{"id":13589117,"url":"https://github.com/dwisiswant0/ppfuzz","last_synced_at":"2025-05-16T04:06:59.821Z","repository":{"id":43016460,"uuid":"377060135","full_name":"dwisiswant0/ppfuzz","owner":"dwisiswant0","description":"A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀","archived":false,"fork":false,"pushed_at":"2023-03-20T15:01:05.000Z","size":70,"stargazers_count":615,"open_issues_count":11,"forks_count":60,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-05-10T10:04:23.435Z","etag":null,"topics":["bugbounty","bugbounty-tool","bugbountytips","chromium","prototype-pollution","rust","rust-tools","security","security-tools","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dwisiswant0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"github":["dwisiswant0"]}},"created_at":"2021-06-15T06:31:46.000Z","updated_at":"2025-05-09T13:45:26.000Z","dependencies_parsed_at":"2024-01-15T03:59:35.877Z","dependency_job_id":"46d68fb5-305f-4f60-9a23-6051bf54b82f","html_url":"https://github.com/dwisiswant0/ppfuzz","commit_stats":{"total_commits":28,"total_committers":4,"mean_commits":7.0,"dds":0.25,"last_synced_commit":"80982ec3984dd2ae4ab16a701e39aaee8027f9be"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwisiswant0%2Fppfuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwisiswant0%2Fppfuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwisiswant0%2Fppfuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dwisiswant0%2Fppfuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dwisiswant0","download_url":"https://codeload.github.com/dwisiswant0/ppfuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254464897,"owners_count":22075571,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bugbounty-tool","bugbountytips","chromium","prototype-pollution","rust","rust-tools","security","security-tools","vulnerability-scanners"],"created_at":"2024-08-01T16:00:23.312Z","updated_at":"2025-05-16T04:06:54.813Z","avatar_url":"https://github.com/dwisiswant0.png","language":"Rust","funding_links":["https://github.com/sponsors/dwisiswant0"],"categories":["Weapons","Rust","Projects"],"sub_categories":["Tools"],"readme":"# ppfuzz\n\n\u003cp align=\"left\"\u003e\n\t\u003ca href=\"https://www.rust-lang.org/\"\u003e\u003cimg src=\"https://img.shields.io/badge/made%20with-Rust-red\"\u003e\u003c/a\u003e\n\t\u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-blueviolet\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://github.com/dwisiswant0/ppfuzz/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/dwisiswant0/ppfuzz?color=blue\"\u003e\u003c/a\u003e\n\t\u003ca href=\"https://github.com/dwisiswant0/ppfuzz/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/dwisiswant0/ppfuzz?color=yellow\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\nPrototype Pollution Fuzzer\n\n\u003cimg src=\"https://user-images.githubusercontent.com/25837540/124197070-f0ffb800-daf7-11eb-9d65-edda5d94633f.jpg\" alt=\"ppfuzz, Prototype Pollution Fuzzer\"\u003e\n\nA fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀\n\n- [Installation](#installation)\n  - [Binary](#binary)\n  - [Source](#source)\n  - [Dependencies](#dependencies)\n- [Demonstration](#demonstration)\n- [Usage](#usage)\n  - [Basic](#basic)\n  - [Options](#options)\n- [Usage](#usage)\n- [Supporting Materials](#supporting-materials)\n- [Contributing](#contributing)\n- [Attribution](#attribution)\n- [Acknowledments](#acknowledments)\n- [License](#license)\n\n---\n\n## Installation\n\n### Binary\n\nSimply, download a pre-built binary from [releases page](https://github.com/dwisiswant0/ppfuzz/releases) and run!\n\n### Source\n\n\u003ctable\u003e\n\t\u003ctd\u003e\u003cb\u003eNOTE:\u003c/b\u003e \u003ca href=\"https://www.rust-lang.org/tools/install\"\u003eRust\u003c/a\u003e should be installed!\u003c/td\u003e\n\u003c/table\u003e\n\nUsing `cargo`:\n\n```bash\n▶ cargo install ppfuzz\n```\n\n#### — or\n\nManual building executable from source code:\n\n```bash\n▶ git clone https://github.com/dwisiswant0/ppfuzz\n▶ cd ppfuzz \u0026\u0026 cargo build --release\n# binary file located at target/release/ppfuzz\n```\n\n### Dependencies\n\n**ppfuzz** uses [chromiumoxide](https://github.com/mattsse/chromiumoxide), which requires Chrome or Chromium browser to be installed.