AngularJS CSTI Scanner (ACSTIS) is a Python application that enables you to scan certain web applications for AngularJS Client Side Template Injection (CSTI, sandbox escape/bypass). It supports scanning a single request but also crawling an entire web application for the vulnerability.
First make sure you're on Python 3.4 or higher. Then run the command below to install ACSTIS.
pip install --upgrade acstis
acstis [options]
-u <uri>,--uri=<uri>(required) The URI to run the exploit on (e.g. https://www.example.ltd/?vulnerable=param).-v,--verify(optional) Extra check by a JavaScript engine to ensure the payload is executed.-h,--help(optional) Print this help message.
Print a help message:
acstis --help
Check a single URI:
acstis --uri="http://example.ltd/some/page?test1=a&test2=b&test3=c"
Check a single URI and use a JavaScript engine to ensure the alert really pops:
acstis --uri="http://example.ltd/some/page?test1=a&test2=b&test3=c" --verify
Crawl the whole website and check all URI's for AngularJS sandbox escape:
acstis --uri="http://example.ltd/" --crawl
Stop checking all the URI's if a vulnerable was found:
acstis --uri="http://example.ltd/" --crawl --quit-if-vulnerable