Cyber security

pphack : The Advanced Client-Side Prototype Pollution Scanner

The cutting-edge Client-Side Prototype Pollution Scanner. In this article, we’ll delve into the installation process, usage, and features of pphack, a powerful tool for web security professionals and red teamers.

Discover how pphack can help you identify and mitigate prototype pollution vulnerabilities in web applications.

The Most Advanced Client-Side Prototype Pollution Scanner

Install

Using Go

go install github.com/edoardottt/pphack/cmd/pphack@latest

pphack relies on chromedp, so you need a Chrome or Chromium browser.

Get Started

Usage:
  pphack [flags]

Flags:
INPUT:
   -u, -url string   Input URL
   -l, -list string  File containing input URLs

CONFIGURATION:
   -c, -concurrency int     Concurrency level (default 50)
   -t, -timeout int         Connection timeout in seconds (default 10)
   -px, -proxy string       Set a proxy server (URL)
   -rl, -rate-limit int     Set a rate limit (per second)
   -ua, -user-agent string  Set a custom User Agent (random by default)

SCAN:
   -p, -payload string            Custom payload
   -js, -javascript string        Run custom Javascript on target
   -jsf, -javascript-file string  File containing custom Javascript to run on target

OUTPUT:
   -o, -output string  File to write output results
   -v, -verbose        Verbose output
   -s, -silent         Silent output. Print only results

Examples

Scan a single URL

pphack -u https://edoardottt.github.io/pp-test/
echo https://edoardottt.github.io/pp-test/ | pphack

Scan a list of URLs

pphack -l targets.txt
cat targets.txt | pphack

Read the Wiki to understand how to use pphack.

Changelog

Detailed changes for each release are documented in the release notes.

Contributing

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

How OpenClaw Works

Imagine if you had a super-powered assistant who could automatically handle all the boring, repetitive…

3 days ago

How to Use the Linux find Command to Locate Files Like a Pro

Managing files efficiently is a core skill for anyone working in Linux, whether you're a…

5 days ago

How to Check Open Ports in Linux Using netstat, ss, and lsof

Open ports act as communication endpoints between your Linux system and the outside world. Every…

5 days ago

Best Endpoint Monitoring Tools for 2026

Introduction In today’s cyber threat landscape, protecting endpoints such as computers, smartphones, and tablets from…

7 days ago

Best 9 Incident Response Automation Tools

Introduction In today's fast-paced cybersecurity landscape, incident response is critical to protecting businesses from cyberattacks.…

7 days ago

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

3 months ago