SAP / project-foxhoundLinks
A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla-firefox/firefox). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.
☆120Updated 2 weeks ago
Alternatives and similar repositories for project-foxhound
Users that are interested in project-foxhound are comparing it to the libraries listed below
Sorting:
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆111Updated 2 weeks ago
- Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale☆76Updated 3 years ago
- Modular static malicious JavaScript detection system☆71Updated 4 years ago
- XS-Leaks Wiki☆169Updated 3 months ago
- XS-Leak Browser Test Suite☆85Updated last year
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆51Updated last year
- Find XS-Leaks in the browser by diffing DOM-Graphs in two states☆16Updated 8 months ago
- ☆34Updated 11 months ago
- Testability Pattern Catalogs for SAST☆31Updated 7 months ago
- Source code for ACM CCS 2020 Paper PMForce: Systematically Analyzing postMessage Handlers at Scale☆18Updated 4 years ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆151Updated last year
- Discovered Data and Source Code☆10Updated 4 months ago
- A Node.js vulnerability finding tool.☆96Updated last month
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆155Updated last year
- Grammar-based HTTP/1 fuzzer with mutation ability☆255Updated 10 months ago
- Static JavaScript Analysis: AST, Control Flow, Data Flow, & Pointer Analysis☆28Updated 3 years ago
- List of Trusted Types bypasses☆102Updated last year
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆34Updated 3 weeks ago
- YuraScanner☆51Updated 7 months ago
- Generic SAST Library☆132Updated 3 months ago
- Fuzz Introspector -- introspect, extend and optimise fuzzers☆432Updated last week
- Performant taint analysis for Node.js☆55Updated last year
- CodeQL queries developed by Trail of Bits☆123Updated 2 weeks ago
- OSS-Fuzz vulnerabilities for OSV.☆162Updated this week
- Post Processor for Facebook Static Analysis Tools.☆143Updated 2 weeks ago
- ☆12Updated 2 years ago
- Grammar-based HTTP/2 fuzzer with mutation ability☆47Updated 3 years ago
- Trail of Bits Testing Handbook☆79Updated last month
- Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.☆119Updated last year
- A curated list of awesome browser security learning material.☆144Updated 2 years ago