prototype-pollution

Endo is a distributed secure JavaScript sandbox, based on SES

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

The Most Advanced Client-Side Prototype Pollution Scanner

A collection of Server-Side Prototype Pollution gadgets and exploits

The Most Advanced Client-Side Prototype Pollution Scanner

Let's check if your target is vulnerable for client side prototype pollution.

A tool which helps identifying client-side prototype polluting libraries

A website developed with Nodejs. This website includes server side prototype pollution vulnerability

Detecting prototype pollution vulnerabilities in JavaScript using static analysis

Secure drop-in replacement for the `JSON` global with prototype pollution protection

Prototype Pollution Checker is a security tool designed to detect potential Prototype Pollution vulnerabilities on target URLs by injecting payloads and verifying responses. This tool uses Selenium to automate browser interactions and concurrently checks multiple URLs for vulnerabilities.

Security Research and PoC

JavaScript Prototype Pollution Attack demo against a NodeJS Express server using Lodash

A CTF challenge we put together for Ekoparty's 2023 main CTF

A sample application vulnerable to JavaScript prototype pollution

My Write Up for Portswigger Prototype Polution Write Up

Gadgets in the JavaScript runtime based on the ECMAScript specification

Check prototype pollution in JS libraries

Interactive demo of a prototype pollution → XSS exploit in JavaScript