scan

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Overview

pphack - The Most Advanced Client-Side Prototype Pollution Scanner

This repository is under MIT License https://github.com/edoardottt/pphack/blob/main/LICENSE

Index

Constants

View Source 
const (
	DefaultFilePerm = 0644
)

Variables

View Source 
var (
	ErrWrongHeaderFormat = errors.New("header with wrong format")
)

Functions

func GenCustomQueryPayload 

func GenCustomQueryPayload(testPayload string) string

GenCustomPayload returns a ready to use HTTP GET query with the payload supplied as input.

func GenQueryPayload 

func GenQueryPayload() (string, string)

GenQueryPayload returns a ready to use HTTP GET query with a random generated payload and the payload used in the query.

func GetChromeBrowser 

func GetChromeBrowser(copts []func(*chromedp.ExecAllocator)) (context.CancelFunc, context.Context, context.CancelFunc)

GetChromeBrowser takes as input the chrome options and returns the context with the associated cancel functions to use the headless chrome browser it creates. Returns ecancel (exec allocator cancel), pctx (parent browser context), and pcancel (parent context cancel). Callers must invoke pcancel before ecancel to ensure correct cleanup order. ecancel is also called internally on fatal browser startup failure to avoid leaking the exec allocator before the process exits.

func GetChromeOptions 

func GetChromeOptions(r *Runner) []func(*chromedp.ExecAllocator)

GetChromeOptions takes as input the runner settings and returns the chrome options used to configure the headless browser instance. It always disables certificate errors and sets a custom user agent. If a proxy is configured in the runner options, it is appended as well.

func GetHeaders added in v0.0.5 

func GetHeaders(r *Runner) (map[string]interface{}, error)

GetHeaders returns the headers map.

func GetJavascript 

func GetJavascript(r *Runner, testPayload string) string

GetJavascript returns the Javascript code must be run on the target to verify the vulnerability.

func GetTestPayload 

func GetTestPayload(r *Runner, length int) string

GetTestPayload returns the payload specified as input or a random payload with a specified length.

func PrepareURL 

func PrepareURL(inputURL, testPayload string) (string, error)

PrepareURL takes as input a URL and a payload and returns the final URL to scan.

func Scan 

func Scan(
	pctx context.Context,
	r *Runner,
	headers map[string]interface{},
	js, value, targetURL string,
) (output.ResultData, error)

Scan is the core function that performs the prototype pollution scan. It takes a parent browser context (pctx), runner config (r), optional HTTP headers, the JavaScript payload (js), the original input value and the fully constructed target URL.

Flow:

  1. Creates a timeout-scoped context and a dedicated Chrome tab context.
  2. Navigates to targetURL and evaluates the JS pollution payload.
  3. If exploit mode is enabled and the payload returned a non-empty result, it runs fingerprinting to identify the affected library/sink.
  4. Attempts exploitation using the fingerprint results.
  5. Populates and returns a ResultData struct with all findings and errors.

Types

type Runner 

type Runner struct {
	InputChan chan string
	Result    output.Result
	UserAgent string
	Options   input.Options
	OutMutex  *sync.Mutex
}

func New 

func New(options *input.Options) (Runner, error)

func (*Runner) Run 

func (r *Runner) Run()

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.