Ppmap is a simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets.
Requirements
Make sure to have Chromium/Chrome installed:
sudo sh -c ‘echo “deb http://dl.google.com/linux/chrome/deb/ stable main” >> /etc/apt/sources.list.d/google.list’
wget -q -O – https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add –
sudo apt-get update
sudo apt-get install google-chrome-stable
Make sure to have chromedp installed:
go get -u github.com/chromedp/chromedp
Installation
chmod +x ppmapgit clone https://github.com/kleiton0x00/ppmap.gitcd ~/ppmapgo build ppmap.goUsing the program is very simple, you can either:
echo 'https://target.com/index.html' | ./ppmapecho 'http://target.com/something/?page=home' | ./ppmapFor mass scanning:cat url.txt | ./ppmap where url.txt contains all url(s) in column.
Demo
Feel free to test the tool on the following websites as a part of demonstration:
https://msrkp.github.io/pp/2.html
https://ctf.nikitastupin.com/pp/known.html
Imagine if you had a super-powered assistant who could automatically handle all the boring, repetitive…
Managing files efficiently is a core skill for anyone working in Linux, whether you're a…
Open ports act as communication endpoints between your Linux system and the outside world. Every…
Introduction In today’s cyber threat landscape, protecting endpoints such as computers, smartphones, and tablets from…
Introduction In today's fast-paced cybersecurity landscape, incident response is critical to protecting businesses from cyberattacks.…
Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…