A fast tool to scan client-side prototype pollution vulnerability written in Rust.
Simply, download a pre-built binary from releases page and run!
▶ cargo install ppfuzz
Manual building executable from source code:
▶ git clone https://github.com/dwisiswant0/ppfuzz ▶ cd ppfuzz && cargo build --release # binary file located at target/release/ppfuzz
ppfuzz uses chromiumoxide, which requires Chrome or Chromium browser to be installed. If the
CHROME environment variable is set, then it’ll use it as the default executable. Otherwise, the filenames
chrome-browser are searched for in standard places. If that fails,
/Applications/Google Chrome.app/... (on MacOS) or the registry (on Windows) is consulted.
As you can see in the demo above, ppfuzz attempts to check for prototype-pollution vulnerabilities by adding an object & pointer queries, if it’s indeed vulnerable: it’ll fingerprinting the script gadgets used and then display additional payload info that could potentially escalate its impact to XSS, bypass or cookie injection.
It’s fairly simple to use ppfuzz!
▶ ppfuzz -l FILE [OPTIONS]
-l/--list to provide input list:
▶ ppfuzz -l FILE
You can also provide the list using I/O redirection:
▶ ppfuzz < FILE
— or chain it from another command output:
▶ cat FILE | ppfuzz
Only show vulnerable targets/suppress an errors:
▶ ppfuzz -l FILE 2>/dev/null
Here are all the options it supports:
▶ ppfuzz -h
|-l, –list||List of target URLs|
|-c, –concurrency||Set the concurrency level||5|
|-t, –timeout||Max. time allowed for connection (s)||30|
|-h, –help||Prints help information|
|-V, –version||Prints version information|
ppfuzz (this link opens in a new window) by dwisiswant0 (this link opens in a new window)
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