KTH-LangSec/server-side-prototype-pollution external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

KTH-LangSec/server-side-prototype-pollution

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/KTH-LangSec/server-side-prototype-pollution)

Close

KTH-LangSec / server-side-prototype-pollutionView on GitHubMore

• External links
• Readme badge

A collection of Server-Side Prototype Pollution gadgets and exploits

☆223Feb 6, 2025Updated last year

Alternatives and similar repositories for server-side-prototype-pollution

Users that are interested in server-side-prototype-pollution are comparing it to the libraries listed below

• KTH-LangSec / silent-spring

  View on GitHub
  Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
  ☆75Jan 21, 2024Updated 2 years ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,584Jan 27, 2024Updated 2 years ago
• masatokinugawa / ShadowBreakers

  View on GitHub
  ☆48Aug 2, 2025Updated 7 months ago
• yeswehack / pp-finder

  View on GitHub
  PP-finder Help you find gadget for prototype pollution exploitation
  ☆189Aug 8, 2024Updated last year
• kevin-mizu / domloggerpp

  View on GitHub
  A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
  ☆772Dec 9, 2025Updated 2 months ago
• BlackFan / content-type-research

  View on GitHub
  Content-Type Research
  ☆657Jun 29, 2025Updated 8 months ago
• renniepak / CSPBypass

  View on GitHub
  CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scr…
  ☆604Feb 20, 2026Updated last week
• narfindustries / http-garden

  View on GitHub
  Differential testing framework for HTTP implementations
  ☆927Jan 21, 2026Updated last month
• assetnote / surf

  View on GitHub
  Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …
  ☆753Dec 19, 2023Updated 2 years ago
• Tedixx / dmarc-subdomains

  View on GitHub
  Tool to parse subdomains from dmarc.live
  ☆150Apr 19, 2024Updated last year
• doyensec / Prototype-Pollution-Gadgets-Finder

  View on GitHub
  ☆93Apr 29, 2024Updated last year
• doyensec / CSPTBurpExtension

  View on GitHub
  CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
  ☆160Jul 2, 2024Updated last year
• Moopinger / smugglefuzz

  View on GitHub
  A rapid HTTP downgrade smuggling scanner written in Go.
  ☆313May 16, 2024Updated last year
• xssdoctor / graphqlMaker

  View on GitHub
  Finds graphql queries in javascript files
  ☆68May 18, 2024Updated last year
• kevin-mizu / bot-ctf-template

  View on GitHub
  ☆31Jan 31, 2026Updated last month
• 0xacb / recollapse

  View on GitHub
  REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
  ☆1,290Aug 7, 2025Updated 6 months ago
• doyensec / CSPTPlayground

  View on GitHub
  CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).
  ☆153Mar 31, 2025Updated 11 months ago
• msrkp / PPScan

  View on GitHub
  Client Side Prototype Pollution Scanner
  ☆523Sep 17, 2022Updated 3 years ago
• BishopFox / sj

  View on GitHub
  A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
  ☆723Updated this week
• BishopFox / jsluice

  View on GitHub
  Extract URLs, paths, secrets, and other interesting bits from JavaScript
  ☆1,771May 22, 2024Updated last year
• terjanq / same-origin-xss

  View on GitHub
  Same Origin XSS challenge
  ☆64Apr 7, 2022Updated 3 years ago
• BlackFan / BFScan

  View on GitHub
  Tool for finding URLs, paths, secrets and generating raw HTTP requests and OpenApi specifications from config files and annotations used …
  ☆242Dec 9, 2025Updated 2 months ago
• dillonfranke / protoburp

  View on GitHub
  Encode and Fuzz Custom Protobuf Messages in Burp Suite
  ☆36Mar 4, 2025Updated 11 months ago
• SoheilKhodayari / DOMClobbering

  View on GitHub
  DOM Clobbering Wiki, Browser Testing, and Payload Generation
  ☆61Dec 18, 2025Updated 2 months ago
• AethliosIK / reset-tolkien

  View on GitHub
  Unsecure time-based secret exploitation and Sandwich attack implementation Resources
  ☆149Dec 9, 2024Updated last year
• harisec / orange-confusion-attacks

  View on GitHub
  Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
  ☆21Aug 25, 2024Updated last year
• zeyu2001 / My-CTF-Challenges

  View on GitHub
  Challenges I wrote for various CTF competitions
  ☆44Jul 21, 2024Updated last year
• Escape-Technologies / graphql-wordlist

  View on GitHub
  The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
  ☆455Oct 3, 2023Updated 2 years ago
• ambionics / wrapwrap

  View on GitHub
  Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.
  ☆236Oct 8, 2024Updated last year
• Virdoexhunter / My-Mind-Maps

  View on GitHub
  Mind map for certifcation, vulnerability finding and recon for bug bounty and professional works.
  ☆19Mar 17, 2024Updated last year
• caido-community / EvenBetter

  View on GitHub
  EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎
  ☆161Feb 11, 2026Updated 2 weeks ago
• xscorp / jsmug

  View on GitHub
  A PoC code for JSON Smuggling technique to smuggle arbitrary files through JSON
  ☆115Mar 27, 2024Updated last year
• xnl-h4ck3r / urless

  View on GitHub
  De-clutter a list of URLs
  ☆386Feb 3, 2026Updated 3 weeks ago
• Social-Engineering-Experts / SEETF-2023-Public

  View on GitHub
  SEETF 2023 Public Challenge Files, Sources, and Solutions
  ☆18Jun 18, 2023Updated 2 years ago
• bjornhels / CVE-2025-30065

  View on GitHub
  PoC
  ☆12Apr 7, 2025Updated 10 months ago
• SECCON / SECCON2023_final_CTF

  View on GitHub
  ☆12Jan 10, 2024Updated 2 years ago
• nullenc0de / paramhunter

  View on GitHub
  Looks for parameters in urls
  ☆34Oct 14, 2024Updated last year
• gatete / DomainTrail

  View on GitHub
  DomainTrail is a fast subdomain enumeration tool that uses effective passive and active techniques.
  ☆41Apr 18, 2024Updated last year
• forcesunseen / graphquail

  View on GitHub
  Burp Suite extension that offers a toolkit for testing GraphQL endpoints.
  ☆203Aug 5, 2024Updated last year