diff --git a/README.md b/README.md
index 3801311..002b5af 100644
--- a/README.md
+++ b/README.md
@@ -184,6 +184,7 @@ A collection of awesome penetration testing resources
 #### Web exploitation
 * [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner
 * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
+* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool
 * [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
 * [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
 * [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.