{"id":14973172,"url":"https://github.com/tijme/angularjs-csti-scanner","last_synced_at":"2025-04-06T19:11:56.975Z","repository":{"id":61425674,"uuid":"80622055","full_name":"tijme/angularjs-csti-scanner","owner":"tijme","description":"Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.","archived":false,"fork":false,"pushed_at":"2021-10-20T15:19:57.000Z","size":101424,"stargazers_count":312,"open_issues_count":1,"forks_count":87,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-03-30T17:10:26.944Z","etag":null,"topics":["angularjs","angularjs-csti-scanner","angularjs-sandbox-escape","exploit","sandbox-escape","security","tool","vulnerability-scanners","xss","xss-scanners"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tijme.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":"CONTRIBUTING.rst","funding":".github/FUNDING.yml","license":"LICENSE.rst","code_of_conduct":".github/CODE_OF_CONDUCT.rst","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"tijme","custom":["https://www.paypal.me/tijmegommers","https://bunq.me/tijme"]}},"created_at":"2017-02-01T13:24:12.000Z","updated_at":"2025-03-29T18:00:30.000Z","dependencies_parsed_at":"2022-10-17T13:20:19.409Z","dependency_job_id":null,"html_url":"https://github.com/tijme/angularjs-csti-scanner","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijme%2Fangularjs-csti-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijme%2Fangularjs-csti-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijme%2Fangularjs-csti-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijme%2Fangularjs-csti-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tijme","download_url":"https://codeload.github.com/tijme/angularjs-csti-scanner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247535517,"owners_count":20954576,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angularjs","angularjs-csti-scanner","angularjs-sandbox-escape","exploit","sandbox-escape","security","tool","vulnerability-scanners","xss","xss-scanners"],"created_at":"2024-09-24T13:48:16.059Z","updated_at":"2025-04-06T19:11:56.946Z","avatar_url":"https://github.com/tijme.png","language":"Python","readme":".. raw:: html\n\n   \u003cp align=\"center\"\u003e\n\n.. image:: https://rawgit.com/tijme/angularjs-csti-scanner/master/.github/logo.svg?pypi=png.from.svg\n   :width: 300px\n   :height: 300px\n   :alt: AngularJS Client-Side Template Injection Logo\n\n.. raw:: html\n\n   \u003cbr class=\"title\"\u003e\n\n.. image:: https://raw.finnwea.com/shield/?firstText=Donate%20via\u0026secondText=Bunq\n   :target: https://bunq.me/tijme/0/Automated%20client-side%20template%20injection%20(sandbox%20escape%2Fbypass)%20detection%20for%20AngularJS\n   :alt: Donate via Bunq\n   \n.. image:: https://raw.finnwea.com/shield/?typeKey=TravisBuildStatus\u0026typeValue1=tijme/angularjs-csti-scanner\u0026typeValue2=master\u0026cache=1\n   :target: https://travis-ci.org/tijme/angularjs-csti-scanner\n   :alt: Build Status\n   \n.. image:: https://raw.finnwea.com/shield/?firstText=License\u0026secondText=MIT\n   :target: https://github.com/tijme/angularjs-csti-scanner/blob/master/LICENSE.rst\n   :alt: License: MIT\n\n.. raw:: html\n\n   \u003c/p\u003e\n   \u003ch1\u003eAngular Client-Side Template Injection Scanner\u003c/h1\u003e\n\nACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.\n\nTable of contents\n-----------------\n\n-  `Installation \u003c#installation\u003e`__\n-  `Usage \u003c#usage\u003e`__\n-  `Issues \u003c#issues\u003e`__\n-  `License \u003c#license\u003e`__\n\nInstallation\n------------\n\nFirst make sure you're on `Python 2.7/3.4 \u003chttps://www.python.org/\u003e`__ or higher. Then run the command below to install ACSTIS.\n\n``$ pip install https://github.com/tijme/angularjs-csti-scanner/archive/master.zip``\n\nUsage\n-----\n\n**Scan a single URL**\n\n``acstis -d \"https://finnwea.com/some/page/?category=23\"``\n\n**Scan a single URL (and verify that the alert pops)**\n\n``acstis -vp -d \"https://finnwea.com/some/page/?category=23\"``\n\n**Scan an entire domain**\n\n``acstis -c -d \"https://finnwea.com/\"``\n\n**Scan an entire domain (and stop if a vulnerability was found)**\n\n``acstis -c -siv -d \"https://finnwea.com/\"``\n\n**Trust the given certificate**\n\n``acstis -d \"https://finnwea.com/some/page/?category=23\" -tc \"/Users/name/Desktop/cert.pem\"``\n\n**All command line options**\n\n.. code:: text\n\n   usage: acstis [-h] -d DOMAIN [-c] [-vp] [-av ANGULAR_VERSION] [-vrl VULNERABLE_REQUESTS_LOG] [-siv] [-pmm] [-sos] [-soh] [-sot] [-md MAX_DEPTH] [-mt MAX_THREADS] [-iic] [-tc TRUSTED_CERTIFICATES]\n\n   required arguments:\n      -d DOMAIN, --domain DOMAIN                                                       the domain to scan (e.g. finnwea.com)\n\n   optional arguments:\n      -h, --help                                                                       show this help message and exit\n      -c, --crawl                                                                      use the crawler to scan all the entire domain\n      -vp, --verify-payload                                                            use a javascript engine to verify if the