Ppmap is a simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets.
Requirements
Make sure to have Chromium/Chrome installed:
sudo sh -c ‘echo “deb http://dl.google.com/linux/chrome/deb/ stable main” >> /etc/apt/sources.list.d/google.list’
wget -q -O – https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add –
sudo apt-get update
sudo apt-get install google-chrome-stable
Make sure to have chromedp installed:
go get -u github.com/chromedp/chromedp
Installation
chmod +x ppmapgit clone https://github.com/kleiton0x00/ppmap.gitcd ~/ppmapgo build ppmap.goUsing the program is very simple, you can either:
echo 'https://target.com/index.html' | ./ppmapecho 'http://target.com/something/?page=home' | ./ppmapFor mass scanning:cat url.txt | ./ppmap where url.txt contains all url(s) in column.
Demo
Feel free to test the tool on the following websites as a part of demonstration:
https://msrkp.github.io/pp/2.html
https://ctf.nikitastupin.com/pp/known.html
Learning Without Walls Remote education has long been a lifeline for students in rural areas…
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…