This tool tries to automate the process of ssti finding for you. It first send request to the url that you have supplied and if the payload is executed in the response then it will confirm the vulnerability.
- Clone this file in linux
- In terminal, type "sudo bash install.sh"
- Installation will be completed
GET: python3 ssti.py -u --get 1
POST: python3 ssti.py -p --post 1 -p param1,param2
SCAN LIST OF URLS: python3 ssti.py -f .txt
We can add custom payloads in this tool. Just open the "payload.json" file and add your paylaod like: { "payload":"${7*7}", "output":"49" }
Visit https://bepractical.tech for more such tools/content/services YouTube: https://youtube.com/c/BePracticalTech