diff options
Diffstat (limited to 'ssti-app.py')
| -rw-r--r-- | ssti-app.py | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/ssti-app.py b/ssti-app.py new file mode 100644 index 0000000..336e868 --- /dev/null +++ b/ssti-app.py @@ -0,0 +1,48 @@ +from flask import Flask, request, jsonify, render_template +from jinja2 import Environment, TemplateError +import argparse +import importlib + +app = Flask(__name__) + +parser = argparse.ArgumentParser(description='SSTI Payload Tester') +parser.add_argument('--module', type=str, default='', + help='Comma-separated list of modules to import (e.g., os,lipsum)') +args = parser.parse_args() + +modules = {} +if args.module: + for module_name in args.module.split(','): + try: + modules[module_name] = importlib.import_module(module_name.strip()) + except ImportError as e: + print(f"Warning: Failed to import module '{module_name}': {e}") + +@app.route('/') +def index(): + return render_template('index.html') + +@app.route('/execute', methods=['POST']) +def execute_payload(): + payload = request.json.get('payload', '') + if not payload: + return jsonify({'error': 'No payload provided'}), 400 + + result = {'output': '', 'error': None} + + try: + env = Environment() + env.globals.update(modules) + template = env.from_string(payload) + result['output'] = template.render() + except TemplateError as e: + result['error'] = str(e) + result['output'] = str(e) + except Exception as e: + result['error'] = f"Unexpected error: {str(e)}" + result['output'] = str(e) + + return jsonify(result) + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0', port=5000) |