tplmap
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
GPL-3.0 License
Stars
3.7K
Ecosystems:
Python
Bot releases are hidden (Show)
tplmap
- Exploitation of Python 3 apps, Docker testing environments, TravisCI
Latest Release
Published by epinna over 6 years ago
- Use stdout for prints to close #47
- Support Python3 to close #33
- Use Docker for testing environments
- Use TravisCI
- Fix Smarty caching quirks
- Add
requirements.txt - Fix Jinja2 false negatives
tplmap
- Fix docker compose
Published by epinna almost 7 years ago
tplmap
- Burpsuite module, Dockerized test environments, support for ERB, Slim, Ruby eval, Tornado engines
Published by epinna almost 7 years ago
- Add @jx6f 's Burpsuite module
- Add @jx6f 's Dockerized test environment
- Add ERB template engine
- Rewrite Plugin object
- Add Slim template engine
- Add Ruby eval module
- Support injection in URL
- Supports HTTP Proxy
- Add Tornado plugin test
tplmap
- Marko and doT engines support, detection method improvement
Published by epinna about 8 years ago
- Improve render detection method
- Skip TLS certificate check
- Add Marko Plugin
- Add doT Plugin
tplmap
- Dust.js engine and generic Python, JavaScript, PHP modules
Published by epinna about 8 years ago
- Exploitation of Dust.js template engine.
- Fix command execution payloads for Velocity template engine as suggested by @henshin.
- Exploitation of generic code injections for Python, JavaScript and PHP applications.
- Improve how to select the injection points via the command line.
tplmap
- Core, 8 supported engines, blind exploitation, code context escape
Published by epinna about 8 years ago
- Core
- Detection and exploitation plugins for Mako, Jinja2, Velocity, Freemarker, Jade, Nunjucks, Smarty, Twig
- Blind exploitation
- Code context escape
Package Rankings
Top 4.58% on Proxy.golang.org