Endo is a distributed secure JavaScript sandbox, based on SES

A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀

A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.

A collection of Server-Side Prototype Pollution gadgets and exploits

The Most Advanced Client-Side Prototype Pollution Scanner

Let's check if your target is vulnerable for client side prototype pollution.

A tool which helps identifying client-side prototype polluting libraries

Detecting prototype pollution vulnerabilities in JavaScript using static analysis

A website developed with Nodejs. This website includes server side prototype pollution vulnerability

Secure drop-in replacement for the `JSON` global with prototype pollution protection

Security Research and PoC

Prototype Pollution Checker is a security tool designed to detect potential Prototype Pollution vulnerabilities on target URLs by injecting payloads and verifying responses. This tool uses Selenium to automate browser interactions and concurrently checks multiple URLs for vulnerabilities.

A CTF challenge we put together for Ekoparty's 2023 main CTF

JavaScript Prototype Pollution Attack demo against a NodeJS Express server using Lodash

A sample application vulnerable to JavaScript prototype pollution

My Write Up for Portswigger Prototype Polution Write Up

Gadgets in the JavaScript runtime based on the ECMAScript specification

Check prototype pollution in JS libraries