ssti-error-based-detection

Official

Detect blind SSTI via error message fingerprinting

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill solves the challenge of detecting server-side template injection (SSTI) vulnerabilities when no reflected output is visible, by using error message differentials to identify the underlying template engine, a critical step before safe escalation of the vulnerability.

Core Features & Use Cases

  • Polyglot Payload Detection: Sends specialized polyglot payloads to trigger distinct error messages unique to each template engine, confirming if input is processed by a template engine.
  • Multi-Engine Fingerprinting: Identifies common template engines including Jinja2, Twig, Freemarker, ERB, and Velocity by matching error class names and stack trace details.
  • Use Case: For penetration testers assessing web applications for SSTI flaws where standard time-based blind detection is too slow or unreliable, this Skill enables rapid engine identification to streamline subsequent authorized exploitation steps.

Quick Start

Use the ssti-error-based-detection skill to identify the template engine of a suspected blind SSTI vulnerability on your target web application endpoint.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: ssti-error-based-detection
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#ssti-error-based-detection

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.