JSPanda – Client-Side Prototype Pullution Vulnerability Scanner

JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries’ source code. However, JSpanda cannot detect advanced prototype pollution vulnerabilities. How JSPanda works? Uses multiple payloads for prototype pollution vulnerability. Gathers all the links in the targets for scanning and add payloads toRead More

Plution – Prototype Pollution Scanner Using Headless Chrome

Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here: https://github.com/BlackFan/client-side-prototype-pollution/tree/master/pp What this is not This is not a one stop shop. PrototypeRead More

Ppmap – A Scanner/Exploitation Tool Written In GO, Which Leverages Prototype Pollution To XSS By Exploiting Known Gadgets

A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets. Requirements Make sureRead More