go get github.com/KathanP19/protoscan


Usage of protoscan:
  -c int
        Set Concurrency  (default 10)
  -o string
        Save Result to OutputFile
  -u    Scan Urls 

Warning : Use concurrency according to you pc spec

  • If you want to test then you can use the testurls.txt cat testurls.txt | protoscan

  • If you want to scan urls For Example: http://example.com/?page=some then use -u option. cat testurls.txt | protoscan -u

Payloads Used:

  • By Default it will append ?__proto__[protoscan]=protoscan to the https://example.com so you can directly STDIN the output of Httpx or some other tool after you check that domain is live.
  • When -u is used it will append &__proto__[protoscan]=protoscan to the url

More Info:

If you want to learn prototype pollution then you can check this repo.


  • Add more Payload Support.