An SSTI payload is input that gets evaluated by a server-side template engine instead of being treated as plain data. By injecting template syntax such as {{7*7}}, an attacker can reach engine internals and often escalate to remote code execution through accessible objects and built-in functions.
Send polyglot probes and compare results: {{7*7}} rendering 49 suggests Jinja2 or Twig, while ${7*7} points to Freemarker or a JSP expression. The SSTI generator includes a detection set so you can fingerprint the engine before sending the engine-specific RCE chain.
Walk Python's object model from an exposed object, for example ''.__class__.__mro__[1].__subclasses__(), to reach a class that wraps subprocess or os, then call it. The generator produces these Jinja2 sandbox-escape gadget chains plus shorter cycler and config.__class__ variants.
Yes. The SSTI generator is free and runs entirely client-side, so your payloads for Jinja2, Twig, Freemarker, and other engines never leave your device. It is intended for authorized penetration testing, bug bounty, and CTF use only.