Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kleiton0x00/ppmap
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
https://github.com/kleiton0x00/ppmap
bug-bounty bugbounty bugbounty-tool cybersecurity infosec prototype-pollution xss xss-detection xss-exploitation xss-vulnerability
Last synced: 19 days ago
JSON representation
A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
- Host: GitHub
- URL: https://github.com/kleiton0x00/ppmap
- Owner: kleiton0x00
- License: gpl-3.0
- Created: 2021-07-12T12:59:42.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-06-22T17:54:53.000Z (over 2 years ago)
- Last Synced: 2024-08-03T14:06:25.533Z (4 months ago)
- Topics: bug-bounty, bugbounty, bugbounty-tool, cybersecurity, infosec, prototype-pollution, xss, xss-detection, xss-exploitation, xss-vulnerability
- Language: Go
- Homepage: https://kleiton0x00.github.io
- Size: 49.8 KB
- Stars: 485
- Watchers: 13
- Forks: 69
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- WebHackersWeapons - ppmap - side Prototype Pollution to XSS by exploiting known gadgets.|![](https://img.shields.io/github/stars/kleiton0x00/ppmap?label=%20)|[`prototypepollution`](/categorize/tags/prototypepollution.md) [`prototype-pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| (Weapons / Tools)
- awesome-hacking-lists - kleiton0x00/ppmap - A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets. (Go)
README
# ppmap ![markdown_statistic](https://img.shields.io/github/downloads/kleiton0x00/ppmap/total)
A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets.## Requirements
Make sure to have Chromium installed. No need to worry, **setup.sh** will automatically install that for you.## Installation
- Run the following command to clone the repo:
```bash
git clone https://github.com/kleiton0x00/ppmap.git
```
- Change the directory to ppmap and execute **setup.sh**:
```bash
cd ppmap/ && bash setup.sh
```
That's it. Enjoy using ppmap!
- Note: If you face error during manually compiling or during the setup (for some reasons), you can download the precompiled one:
- Download the already compiled binary [here](https://github.com/kleiton0x00/ppmap/releases)
- Give it the permission to execute ```chmod +x ppmap```## Usage
Using the program is very simple, you can either:
- scan a directory/file (or even just the website itself):
```echo 'https://target.com' | ppmap```- or endpoint:
```echo 'http://target.com/something/?page=home' | ppmap```For mass scanning:
``` cat url.txt | ppmap``` where **url.txt** contains all url(s) in column.## Demo
![](https://i.imgur.com/05nvfwX.gif)Feel free to test the tool on the following websites as a part of demonstration and to also check if the software is working correctly:
https://msrkp.github.io/pp/2.html
https://ctf.nikitastupin.com/pp/known.html
https://grey-acoustics.surge.sh## Workflow
- Identify if the website is vulnerable to Prototype Pollution by heuristic scan (via location.hash and location.search)
- Fingerprint the known gadgets (checks for specific variables in the global context)
- Display the final XSS payload which can be exploited## Credits
Many thanks to @Tomnomnom for the inspiration: https://www.youtube.com/watch?v=Gv1nK6Wj8qM&t=1558s
The workflow of this program is hugely based on this article: https://infosecwriteups.com/javascript-prototype-pollution-practice-of-finding-and-exploitation-f97284333b2
The fingerprint javascript file is based on this git: https://gist.github.com/nikitastupin/b3b64a9f8c0eb74ce37626860193eaec## In the news
- 14/06/21: [Intigriti Bug Bytes #131](https://blog.intigriti.com/2021/07/14/bug-bytes-131-credential-stuffing-in-bug-bounty-hijacking-shortlinks-hacker-shows/) - Tool of the week
- 26/06/21: [Hackin9](https://hakin9.org/ppmap-a-scanner-exploitation-tool/) - Article
- 23/09/21: [GeeksForGeeks](https://www.geeksforgeeks.org/ppmap-a-scanner-or-exploitation-tool-written-in-go/) - Article
- 22/10/21: [Hacktricks](https://book.hacktricks.xyz/pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution) - Client Side Prototype Pollution
- 04/06/22 [BlackArch Linux](https://github.com/BlackArch/blackarch-site/commit/68696c40be1629095cd547559ce078a4c77a7073) - Officially added in BlackArch Linux :tada: