Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/edoardottt/pphack
The Most Advanced Client-Side Prototype Pollution Scanner
https://github.com/edoardottt/pphack
frontend-security hacking javascript-security offensive-security offensivesecurity prototype-pollution red-team redteam-tools redteaming scanner-web security security-tools web-scanner web-sec-scanner web-security web-security-audit web-security-research
Last synced: about 1 month ago
JSON representation
The Most Advanced Client-Side Prototype Pollution Scanner
- Host: GitHub
- URL: https://github.com/edoardottt/pphack
- Owner: edoardottt
- License: mit
- Created: 2024-01-30T10:05:05.000Z (8 months ago)
- Default Branch: main
- Last Pushed: 2024-04-09T16:07:28.000Z (5 months ago)
- Last Synced: 2024-04-09T20:01:25.539Z (5 months ago)
- Topics: frontend-security, hacking, javascript-security, offensive-security, offensivesecurity, prototype-pollution, red-team, redteam-tools, redteaming, scanner-web, security, security-tools, web-scanner, web-sec-scanner, web-security, web-security-audit, web-security-research
- Language: Go
- Homepage: https://edoardottt.github.io/pp-test/
- Size: 168 KB
- Stars: 80
- Watchers: 1
- Forks: 10
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- WebHackersWeapons - pphack - Side Prototype Pollution Scanner||[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|[](/categorize/langs/Go.md)| (Weapons / Tools)
README
pphack
The Most Advanced Client-Side Prototype Pollution Scanner
Coded with 💙 by edoardottt
Install •
Get Started •
Examples •
Changelog •
Contributing •
License
Install 📡
----------
### Using Go
```console
go install github.com/edoardottt/pphack/cmd/pphack@latest
```
pphack relies on [`chromedp`](https://github.com/chromedp/chromedp), so you need a Chrome or Chromium browser.
Get Started 🎉
----------
```console
Usage:
pphack [flags]
Flags:
INPUT:
-u, -url string Input URL
-l, -list string File containing input URLs
CONFIGURATION:
-c, -concurrency int Concurrency level (default 50)
-t, -timeout int Connection timeout in seconds (default 10)
-px, -proxy string Set a proxy server (URL)
-rl, -rate-limit int Set a rate limit (per second)
-ua, -user-agent string Set a custom User Agent (random by default)
SCAN:
-p, -payload string Custom payload
-js, -javascript string Run custom Javascript on target
-jsf, -javascript-file string File containing custom Javascript to run on target
OUTPUT:
-o, -output string File to write output results
-v, -verbose Verbose output
-s, -silent Silent output. Print only results
-j, -json JSON output
```
Examples 💡
----------
Scan a single URL
```console
pphack -u https://edoardottt.github.io/pp-test/
```
```console
echo https://edoardottt.github.io/pp-test/ | pphack
```
Scan a list of URLs
```console
pphack -l targets.txt
```
```console
cat targets.txt | pphack
```
[Read the Wiki](https://github.com/edoardottt/pphack/wiki) to understand how to use pphack.
Changelog 📌
-------
Detailed changes for each release are documented in the [release notes](https://github.com/edoardottt/pphack/releases).
Contributing 🛠
-------
Just open an [issue](https://github.com/edoardottt/pphack/issues) / [pull request](https://github.com/edoardottt/pphack/pulls).
Before opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run
```bash
golangci-lint run
```
If there aren't errors, go ahead :)
License 📝
-------
This repository is under [MIT License](https://github.com/edoardottt/pphack/blob/main/LICENSE).
[edoardoottavianelli.it](https://www.edoardoottavianelli.it) to contact me.