pphack: The Most Advanced Client-Side Prototype Pollution Scanner
pphack
pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities.
Feature
- Fast (concurrent workers)
- Default payload covers a lot of cases
- Payload and Javascript customization
- Proxy-friendly
- Support output in a file
- Rate-limit supported
Install
go install github.com/edoardottt/pphack/cmd/pphack@latest
Use
Print the help
pphack -h
pphack -u https://edoardottt.github.io/pp-test/
echo https://edoardottt.github.io/pp-test/ | pphack
Scan a list of URLs
pphack -l targets.txt
cat targets.txt | pphack
Change the concurrency level (default 50)
pphack -u https://edoardottt.github.io/pp-test/ -c 20
Change the connection timeout value (default 10 seconds)
pphack -u https://edoardottt.github.io/pp-test/ -t 20
Use a Proxy
pphack -u https://edoardottt.github.io/pp-test/ -px http://127.0.0.1:8080
Set a rate limit (requests per second)
pphack -u https://edoardottt.github.io/pp-test/ -rl 10
Set a custom User Agent (random by default)
pphack -u https://edoardottt.github.io/pp-test/ -ua “Test User Agent”
Use a custom payload
The default is random (e.g. nqapst)
pphack -u https://edoardottt.github.io/pp-test/ -p injection
Run custom Javascript on target (to verify the target is vulnerable)
Default is window. + payload (e.g. window.nqapst)
pphack -u https://edoardottt.github.io/pp-test/ -js “console.log(3)”
Run custom Javascript on target using a file (to verify the target is vulnerable)
pphack -u https://edoardottt.github.io/pp-test/ -jsf custom.js
Write output in a file
pphack -u https://edoardottt.github.io/pp-test/ -o result.txt
Verbose output
pphack -u https://edoardottt.github.io/pp-test/ -v
Print only results (silent)
pphack -u https://edoardottt.github.io/pp-test/ -s
Copyright (c) 2024 Edoardo Ottavianelli
Source: https://github.com/edoardottt/