payload was executed (otherwise false positives may occur)\n      -av ANGULAR_VERSION, --angular-version ANGULAR_VERSION                           manually pass the angular version (e.g. 1.4.2) if the automatic check doesn't work\n      -vrl VULNERABLE_REQUESTS_LOG, --vulnerable-requests-log VULNERABLE_REQUESTS_LOG  log all vulnerable requests to this file (e.g. /var/logs/acstis.log or urls.log)\n      -siv, --stop-if-vulnerable                                                       (crawler option) stop scanning if a vulnerability was found\n      -pmm, --protocol-must-match                                                      (crawler option) only scan pages with the same protocol as the startpoint (e.g. only https)\n      -sos, --scan-other-subdomains                                                    (crawler option) also scan pages that have another subdomain than the startpoint\n      -soh, --scan-other-hostnames                                                     (crawler option) also scan pages that have another hostname than the startpoint\n      -sot, --scan-other-tlds                                                          (crawler option) also scan pages that have another tld than the startpoint\n      -md MAX_DEPTH, --max-depth MAX_DEPTH                                             (crawler option) the maximum search depth (default is unlimited)\n      -mt MAX_THREADS, --max-threads MAX_THREADS                                       (crawler option) the maximum amount of simultaneous threads to use (default is 20)\n      -iic, --ignore-invalid-certificates                                              (crawler option) ignore invalid ssl certificates\n      -tc TRUSTED_CERTIFICATES, --trusted-certificates TRUSTED_CERTIFICATES            (crawler option) trust this CA_BUNDLE file (.pem) or directory with certificates\n\n**Authentication, Cookies, Headers, Proxies \u0026 Scope options**\n\nThese options are not implemented in the command line interface of ACSTIS. Please download the `extended.py \u003chttps://github.com/tijme/angularjs-csti-scanner/blob/master/extended.py\u003e`_ script and extend it with one or more of the following code snippets. You can paste these code snippets in the `main()` method of the `extended.py` script.\n\n**Please note:** if you use the ``extended.py`` file make sure you call ``python extended.py [your arguments]`` instead of ``acstis [your arguments]``.\n\n*Basic Authentication*\n\n.. code:: python\n\n    options.identity.auth = HTTPBasicAuth(\"username\", \"password\")\n\n*Digest Authentication*\n\n.. code:: python\n\n    options.identity.auth = HTTPDigestAuth(\"username\", \"password\")\n\n*Cookies*\n\n.. code:: python\n\n    options.identity.cookies.set(name='tasty_cookie', value='yum', domain='finnwea.com', path='/cookies')\n    options.identity.cookies.set(name='gross_cookie', value='blech', domain='finnwea.com', path='/elsewhere')\n\n*Headers*\n\n.. code:: python\n\n    options.identity.headers.update({\n        \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36\"\n    })\n\n*Proxies*\n\n.. code:: python\n\n    options.identity.proxies = {\n        # No authentication\n        # 'http': 'http://host:port',\n        # 'https': 'http://host:port',\n\n        # Basic authentication\n        # 'http': 'http://user:pass@host:port',\n        # 'https': 'https://user:pass@host:port',\n\n        # SOCKS\n        'http': 'socks5://user:pass@host:port',\n        'https': 'socks5://user:pass@host:port'\n    }\n\n*Scope options*\n\n.. code:: python\n\n    options.scope.protocol_must_match = False\n\n    options.scope.subdomain_must_match = True\n\n    options.scope.hostname_must_match = True\n\n    options.scope.tld_must_match = True\n\n    options.scope.max_depth = None\n\n    options.scope.request_methods = [\n        Request.METHOD_GET,\n        Request.METHOD_POST,\n        Request.METHOD_PUT,\n        Request.METHOD_DELETE,\n        Request.METHOD_OPTIONS,\n        Request.METHOD_HEAD\n    ]\n\nTesting\n-------\n\nThe testing can and will automatically be done by `Travis CI \u003chttps://travis-ci.org/tijme/angularjs-csti-scanner\u003e`__ on every push. If you want to manually run the unit tests, use the command below.\n\n``$ python -m unittest discover``\n\nIssues\n------\n\nIssues or new features can be reported via the GitHub issue tracker. Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.\n\nLicense\n-------\n\nACSTIS is open-sourced software licensed under the `MIT license \u003chttps://github.com/tijme/angularjs-csti-scanner/blob/master/LICENSE.rst\u003e`__.\n","funding_links":["https://github.com/sponsors/tijme","https://www.paypal.me/tijmegommers","https://bunq.me/tijme"],"categories":["Web","Tools","Network Vulnerability Scanners","Python"],"sub_categories":["Scanning / Pentesting","Network Vulnerability Scanners","Network vulnerability scanners","Web Vulnerability Scanners"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftijme%2Fangularjs-csti-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftijme%2Fangularjs-csti-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftijme%2Fangularjs-csti-scanner/lists"}