SAP / project-foxhound
A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla/gecko-dev). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.
☆89Updated last week
Alternatives and similar repositories for project-foxhound:
Users that are interested in project-foxhound are comparing it to the libraries listed below
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆105Updated 3 months ago
- Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale☆72Updated 3 years ago
- Testability Pattern Catalogs for SAST☆29Updated 3 weeks ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆45Updated last year
- XS-Leak Browser Test Suite☆77Updated last year
- XS-Leaks Wiki☆156Updated last month
- Grammar-based HTTP/2 fuzzer with mutation ability☆42Updated 2 years ago
- ☆27Updated 2 years ago
- Source code for ACM CCS 2020 Paper PMForce: Systematically Analyzing postMessage Handlers at Scale☆17Updated 3 years ago
- Modular static malicious JavaScript detection system☆69Updated 4 years ago
- ☆31Updated 5 months ago
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆152Updated last year
- Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"☆13Updated 3 months ago
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆48Updated 3 months ago
- Grammar-based HTTP/1 fuzzer with mutation ability☆247Updated 4 months ago
- Searcher for cross-site leaks (XS-Leaks)☆82Updated 2 years ago
- Find XS-Leaks in the browser by diffing DOM-Graphs in two states☆14Updated last month
- List of Trusted Types bypasses☆90Updated 10 months ago
- Mayhem example templates for programming languages and fuzzers that you love!☆28Updated last year
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆64Updated last year
- Generic SAST Library☆130Updated 3 months ago
- FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities☆95Updated last year
- A Dynamic Symbolic Execution (DSE) engine for JavaScript. ExpoSE is highly scalable, compatible with recent JavaScript standards, and sup…☆199Updated last month
- This is the repository for JÄk. I created it as prototype during my masterthesis.☆30Updated 7 years ago
- Manager of third-party sources of Semgrep rules 🗂☆79Updated 7 months ago
- Instrumentation framework for Node.js compliant to ECMAScript 2020 based on GraalVM.☆54Updated last month
- ☆12Updated 2 years ago
- ☆17Updated 6 years ago
- CodeQL queries developed by Trail of Bits☆89Updated 2 months ago