Packages and Binaries:
tinja
TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines for eight different programming languages.
Installed size: 12.62 MB
How to install: sudo apt install tinja
Dependencies:
- libc6
tinja
root@kali:~# tinja -h
__/\\\\\\\\\\\\\\\__/\\\\\\\\\\\______________________________/\\\\\\\\\____
_\///////\\\/////__\/////\\\///______________________/\\\___/\\\\\\\\\\\\\__
_______\/\\\___________\/\\\________________________\///___/\\\/////////\\\_
_______\/\\\___________\/\\\______/\\/\\\\\\_________/\\\_\/\\\_______\/\\\_
_______\/\\\___________\/\\\_____\/\\\////\\\_______\/\\\_\/\\\\\\\\\\\\\\\_
_______\/\\\___________\/\\\_____\/\\\__\//\\\______\/\\\_\/\\\/////////\\\_
_______\/\\\___________\/\\\_____\/\\\___\/\\\__/\\_\/\\\_\/\\\_______\/\\\_
_______\/\\\________/\\\\\\\\\\\_\/\\\___\/\\\_\//\\\\\\__\/\\\_______\/\\\_
_______\///________\///////////__\///____\///___\//////___\///________\///__
the Template INJection Analyzer. (v1.2.0)
Published by Hackmanit under http://www.apache.org/licenses/LICENSE-2.0
Author: Maximilian Hildebrand
Repository: https://github.com/Hackmanit/TInjA
Usage:
tinja [flags]
tinja [command]
Available Commands:
help Help about any command
jsonl Scan using a JSONL file
raw Scan using a Raw file
url Scan a single or multiple URLs
Flags:
--config string set the path for a config file to be read
-c, --cookie strings add custom cookie(s)
--csti enable scanning for Client-Side Template Injections using a headless browser
--escapereport escape HTML special chars in the JSON report
-H, --header strings add custom header(s)
-h, --help help for tinja
--precedinglength int how many chars shall be memorized, when getting the preceding chars of a body reflection point (default 30)
--proxycertpath string set the path for the certificate of the proxy
--proxyurl string set the URL of the proxy
-r, --ratelimit float number of requests per seconds. 0 is infinite (default 0)
--reportpath string set the path for a report to be generated
--subsequentlength int how many chars shall be memorized, when getting the subsequent chars of a body reflection point (default 30)
--testheaders strings headers to test. E.g. --testheaders Host,Origin,X-Forwarded-For
--timeout int seconds until timeout (default 15)
--useragentchrome set chrome as user-agent. Default user-agent is 'TInjA v1.2.0'
-v, --verbosity int verbosity of the output. 0 = quiet, 1 = default, 2 = verbose (default 1)
--version version for tinja
Use "tinja [command] --help" for more information about a command.
Updated on: 2025-May-20