The cutting-edge Client-Side Prototype Pollution Scanner. In this article, we’ll delve into the installation process, usage, and features of pphack, a powerful tool for web security professionals and red teamers.
Discover how pphack can help you identify and mitigate prototype pollution vulnerabilities in web applications.
The Most Advanced Client-Side Prototype Pollution Scanner
go install github.com/edoardottt/pphack/cmd/pphack@latest
pphack relies on chromedp
, so you need a Chrome or Chromium browser.
Usage:
pphack [flags]
Flags:
INPUT:
-u, -url string Input URL
-l, -list string File containing input URLs
CONFIGURATION:
-c, -concurrency int Concurrency level (default 50)
-t, -timeout int Connection timeout in seconds (default 10)
-px, -proxy string Set a proxy server (URL)
-rl, -rate-limit int Set a rate limit (per second)
-ua, -user-agent string Set a custom User Agent (random by default)
SCAN:
-p, -payload string Custom payload
-js, -javascript string Run custom Javascript on target
-jsf, -javascript-file string File containing custom Javascript to run on target
OUTPUT:
-o, -output string File to write output results
-v, -verbose Verbose output
-s, -silent Silent output. Print only results
Scan a single URL
pphack -u https://edoardottt.github.io/pp-test/
echo https://edoardottt.github.io/pp-test/ | pphack
Scan a list of URLs
pphack -l targets.txt
cat targets.txt | pphack
Read the Wiki to understand how to use pphack.
Detailed changes for each release are documented in the release notes.
Just open an issue / pull request.
Before opening a pull request, download golangci-lint and run
golangci-lint run
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…