Offensive Security Tool: pphack
Reading Time: 2 Minutes
pphack
The Most Advanced Client-Side Prototype Pollution Scanner
pphack by edoardottt is a tool designed for detecting prototype pollution vulnerabilities in client-side JavaScript code. Prototype pollution is a security vulnerability that occurs when attackers manipulate the JavaScript’s prototype-based inheritance mechanism to inject or modify properties of existing objects, potentially leading to code execution or other malicious activities.
It can help web security professionals, particularly those involved in penetration testing. It can also be valuable for developers concerned with securing their client-side JavaScript code against prototype pollution vulnerabilities.
See Also: A Practical Guide to Hacking Techniques for finding Top Bugs.
The Bug Bounty Hunting Course
Install
Using Go
go install github.com/edoardottt/pphack/cmd/pphack@latest
pphack relies on chromedp, so you need a Chrome or Chromium browser.
Get Started
See Also: Offensive Security Tool: Headerpwn
Examples
Scan a single URL
pphack -u https://edoardottt.github.io/pp-test/
echo https://edoardottt.github.io/pp-test/ | pphack
Scan a list of URLs
pphack -l targets.txt
cat targets.txt | pphack
Read the Wiki to understand how to use pphack.
Clone the repo from here: GitHub Link
Recent Tools
Offensive Security Tool: emp3r0r
emp3r0r is a post-exploitation framework designed for both Linux and …Blue Team Tool: Ghostport
Ghostport is a sophisticated port spoofing tool designed to confuse …Red Teaming Tool: avred
Avred is a tool designed for Red Teamers to identify …Recon Tool: emailFinder
emailFinder is a web scraping tool that extracts email addresses …
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
