MCPcopy Index your code
hub / github.com/dwisiswant0/ppfuzz

github.com/dwisiswant0/ppfuzz @v1.0.2

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.0.2 ↗ · + Follow
14 symbols 28 edges 10 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

ppfuzz

<a href="https://www.rust-lang.org/"><img src="https://img.shields.io/badge/made%20with-Rust-red"></a>
<a href="#"><img src="https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-blueviolet"></a>
<a href="https://github.com/dwisiswant0/ppfuzz/releases"><img src="https://img.shields.io/github/release/dwisiswant0/ppfuzz?color=blue"></a>
<a href="https://github.com/dwisiswant0/ppfuzz/issues"><img src="https://img.shields.io/github/issues/dwisiswant0/ppfuzz?color=yellow"></a>

Prototype Pollution Fuzzer

ppfuzz, Prototype Pollution Fuzzer

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀


Installation

Binary

Simply, download a pre-built binary from releases page and run!

Source

NOTE: Rust should be installed!

Using cargo:

▶ cargo install ppfuzz

— or

Manual building executable from source code:

▶ git clone https://github.com/dwisiswant0/ppfuzz
▶ cd ppfuzz && cargo build --release
# binary file located at target/release/ppfuzz

Dependencies

ppfuzz uses chromiumoxide, which requires Chrome or Chromium browser to be installed. If the CHROME environment variable is set, then it'll use it as the default executable. Otherwise, the filenames google-chrome-stable, chromium, chromium-browser, chrome and chrome-browser are searched for in standard places. If that fails, /Applications/Google Chrome.app/... (on MacOS) or the registry (on Windows) is consulted.

Demonstration

ppfuzz-demonstration

As you can see in the demo above (click to view in high-quality), ppfuzz attempts to check for prototype-pollution vulnerabilities by adding an object & pointer queries, if it's indeed vulnerable: it'll fingerprinting the script gadgets used and then display additional payload info that could potentially escalate its impact to XSS, bypass or cookie injection.

Usage

It's fairly simple to use ppfuzz!

▶ ppfuzz -l FILE [OPTIONS]

Basic

Use -l/--list to provide input list:

▶ ppfuzz -l FILE

You can also provide the list using I/O redirection:

▶ ppfuzz < FILE

— or chain it from another command output:

▶ cat FILE | ppfuzz

Only show vulnerable targets/suppress an errors:

▶ ppfuzz -l FILE 2>/dev/null

Options

Here are all the options it supports:

▶ ppfuzz -h
Flag Description Default value
-l, --list List of target URLs
-c, --concurrency Set the concurrency level 5
-t, --timeout Max. time allowed for connection (s) 30
-h, --help Prints help information
-V, --version Prints version information

Supporting Materials

Contributing

contributions

When I started ppfuzz, I had very little or no knowledge on Rust and I believe there may be a lot of drawbacks/security vulnerabilities. So all contributions are welcome, of course — any bug reports & suggestions are appreciated, some environment have not been tested yet.

Attribution

Besides being my learning medium, this tool was created because it was inspired by @R0X4R's tip on how to automate prototype pollution checking using page-fetch.

Cross-compile GitHub workflow inspired by crodjer's sysit.

Acknowledments

Since this tool includes some contributions, I'll publically thank the following users for their helps and resources:

License

ppfuzz is distributed under MIT. See LICENSE.

Core symbols most depended-on inside this repo

show_pontential
called by 44
src/fuzzer.rs
show
called by 5
src/errors.rs
get
called by 3
src/payload.rs
new
called by 2
src/fuzzer.rs
config
called by 1
src/browser.rs
from_file
called by 1
src/reader.rs
fingerprint
called by 1
src/fuzzer.rs
get_object
called by 1
src/payload.rs

Shape

Function 11
Method 2
Class 1

Languages

Rust100%

Modules by API surface

src/payload.rs3 symbols
src/parser.rs3 symbols
src/fuzzer.rs3 symbols
src/reader.rs1 symbols
src/main.rs1 symbols
src/errors.rs1 symbols
src/builder.rs1 symbols
src/browser.rs1 symbols

For agents

$ claude mcp add ppfuzz \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact