March 5
SSTImap
SSTImap - это программное обеспечение для тестирования на проникновение, которое может проверять веб-сайты на наличие уязвимостей для внедрения кода и шаблонов на стороне сервера и эксплуатировать их, предоставляя доступ к самой операционной системе.
- Interactive mode (
-i) allowing for easier exploitation and detection - Simple evaluation payloads as response markers in case of payload reflection
- Added new payloads for generic templates, as well as a way to speed up detection using
--skip-generic - Base language eval()-like shell (
-x) or single command (-X) execution - Added new payload for Smarty without enabled
{php}{/php}. Old payload is available asSmarty_unsecure. - Added new payload for newer versions of Twig. Payload for older version is available as
Twig_v1. - User-Agent can be randomly selected from a list of desktop browser agents using
-A - SSL verification can now be enabled using
--verify-ssl - Short versions added to many arguments
- Some old command line arguments were changed, check
-hfor help - Code is changed to use newer python features
- Burp Suite extension temporarily removed, as Jython doesn't support Python3
March 5, 08:19
0 views
0 reposts