Prototype Pollution Checker is a security tool designed to detect potential Prototype Pollution vulnerabilities on target URLs by injecting payloads and verifying responses. This tool uses Selenium to automate browser interactions and concurrently checks multiple URLs for vulnerabilities.
- Headless Chrome Testing: Runs checks in a headless Chrome browser for efficient scanning.
- Payload Injection: Utilizes payloads to check for signs of prototype pollution vulnerabilities.
- Concurrent Scanning: Supports multithreading for faster scanning using
concurrent.futures
. - Simple Input and Output: Accepts URLs from standard input, making it easy to integrate with other command-line tools.
-
Python 3.7+
-
Google Chrome (Headless mode enabled)
-
ChromeDriver compatible with your version of Chrome
-
Selenium: You can install it via pip:
pip install selenium
-
Clone this repository:
git clone https://github.com/yourusername/Prototype-Pollution-Checker.git cd Prototype-Pollution-Checker
-
Ensure
ChromeDriver
is in your PATH or specify its path in the code.
-
Prepare your URLs: Save the URLs to check in a text file (e.g.,
urls.txt
), each URL on a new line. -
Payloads: Customize
payloads.txt
with payloads used to test for prototype pollution vulnerabilities. -
Run the tool:
cat urls.txt | python check.py
cat urls.txt | python check.py