SSTI Scanner for zaproxy

SSTI Scanner for zaproxy

on September 06, 2020

Steps :

Install python scripting from zap marketplace
Download SSTI.py file from https://github.com/knassar702/community-scripts/blob/master/active/SSTI.py

$ wget https://raw.githubusercontent.com/knassar702/community-scripts/master/active/SSTI.py

open scripts tab and click on load script
select SSTI.py file

for testing ..!

download this web application

https://github.com/knassar702/hacking-lab

$ git clone https://github.com/knassar702/hacking-lab

$ cd hacking-lab && sudo pip2 install flask requests jinja2

$ sudo python2 hackme.py

open zaproxy > Automated Scan > http://localhost/search?u=1 > Click on Attack Button

Done :)

Comments