Usage

Print the help

pphack -h

Scan a single URL

pphack -u https://edoardottt.github.io/pp-test/

echo https://edoardottt.github.io/pp-test/ | pphack

Scan a list of URLs

pphack -l targets.txt

cat targets.txt | pphack

Automatic Exploitation

pphack -u https://edoardottt.github.io/pp-test/ -e

Change the concurrency level (default 50)

pphack -u https://edoardottt.github.io/pp-test/ -c 20

Change the connection timeout value (default 10 seconds)

pphack -u https://edoardottt.github.io/pp-test/ -t 20

Use a Proxy

pphack -u https://edoardottt.github.io/pp-test/ -px http://127.0.0.1:8080

Set a rate limit (requests per second)

pphack -u https://edoardottt.github.io/pp-test/ -rl 10

Set a custom User Agent (random by default)

pphack -u https://edoardottt.github.io/pp-test/ -ua "Test User Agent"

Use a custom payload
Default is random (e.g. nqapst)

pphack -u https://edoardottt.github.io/pp-test/ -p injection

Run custom Javascript on target (to verify if the target is vulnerable)
Default is window. + payload (e.g. window.nqapst)

pphack -u https://edoardottt.github.io/pp-test/ -js "console.log(3)"

Run custom Javascript on target using a file (to verify the target is vulnerable)

pphack -u https://edoardottt.github.io/pp-test/ -jsf custom.js

Set custom headers

pphack -u https://edoardottt.github.io/pp-test/ -H Test:test,abc:xyz

n.b: GitHub Pages uses preflight header access requests, which in certain cases can break prototype pollution detection.

Write output in a file

pphack -u https://edoardottt.github.io/pp-test/ -o result.txt

Verbose output

pphack -u https://edoardottt.github.io/pp-test/ -v

Print only results (silent)

pphack -u https://edoardottt.github.io/pp-test/ -s