pphack's Introduction

pphack

The Most Advanced Client-Side Prototype Pollution Scanner

Coded with 💙 by edoardottt

Install • Get Started • Examples • Changelog • Contributing • License

Install 📡

Using Go

go install github.com/edoardottt/pphack/cmd/pphack@latest

pphack relies on chromedp, so you need a Chrome or Chromium browser.

Get Started 🎉

Usage:
  pphack [flags]

Flags:
INPUT:
   -u, -url string   Input URL
   -l, -list string  File containing input URLs

CONFIGURATION:
   -c, -concurrency int     Concurrency level (default 50)
   -t, -timeout int         Connection timeout in seconds (default 10)
   -px, -proxy string       Set a proxy server (URL)
   -rl, -rate-limit int     Set a rate limit (per second)
   -ua, -user-agent string  Set a custom User Agent (random by default)

SCAN:
   -p, -payload string            Custom payload
   -js, -javascript string        Run custom Javascript on target
   -jsf, -javascript-file string  File containing custom Javascript to run on target

OUTPUT:
   -o, -output string  File to write output results
   -v, -verbose        Verbose output
   -s, -silent         Silent output. Print only results
   -j, -json           JSON output

Examples 💡

Scan a single URL

pphack -u https://edoardottt.github.io/pp-test/

echo https://edoardottt.github.io/pp-test/ | pphack

Scan a list of URLs

pphack -l targets.txt

cat targets.txt | pphack

Read the Wiki to understand how to use pphack.

Changelog 📌

Detailed changes for each release are documented in the release notes.

Contributing 🛠

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

License 📝

This repository is under MIT License.
edoardoottavianelli.it to contact me.

pphack's People

Contributors

Stargazers

Watchers

pphack's Issues

ERROR: could not retrieve document root

Hi,

Any idea why I'm getting these errors?

2024/05/23 14:09:59 ERROR: could not retrieve document root for 034CE60B540B2D0B4E82A6B8CE74A5DE: context deadline exceeded
2024/05/23 14:10:09 ERROR: could not retrieve document root for 806BF5A1C0767CD11104F58FFAF2E12B: context deadline exceeded
2024/05/23 14:10:33 ERROR: could not retrieve document root for 8E3E7104E1AEB7E77E93171255163BA6: context deadline exceeded

Thank you

Add Goreleaser

In resource-constrained environments we sometimes cannot afford to install full-blown Go + build packages with it: good practice is to have pre-packaged binary releases for each platform.

You can include this in a GitHub action workflow, by leveraging something like the https://github.com/marketplace/actions/go-release-binaries action which automates the process.

For reference:

Set extra headers

Facing problems with chromedp, see chromedp/chromedp#1433.

Not working

~/go/bin $ ./pphack -u https://edoardottt.github.io/pp-test/
__ __
____ ____ / /_ ____ / /
/ __ / __ / __ / __ `/ / ///
/ // / // / / / / // / // ,<
/ ./ .// //_,/___//||
// /_/ v0.0.2

            @edoardottt, https://www.edoardoottavianelli.it/
                         https://github.com/edoardottt/

[FTL] error starting browser: exec: "google-chrome": executable file not found in $PATH

edoardottt / pphack Goto Github PK