This project encompasses all artifacts for the paper "GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes". GHunter is a pipeline to systematically detect gadgets in V8-based JavaScript runtimes with prime focus on Node.js and Deno. It supports a lightweight dynamic taint analysis to automatically identify gadget candidates which we validate manually to derive proof-of-concept exploits.
The project consists of three sub artifacts for the different experiments presented in the paper.
For more details we recommend reading the per-artifact instructions found in each projects' README.md file.
ghunter4deno: The artifact for the analysis on the Deno runtime.ghunter4node: The artifact for the analysis on the Node.js runtime as well as the GHunter part of the comparison between GHunter and Silent Spring.silentspring4ghunter: The Silent Spring part of the comparison between GHunter and Silent Spring.
If you use the paper, tool, and/or experiment results for academic research we encourage you to cite it as:
@inproceedings{GHunter2024,
title={GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes},
author={Cornelissen, Eric and Shcherbakov, Mikhail and Balliu, Musard},
booktitle={33rd USENIX Security Symposium (USENIX Security 24)},
pages={3693--3710},
year={2024}
}