\nIf the `CHROME` environment variable is set, then it'll use it as the default executable. Otherwise, the filenames `google-chrome-stable`, `chromium`, `chromium-browser`, `chrome` and `chrome-browser` are searched for in standard places. If that fails, `/Applications/Google Chrome.app/...` _(on MacOS)_ or the registry _(on Windows)_ is consulted.\n\n## Demonstration\n\n![ppfuzz-demonstration](https://user-images.githubusercontent.com/25837540/125734819-b4e53913-6f6b-4d3c-937a-e936526d6483.gif)\n\nAs you can see in the demo above _(click to view in high-quality)_, **ppfuzz** attempts to check for prototype-pollution vulnerabilities by adding an object \u0026 pointer queries, if it's indeed vulnerable: it'll fingerprinting the script gadgets used and then display additional payload info that could potentially escalate its impact to XSS, bypass or cookie injection.\n\n## Usage\n\nIt's fairly simple to use **ppfuzz**!\n\n```bash\n▶ ppfuzz -l FILE [OPTIONS]\n```\n\n### Basic\n\nUse `-l/--list` to provide input list:\n\n```bash\n▶ ppfuzz -l FILE\n```\n\nYou can also provide the list using I/O redirection:\n\n```bash\n▶ ppfuzz \u003c FILE\n```\n\n— or chain it from another command output:\n\n```bash\n▶ cat FILE | ppfuzz\n```\n\nOnly show vulnerable targets/suppress an errors:\n\n```bash\n▶ ppfuzz -l FILE 2\u003e/dev/null\n```\n\n### Options\n\nHere are all the options it supports:\n\n```bash\n▶ ppfuzz -h\n```\n\n| **Flag**          \t| **Description**                        \t| **Default value** \t|\n|-------------------\t|----------------------------------------\t|-------------------\t|\n| -l, --list        \t| List of target URLs                    \t|                   \t|\n| -c, --concurrency \t| Set the concurrency level              \t| 5                 \t|\n| -t, --timeout     \t| Max. time allowed for connection _(s)_ \t| 30                \t|\n| -h, --help        \t| Prints help information                \t|                   \t|\n| -V, --version     \t| Prints version information             \t|                   \t|\n\n## Supporting Materials\n\n- [Nuclei templates](https://github.com/projectdiscovery/nuclei-templates/blob/master/headless/prototype-pollution-check.yaml)\n- [PPScan](https://github.com/msrkp/PPScan)\n- [Prototype Pollution and useful Script Gadgets](https://github.com/BlackFan/client-side-prototype-pollution)\n- [JavaScript prototype pollution attack in NodeJS](https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf)\n- [Prototype pollution – and bypassing client-side HTML sanitizers](https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/)\n\n## Contributing\n\n[![contributions](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwisiswant0/ppfuzz/issues)\n\nWhen I started **ppfuzz**, I had very little or no knowledge on Rust and I believe there may be a lot of drawbacks/security vulnerabilities. So all contributions are welcome, of course — any bug reports \u0026 suggestions are appreciated, some environment have not been tested yet.\n\n## Attribution\n\nBesides being my learning medium, this tool was created because it was inspired by [@R0X4R](https://twitter.com/R0X4R/status/1402906185301323776)'s tip on [how to automate prototype pollution checking](https://twitter.com/R0X4R/status/1402906185301323776) using [page-fetch](https://github.com/detectify/page-fetch).\n\nCross-compile GitHub workflow inspired by [crodjer](https://github.com/crodjer)'s [sysit](https://github.com/crodjer/sysit/commit/160bdae51b2c90c3b6e8a0e6c4832506ebc55694).\n\n## Acknowledments\n\nSince this tool includes some contributions, I'll publically thank the following users for their helps and resources:\n\n- [@mattsse](https://github.com/mattsse) - for his awesome [chromiumoxide](https://github.com/mattsse/chromiumoxide) \u0026 mentoring me which helped a lot to quickly adapt Rust!\n- `Fourty2#4842` _(Discord)_ - for helpful workaround.\n- [All contributors](https://github.com/dwisiswant0/ppfuzz/graphs/contributors).\n\n## License\n\n**ppfuzz** is distributed under MIT. See `LICENSE`.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdwisiswant0%2Fppfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdwisiswant0%2Fppfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdwisiswant0%2Fppfuzz/lists"}