MCPcopy Index your code
hub / github.com/edoardottt/pphack

github.com/edoardottt/pphack @v0.1.4

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.1.4 ↗ · + Follow
45 symbols 122 edges 17 files 22 documented · 49%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

pphack

The Most Advanced Client-Side Prototype Pollution Scanner

Coded with 💙 by edoardottt

go action

go report card

Share on Twitter!

InstallGet StartedExamplesChangelogContributingLicense

Install 📡

Using Go

go install github.com/edoardottt/pphack/cmd/pphack@latest

pphack relies on chromedp, so you need Chrome or Chromium-based browser.

Get Started 🎉

Usage:
  pphack [flags]

Flags:
INPUT:
   -u, -url string   Input URL
   -l, -list string  File containing input URLs

CONFIGURATION:
   -c, -concurrency int       Concurrency level (default 50)
   -t, -timeout int           Connection timeout in seconds (default 20)
   -px, -proxy string         Set a proxy server (URL)
   -rl, -rate-limit int       Set a rate limit (per second)
   -ua, -user-agent string    Set a custom User Agent (random by default)
   -H, -headers string[]      Set custom headers
   -Hf, -headers-file string  File containing custom headers

SCAN:
   -p, -payload string            Custom payload
   -js, -javascript string        Run custom Javascript on target
   -jsf, -javascript-file string  File containing custom Javascript to run on target
   -e, -exploit                   Automatic Exploitation

OUTPUT:
   -o, -output string  File to write output results
   -v, -verbose        Verbose output
   -s, -silent         Silent output. Print only results
   -j, -json           JSON output

Examples 💡

Scan a single URL

pphack -u https://edoardottt.github.io/pphack-test/
echo https://edoardottt.github.io/pphack-test/ | pphack

Scan a list of URLs

pphack -l targets.txt
cat targets.txt | pphack

Automatic exploitation

pphack -e -u https://edoardottt.github.io/pphack-test/

Read the Wiki to understand how to use pphack.

Changelog 📌

Detailed changes for each release are documented in the release notes.

Contributing 🛠

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

In the news 📰

License 📝

This repository is under MIT License.
edoardottt.com to contact me.

Core symbols most depended-on inside this repo

Run
called by 6
pkg/scan/runner.go
ShowBanner
called by 4
pkg/output/banner.go
FormatJSON
called by 3
pkg/output/json.go
genQueryPayload
called by 3
pkg/scan/payloads.go
buildHeaders
called by 2
pkg/scan/chrome.go
randStringBytes
called by 2
pkg/scan/payloads.go
New
called by 1
pkg/output/output.go
Printed
called by 1
pkg/output/output.go

Shape

Function 36
Struct 5
Method 4

Languages

Go100%

Modules by API surface

pkg/scan/runner.go6 symbols
pkg/scan/payloads.go5 symbols
pkg/input/flags.go5 symbols
pkg/scan/headers.go4 symbols
pkg/scan/chrome.go4 symbols
pkg/output/output.go4 symbols
pkg/input/check.go4 symbols
pkg/exploit/exploit.go3 symbols
pkg/output/json.go2 symbols
pkg/exploit/fingerprint.go2 symbols
pkg/scan/url.go1 symbols
pkg/scan/ratelimit.go1 symbols

For agents

$ claude mcp add pphack \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact