Polish readme

epinna · Aug 29, 2016 · 3fe87f3 · 3fe87f3
1 parent 54c4df1
commit 3fe87f3
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -3,11 +3,11 @@ Tplmap
 
 Tplmap (short for _Template Mapper_) is a tool that automate the process of detecting and exploiting Server-Side Template Injection vulnerabilities (SSTI). This assists SSTI exploitation to compromise the application and achieve remote command execution on the operating system. 
 
-The tool can be used by security researches and penetration testers, to detect and exploit vulnerabilities and study the template injection vulnerability class.
+The tool can be used by security researchers and penetration testers, to detect and exploit vulnerabilities and study the template injection vulnerability class.
 
-The plugin architecture makes easy to extend the tool and support new template engines and sandbox break-out techniques. Part of the implemented techniques came from public research papers as James Kett's [Server-Side Template Injection: RCE For The Modern Web App][1] and other [works][4] while others have been [discovered][2] to [extend][3] this tool exploitation capabilities.
+The plugin architecture makes easy to extend the tool and support new template engines and sandbox break-out techniques. Part of the implemented techniques came from public research papers as James Kett's [Server-Side Template Injection: RCE For The Modern Web App][1] and other [works][4] while others have been [discovered][2] to [extend][3] this tool exploitation capabilities. 
 
-Tplmap is able to detect and achieve arbitrary command execution in several scenarios as injections in code context and blind injections.
+Tplmap is able to detect and achieve arbitrary command execution in several scenarios as injections in code context and blind injections. The tool also detects code injections in several languages (e.g. Server-Side JavaScript Injection) exploiting _eval()_-like injections and generic template engines accepting arbitrary code.
 
 Example
 -------
@@ -49,6 +49,7 @@ $ ./tplmap.py -u 'http://www.target.com/app?id=7'
     --reverse-shell HOST PORT to run a shell back to the attacker's HOST PORT
           
 $ ./tplmap.py -u 'http://www.target.com/app?id=7' --os-shell
+
 [+] Run commands on the operating system.
 
 linux $ whoami
@@ -66,6 +67,7 @@ Supported template engines
 |----------------------|--------------------|-------------------|-----------------|-----------|------------|
 | Mako                 |  render/blind      | yes               | Python          | yes       | yes        |
 | Jinja2               |  render/blind      | yes               | Python          | yes       | yes        |
+| Python (generic)     |  render/blind      | yes               | Python          | yes       | yes        |
 | Nunjucks             |  render/blind      | yes               | JavaScript      | yes       | yes        |
 | Jade                 |  render/blind      | yes               | JavaScript      | yes       | yes        |
 | JavaScript (generic) |  render/blind      | yes               | JavaScript      | yes       | yes        |