Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/raverrr/plution

Prototype pollution scanner using headless chrome
https://github.com/raverrr/plution

Last synced: 3 months ago
JSON representation

Prototype pollution scanner using headless chrome

Host: GitHub
URL: https://github.com/raverrr/plution
Owner: raverrr
Created: 2021-07-30T16:01:04.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2022-07-27T19:20:23.000Z (over 2 years ago)
Last Synced: 2024-06-26T00:36:12.793Z (4 months ago)
Language: Go
Size: 31.3 KB
Stars: 194
Watchers: 6
Forks: 36
Open Issues: 5
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

WebHackersWeapons - plution - pollution`](/categorize/tags/prototype-pollution.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| (Weapons / Tools)
awesome-hacking-lists - raverrr/plution - Prototype pollution scanner using headless chrome (Go)

README

# plution

Prototype pollution scanner using headless chrome

![alt text](https://i.imgur.com/xumApSF.png)

# What this is
Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here: https://github.com/BlackFan/client-side-prototype-pollution/tree/master/pp

# What this is not
This is not a one stop shop. Prototype pollution is a complicated beast. This tool does nothing you couldn't do manually. This is not a polished bug-free super tool. It is functional but poorly coded and to be considered alpha at best.

# How it works
Plution appends a payload to supplied URLs, naviguates to each URL with headless chrome and runs javascript on the page to verify if a prototype was successfully polluted.

# how it is used
* Basic scan, output only to screen:

`cat URLs.txt | plution`

* Scan with a supplied payload rather than hardcoded one:

`cat URLs.txt|plution -p '__proto__.zzzc=example'`

**Note on custom payloads: The variable you are hoping to inject must be called or render to "zzzc". This is because 'window.zzzc' will be run on each page to verify pollution.**

* Output:

`Passing '-o' followed by a location will output only URLs of pages that were successfully polluted.`

* Concurrency:

* `Pass the '-c' option to specify how many concurrent jobs are run (default is 5)`

# questions and answers
* How do I install it?

`go get -u github.com/raverrr/plution`

* why specifically limit it to checking if window.zzzc is defined?

`zzzc is a short pattern that is unlikely to already be in a prototype. If you want more freedom in regards to the javascript use https://github.com/detectify/page-fetch instead`

* Got a more specific question?

`Ask me on twitter @divadbate.`