SAP / project-foxhound
A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla/gecko-dev). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.
☆89Updated 2 weeks ago
Alternatives and similar repositories for project-foxhound:
Users that are interested in project-foxhound are comparing it to the libraries listed below
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆105Updated 3 months ago
- Find XS-Leaks in the browser by diffing DOM-Graphs in two states☆14Updated last month
- Testability Pattern Catalogs for SAST☆29Updated 3 weeks ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆45Updated last year
- XS-Leaks Wiki☆156Updated last month
- XS-Leak Browser Test Suite☆77Updated last year
- Source code for ACM CCS 2020 Paper PMForce: Systematically Analyzing postMessage Handlers at Scale☆17Updated 3 years ago
- ☆31Updated 5 months ago
- Home page of project "KB"☆119Updated this week
- Modular static malicious JavaScript detection system☆69Updated 4 years ago
- This is the repository for JÄk. I created it as prototype during my masterthesis.☆30Updated 7 years ago
- OSS-Fuzz vulnerabilities for OSV.☆150Updated this week
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebas…☆141Updated last year
- List of Trusted Types bypasses☆90Updated 10 months ago
- A Node.js vulnerability finding tool.☆96Updated 4 years ago
- Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale☆72Updated 3 years ago
- ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.☆152Updated last year
- Security Crawl Maze is a comprehensive testbed for web security crawlers. It contains pages representing many ways in which one can link …☆159Updated last year
- A curated list of awesome browser security learning material.☆139Updated 2 years ago
- A framework for the detection of COSI vulnerabilities / XS-Leaks☆12Updated last year
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆64Updated last year
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆48Updated 4 months ago
- Grammar-based HTTP/1 fuzzer with mutation ability☆247Updated 4 months ago
- ☆17Updated 6 years ago
- FUGIO: Automatic Exploit Generation for PHP Object Injection Vulnerabilities☆95Updated last year
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆75Updated last month
- Searcher for cross-site leaks (XS-Leaks)☆82Updated 2 years ago
- CodeQL queries developed by Trail of Bits☆89Updated 2 months ago
- Fuzz Introspector -- introspect, extend and optimise fuzzers☆404Updated this week
- Generic SAST Library☆130Updated 4 months ago