BlackFan/client-side-prototype-pollution

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/BlackFan/client-side-prototype-pollution)

BlackFan / client-side-prototype-pollution

Prototype Pollution and useful Script Gadgets

☆1,601

Alternatives and similar repositories for client-side-prototype-pollution

Users that are interested in client-side-prototype-pollution are comparing it to the libraries listed below

Sorting:

msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆523Sep 17, 2022Updated 3 years ago
filedescriptor / untrusted-types
View on GitHub
☆695Jul 4, 2022Updated 3 years ago
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆658Jun 29, 2025Updated 8 months ago
fransr / postMessage-tracker
View on GitHub
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
☆1,296Jan 26, 2024Updated 2 years ago
dwisiswant0 / ppfuzz
View on GitHub
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
☆660Aug 28, 2025Updated 6 months ago
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,063Jan 2, 2024Updated 2 years ago
BlackFan / cspp-tools
View on GitHub
Client-Side Prototype Pollution Tools
☆86Sep 21, 2021Updated 4 years ago
neex / http2smugl
View on GitHub
☆563Mar 27, 2025Updated 11 months ago
streaak / keyhacks
View on GitHub
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
☆6,101Aug 14, 2024Updated last year
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆957Dec 31, 2021Updated 4 years ago
BishopFox / h2csmuggler
View on GitHub
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
☆785May 10, 2022Updated 3 years ago
KathanP19 / protoscan
View on GitHub
Prototype Pollution Scanner
☆139Apr 11, 2021Updated 4 years ago
jmdx / TLS-poison
View on GitHub
☆705Nov 27, 2024Updated last year
HoLyVieR / prototype-pollution-nsec18
View on GitHub
Content released at NorthSec 2018 for my talk on prototype pollution
☆535May 25, 2024Updated last year
ambionics / phpggc
View on GitHub
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
☆3,768Sep 29, 2025Updated 5 months ago
GrrrDog / weird_proxies
View on GitHub
Reverse proxies cheatsheet
☆1,855Nov 4, 2023Updated 2 years ago
httpvoid / writeups
View on GitHub
☆1,202Sep 2, 2022Updated 3 years ago
Sh1Yo / x8
View on GitHub
Hidden parameters discovery suite
☆2,033Sep 8, 2024Updated last year
terjanq / Tiny-XSS-Payloads
View on GitHub
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
☆2,327Nov 29, 2024Updated last year
tarunkant / Gopherus
View on GitHub
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
☆3,324Apr 18, 2023Updated 2 years ago
ayoubfathi / leaky-paths
View on GitHub
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
☆1,028Feb 22, 2026Updated 3 weeks ago
KTH-LangSec / server-side-prototype-pollution
View on GitHub
A collection of Server-Side Prototype Pollution gadgets and exploits
☆229Feb 6, 2025Updated last year
nikitastupin / clairvoyance
View on GitHub
Obtain GraphQL API schema even if the introspection is disabled
☆1,407Dec 5, 2025Updated 3 months ago
sw33tLie / bbscope
View on GitHub
Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
☆1,330Mar 5, 2026Updated 2 weeks ago
assetnote / kiterunner
View on GitHub
Contextual Content Discovery Tool
☆3,121Apr 29, 2024Updated last year
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,172May 26, 2023Updated 2 years ago
cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,483Oct 12, 2024Updated last year
EdOverflow / can-i-take-over-xyz
View on GitHub
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
☆5,592Feb 8, 2025Updated last year
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆651Feb 21, 2024Updated 2 years ago
six2dez / OneListForAll
View on GitHub
Rockyou for web fuzzing
☆3,087Mar 11, 2026Updated last week
0ang3el / websocket-smuggle
View on GitHub
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
☆392Aug 15, 2024Updated last year
0xacb / recollapse
View on GitHub
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
☆1,297Aug 7, 2025Updated 7 months ago
robre / jsmon
View on GitHub
a javascript change monitoring tool for bugbounties
☆713Jul 31, 2024Updated last year
1ndianl33t / Gf-Patterns
View on GitHub
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
☆1,409Sep 13, 2024Updated last year
0ang3el / aem-hacker
View on GitHub
☆810Jul 28, 2024Updated last year
GerbenJavado / LinkFinder
View on GitHub
A python script that finds endpoints in JavaScript files
☆4,300Apr 13, 2024Updated last year
RenwaX23 / XSS-Payloads
View on GitHub
List of XSS Vectors/Payloads
☆1,367Jan 14, 2026Updated 2 months ago
detectify / page-fetch
View on GitHub
Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…
☆529Apr 23, 2025Updated 10 months ago
zigoo0 / JSONBee
View on GitHub
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
☆752May 6, 2024Updated last year