TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines for eight different programming languages.
Features
Features
- Automatic detection of template injection possibilities and identification of the template engine in use.
- 44 of the most relevant template engines supported (see Supported Template Engines).
- Both SSTI and CSTI vulnerabilities are detected.
- SSTI = server-side template injection
- CSTI = client-side template injection
- Efficient scanning thanks to the usage of polyglots:
- On average only five polyglots are sent to the web page until the template injection possibility is detected and the template engine identified.
- Pass crawled URLs to TInjA in JSONL format.
- Pass a raw HTTP request to TInjA.
- Set custom headers, cookies, POST parameters, and query parameters.
- Route the traffic through a proxy (e.g., Burp Suite).
- Configure Ratelimiting.