tplmap | Side Template Injection and Code Injection Detection | Security Testing library

by epinna Python Version: v0.5 License: GPL-3.0

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | tplmap Summary

tplmap is a Python library typically used in Testing, Security Testing applications. tplmap has no bugs, it has no vulnerabilities, it has build file available, it has a Strong Copyleft License and it has medium support. You can download it from GitHub.

Tplmap assists the exploitation of Code Injection and Server-Side Template Injection vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. The tool and its test suite are developed to research the SSTI vulnerability class and to be used as offensive security tool during web application penetration tests. The sandbox break-out techniques came from James Kett’s [Server-Side Template Injection: RCE For The Modern Web App][10], other public researches [\[1\]][1] [\[2\]][2], and original contributions to this tool [\[3\]][3] [\[4\]][4]. It can exploit several code context and blind injection scenarios. It also supports eval()-like code injections in Python, Ruby, PHP, Java and generic unsandboxed template engines.

Support

Quality

Security

License

Reuse

Support

tplmap has a medium active ecosystem.

It has 3313 star(s) with 642 fork(s). There are 87 watchers for this library.

It had no major release in the last 12 months.

There are 23 open issues and 51 have been closed. On average issues are closed in 35 days. There are 11 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of tplmap is v0.5

Quality

tplmap has no bugs reported.

Security

tplmap has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

License

tplmap is licensed under the GPL-3.0 License. This license is Strong Copyleft.

Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

Reuse

tplmap releases are available to install and integrate.

Build file is available. You can build the component from source.

Installation instructions are not available. Examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi has reviewed tplmap and discovered the below as its top functions. This is intended to give you an instant insight into tplmap implemented functionality, and help decide if they suit your requirements.

Check if the plugin has been injected
Generate a list of closure names
Generate all the contexts
Detect blind injection
Detect if the plugin has been injected
Test the plugin
Check if blind is detected
Update the actions on this instance
Recursively update a nested dictionary
Returns a list of http messages
Mark an HTTP MessageResponse
Parse the HTTP method
Detects a read capability
Performs active scan issue
Return a random integer n
Inject injection parameters
Parse cookies
Parse POST parameters
Called when the rendered code is detected
Evaluate a blind code
Parse header
Return information about the issue
Generate a random string

Get all kandi verified functions for this library.

tplmap Key Features

No Key Features are available at this moment for tplmap.

tplmap Examples and Code Snippets

No Code Snippets are available at this moment for tplmap.

Community Discussions

Trending Discussions on tplmap

Unable to get Polylines coordinates of TPL Maps

QUESTION

Unable to get Polylines coordinates of TPL Maps

Asked 2019-Oct-23 at 12:47

I am using this map for an app, (Yes,I know I should be using Google Maps but my boss says I need to use this). I have integrated the map but the problem is that I am trying to draw a polyline between two points I have read the doc. And went for the Polylines Section under Draw markers and shapes ( At the end of doc) the problem is it just draws a straight path between the two points. I also checked the TPLMapsAndroidSdkSamples given in the doc. We can see that in the ActivityRouting class I modified the onMapRoutingOverview Method to get the values of X & Y

...

ANSWER

Answered 2019-Oct-23 at 12:47

Well no one answered so if someone falls upon this and needs help, Here's how I did it. 1st of all TPL Maps doesn't calculate the route and even their REST API weren't working ,

You need a different approach for this such as Google Places API or similar and since Google jacked up the prices I went for GraphHopper. It returns a JSONArray which you can decode to get your polylines and draw them on your TPL map, Hope this helps!

EDIT: As of now their API are working but require API_KEY

Source https://stackoverflow.com/questions/56869256

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install tplmap

You can download it from GitHub.
You can use tplmap like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.

Support

Tplmap supports over 15 template engines, unsandboxed template engines and generic eval()-like injections. | Engine | Remote Command Execution | Blind | Code evaluation | File read | File write | |------------------------|---------------|-------------------|-----------------|-----------|------------| | Mako | ✓ | ✓ | Python | ✓ | ✓ | | Jinja2 | ✓ | ✓ | Python | ✓ | ✓ | | Python (code eval) | ✓ | ✓ | Python | ✓ | ✓ | | Tornado | ✓ | ✓ | Python | ✓ | ✓ | | Nunjucks | ✓ | ✓ | JavaScript | ✓ | ✓ | | Pug | ✓ | ✓ | JavaScript | ✓ | ✓ | | doT | ✓ | ✓ | JavaScript | ✓ | ✓ | | Marko | ✓ | ✓ | JavaScript | ✓ | ✓ | | JavaScript (code eval) | ✓ | ✓ | JavaScript | ✓ | ✓ | | Dust (⇐ dustjs-helpers@1.5.0) | ✓ | ✓ | JavaScript | ✓ | ✓ | | EJS | ✓ | ✓ | JavaScript | ✓ | ✓ | | Ruby (code eval) | ✓ | ✓ | Ruby | ✓ | ✓ | | Slim | ✓ | ✓ | Ruby | ✓ | ✓ | | ERB | ✓ | ✓ | Ruby | ✓ | ✓ | | Smarty (unsecured) | ✓ | ✓ | PHP | ✓ | ✓ | | PHP (code eval) | ✓ | ✓ | PHP | ✓ | ✓ | | Twig (⇐1.19) | ✓ | ✓ | PHP | ✓ | ✓ | | Freemarker | ✓ | ✓ | Java | ✓ | ✓ | | Velocity | ✓ | ✓ | Java | ✓ | ✓ | | Twig (>1.19) | × | × | × | × | × | | Smarty (secured) | × | × | × | × | × | | Dust (> dustjs-helpers@1.5.0) | × | × | × | × | × |.

Find more information at: