ENNAENNA

Tplmap vs XSStrike

Tplmap

๐Ÿ•ธ Web Scanning ยท Python

XSStrike

โšก Vulnerability Scanning ยท Python

GitHub Stats

4.2k
Stars
14.9k
685
Forks
2.1k
45
Issues
90
2y ago
Updated
1y ago
GPL-3.0
License
GPL-3.0
Python
Language
Python

About Tplmap

Tplmap automates the detection and exploitation of Server-Side Template Injection (SSTI) vulnerabilities. It supports over 15 template engines including Jinja2, Mako, Twig, Smarty, Freemarker, Velocity, and Jade. When it identifies a vulnerable injection point, it can escalate to operating system command execution, file read/write, and reverse shell deployment. Tplmap handles blind injection scenarios through time-based techniques and supports various payload delivery mechanisms to bypass WAFs and filters.

About XSStrike

XSStrike is an advanced cross-site scripting (XSS) detection suite that includes a powerful fuzzing engine, context analysis, and WAF detection/bypass capabilities. It automates the process of identifying XSS vulnerabilities by analyzing various contexts and injection points. Written in Python, XSStrike is a go-to tool for security testers looking to identify and exploit XSS vulnerabilities in web applications.

Platform Support

๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Tags

Tplmap only

sstitemplate-injectionexploitationweb-securityrce

XSStrike only

xsswaf-bypassfuzzingcontext-analysis
View Tplmap DetailsView XSStrike Details