SAP / project-foxhoundLinks
A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla-firefox/firefox). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.
☆116Updated 3 weeks ago
Alternatives and similar repositories for project-foxhound
Users that are interested in project-foxhound are comparing it to the libraries listed below
Sorting:
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆111Updated 8 months ago
- Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale☆76Updated 3 years ago
- ☆33Updated 10 months ago
- Modular static malicious JavaScript detection system☆71Updated 4 years ago
- Testability Pattern Catalogs for SAST☆31Updated 6 months ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆151Updated last year
- XS-Leaks Wiki☆169Updated 3 months ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆51Updated last year
- XS-Leak Browser Test Suite☆83Updated last year
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆155Updated last year
- Source code for ACM CCS 2020 Paper PMForce: Systematically Analyzing postMessage Handlers at Scale☆18Updated 4 years ago
- CodeQL queries developed by Trail of Bits☆112Updated 2 months ago
- YuraScanner☆48Updated 6 months ago
- Generic SAST Library☆132Updated 2 months ago
- Static JavaScript Analysis: AST, Control Flow, Data Flow, & Pointer Analysis☆28Updated 3 years ago
- Find XS-Leaks in the browser by diffing DOM-Graphs in two states☆16Updated 7 months ago
- OSS-Fuzz vulnerabilities for OSV.☆162Updated this week
- Discovered Data and Source Code☆10Updated 3 months ago
- TaintFlow, a framework for JavaScript dynamic information flow analysis.☆18Updated 2 years ago
- Performant taint analysis for Node.js☆55Updated last year
- A Node.js vulnerability finding tool.☆96Updated 3 weeks ago
- Securibench Micro is a benchmark for static analysis tools for security.☆26Updated 7 years ago
- ☆48Updated last year
- Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.☆119Updated last year
- Home page of project "KB"☆128Updated 5 months ago
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆78Updated last month
- ☆19Updated 6 years ago
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆33Updated 5 months ago
- ☆28Updated 3 years ago
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆218Updated this week