Server Side Template Injection(SSTI) - XSS Finder
This tool will grap all target subdomains from shodan that are using AsgularJS Technology and in output it will provide us with XSS payload related to AngularJS version of that subdomain.
Prerequisites
1. npm i -g wappalyzer
2. pip install -U setuptools
3. easy_install shodan
4. easy_install -U shodan
5. shodan init YOUR_API_KEY
Usage
Linux
1. git clone https://github.com/darklotuskdb/ssti-xss-finder.git
2. cd SSTI-XSS-Finder
3. chmod +x SSTI-XSS-Finder.sh
4. ./SSTI-XSS-Finder.sh <Shodan-Dork> like org:target | hostname:target.com | net:127.0.0.1
Screenshot
Reference
Donation
BuyMeACoffee If you like my work
About Me
- DarkLotus - Cyber Security Researcher - DarkLotusKDB