tplmap
Template injector detector
A tool for detecting and exploiting server-side template injection vulnerabilities to gain access to underlying file systems and operating systems.
Server-Side Template Injection and Code Injection Detection and Exploitation Tool
4k stars
83 watching
671 forks
Language: Python
last commit: 7 months ago
Linked from 3 awesome lists
enaqx/awesome-pentest
qazbnm456/awesome-web-security
vavkamil/awesome-bugbounty-toolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 vladko312/sstimap | Automated tool for detecting and exploiting Server-Side Template Injection vulnerabilities in web applications. | 821 |
 tijme/angularjs-csti-scanner | Automated tool for detecting client-side template injection vulnerabilities in AngularJS applications | 303 |
 pallets/jinja | A fast and expressive template engine for generating dynamic documents from pre-defined templates. | 10,364 |
 seclab-fudan/tefuzz | Automatically detects and exploits template escape bugs in web applications | 15 |
 9551-dev/tampl | A Lua-based library for working with templates and patching injection | 3 |
 payloadbox/command-injection-payload-list | A collection of examples and tools to test and exploit command injection vulnerabilities in web applications. | 3,006 |
 mde/ejs | Library providing a JavaScript runtime for executing templates with control flow and output escaping | 7,773 |
 keats/tera | A Rust-based template engine inspired by Jinja2 and Django. | 3,559 |
| pallets/markupsafe | Protects against injection attacks by safely escaping untrusted strings in HTML and XML markup | 636 |
 dloss/python-pentest-tools | A collection of Python libraries and tools for network exploitation and reverse engineering. | 2,718 |
 projectdiscovery/nuclei-templates | A curated collection of templates for detecting security vulnerabilities in software. | 9,321 |
 fuzzdb-project/fuzzdb | A comprehensive toolset for identifying and exploiting application vulnerabilities through dynamic testing | 8,242 |
 ticarpi/jwt_tool | A toolkit for testing and analyzing JSON Web Tokens for security vulnerabilities | 5,451 |
 samyk/poisontap | Exploits a locked computer to install a persistent backdoor and expose internal network resources. | 6,248 |
| payloadbox/sql-injection-payload-list | Provides a comprehensive list of SQL injection payloads and techniques | 5,000 |