Aurore54F / DoubleXLinks
Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale
☆74Updated 3 years ago
Alternatives and similar repositories for DoubleX
Users that are interested in DoubleX are comparing it to the libraries listed below
Sorting:
- Modular static malicious JavaScript detection system☆70Updated 4 years ago
- Testability Pattern Catalogs for SAST☆30Updated 3 months ago
- Static JavaScript Analysis: AST, Control Flow, Data Flow, & Pointer Analysis☆26Updated 3 years ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆107Updated 5 months ago
- ☆31Updated 8 months ago
- VFCFinder: Searching for the Missing Vulnerability Fixing Commits☆29Updated last year
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆153Updated last year
- ☆50Updated 2 years ago
- Static data flow-based analysis of JavaScript files to detect syntactic clones☆23Updated 5 years ago
- A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozi…☆108Updated last week
- A framework for identifying vulnerabilities in VS Code extensions☆18Updated 10 months ago
- YuraScanner☆42Updated 3 months ago
- ☆29Updated last month
- ☆44Updated 10 months ago
- TaintFlow, a framework for JavaScript dynamic information flow analysis.☆17Updated 2 years ago
- Hey folks, this is a repository for papers on LLM for Vuln. Detection area☆50Updated 2 months ago
- find relevant security papers published in the top-4 conferences (S&P, USENIX, CCS, NDSS)☆186Updated 9 months ago
- The source code (including datasets) of V1SCAN (USENIX Security 2023; will be uploaded).☆41Updated last year
- VulZoo: A Comprehensive Vulnerability Intelligence Dataset (ASE 2024 Demo)☆48Updated 2 months ago
- Securibench Micro is a benchmark for static analysis tools for security.☆26Updated 6 years ago
- A fork of Bandit tool with patterns to identifying malicious python code.☆26Updated 2 years ago
- ObjLupAnsys is a tool to detect prototype pollution vulnerabilities in Node.js packages. This project is written in Python and JavaScript…☆24Updated 3 years ago
- CodeQL queries developed by Trail of Bits☆99Updated 3 weeks ago
- ☆26Updated last year
- ☆26Updated last year
- [CCS'24] An LLM-based, fully automated fuzzing tool for option combination testing.☆81Updated last month
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆16Updated 2 months ago
- The repository has collected about 10,000 malicious pypi packages. This dataset is the work of the ASE 2023 paper "An Empirical Study of…☆91Updated last month
- HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property Graphs☆43Updated 2 years ago
- Artifacts of the paper "Arcanum: Detecting and Evaluating the Privacy Risks of Browser Extensions on Web Pages and Web Content" in USENIX…☆14Updated 9 months ago