ppmap - a scanner/exploitation tool written in GO, which leverages Prototype Pollution to XSS by exploiting known gadgets


A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets. Requirements Make sure to have Chromium/Chrome installed: sudo sh -c 'echo "deb https://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add - sudo apt-get update sudo apt-get install google-chrome-stable Make sure to have chromedp installed: go get -u github.com/chromedp/chromedp Installation Automatically Download the already compiled binary here Give it the permission to execute chmod +x ppmap Manually (compile it yourself) Clone the project: git clone https://github.com/kleiton0x00/ppmap.git Change directory to ppmap folder: cd ~/ppmap Build the binary go build ppmap.go Usage Using the program is very simple, you can either: scan a directory/file (or even just the website): echo....

July 26, 2021
Notify of
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.