2bdenny / ReScue
An automated tool for the detection of regexes' slow-matching vulnerabilities.
☆154Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for ReScue
- ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection☆75Updated last year
- A tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS.☆110Updated 2 years ago
- When MVC magic turns black☆286Updated 4 years ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆208Updated last month
- ☆44Updated last year
- Compiled dataset of Java deserialization CVEs☆60Updated 4 years ago
- Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.☆27Updated 6 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆344Updated 2 years ago
- Grammar-based HTTP/2 fuzzer with mutation ability☆42Updated 2 years ago
- Parser utility to generate ASTs from PHP source code suitable to be processed by Joern.☆34Updated 4 years ago
- A penetration testing tool for finding file upload bugs (NDSS 2020)☆249Updated 3 years ago
- Fuzzing script for redirect URL validator☆48Updated 4 years ago
- An extended Node.js runtime with additional security mechanisms built-in. Protects your Node.js applications from injection attacks such …☆31Updated 3 years ago
- Issues with WebSocket reverse proxying allowing to smuggle HTTP requests☆337Updated 3 months ago
- ☆107Updated 2 years ago
- Deemon is a tool to detect CSRF in web applications. Deemon has been used for the paper "Deemon: Detecting CSRF with Dynamic Analysis and…☆74Updated 6 years ago
- HTTPWookiee is an HTTP server and proxy stress tool (respect of RFC, HTTP Smuggling issues, etc). If you run an HTTP server project conta…☆49Updated 6 years ago
- HTTP.ninja☆147Updated last year
- ☆398Updated 2 years ago
- [DEPRECATED]A novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis.☆252Updated 8 months ago
- Burp Wiener API (Legacy)☆57Updated 11 months ago
- ☆72Updated 7 years ago
- procfs-based PHP sandbox bypass☆133Updated 6 years ago
- research☆150Updated 8 months ago
- Simple "postMessage logger" Chrome extension☆92Updated 4 years ago
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆147Updated 9 months ago
- ☆414Updated 7 years ago
- ☆24Updated 2 years ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆99Updated last week