From 6a14942a4e8c1de7e947527c05b39669251b4549 Mon Sep 17 00:00:00 2001
From: Meitar Moscovitz <meitarm@gmail.com>
Date: Wed, 22 Feb 2017 15:01:20 -0500
Subject: [PATCH] Add tplmap, an automated SSTI exploitation tool in the style
 of SQLmap

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 3801311..002b5af 100644
--- a/README.md
+++ b/README.md
@@ -184,6 +184,7 @@ A collection of awesome penetration testing resources
 #### Web exploitation
 * [WPScan](https://wpscan.org/) - Black box WordPress vulnerability scanner
 * [SQLmap](http://sqlmap.org/) - Automatic SQL injection and database takeover tool
+* [tplmap](https://github.com/epinna/tplmap) - Automatic server-side template injection and Web server takeover tool
 * [weevely3](https://github.com/epinna/weevely3) - Weaponized web shell
 * [Wappalyzer](https://wappalyzer.com/) - Wappalyzer uncovers the technologies used on websites
 * [cms-explorer](https://code.google.com/archive/p/cms-explorer/) - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.