logo
DATABASE RESOURCES PRICING ABOUT US

Ppmap - A Scanner/Exploitation Tool Written In GO, Which Leverages Prototype Pollution To XSS By Exploiting Known Gadgets

Description

[![](https://1.bp.blogspot.com/-iP9i_8VMqr4/YPiojQGNE-I/AAAAAAAAjao/361K5qU2dXcjLf491-8oXKkJ2Twb9uYdwCK4BGAYYCw/w640-h562/ppmap_1-703557.gif)](<https://1.bp.blogspot.com/-iP9i_8VMqr4/YPiojQGNE-I/AAAAAAAAjao/361K5qU2dXcjLf491-8oXKkJ2Twb9uYdwCK4BGAYYCw/s1600/ppmap_1-703557.gif>) A simple scanner/exploitation tool written in GO which automatically [exploits](<https://www.kitploit.com/search/label/Exploits> "exploits" ) known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover [code analysis](<https://www.kitploit.com/search/label/Code%20Analysis> "code analysis" ) or any advanced Prototype Pollution exploitation, which may include custom gadgets. **Requirements** Make sure to have [chromedp](<https://github.com/chromedp/chromedp> "chromedp" ) installed: `go get -u github.com/chromedp/chromedp` **Installation** * Automatically * Download the already compiled binary [here](<https://github.com/kleiton0x00/ppmap/releases> "here" ) * Give it the permission to execute `chmod +x ppmap` * Manually (compile it yourself) * Clone the project: `git clone https://github.com/kleiton0x00/ppmap.git` * Change directory to ppmap folder: `cd ~/ppmap` * Build the binary `go build ppmap.go` **Usage** Using the program is very simple, you can either: * scan a directory/file (or even just the website): `echo 'https://target.com/index.html' | ./ppmap` * or endpoint: `echo 'http://target.com/something/?page=home' | ./ppmap` For mass scanning: ` cat url.txt | ./ppmap` where **url.txt** contains all url(s) in column. **Demo** [](<https://camo.githubusercontent.com/87f422644420b45d4a485317b0f69adc1bc6a5dfe0acbd39895a4b81d529dd85/68747470733a2f2f692e696d6775722e636f6d2f30356e766677582e676966> "A scanner/exploitation tool written in GO, which leverages Prototype Pollution to XSS by exploiting known gadgets. \(5\)" )[![](https://1.bp.blogspot.com/-iP9i_8VMqr4/YPiojQGNE-I/AAAAAAAAjao/361K5qU2dXcjLf491-8oXKkJ2Twb9uYdwCK4BGAYYCw/w640-h562/ppmap_1-703557.gif)](<https://1.bp.blogspot.com/-iP9i_8VMqr4/YPiojQGNE-I/AAAAAAAAjao/361K5qU2dXcjLf491-8oXKkJ2Twb9uYdwCK4BGAYYCw/s1600/ppmap_1-703557.gif>) Feel free to test the tool on the following websites as a part of demonstration: <https://msrkp.github.io/pp/2.html> <https://ctf.nikitastupin.com/pp/known.html> **Workflow** * Identify if the website is [vulnerable](<https://www.kitploit.com/search/label/Vulnerable> "vulnerable" ) to Prototype Pollution by heuristic scan * Fingerprint the known gadgets (checks for specific variables in the global context) * Display the final exploit & ready to perform XSS **Credits** Many thanks to @Tomnomnom for the inspiration: [https://www.youtube.com/watch?v=Gv1nK6Wj8qM&t=1558s](<https://www.youtube.com/watch?v=Gv1nK6Wj8qM&t=1558s> "https://www.youtube.com/watch?v=Gv1nK6Wj8qM&t=1558s" ) The workflow of this program is hugely based on this article: <https://infosecwriteups.com/javascript-prototype-pollution-practice-of-finding-and-exploitation-f97284333b2> The [fingerprint](<https://www.kitploit.com/search/label/Fingerprint> "fingerprint" ) javascript file is based on this git: <https://gist.github.com/nikitastupin/b3b64a9f8c0eb74ce37626860193eaec> **[Download Ppmap](<https://github.com/kleiton0x00/ppmap> "Download Ppmap" )**