Giter VIP home page Giter VIP logo

ppfuzz's Introduction

ppfuzz

Prototype Pollution Fuzzer

ppfuzz, Prototype Pollution Fuzzer

A fast tool to scan prototype pollution vulnerability written in Rust. 🦀

Installation

Binary

Simply, download a pre-built binary from releases page and run!

Source

NOTE: Rust should be installed!

Using cargo:

▶ cargo install ppfuzz

— or

Manual building executable from source code:

▶ git clone https://github.com/dwisiswant0/ppfuzz
▶ cd ppfuzz && cargo build --release

Dependencies

ppfuzz uses chromiumoxide, which requires the Chrome or Chromium browser to be installed. If the CHROME environment variable is set, then it'll use it as the default executable. Otherwise, the filenames google-chrome-stable, chromium, chromium-browser, chrome and chrome-browser are searched for in standard places. If that fails, /Applications/Google Chrome.app/... (on MacOS) or the registry (on Windows) is consulted.

Usage

It's fairly simple to use ppfuzz!

▶ ppfuzz -l FILE [OPTIONS]

Basic

Use -l/--list to provide input list:

▶ ppfuzz -l FILE

You can also provide the list using I/O redirection:

▶ ppfuzz < FILE

— or chain it from another command output:

▶ cat FILE | ppfuzz

Only show vulnerable targets/suppress an errors:

▶ ppfuzz -l FILE 2>/dev/null

Options

Here are all the options it supports:

▶ ppfuzz -h
Flag Description Default value
-l, --list List of target URLs
-c, --concurrency Set the concurrency level 5
-t, --timeout Max. time allowed for connection (s) 30
-h, --help Prints help information
-V, --version Prints version information

Supporting Materials

Contributing

contributions

When I started out ppfuzz, I had very little or no knowledge on Rust and I believe there may be a lot of drawbacks/security vulnerabilities. So all contributions are welcome, of course — any bug reports & suggestions are appreciated, some environment have not been tested yet.

Attribution

Besides being my learning medium, this tool was created because it was inspired by a tip shared by @R0X4R on how to automate prototype pollution checking using page-fetch.

Cross-compile GitHub workflow inspired by crodjer's sysit.

Acknowledments

Since this tool includes some contributions, I'll publically thank the following users for their helps and resources:

License

ppfuzz is distributed under MIT license. See LICENSE.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.