Changelog Tplmap v0.3.1:
* Marko and doT engines support, detection method improvement:
++ Improve render detection method
++ Skip TLS certificate check
++ Add Marko Plugin
++ Add doT Plugin
Tplmap (short for Template Mapper) is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities (SSTI).
+ This can be used by developers, penetration testers, and security researchers to detect and exploit vulnerabilities related to the template injection attacks.
+ The technique can be used to compromise web servers’ internals and often obtain Remote Code Execution (RCE), turning every vulnerable application into a potential pivot point.
pip install yaml
git clone https://github.com/epinna/tplmap && cd tplmap
git pull origin master