Skills
.Work. You
Rest

tplmap

Community

Detect and exploit Server-Side Template Injection.

Software Engineering#exploitation#vulnerability detection#web application security#rce#ssti#tplmap
AuthorAeonDave
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill automates the detection and exploitation of Server-Side Template Injection (SSTI) vulnerabilities across a wide range of template engines, enabling security professionals to identify and demonstrate Remote Code Execution (RCE) risks.

Core Features & Use Cases

  • Automated SSTI Detection: Scans web applications for vulnerabilities in popular template engines like Jinja2, Twig, Smarty, and others.
  • Exploitation: Facilitates achieving Remote Code Execution (RCE) through identified SSTI flaws.
  • File Operations: Supports uploading and downloading files to and from the target server via SSTI.
  • Use Case: A penetration tester can use this Skill to quickly assess a web application for SSTI vulnerabilities and, if found, demonstrate the potential impact by executing commands on the server.

Quick Start

Use the tplmap skill to detect SSTI vulnerabilities on the target URL http://example.com/page?name=* by running the command python2 tplmap.py -u "http://example.com/page?name=*"

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: tplmap
Download link: https://github.com/AeonDave/malskill/archive/main.zip#tplmap

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.