Prototype Pollution Scanner

protoscan

Installation:

go get github.com/KathanP19/protoscan

Usage:


         _____           _        _____                 
        |  __ \         | |      / ____|                
        | |__) _ __ ___ | |_ ___| (___   ___ __ _ _ __  
        |  ___| '__/ _ \| __/ _ \\___ \ / __/ _  | '_ \ 
        | |   | | | (_) | || (_) ____) | (_| (_| | | | |
        |_|   |_|  \___/ \__\___|_____/ \___\__,_|_| |_|

                                -@KathanP19

Usage of protoscan:
  -c int
        Set Concurrency  (default 10)
  -o string
        Save Result to OutputFile
  -u    Scan Urls

Warning : Use concurrency according to you pc spec

  • If you want to test then you can use the testurls.txt cat testurls.txt | protoscan

  • If you want to scan urls For Example: http://example.com/?page=some then use -u option. cat testurls.txt | protoscan -u

Payloads Used:

  • By Default it will append ?__proto__[protoscan]=protoscan to the https://example.com so you can directly STDIN the output of Httpx or some other tool after you check that domain is live.
https://example.com/?__proto__[protoscan]=protoscan
  • When -u is used it will append &__proto__[protoscan]=protoscan to the url
https://example.com/?page=some&__proto__[protoscan]=protoscan`

More Info:

If you want to learn prototype pollution then you can check this repo.

TODO:

  • Add more Payload Support.
Owner
Kathan Patel
Lets Hunt For Bugs.....!
Kathan Patel
https://github.com/KathanP19/protoscan
Similar Resources

Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。

Ladon Pentest Scanner framework 全平台Go开源内网渗透扫描器框架,Windows/Linux/Mac内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介 LadonGo一款开源内网渗透扫描器框架,使用它可轻松一键探测C段、B段、A段存活主机、指纹识别、端口扫描、密码爆破、远程执行、高危漏洞检测等。3.6版本包含2

Jan 6, 2023

Another JS scanner but in Go

Another JS scanner but in Go

NipeJS Read list of JS files and look for sensitive data via regex. ☕ Install go get github.com/i5nipe/nipejs ☕ Regular expressions Download the file

Nov 9, 2022

Super Java Vulnerability Scanner

Super Java Vulnerability Scanner

XiuScan 不完善,正在开发中 介绍 一个纯Golang编写基于命令行的Java框架漏洞扫描工具 致力于参考xray打造一款高效方便的漏扫神器 计划支持Fastjson、Shiro、Struts2、Spring、WebLogic等框架 PS: 取名为XiuScan因为带我入安全的大哥是修君 特点

Dec 30, 2021

Example mini project golang scanner application

Example mini project golang scanner application

Golang Scanner Contoh pembuatan aplikasi Java menggunakan BlueJ cek disini, tetapi berikut ini adalah versi rebuild dari Java ke Golang, dengan menggu

Nov 19, 2022

Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.

Carbon Black Harbor Adapter is a scanner to scan images in Harbor Registry with the help of Carbon Black Cloud.

carbon-black-adapter-for-harbor Overview Carbon Black adapter for Harbor integrates your Harbor Registry with the Carbon Black Cloud. It leverages Har

Nov 1, 2022

mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a

Dec 14, 2022

A scanner for running security-related configuration checks such as CIS benchmarks

Localtoast Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner. The scan

Dec 15, 2022

A vulnerability scanner for container images and filesystems

A vulnerability scanner for container images and filesystems

A vulnerability scanner for container images and filesystems

Jan 1, 2023

Network scanner for Netbox IPAM with VRF support

Installation git clone https://github.com/axxyhtrx/netbox-rollcall.git cd netbox-rollcall Pre-requirements Create config.yaml file in a root of the pr

Sep 21, 2022
Comments
  • does it work?

    does it work? 

    echo https://tomnomnom.uk/pp/?page=protoscan | protoscan -u

    2022/08/19 03:36:40 https://tomnomnom.uk/pp/?page=protoscan [Not Vulnerable]

    what am I missing? or does it just not work properly?

Related tags
Security protoscan
Proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability.

proto-find proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability. How it works proto-find open URL in

Dec 6, 2022
Gbu-scanner - Go Blog Updates (Scanner service)

Go Blog Updates - Scanner This service scans go blog (go.dev) and publishes new posts to message broker (rabbitmq). It uses mongodb as a storage for a

Jan 10, 2022
GONET-Scanner - Golang network scanner with arp discovery and own parser
 GONET-Scanner - Golang network scanner with arp discovery and own parser

GO/NET Scanner ScreenShots Install chmod +x install.sh ./install.sh [as root] U

Dec 11, 2022
Signing prototype

sigstore signing CLI tool ⚠️ Not ready for use yet! sigstore CLI is a generic tool to sign blobs, tarballs etc and establish a trust root using the si

Dec 18, 2022
IIS shortname scanner written in Go

sns IIS shortname scanner written in Go Installation Make sure you've a recent version of the Go compiler installed on your system. Then just run: GO1

Jan 6, 2023
The fastest dork scanner written in Go.
 The fastest dork scanner written in Go.

go-dork The fastest dork scanner written in Go. There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yaho

Jan 1, 2023
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
 Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Vuls: VULnerability Scanner Vulnerability scanner for Linux/FreeBSD, agent-less, written in Go. We have a slack team. Join slack team Twitter: @vuls_e

Jan 9, 2023
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
 A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

Dec 31, 2022
simple webshell scanner

shellboy ShellBoy is a useful web shell finder. It simply knows the signatures of active or inactive webshells on the market and looks for these signa

Dec 18, 2022
MX1014 is a flexible, lightweight and fast port scanner.

MX1014 MX1014 是一个遵循 “短平快” 原则的灵活、轻便和快速端口扫描器 此工具仅限于安全研究和教学,用户承担因使用此工具而导致的所有法律和相关责任! 作者不承担任何法律和相关责任! Version 1.1.1 - 版本修改日志 Features 兼容 nmap 的端口和目标语法 支持各

Dec 19, 2022