pphack

The Most Advanced Client-Side Prototype Pollution Scanner

Coded with 💙 by edoardottt

Share on Twitter!

Install • Get Started • Examples • Changelog • Contributing • License

Install 📡

Using Go

go install github.com/edoardottt/pphack/cmd/pphack@latest

pphack relies on chromedp, so you need a Chrome or Chromium browser.

Get Started 🎉

Usage:
  pphack [flags]

Flags:
INPUT:
   -u, -url string   Input URL
   -l, -list string  File containing input URLs

CONFIGURATION:
   -c, -concurrency int     Concurrency level (default 50)
   -t, -timeout int         Connection timeout in seconds (default 10)
   -px, -proxy string       Set a proxy server (URL)
   -rl, -rate-limit int     Set a rate limit (per second)
   -ua, -user-agent string  Set a custom User Agent (random by default)

SCAN:
   -p, -payload string            Custom payload
   -js, -javascript string        Run custom Javascript on target
   -jsf, -javascript-file string  File containing custom Javascript to run on target

OUTPUT:
   -o, -output string  File to write output results
   -v, -verbose        Verbose output
   -s, -silent         Silent output. Print only results
   -j, -json           JSON output

Examples 💡

Scan a single URL

pphack -u https://edoardottt.github.io/pp-test/

echo https://edoardottt.github.io/pp-test/ | pphack

Scan a list of URLs

pphack -l targets.txt

cat targets.txt | pphack

Read the Wiki to understand how to use pphack.

Changelog 📌

Detailed changes for each release are documented in the release notes.

Contributing 🛠

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

License 📝

This repository is under MIT License.
edoardoottavianelli.it to contact me.