Home
Projects
Resources
Alternatives
Blog
Sign In
Tplmap Versions
Save
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
Overview
Versions
Reviews
Resources
v0.5
5 years ago
Use stdout for prints to close #47
Support Python3 to close #33
Use Docker for testing environments
Use TravisCI
Fix Smarty caching quirks
Add
requirements.txt
Fix Jinja2 false negatives
v0.4.1
6 years ago
v0.4
6 years ago
Add @jx6f 's Burpsuite module
Add @jx6f 's Dockerized test environment
Add ERB template engine
Rewrite Plugin object
Add Slim template engine
Add Ruby eval module
Support injection in URL
Supports HTTP Proxy
Add Tornado plugin test
v0.3.1
7 years ago
Improve render detection method
Skip TLS certificate check
Add Marko Plugin
Add doT Plugin
v0.2
7 years ago
Exploitation of Dust.js template engine.
Fix command execution payloads for Velocity template engine as suggested by @henshin.
Exploitation of generic code injections for Python, JavaScript and PHP applications.
Improve how to select the injection points via the command line.
v0.1
7 years ago
Core
Detection and exploitation plugins for Mako, Jinja2, Velocity, Freemarker, Jade, Nunjucks, Smarty, Twig
Blind exploitation
Code context escape
Home
Projects
Resources
Alternatives
Blog
Sign In
Sign In to OSA
I agree with
Terms of Service
and
Privacy Policy
Sign In with Github