BlackFan/client-side-prototype-pollution

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/BlackFan/client-side-prototype-pollution)

BlackFan / client-side-prototype-pollution

Prototype Pollution and useful Script Gadgets

☆1,584

Alternatives and similar repositories for client-side-prototype-pollution

Users that are interested in client-side-prototype-pollution are comparing it to the libraries listed below

Sorting:

msrkp / PPScan
View on GitHub
Client Side Prototype Pollution Scanner
☆523Sep 17, 2022Updated 3 years ago
filedescriptor / untrusted-types
View on GitHub
☆694Jul 4, 2022Updated 3 years ago
BlackFan / content-type-research
View on GitHub
Content-Type Research
☆657Jun 29, 2025Updated 8 months ago
fransr / postMessage-tracker
View on GitHub
A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon
☆1,293Jan 26, 2024Updated 2 years ago
defparam / smuggler
View on GitHub
Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
☆2,062Jan 2, 2024Updated 2 years ago
dwisiswant0 / ppfuzz
View on GitHub
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
☆659Aug 28, 2025Updated 6 months ago
assetnote / blind-ssrf-chains
View on GitHub
An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
☆952Dec 31, 2021Updated 4 years ago
streaak / keyhacks
View on GitHub
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
☆6,075Aug 14, 2024Updated last year
BishopFox / h2csmuggler
View on GitHub
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
☆782May 10, 2022Updated 3 years ago
neex / http2smugl
View on GitHub
☆562Mar 27, 2025Updated 11 months ago
jmdx / TLS-poison
View on GitHub
☆707Nov 27, 2024Updated last year
httpvoid / writeups
View on GitHub
☆1,200Sep 2, 2022Updated 3 years ago
Sh1Yo / x8
View on GitHub
Hidden parameters discovery suite
☆2,027Sep 8, 2024Updated last year
tarunkant / Gopherus
View on GitHub
This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
☆3,302Apr 18, 2023Updated 2 years ago
GrrrDog / weird_proxies
View on GitHub
Reverse proxies cheatsheet
☆1,855Nov 4, 2023Updated 2 years ago
BlackFan / cspp-tools
View on GitHub
Client-Side Prototype Pollution Tools
☆86Sep 21, 2021Updated 4 years ago
ambionics / phpggc
View on GitHub
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
☆3,753Sep 29, 2025Updated 5 months ago
HoLyVieR / prototype-pollution-nsec18
View on GitHub
Content released at NorthSec 2018 for my talk on prototype pollution
☆535May 25, 2024Updated last year
terjanq / Tiny-XSS-Payloads
View on GitHub
A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me
☆2,309Nov 29, 2024Updated last year
KathanP19 / protoscan
View on GitHub
Prototype Pollution Scanner
☆139Apr 11, 2021Updated 4 years ago
ayoubfathi / leaky-paths
View on GitHub
A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
☆1,024Feb 22, 2026Updated last week
nikitastupin / clairvoyance
View on GitHub
Obtain GraphQL API schema even if the introspection is disabled
☆1,396Dec 5, 2025Updated 2 months ago
sw33tLie / bbscope
View on GitHub
Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
☆1,268Updated this week
assetnote / kiterunner
View on GitHub
Contextual Content Discovery Tool
☆3,096Apr 29, 2024Updated last year
cujanovic / SSRF-Testing
View on GitHub
SSRF (Server Side Request Forgery) testing resources
☆2,483Oct 12, 2024Updated last year
KTH-LangSec / server-side-prototype-pollution
View on GitHub
A collection of Server-Side Prototype Pollution gadgets and exploits
☆223Feb 6, 2025Updated last year
GrrrDog / Java-Deserialization-Cheat-Sheet
View on GitHub
The cheat sheet about Java Deserialization vulnerabilities
☆3,164May 26, 2023Updated 2 years ago
GoSecure / dtd-finder
View on GitHub
List DTDs and generate XXE payloads using those local DTDs.
☆648Feb 21, 2024Updated 2 years ago
0xacb / recollapse
View on GitHub
REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
☆1,290Aug 7, 2025Updated 6 months ago
1ndianl33t / Gf-Patterns
View on GitHub
GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
☆1,401Sep 13, 2024Updated last year
EdOverflow / can-i-take-over-xyz
View on GitHub
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
☆5,565Feb 8, 2025Updated last year
six2dez / OneListForAll
View on GitHub
Rockyou for web fuzzing
☆3,023Feb 11, 2026Updated 2 weeks ago
robre / jsmon
View on GitHub
a javascript change monitoring tool for bugbounties
☆711Jul 31, 2024Updated last year
GerbenJavado / LinkFinder
View on GitHub
A python script that finds endpoints in JavaScript files
☆4,286Apr 13, 2024Updated last year
0ang3el / aem-hacker
View on GitHub
☆810Jul 28, 2024Updated last year
zigoo0 / JSONBee
View on GitHub
A ready to use JSONP endpoints/payloads to help bypass content security policy (CSP) of different websites.
☆748May 6, 2024Updated last year
arkadiyt / bounty-targets-data
View on GitHub
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for …
☆3,651Updated this week
lc / gau
View on GitHub
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
☆4,837Jan 1, 2025Updated last year
0ang3el / websocket-smuggle
View on GitHub
Issues with WebSocket reverse proxying allowing to smuggle HTTP requests
☆390Aug 15, 2024Updated last year