{"id":18786,"date":"2021-10-13T13:14:13","date_gmt":"2021-10-13T13:14:13","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=18786"},"modified":"2021-10-13T13:14:16","modified_gmt":"2021-10-13T13:14:16","slug":"jspanda","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/jspanda\/","title":{"rendered":"JSPanda : Client-Side Prototype Pollution Vulnerability Scanner"},"content":{"rendered":"\n<p><strong>JSpanda <\/strong>is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries&#8217; source code.<\/p>\n\n\n\n<p>However, JSpanda cannot detect advanced prototype pollution vulnerabilities.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/RedSection\/jspanda#how-jspanda-works\"><\/a><strong>How JSPanda works?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Uses multiple payloads for prototype pollution vulnerability.<\/li><li>Gathers all the links in the targets for scanning and add payloads to JSpanda-obtained URLs, navigates to each URL with headless Chromedriver.<\/li><li>Scans all words in the source code of potentially vulnerable JavaScript library and it creates a simple JS PoC by finding the script gadget, helping you analyze the code manually.<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/RedSection\/jspanda#requirements\"><\/a><strong>Requirements<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Download latest version of Google Chrome and Chromedriver<\/li><li>Selenium<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/RedSection\/jspanda#usage\"><\/a><strong>Usage<\/strong><\/p>\n\n\n\n<p>Scan: python3.7 jspanda.py<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Add URLs to url.txt file,&nbsp;<em>for instance : example.com<\/em><\/li><\/ul>\n\n\n\n<p>Basic Source Code Analysis : python3.7 analyze.py<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Add a JavaScript library&#8217;s source code to analyze.js<\/li><li>Generate PoC code using analyze.py<\/li><li>Execute PoC code on Chrome&#8217;s console. It pollutes all the words collected from the source code and show it on the screen. So it may generate false positive results. These outputs provide additional information to researchers, do not automate everything.<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Source code analysis &#8211; Screenshot<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-SZInObVpv48\/YU17N8P7hSI\/AAAAAAAAK8Y\/xUFjEoj_Cp8JRCSUKHZ4Qv7geTFLYbBAQCLcBGAsYHQ\/s1099\/ss.png\" alt=\"\" \/><\/figure>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/RedSection\/jspanda\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries&#8217; source code. However, JSpanda cannot detect advanced prototype pollution vulnerabilities. How JSPanda works? Uses multiple payloads for prototype pollution vulnerability. Gathers all the links in the targets for scanning and add payloads to [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19144,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[4245,4244,4195,4246],"class_list":{"0":"post-18786","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-kali","8":"tag-client-side","10":"tag-prototype","11":"tag-pullution-vulnerability-scanner"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>JSPanda : Client-Side Prototype Pullution Vulnerability Scanner<\/title>\n<meta name=\"description\" content=\"JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs .\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/jspanda\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"JSPanda : Client-Side Prototype Pullution Vulnerability Scanner\" \/>\n<meta property=\"og:description\" content=\"JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs .\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/jspanda\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-13T13:14:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-13T13:14:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/jspanda\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/jspanda\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"JSPanda : Client-Side Prototype Pollution Vulnerability Scanner\",\"datePublished\":\"2021-10-13T13:14:13+00:00\",\"dateModified\":\"2021-10-13T13:14:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/jspanda\/\"},\"wordCount\":196,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/jspanda\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png\",\"keywords\":[\"Client-Side\",\"JSPanda\",\"Prototype\",\"Pullution Vulnerability Scanner\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/jspanda\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/jspanda\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/jspanda\/\",\"name\":\"JSPanda : Client-Side Prototype Pullution Vulnerability Scanner\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/jspanda\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/jspanda\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png\",\"datePublished\":\"2021-10-13T13:14:13+00:00\",\"dateModified\":\"2021-10-13T13:14:16+00:00\",\"description\":\"JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs .