Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here: https://github.com/BlackFan/client-side-prototype-pollution/tree/master/pp
This is not a one stop shop. Prototype pollution is a complicated beast. This tool does nothing you couldn’t do manually. This is not a polished bug-free super tool. It is functional but poorly coded and to be considered alpha at best.
Plution appends a payload to supplied URLs, naviguates to each URL with headless chrome and runs javascript on the page to verify if a prototype was successfully polluted.
How It Is Used
cat URLs.txt | plutioncat URLs.txt|plution -p '__proto__.zzzc=example'Passing '-o' followed by a location will output only URLs of pages that were successfully polluted.Pass the '-c' option to specify how many concurrent jobs are run (default is 5)Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…