DiogoMRSilva/websitesVulnerableToSSTI external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

DiogoMRSilva/websitesVulnerableToSSTI

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/DiogoMRSilva/websitesVulnerableToSSTI)

Close

DiogoMRSilva / websitesVulnerableToSSTIView on GitHubMore

• External links
• Readme badge

Simple websites vulnerable to Server Side Template Injections(SSTI)

☆417Mar 16, 2023Updated 2 years ago

Alternatives and similar repositories for websitesVulnerableToSSTI

Users that are interested in websitesVulnerableToSSTI are comparing it to the libraries listed below

• jbarone / xxelab

  View on GitHub
  A simple web app with a XXE vulnerability.
  ☆232Nov 10, 2021Updated 4 years ago
• Sjord / jwtdemo

  View on GitHub
  Practice hacking JWT tokens
  ☆115Sep 8, 2022Updated 3 years ago
• epinna / tplmap

  View on GitHub
  Server-Side Template Injection and Code Injection Detection and Exploitation Tool
  ☆4,123Apr 21, 2024Updated last year
• ZeddYu / HTTP-Smuggling-Lab

  View on GitHub
  Use HTTP Smuggling Lab to learn HTTP Smuggling.
  ☆346Nov 20, 2022Updated 3 years ago
• nccgroup / BurpSuiteHTTPSmuggler

  View on GitHub
  A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
  ☆735May 4, 2019Updated 6 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,482Oct 12, 2024Updated last year
• veracode-research / solr-injection

  View on GitHub
  Apache Solr Injection Research
  ☆579Jan 28, 2020Updated 6 years ago
• whitel1st / docem

  View on GitHub
  A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
  ☆677Jan 28, 2024Updated 2 years ago
• GrrrDog / Java-Deserialization-Cheat-Sheet

  View on GitHub
  The cheat sheet about Java Deserialization vulnerabilities
  ☆3,171May 26, 2023Updated 2 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆612Mar 4, 2021Updated 5 years ago
• swisskyrepo / SSRFmap

  View on GitHub
  Automatic SSRF fuzzer and exploitation tool
  ☆3,493Sep 4, 2025Updated 6 months ago
• PortSwigger / http-request-smuggler

  View on GitHub
  ☆1,187Jan 21, 2026Updated last month
• xsscx / fuzz

  View on GitHub
  Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
  ☆404Updated this week
• modzero / mod0BurpUploadScanner

  View on GitHub
  HTTP file upload scanner for Burp Proxy
  ☆490Dec 25, 2023Updated 2 years ago
• 0ang3el / websocket-smuggle

  View on GitHub
  Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
  ☆392Aug 15, 2024Updated last year
• 1hack0 / Facebook-Bug-Bounty-Write-ups

  View on GitHub
  Hunting Bugs for Fun and Profit
  ☆275Jul 29, 2020Updated 5 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,779Apr 26, 2024Updated last year
• tijme / angularjs-csti-scanner

  View on GitHub
  Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
  ☆325Oct 20, 2021Updated 4 years ago
• tarunkant / Gopherus

  View on GitHub
  This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
  ☆3,302Apr 18, 2023Updated 2 years ago
• ssl / ezXSS

  View on GitHub
  ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
  ☆2,244Jan 8, 2026Updated 2 months ago
• GoSecure / dtd-finder

  View on GitHub
  List DTDs and generate XXE payloads using those local DTDs.
  ☆649Feb 21, 2024Updated 2 years ago
• mazen160 / jwt-pwn

  View on GitHub
  Security Testing Scripts for JWT
  ☆328Jun 30, 2022Updated 3 years ago
• c0rv4x / project-black

  View on GitHub
  Pentest/BugBounty progress control with scanning modules
  ☆281Jul 16, 2020Updated 5 years ago
• ambionics / phpggc

  View on GitHub
  PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
  ☆3,756Sep 29, 2025Updated 5 months ago
• streaak / keyhacks

  View on GitHub
  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  ☆6,089Aug 14, 2024Updated last year
• vah13 / Oracle-BI-bugs

  View on GitHub
  ☆34Jul 17, 2019Updated 6 years ago
• s0md3v / Arjun

  View on GitHub
  HTTP parameter discovery suite.
  ☆6,109Feb 20, 2025Updated last year
• allanlw / svg-cheatsheet

  View on GitHub
  A cheatsheet for exploiting server-side SVG processors.
  ☆793Jul 2, 2020Updated 5 years ago
• snoopysecurity / awesome-burp-extensions

  View on GitHub
  A curated list of amazingly awesome Burp Extensions
  ☆3,373Feb 17, 2026Updated 2 weeks ago
• NickstaDB / DeserLab

  View on GitHub
  Java deserialization exploitation lab.
  ☆237Mar 1, 2019Updated 7 years ago
• assetnote / blind-ssrf-chains

  View on GitHub
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆956Dec 31, 2021Updated 4 years ago
• jdonsec / AllThingsSSRF

  View on GitHub
  This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
  ☆1,361Jan 24, 2021Updated 5 years ago
• doyensec / inql

  View on GitHub
  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
  ☆1,737Feb 16, 2026Updated 3 weeks ago
• lmammino / jwt-cracker

  View on GitHub
  Simple HS256, HS384 & HS512 JWT token brute force cracker.
  ☆1,167Jul 13, 2024Updated last year
• bayotop / off-by-slash

  View on GitHub
  Burp extension to detect alias traversal via NGINX misconfiguration at scale.
  ☆265Nov 18, 2021Updated 4 years ago
• CHYbeta / Code-Audit-Challenges

  View on GitHub
  Code-Audit-Challenges
  ☆990Nov 17, 2018Updated 7 years ago
• BishopFox / rmiscout

  View on GitHub
  RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
  ☆447Sep 7, 2022Updated 3 years ago
• fransr / bountyplz

  View on GitHub
  Automated security reporting from markdown templates (HackerOne and Bugcrowd are currently the platforms supported)
  ☆458May 10, 2019Updated 6 years ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,589Jan 27, 2024Updated 2 years ago