\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/jspanda\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/jspanda\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png\",\"width\":\"728\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"JSPanda : Client-Side Prototype Pullution Vulnerability Scanner","description":"JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs .","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/jspanda\/","og_locale":"en_US","og_type":"article","og_title":"JSPanda : Client-Side Prototype Pullution Vulnerability Scanner","og_description":"JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs .","og_url":"https:\/\/kalilinuxtutorials.com\/jspanda\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-10-13T13:14:13+00:00","article_modified_time":"2021-10-13T13:14:16+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/jspanda\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/jspanda\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"JSPanda : Client-Side Prototype Pollution Vulnerability Scanner","datePublished":"2021-10-13T13:14:13+00:00","dateModified":"2021-10-13T13:14:16+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/jspanda\/"},"wordCount":196,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/jspanda\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png","keywords":["Client-Side","JSPanda","Prototype","Pullution Vulnerability Scanner"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/jspanda\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/jspanda\/","url":"https:\/\/kalilinuxtutorials.com\/jspanda\/","name":"JSPanda : Client-Side Prototype Pullution Vulnerability Scanner","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/jspanda\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/jspanda\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png","datePublished":"2021-10-13T13:14:13+00:00","dateModified":"2021-10-13T13:14:16+00:00","description":"JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs .","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/jspanda\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/jspanda\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png","width":"728","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-0-87BDlwCO4\/YV2JhPlKDkI\/AAAAAAAALB8\/sIcuMePtjFwJAJLYM_sQKV7wXUyaEmVgQCLcBGAsYHQ\/s728\/maldoc%2B%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":18513,"url":"https:\/\/kalilinuxtutorials.com\/plution\/","url_meta":{"origin":18786,"position":0},"title":"Plution : Prototype Pollution Scanner Using Headless Chrome","author":"R K","date":"September 27, 2021","format":false,"excerpt":"Plution is a convenient way to scan at scale for pages that are vulnerable to client side prototype pollution via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here:\u00a0https:\/\/github.com\/BlackFan\/client-side-prototype-pollution\/tree\/master\/pp What This Is Not This is not a\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-FkQeWvqHoGA\/YUSXWtIImRI\/AAAAAAAAK3o\/6E8EbcJs2a4CHKc8LCiseSrw5vfhkBYAwCLcBGAsYHQ\/s728\/download%2B%25282%2529%2B%25281%2529.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-FkQeWvqHoGA\/YUSXWtIImRI\/AAAAAAAAK3o\/6E8EbcJs2a4CHKc8LCiseSrw5vfhkBYAwCLcBGAsYHQ\/s728\/download%2B%25282%2529%2B%25281%2529.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-FkQeWvqHoGA\/YUSXWtIImRI\/AAAAAAAAK3o\/6E8EbcJs2a4CHKc8LCiseSrw5vfhkBYAwCLcBGAsYHQ\/s728\/download%2B%25282%2529%2B%25281%2529.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-FkQeWvqHoGA\/YUSXWtIImRI\/AAAAAAAAK3o\/6E8EbcJs2a4CHKc8LCiseSrw5vfhkBYAwCLcBGAsYHQ\/s728\/download%2B%25282%2529%2B%25281%2529.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":31955,"url":"https:\/\/kalilinuxtutorials.com\/pphack\/","url_meta":{"origin":18786,"position":1},"title":"pphack : The Advanced Client-Side Prototype Pollution Scanner","author":"Varshini","date":"February 5, 2024","format":false,"excerpt":"The cutting-edge Client-Side Prototype Pollution Scanner. In this article, we'll delve into the installation process, usage, and features of pphack, a powerful tool for web security professionals and red teamers. Discover how pphack can help you identify and mitigate prototype pollution vulnerabilities in web applications. The Most Advanced Client-Side