{"id":13762742,"url":"https://github.com/kleiton0x00/ppmap","last_synced_at":"2025-04-05T21:08:29.263Z","repository":{"id":37907776,"uuid":"385248835","full_name":"kleiton0x00/ppmap","owner":"kleiton0x00","description":"A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.","archived":false,"fork":false,"pushed_at":"2022-06-22T17:54:53.000Z","size":51,"stargazers_count":485,"open_issues_count":1,"forks_count":69,"subscribers_count":13,"default_branch":"main","last_synced_at":"2024-08-03T14:06:25.533Z","etag":null,"topics":["bug-bounty","bugbounty","bugbounty-tool","cybersecurity","infosec","prototype-pollution","xss","xss-detection","xss-exploitation","xss-vulnerability"],"latest_commit_sha":null,"homepage":"https://kleiton0x00.github.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kleiton0x00.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"kleiton0x00","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2021-07-12T12:59:42.000Z","updated_at":"2024-07-29T23:18:50.000Z","dependencies_parsed_at":"2022-07-18T01:10:39.169Z","dependency_job_id":null,"html_url":"https://github.com/kleiton0x00/ppmap","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kleiton0x00%2Fppmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kleiton0x00%2Fppmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kleiton0x00%2Fppmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kleiton0x00%2Fppmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kleiton0x00","download_url":"https://codeload.github.com/kleiton0x00/ppmap/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247399877,"owners_count":20932876,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","bugbounty","bugbounty-tool","cybersecurity","infosec","prototype-pollution","xss","xss-detection","xss-exploitation","xss-vulnerability"],"created_at":"2024-08-03T14:00:56.217Z","updated_at":"2025-04-05T21:08:29.242Z","avatar_url":"https://github.com/kleiton0x00.png","language":"Go","funding_links":["https://github.com/sponsors/kleiton0x00"],"categories":["Weapons","Go"],"sub_categories":["Tools"],"readme":"# ppmap ![markdown_statistic](https://img.shields.io/github/downloads/kleiton0x00/ppmap/total)\nA simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets.\n\n## Requirements\nMake sure to have Chromium installed. No need to worry, **setup.sh** will automatically install that for you.  \n\n## Installation\n- Run the following command to clone the repo: \n ```bash\ngit clone https://github.com/kleiton0x00/ppmap.git\n ```\n - Change the directory to ppmap and execute **setup.sh**:  \n```bash\ncd ppmap/ \u0026\u0026 bash setup.sh\n```  \nThat's it. Enjoy using ppmap!\n  \n- Note: If you face error during manually compiling or during the setup (for some reasons), you can download the precompiled one:  \n  - Download the already compiled binary [here](https://github.com/kleiton0x00/ppmap/releases)\n  - Give it the permission to execute ```chmod +x ppmap```\n\n## Usage\n\nUsing the program is very simple, you can either:\n- scan a directory/file (or even just the website itself):  \n```echo 'https://target.com' | ppmap```\n\n- or endpoint:  \n```echo 'http://target.com/something/?page=home' | ppmap```\n\nFor mass scanning:  \n``` cat url.txt | ppmap``` where **url.txt** contains all url(s) in column.\n\n## Demo\n![](https://i.imgur.com/05nvfwX.gif)\n\nFeel free to test the tool on the following websites as a part of demonstration and to also check if the software is working correctly:  \nhttps://msrkp.github.io/pp/2.html  \nhttps://ctf.nikitastupin.com/pp/known.html  \nhttps://grey-acoustics.surge.sh\n\n## Workflow\n\n- Identify if the website is vulnerable to Prototype Pollution by heuristic scan (via location.hash and location.search)\n- Fingerprint the known gadgets (checks for specific variables in the global context)\n- Display the final XSS payload which can be exploited\n\n## Credits\n\nMany thanks to @Tomnomnom for the inspiration: https://www.youtube.com/watch?v=Gv1nK6Wj8qM\u0026t=1558s  \nThe workflow of this program is hugely based on this article: https://infosecwriteups.com/javascript-prototype-pollution-practice-of-finding-and-exploitation-f97284333b2  \nThe fingerprint javascript file is based on this git: https://gist.github.com/nikitastupin/b3b64a9f8c0eb74ce37626860193eaec\n\n## In the news\n- 14/06/21: [Intigriti Bug Bytes #131](https://blog.intigriti.com/2021/07/14/bug-bytes-131-credential-stuffing-in-bug-bounty-hijacking-shortlinks-hacker-shows/) - Tool of the week\n- 26/06/21: [Hackin9](https://hakin9.org/ppmap-a-scanner-exploitation-tool/) - Article  \n- 23/09/21: [GeeksForGeeks](https://www.geeksforgeeks.org/ppmap-a-scanner-or-exploitation-tool-written-in-go/) - Article  \n- 22/10/21: [Hacktricks](https://book.hacktricks.xyz/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution) - Client Side Prototype Pollution  \n- 04/06/22 [BlackArch Linux](https://github.com/BlackArch/blackarch-site/commit/68696c40be1629095cd547559ce078a4c77a7073) - Officially added in BlackArch Linux :tada:\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkleiton0x00%2Fppmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkleiton0x00%2Fppmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkleiton0x00%2Fppmap/lists"}