KTH-LangSec/server-side-prototype-pollution external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

KTH-LangSec/server-side-prototype-pollution

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/KTH-LangSec/server-side-prototype-pollution)

Close

KTH-LangSec / server-side-prototype-pollutionView on GitHubMore

• External links
• Readme badge

A collection of Server-Side Prototype Pollution gadgets and exploits

☆228Feb 6, 2025Updated last year

Alternatives and similar repositories for server-side-prototype-pollution

Users that are interested in server-side-prototype-pollution are comparing it to the libraries listed below

• KTH-LangSec / silent-spring

  View on GitHub
  Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
  ☆75Jan 21, 2024Updated 2 years ago
• masatokinugawa / ShadowBreakers

  View on GitHub
  ☆50Aug 2, 2025Updated 7 months ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,601Jan 27, 2024Updated 2 years ago
• BlackFan / content-type-research

  View on GitHub
  Content-Type Research
  ☆658Jun 29, 2025Updated 8 months ago
• yeswehack / pp-finder

  View on GitHub
  PP-finder Help you find gadget for prototype pollution exploitation
  ☆189Aug 8, 2024Updated last year
• kevin-mizu / domloggerpp

  View on GitHub
  A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.
  ☆778Dec 9, 2025Updated 3 months ago
• renniepak / CSPBypass

  View on GitHub
  CSPBypass.com, a tool designed to help ethical hackers bypass restrictive Content Security Policies (CSP) and exploit XSS (Cross-Site Scr…
  ☆623Updated this week
• narfindustries / http-garden

  View on GitHub
  Differential testing framework for HTTP implementations
  ☆929Jan 21, 2026Updated 2 months ago
• kevin-mizu / bot-ctf-template

  View on GitHub
  ☆31Jan 31, 2026Updated last month
• Tedixx / dmarc-subdomains

  View on GitHub
  Tool to parse subdomains from dmarc.live
  ☆150Apr 19, 2024Updated last year
• assetnote / surf

  View on GitHub
  Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …
  ☆755Dec 19, 2023Updated 2 years ago
• doyensec / CSPTBurpExtension

  View on GitHub
  CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.
  ☆163Jul 2, 2024Updated last year
• BlackFan / BFScan

  View on GitHub
  Tool for finding URLs, paths, secrets and generating raw HTTP requests and OpenApi specifications from config files and annotations used …
  ☆245Dec 9, 2025Updated 3 months ago
• doyensec / Prototype-Pollution-Gadgets-Finder

  View on GitHub
  ☆93Apr 29, 2024Updated last year
• Moopinger / smugglefuzz

  View on GitHub
  A rapid HTTP downgrade smuggling scanner written in Go.
  ☆313May 16, 2024Updated last year
• xssdoctor / graphqlMaker

  View on GitHub
  Finds graphql queries in javascript files
  ☆69May 18, 2024Updated last year
• kevin-mizu / GMSGadget

  View on GitHub
  This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) an…
  ☆135Feb 4, 2026Updated last month
• msrkp / PPScan

  View on GitHub
  Client Side Prototype Pollution Scanner
  ☆523Sep 17, 2022Updated 3 years ago
• SoheilKhodayari / DOMClobbering

  View on GitHub
  DOM Clobbering Wiki, Browser Testing, and Payload Generation
  ☆61Dec 18, 2025Updated 3 months ago
• zeyu2001 / My-CTF-Challenges

  View on GitHub
  Challenges I wrote for various CTF competitions
  ☆44Jul 21, 2024Updated last year
• 0xacb / recollapse

  View on GitHub
  REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
  ☆1,297Aug 7, 2025Updated 7 months ago
• BishopFox / jsluice

  View on GitHub
  Extract URLs, paths, secrets, and other interesting bits from JavaScript
  ☆1,782May 22, 2024Updated last year
• bebiksior / subwords

  View on GitHub
  Extract most frequent words in a list of subdomains
  ☆13Feb 15, 2025Updated last year
• BishopFox / sj

  View on GitHub
  A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
  ☆795Updated this week
• dillonfranke / protoburp

  View on GitHub
  Encode and Fuzz Custom Protobuf Messages in Burp Suite
  ☆37Mar 4, 2025Updated last year
• tl2cents / Implementation-of-Cryptographic-Attacks

  View on GitHub
  Implementation of cryptographic attacks. Mainly reproduction of recent cryptographic papers.
  ☆15Dec 4, 2024Updated last year
• forcesunseen / graphquail

  View on GitHub
  Burp Suite extension that offers a toolkit for testing GraphQL endpoints.
  ☆203Aug 5, 2024Updated last year
• terjanq / same-origin-xss

  View on GitHub
  Same Origin XSS challenge
  ☆64Apr 7, 2022Updated 3 years ago
• AethliosIK / reset-tolkien

  View on GitHub
  Unsecure time-based secret exploitation and Sandwich attack implementation Resources
  ☆148Dec 9, 2024Updated last year
• SECCON / SECCON2023_final_CTF

  View on GitHub
  ☆12Jan 10, 2024Updated 2 years ago
• ambionics / wrapwrap

  View on GitHub
  Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.
  ☆237Oct 8, 2024Updated last year
• jackfromeast / dom-clobbering-collection

  View on GitHub
  A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.
  ☆48Aug 31, 2025Updated 6 months ago
• acuciureanu / ppfang

  View on GitHub
  A tool which helps identifying client-side prototype polluting libraries
  ☆39May 1, 2025Updated 10 months ago
• Rhynorater / rebindMultiA

  View on GitHub
  ☆63Mar 1, 2023Updated 3 years ago
• nullenc0de / paramhunter

  View on GitHub
  Looks for parameters in urls
  ☆34Oct 14, 2024Updated last year
• Escape-Technologies / graphql-wordlist

  View on GitHub
  The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
  ☆458Oct 3, 2023Updated 2 years ago
• caido-community / EvenBetter

  View on GitHub
  EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎
  ☆162Feb 11, 2026Updated last month
• efecankaya / BlindSSTIScanner

  View on GitHub
  Burp Suite extension that enhances Burp Active Scan by adding template engine specific SSTI payloads.
  ☆24Feb 20, 2024Updated 2 years ago
• matanber / domlogger-configs

  View on GitHub
  Useful configurations for the DomLogger++ extension
  ☆48Sep 7, 2024Updated last year