-
-
Notifications
You must be signed in to change notification settings - Fork 12
Usage
Print the help
pphack -hScan a single URL
pphack -u https://edoardottt.github.io/pp-test/echo https://edoardottt.github.io/pp-test/ | pphackScan a list of URLs
pphack -l targets.txtcat targets.txt | pphackChange the concurrency level (default 50)
pphack -u https://edoardottt.github.io/pp-test/ -c 20Change the connection timeout value (default 10 seconds)
pphack -u https://edoardottt.github.io/pp-test/ -t 20Use a Proxy
pphack -u https://edoardottt.github.io/pp-test/ -px http://127.0.0.1:8080Set a rate limit (requests per second)
pphack -u https://edoardottt.github.io/pp-test/ -rl 10Set a custom User Agent (random by default)
pphack -u https://edoardottt.github.io/pp-test/ -ua "Test User Agent"Use a custom payload
Default is random (e.g. nqapst)
pphack -u https://edoardottt.github.io/pp-test/ -p injectionRun custom Javascript on target (to verify the target is vulnerable)
Default is window. + payload (e.g. window.nqapst)
pphack -u https://edoardottt.github.io/pp-test/ -js "console.log(3)"Run custom Javascript on target using a file (to verify the target is vulnerable)
pphack -u https://edoardottt.github.io/pp-test/ -jsf custom.jsSet custom headers
pphack -u https://edoardottt.github.io/pp-test/ -H Test:test,abc:xyzn.b: GitHub Pages uses preflight header access requests, which in certain cases can break prototype pollution detection.
Write output in a file
pphack -u https://edoardottt.github.io/pp-test/ -o result.txtVerbose output
pphack -u https://edoardottt.github.io/pp-test/ -vPrint only results (silent)
pphack -u https://edoardottt.github.io/pp-test/ -sThis repository is under MIT License.
edoardoottavianelli.it to contact me.