Prototype\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEge3RMXc6m3x-nmBfJeFCe71RKIPugfpXP8GsGrU6kk-1gtifu7TclD6CLBN-lRVygub6rsRW6qIm0DPbcSJ-ipAxEp_fnJjy49odtXtXWWkPWNn_1xED8QnpjSB_wltFSePK2fZuFoQWR5lv76BucgNfvKem6BBg9ecr_4Mrh_zOeQ1TFALljmvM55DpUg\/s16000\/Untitled%20design%20%2820%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEge3RMXc6m3x-nmBfJeFCe71RKIPugfpXP8GsGrU6kk-1gtifu7TclD6CLBN-lRVygub6rsRW6qIm0DPbcSJ-ipAxEp_fnJjy49odtXtXWWkPWNn_1xED8QnpjSB_wltFSePK2fZuFoQWR5lv76BucgNfvKem6BBg9ecr_4Mrh_zOeQ1TFALljmvM55DpUg\/s16000\/Untitled%20design%20%2820%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEge3RMXc6m3x-nmBfJeFCe71RKIPugfpXP8GsGrU6kk-1gtifu7TclD6CLBN-lRVygub6rsRW6qIm0DPbcSJ-ipAxEp_fnJjy49odtXtXWWkPWNn_1xED8QnpjSB_wltFSePK2fZuFoQWR5lv76BucgNfvKem6BBg9ecr_4Mrh_zOeQ1TFALljmvM55DpUg\/s16000\/Untitled%20design%20%2820%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEge3RMXc6m3x-nmBfJeFCe71RKIPugfpXP8GsGrU6kk-1gtifu7TclD6CLBN-lRVygub6rsRW6qIm0DPbcSJ-ipAxEp_fnJjy49odtXtXWWkPWNn_1xED8QnpjSB_wltFSePK2fZuFoQWR5lv76BucgNfvKem6BBg9ecr_4Mrh_zOeQ1TFALljmvM55DpUg\/s16000\/Untitled%20design%20%2820%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEge3RMXc6m3x-nmBfJeFCe71RKIPugfpXP8GsGrU6kk-1gtifu7TclD6CLBN-lRVygub6rsRW6qIm0DPbcSJ-ipAxEp_fnJjy49odtXtXWWkPWNn_1xED8QnpjSB_wltFSePK2fZuFoQWR5lv76BucgNfvKem6BBg9ecr_4Mrh_zOeQ1TFALljmvM55DpUg\/s16000\/Untitled%20design%20%2820%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEge3RMXc6m3x-nmBfJeFCe71RKIPugfpXP8GsGrU6kk-1gtifu7TclD6CLBN-lRVygub6rsRW6qIm0DPbcSJ-ipAxEp_fnJjy49odtXtXWWkPWNn_1xED8QnpjSB_wltFSePK2fZuFoQWR5lv76BucgNfvKem6BBg9ecr_4Mrh_zOeQ1TFALljmvM55DpUg\/s16000\/Untitled%20design%20%2820%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":15237,"url":"https:\/\/kalilinuxtutorials.com\/ppmap\/","url_meta":{"origin":18786,"position":2},"title":"Ppmap : A Scanner\/Exploitation Tool Written In GO, Which Leverages Prototype Pollution To XSS By Exploiting Known Gadgets","author":"R K","date":"July 28, 2021","format":false,"excerpt":"Ppmap is a simple scanner\/exploitation tool written in GO which automatically exploits known and existing gadgets (checks for specific variables in the global context) to perform XSS via Prototype Pollution. NOTE: The program only exploits known gadgets, but does not cover code analysis or any advanced Prototype Pollution exploitation, which\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":25100,"url":"https:\/\/kalilinuxtutorials.com\/spring4shell\/","url_meta":{"origin":18786,"position":3},"title":"Spring4Shell-Scan : A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell","author":"R K","date":"June 10, 2022","format":false,"excerpt":"Spring4Shell-Scan is a fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities. Features Support for lists of URLs.Fuzzing for more than 10 new Spring4Shell payloads (previously seen tools uses only 1-2 variants).Fuzzing for HTTP GET and POST methods.Automatic validation of the vulnerability upon discovery.Randomized and\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhs2MuDECxtBggRi87z8yWxGxw6RVOWXtibmDK83ZqANLBpvDoVyzpl7rN-2_nyDCJntIkWn8hOjPfmWf8qlQaQRsgJebOVJmRAwmMXodytNbOfXEaFbiICBveY53tuEz6h6jLK9qWO717BNAmo44P5saQazgXaB2SX9KjryKilQVnbNISb1NRMr1ik\/s728\/1%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhs2MuDECxtBggRi87z8yWxGxw6RVOWXtibmDK83ZqANLBpvDoVyzpl7rN-2_nyDCJntIkWn8hOjPfmWf8qlQaQRsgJebOVJmRAwmMXodytNbOfXEaFbiICBveY53tuEz6h6jLK9qWO717BNAmo44P5saQazgXaB2SX9KjryKilQVnbNISb1NRMr1ik\/s728\/1%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhs2MuDECxtBggRi87z8yWxGxw6RVOWXtibmDK83ZqANLBpvDoVyzpl7rN-2_nyDCJntIkWn8hOjPfmWf8qlQaQRsgJebOVJmRAwmMXodytNbOfXEaFbiICBveY53tuEz6h6jLK9qWO717BNAmo44P5saQazgXaB2SX9KjryKilQVnbNISb1NRMr1ik\/s728\/1%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhs2MuDECxtBggRi87z8yWxGxw6RVOWXtibmDK83ZqANLBpvDoVyzpl7rN-2_nyDCJntIkWn8hOjPfmWf8qlQaQRsgJebOVJmRAwmMXodytNbOfXEaFbiICBveY53tuEz6h6jLK9qWO717BNAmo44P5saQazgXaB2SX9KjryKilQVnbNISb1NRMr1ik\/s728\/1%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":4618,"url":"https:\/\/kalilinuxtutorials.com\/xsstrike-xss-scanner\/","url_meta":{"origin":18786,"position":4},"title":"XSStrike : Most Advanced XSS Scanner","author":"R K","date":"April 15, 2019","format":false,"excerpt":"XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response with multiple parsers and then\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12056,"url":"https:\/\/kalilinuxtutorials.com\/xss-scanner\/","url_meta":{"origin":18786,"position":5},"title":"XSS-Scanner : Scanner That Detects Cross-Site Scripting Vulnerabilities In Website","author":"R K","date":"January 8, 2021","format":false,"excerpt":"XSS-Scanner is a cross-site scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/18786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=18786"}],"version-history":[{"count":5,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/18786\/revisions"}],"predecessor-version":[{"id":19145,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/18786\/revisions\/19145"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/19144"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=18786"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=18786"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=18786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}