reddit hackernews mail facebook facebook linkedin
Template INJection Analyzer

Template INJection Analyzer

CLI tool for testing web pages for template injection vulnerabilities.

- Automatic detection of template injection possibilities and identification of the template engine in use. 44 of the most relevant template engines supported (see Supported Template Engines). Both SSTI and CSTI vulnerabilities are detected.
- Efficient scanning thanks to the usage of polyglots: On average only five polyglots are sent to the web page until the template injection possibility is detected and the template engine identified.
- Pass crawled URLs to TInjA in JSONL format.
- Pass a raw HTTP request to TInjA.
- Set custom headers, cookies, POST parameters, and query parameters.
- Route the traffic through a proxy (e.g., Burp Suite).
- Configure Ratelimiting.