SSTI Payload Generator

SSTI Payload Generator — Multi-Engine

Command-line tool that generates payloads of Server-Side Template Injection optimizados for each motor of templates:

n
• Jinja2 (Python) — Payloads that escapan of the sandbox: access a __globals__, __builtins__, os.popen().
n
• Twig (PHP) — Execution via filter() and system(), bypass of sandbox mode.
n
• Freemarker (Java) — RCE via Execute, ObjectConstructor, JythonRuntime.
n
• Velocity (Java) — Execution via Runtime.getRuntime().exec().
n
• Pebble (Java) — Bypass of restricciones with reflection chains.
n
• Mako (Python) — Direct code execution via .
n
• Detection automatic — Sends probes mathematical ({{7*7}}, ${7*7}, #{7*7}) for identifying the engine.
n

Output: Ready-to-deploy payloads for copiesr-pegar, with variantes of encoding (URL, HTML entities, Unicode).