Kali Linux

JSPanda : Client-Side Prototype Pollution Vulnerability Scanner

JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries’ source code.

However, JSpanda cannot detect advanced prototype pollution vulnerabilities.

How JSPanda works?

  • Uses multiple payloads for prototype pollution vulnerability.
  • Gathers all the links in the targets for scanning and add payloads to JSpanda-obtained URLs, navigates to each URL with headless Chromedriver.
  • Scans all words in the source code of potentially vulnerable JavaScript library and it creates a simple JS PoC by finding the script gadget, helping you analyze the code manually.

Requirements

  • Download latest version of Google Chrome and Chromedriver
  • Selenium

Usage

Scan: python3.7 jspanda.py

  • Add URLs to url.txt file, for instance : example.com

Basic Source Code Analysis : python3.7 analyze.py

  • Add a JavaScript library’s source code to analyze.js
  • Generate PoC code using analyze.py
  • Execute PoC code on Chrome’s console. It pollutes all the words collected from the source code and show it on the screen. So it may generate false positive results. These outputs provide additional information to researchers, do not automate everything.

Source code analysis – Screenshot

Download
R K

Leave a Comment
Share
Published by
R K
Tags: Client-SideJSPandaPrototypePullution Vulnerability Scanner
4 years ago

Recent Posts

Bash Functions Explained: Syntax, Examples, and Best Practices

Learn how to create and use Bash functions with this complete tutorial. Includes syntax, arguments,…

2 days ago

50+ Essential Linux Commands for Beginners and Experts: A Complete Guide

Introduction Unlock the full potential of your Linux system with this comprehensive guide to essential…

2 weeks ago

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

4 months ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

4 months ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

4 months ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

4 months ago