A simple scanner/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which may include custom gadgets. Requirements Make sure to have Chromium/Chrome installed: sudo sh -c 'echo "deb https://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add - sudo apt-get update sudo apt-get install google-chrome-stable Make sure to have chromedp installed: go get -u github.com/chromedp/chromedp Installation Automatically Download the already compiled binary here Give it the permission to execute chmod +x ppmap Manually (compile it yourself) Clone the project: git clone https://github.com/kleiton0x00/ppmap.git Change directory to ppmap folder: cd ~/ppmap Build the binary go build ppmap.go Usage Using the program is very simple, you can either: scan a directory/file (or even just the website): echo....