ssti-error-based-detection
OfficialDetect blind SSTI via error message fingerprinting
Software Engineering#penetration testing#web security#template engine#ssti#template injection#error fingerprinting
Authordreadnode
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill solves the challenge of detecting server-side template injection (SSTI) vulnerabilities when no reflected output is visible, by using error message differentials to identify the underlying template engine, a critical step before safe escalation of the vulnerability.
Core Features & Use Cases
- Polyglot Payload Detection: Sends specialized polyglot payloads to trigger distinct error messages unique to each template engine, confirming if input is processed by a template engine.
- Multi-Engine Fingerprinting: Identifies common template engines including Jinja2, Twig, Freemarker, ERB, and Velocity by matching error class names and stack trace details.
- Use Case: For penetration testers assessing web applications for SSTI flaws where standard time-based blind detection is too slow or unreliable, this Skill enables rapid engine identification to streamline subsequent authorized exploitation steps.
Quick Start
Use the ssti-error-based-detection skill to identify the template engine of a suspected blind SSTI vulnerability on your target web application endpoint.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ssti-error-based-detection Download link: https://github.com/dreadnode/capabilities/archive/main.zip#ssti-error-based-detection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.