pphack
The Most Advanced Client-Side Prototype Pollution Scanner
Coded with π by edoardottt
Share on Twitter!
Install β’
Get Started β’
Examples β’
Changelog β’
Contributing β’
License
Install π‘
Using Go
go install github.com/edoardottt/pphack/cmd/pphack@latest
pphack relies on chromedp
, so you need a Chrome or Chromium browser.
Get Started π
Usage:
pphack [flags]
Flags:
INPUT:
-u, -url string Input URL
-l, -list string File containing input URLs
CONFIGURATION:
-c, -concurrency int Concurrency level (default 50)
-t, -timeout int Connection timeout in seconds (default 10)
-px, -proxy string Set a proxy server (URL)
-rl, -rate-limit int Set a rate limit (per second)
-ua, -user-agent string Set a custom User Agent (random by default)
SCAN:
-p, -payload string Custom payload
-js, -javascript string Run custom Javascript on target
-jsf, -javascript-file string File containing custom Javascript to run on target
OUTPUT:
-o, -output string File to write output results
-v, -verbose Verbose output
-s, -silent Silent output. Print only results
-j, -json JSON output
Examples π‘
Scan a single URL
pphack -u https://edoardottt.github.io/pp-test/
echo https://edoardottt.github.io/pp-test/ | pphack
Scan a list of URLs
pphack -l targets.txt
cat targets.txt | pphack
Read the Wiki to understand how to use pphack.
Changelog π
Detailed changes for each release are documented in the release notes.
Contributing π
Just open an issue / pull request.
Before opening a pull request, download golangci-lint and run
golangci-lint run
If there aren't errors, go ahead :)
License π
This repository is under MIT License.
edoardottt.com to contact me.