- Prototype Pollution Scanner made in Golang, it was actually made by @tomnomnom in NahamCon2021 https://www.youtube.com/watch?v=Gv1nK6Wj8qM
- I just made it for fun and added some extra features
go get github.com/KathanP19/protoscan
_____ _ _____ | __ \ | | / ____| | |__) _ __ ___ | |_ ___| (___ ___ __ _ _ __ | ___| '__/ _ \| __/ _ \\___ \ / __/ _ | '_ \ | | | | | (_) | || (_) ____) | (_| (_| | | | | |_| |_| \___/ \__\___|_____/ \___\__,_|_| |_| [email protected] Usage of protoscan: -c int Set Concurrency (default 10) -o string Save Result to OutputFile -u Scan Urls
Warning : Use concurrency according to you pc spec
If you want to test then you can use the testurls.txt
cat testurls.txt | protoscan
If you want to scan urls
For Example: http://example.com/?page=somethen use
cat testurls.txt | protoscan -u
- By Default it will append
https://example.comso you can directly STDIN the output of Httpx or some other tool after you check that domain is live.
-uis used it will append
&__proto__[protoscan]=protoscanto the url
If you want to learn prototype pollution then you can check this repo.
- Add more Payload Support.