reddit hackernews mail facebook facebook linkedin
tplmap

tplmap

Server-Side Template Injection and Code Injection Detection and Exploitation Tool.

Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system.

The tool and its test suite are developed to research the SSTI vulnerability class and to be used as offensive security tool during web application penetration tests. It can exploit several code context and blind injection scenarios.