The cutting-edge Client-Side Prototype Pollution Scanner. In this article, we’ll delve into the installation process, usage, and features of pphack, a powerful tool for web security professionals and red teamers.
Discover how pphack can help you identify and mitigate prototype pollution vulnerabilities in web applications.
The Most Advanced Client-Side Prototype Pollution Scanner
go install github.com/edoardottt/pphack/cmd/pphack@latest
pphack relies on chromedp
, so you need a Chrome or Chromium browser.
Usage:
pphack [flags]
Flags:
INPUT:
-u, -url string Input URL
-l, -list string File containing input URLs
CONFIGURATION:
-c, -concurrency int Concurrency level (default 50)
-t, -timeout int Connection timeout in seconds (default 10)
-px, -proxy string Set a proxy server (URL)
-rl, -rate-limit int Set a rate limit (per second)
-ua, -user-agent string Set a custom User Agent (random by default)
SCAN:
-p, -payload string Custom payload
-js, -javascript string Run custom Javascript on target
-jsf, -javascript-file string File containing custom Javascript to run on target
OUTPUT:
-o, -output string File to write output results
-v, -verbose Verbose output
-s, -silent Silent output. Print only results
Scan a single URL
pphack -u https://edoardottt.github.io/pp-test/
echo https://edoardottt.github.io/pp-test/ | pphack
Scan a list of URLs
pphack -l targets.txt
cat targets.txt | pphack
Read the Wiki to understand how to use pphack.
Detailed changes for each release are documented in the release notes.
Just open an issue / pull request.
Before opening a pull request, download golangci-lint and run
golangci-lint run
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…