SAP / project-foxhound
A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla/gecko-dev). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.
☆89Updated this week
Alternatives and similar repositories for project-foxhound:
Users that are interested in project-foxhound are comparing it to the libraries listed below
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆105Updated 3 months ago
- Source code for ACM CCS 2020 Paper PMForce: Systematically Analyzing postMessage Handlers at Scale☆17Updated 3 years ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆45Updated last year
- Testability Pattern Catalogs for SAST☆29Updated last month
- XS-Leak Browser Test Suite☆78Updated last year
- Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale☆74Updated 3 years ago
- ☆31Updated 5 months ago
- Modular static malicious JavaScript detection system☆69Updated 4 years ago
- OSS-Fuzz vulnerabilities for OSV.☆149Updated this week
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆153Updated last year
- XS-Leaks Wiki☆157Updated last month
- ☆83Updated 9 months ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆142Updated last year
- Home page of project "KB"☆121Updated this week
- Find XS-Leaks in the browser by diffing DOM-Graphs in two states☆14Updated 2 months ago
- Manager of third-party sources of Semgrep rules 🗂☆81Updated 8 months ago
- Grammar-based HTTP/1 fuzzer with mutation ability☆248Updated 5 months ago
- A curated list of awesome browser security learning material.☆140Updated 2 years ago
- Performant taint analysis for Node.js☆49Updated 7 months ago
- Searcher for cross-site leaks (XS-Leaks)☆81Updated 2 years ago
- ☆184Updated 4 months ago
- Generic SAST Library☆130Updated 4 months ago
- A Node.js vulnerability finding tool.☆96Updated 4 years ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆64Updated last year
- FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulati…☆287Updated 2 years ago
- Grammar-based HTTP/2 fuzzer with mutation ability☆43Updated 2 years ago
- TaintFlow, a framework for JavaScript dynamic information flow analysis.☆17Updated 2 years ago
- ☆186Updated last year
- Post Processor for Facebook Static Analysis Tools.☆138Updated this week
- Instrumentation framework for Node.js compliant to ECMAScript 2020 based on GraalVM.☆54Updated 2 months ago