$loading...
Identify which template engine is vulnerable based on observed behavior and error messages. Get targeted detection probes, RCE exploitation payloads, and filter bypass techniques for Jinja2, Twig, FreeMarker, Velocity, Mako, ERB, Handlebars, Smarty, Pebble, and Tornado. 100% client-side.
Check every observation that applies. Detection confidence updates in real-time.
Check observed signals on the left to start detection.
Try {{7*7}}
├── Returns 49?
│ ├── Try {{7*'7'}}
│ │ ├── Returns 7777777? → Jinja2 (Python)
│ │ └── Returns 49? → Twig (PHP)
│ └── No evaluation? → Handlebars / static template
│
Try ${7*7}
├── Returns 49? → FreeMarker or Velocity or Mako
│ ├── Try <#assign x=1>${x}
│ │ ├── Works? → FreeMarker (Java)
│ │ └── Error? → Velocity (Java) or Mako (Python)
│
Try <%= 7*7 %>
├── Returns 49? → ERB (Ruby)
│
Try {7*7}
├── Returns 49? → Smarty (PHP)
│
Still unclear?
└── Check error messages for engine names
└── Try detection probes tab