This is a quick note to get tplmap working again!
Previously on HTB: Doctor, the tool was worked fine with Python 2, but just now when I tried using it again on HTB: Nunchucks, it doesn’t work anymore and this error message appears.
→ kali@kali «tplmap» «192.168.1.55» git:(master) ✗
$ python tplmap.py
Traceback (most recent call last):
File "/opt/tplmap-venv/tplmap/./tplmap.py", line 2, in <module>
from utils import cliparser
File "/opt/tplmap-venv/tplmap/utils/cliparser.py", line 163, in <module>
parser.formatter.format_option_strings = type(parser.formatter.format_option_strings)(_, parser, type(parser))
TypeError: method expected 2 arguments, got 3
After googling around, I found a way to get this tool working again, it’s by upgrading the setuptools modul! But, to prevent this happen again, I will be using this tool under a virtual environment. Here’s how to:
$ python2 -m pip install --upgrade setuptools
$ python2 -m pip install virtualenv
$ git clone https://github.com/epinna/tplmap.git
$ cd ./tplmap/
$ python2 -m virtualenv tplmap-venv
$ source ./tplmap-venv/bin/activate
(tplmap-venv) $ python2 -m pip install -r requirements.txt
All the requirements should be listed now.
(tplmap-venv) → $ python2 -m pip list
--[snip annoying deprecated message]--
Package Version
---------- ----------
certifi 2018.10.15
chardet 3.0.4
idna 2.8
pip 20.3.4
PyYAML 5.1.2
requests 2.22.0
setuptools 44.1.1
urllib3 1.24.1
wheel 0.37.0
And when I tested it again, it now worked fine!
(tplmap-venv) → kali@kali «tplmap» «192.168.1.55» git:(master)
$ python2 tplmap.py
[+] Tplmap 0.5
Automatic Server-Side Template Injection Detection and Exploitation Tool
Usage: python tplmap.py [options]
tplmap.py: error: URL is required. Run with -h for help.