloads as response markers in case of payload reflection
Added new payloads for generic templates, as well as a way to speed up detection using --skip-generic
Base language eval()-like shell (-x) or single command (-X) execution
Added new payload for Smarty without enabled {php}{/php}. Old payload is available as Smarty_unsecure.
Added new payload for newer versions of Twig. Payload for older version is available as Twig_v1.
User-Agent can be randomly selected from a list of desktop browser agents using -A
SSL verification can now be enabled using --verify-ssl
Short versions added to many arguments
Some old command line arguments were changed, check -h for help
Code is changed to use newer python features
Burp Suite extension temporarily removed, as Jython doesn't support Python3
download: *** Hidden text: cannot be quoted. ***

woah

 

[Bstewart]

+

 

[captinteemo]

hm

 

[nafiul01]

qwe

 

[zahifelix3]

hm

 

[bvdtiscn]

SSTImap is a penetration testing software that can test websites for server-side code injection and template vulnerabilities and exploit them by providing access to the operating system itself.

Features

Interactive mode (-i) allowing for easier exploitation and detection
Simple evaluation payloads as response markers in case of payload reflection
Added new payloads for generic templates, as well as a way to speed up detection using --skip-generic
Base language eval()-like shell (-x) or single command (-X) execution
Added new payload for Smarty without enabled {php}{/php}. Old payload is available as Smarty_unsecure.
Added new payload for newer versions of Twig. Payload for older version is available as Twig_v1.
User-Agent can be randomly selected from a list of desktop browser agents using -A
SSL verification can now be enabled using --verify-ssl
Short versions added to many arguments
Some old command line arguments were changed, check -h for help
Code is changed to use newer python features
Burp Suite extension temporarily removed, as Jython doesn't support Python3
download: *** Hidden text: cannot be quoted. ***

 

[x1cyb3rghO05t1x]

q

 

[hitare144]

!

 

[StarlightOG]

qwe

 

[echolion]

best

 

[Ammar_04]

ty

 

[egg57664]

ok

 

[20mg]

thx

 

[kaluzord]

ok

 

[joliefuku5]

respect

 

[metes94366]

thx

 

[Colapola]

good

 

[tailpipe]

+