{"id":27644696,"url":"https://github.com/susmoynath/cybersecurity-server_side_template_injection","last_synced_at":"2026-05-19T05:34:39.962Z","repository":{"id":289126428,"uuid":"970208447","full_name":"SusmoyNath/CyberSecurity-Server_Side_Template_Injection","owner":"SusmoyNath","description":"💥 ServerSideTemplateInjection (SSTI) Demo with Flask A simple Flask app to demonstrate Server-Side Template Injection vulnerabilities — useful for learning, testing, and understanding how SSTI works and how to avoid it.","archived":false,"fork":false,"pushed_at":"2025-04-21T17:33:08.000Z","size":3151,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-24T00:58:26.147Z","etag":null,"topics":["cybersecurity","ethical-hacking","flask","penetration-testing","rce","security-demo","server-side-template-injection-ssti","server-side-vulnerabilities","web-security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SusmoyNath.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-21T16:47:52.000Z","updated_at":"2025-04-22T12:21:10.000Z","dependencies_parsed_at":"2025-04-21T17:53:48.741Z","dependency_job_id":null,"html_url":"https://github.com/SusmoyNath/CyberSecurity-Server_Side_Template_Injection","commit_stats":null,"previous_names":["susmoynath/cybersecurity-server_side_template_injection"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SusmoyNath%2FCyberSecurity-Server_Side_Template_Injection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SusmoyNath%2FCyberSecurity-Server_Side_Template_Injection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SusmoyNath%2FCyberSecurity-Server_Side_Template_Injection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SusmoyNath%2FCyberSecurity-Server_Side_Template_Injection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SusmoyNath","download_url":"https://codeload.github.com/SusmoyNath/CyberSecurity-Server_Side_Template_Injection/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250540999,"owners_count":21447427,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","ethical-hacking","flask","penetration-testing","rce","security-demo","server-side-template-injection-ssti","server-side-vulnerabilities","web-security"],"created_at":"2025-04-24T00:58:30.336Z","updated_at":"2025-10-19T11:45:58.403Z","avatar_url":"https://github.com/SusmoyNath.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Server Side Template Injection 🛡️\n\nA simple demonstration of **Server-Side Template Injection (SSTI)** using the Flask web framework.\n\n## 🔍 What is Server-Side Template Injection?\n\n**Server-Side Template Injection (SSTI)** is a web vulnerability where attackers can inject malicious input into server-side templates. These templates are rendered on the server before being sent to the user, and if improperly handled, they can allow attackers to execute arbitrary code — even enabling **Remote Code Execution (RCE)**.\n\nThis project emulates an SSTI scenario in a controlled environment to help developers understand and test this class of vulnerability.\n\n---\n\n## 🚀 Getting Started\n\n### 1. Clone the Repository\n\n```bash\ngit clone https://github.com/SusmoyNath/CyberSecurity-Server_Side_Template_Injection.git\ncd CyberSecurity-Server_Side_Template_Injection\n```\n\n### 2. Set Up the Environment\n\nMake sure Python 3 and pip are installed.\n\n#### Install Flask and virtualenv\n\n```bash\npip3 install Flask\npip3 install virtualenv\n```\n\n### 3. Create a Virtual Environment\n\n#### On Linux/macOS:\n\n```bash\nmkdir SSTIProject\ncd SSTIProject\npython3 -m venv venv\nsource venv/bin/activate\n```\n\n#### On Windows:\n\n```cmd\nmkdir SSTIProject\ncd SSTIProject\npython -m venv venv\nvenv\\Scripts\\activate\n```\n\n### 4. Set the Flask App Environment Variable\n\n#### On Linux/macOS:\n\n```bash\nexport FLASK_APP=hello.py\n```\n\n#### On Windows:\n\n```cmd\nset FLASK_APP=hello.py\n```\n\n---\n\n## ▶️ Run the App\n\n```bash\nflask run\n```\n\nVisit `http://127.0.0.1:5000/` in your browser to interact with the demo.\n\n---\n\n## ⚠️ Disclaimer\n\nThis project is **for educational purposes only**. Do **not** deploy this code in production. The goal is to **understand and prevent** such vulnerabilities, not exploit them.\n\n---\n\n## 📚 References\n\n- [OWASP: Server-Side Template Injection](https://owasp.org/www-community/attacks/Server-Side_Template_Injection)\n- [PayloadsAllTheThings - SSTI](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Template%20Injection)\n\n---\n\n## 🧠 Learn, Practice, Secure\n\nIf you're exploring web security or working in DevSecOps, understanding SSTI is crucial. Use this demo to test, learn, and level up your security awareness!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsusmoynath%2Fcybersecurity-server_side_template_injection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsusmoynath%2Fcybersecurity-server_side_template_injection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsusmoynath%2Fcybersecurity-server_side_template_injection/lists"}