SAP / project-foxhound
A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla/gecko-dev). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.
☆93Updated 3 weeks ago
Alternatives and similar repositories for project-foxhound:
Users that are interested in project-foxhound are comparing it to the libraries listed below
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆105Updated 4 months ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆45Updated last year
- Testability Pattern Catalogs for SAST☆30Updated 2 months ago
- Source code for ACM CCS 2020 Paper PMForce: Systematically Analyzing postMessage Handlers at Scale☆17Updated 3 years ago
- Modular static malicious JavaScript detection system☆69Updated 4 years ago
- Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale☆74Updated 3 years ago
- ☆31Updated 6 months ago
- XS-Leak Browser Test Suite☆80Updated last year
- Run CodeQL queries at scale using Multi-Repository Variant Analysis (MRVA)☆58Updated this week
- OSS-Fuzz vulnerabilities for OSV.☆151Updated this week
- XS-Leaks Wiki☆161Updated 2 months ago
- List of Trusted Types bypasses☆92Updated last year
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆49Updated 5 months ago
- Find XS-Leaks in the browser by diffing DOM-Graphs in two states☆15Updated 3 months ago
- CodeQL queries developed by Trail of Bits☆96Updated this week
- Grammar-based HTTP/2 fuzzer with mutation ability☆43Updated 2 years ago
- CodeQL workshops for GitHub Universe☆93Updated 2 years ago
- Static JavaScript Analysis: AST, Control Flow, Data Flow, & Pointer Analysis☆25Updated 3 years ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆142Updated last year
- Mayhem example templates for programming languages and fuzzers that you love!☆29Updated last year
- ☆17Updated 6 years ago
- YuraScanner☆38Updated 2 months ago
- A Node.js vulnerability finding tool.☆96Updated 4 years ago
- Grammar-based HTTP/1 fuzzer with mutation ability☆250Updated 5 months ago
- A curated list of awesome browser security learning material.☆141Updated 2 years ago
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆75Updated 3 weeks ago
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆154Updated last year
- Collection of community-driven CodeQL query, library and extension packs☆148Updated this week
- ☆44Updated 9 months ago
- ☆12Updated 2 years ago