DOM Clobbering Wiki, Browser Testing, and Payload Generation
☆62Dec 18, 2025Updated 6 months ago
Alternatives and similar repositories for DOMClobbering
Users that are interested in DOMClobbering are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆58Oct 25, 2023Updated 2 years ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆118Feb 13, 2026Updated 4 months ago
- Generate DOM clobbering attack vectors for you.☆35Jun 3, 2025Updated last year
- Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"☆16Dec 12, 2024Updated last year
- ☆45Sep 21, 2025Updated 9 months ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Find all libraries on cdn.js that pollute your prototype☆19Sep 1, 2022Updated 3 years ago
- Source code for ACM CCS 2020 Paper PMForce: Systematically Analyzing postMessage Handlers at Scale☆18May 17, 2021Updated 5 years ago
- Caido plugin for jxscout☆16Updated this week
- HTML Universal Identifier☆68Dec 15, 2024Updated last year
- TheHulk is a dynamic analysis tool designed to detect and exploit DOM Clobbering vulnerabilities.☆97Aug 25, 2025Updated 10 months ago
- Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security☆180Mar 25, 2026Updated 3 months ago
- A collection of Server-Side Prototype Pollution gadgets and exploits☆234Feb 6, 2025Updated last year
- public archive for corCTF 2022☆37Aug 16, 2022Updated 3 years ago
- Challenges and solutions for Maple CTF 2022.☆28Sep 15, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-icon☆16Jul 17, 2024Updated last year
- Stats about HTTP response security headers usage mentioned by the OSHP.☆16Jan 25, 2026Updated 5 months ago
- phpfuck: using only 5 different characters to write and execute php // (^.9)☆20Nov 26, 2021Updated 4 years ago
- CTF challenges I created 🚩☆83Mar 7, 2026Updated 3 months ago
- Secure DOM trees isolation and encapsulation leveraging ShadowDOM☆36Feb 17, 2025Updated last year
- ☆15Apr 25, 2025Updated last year
- HITCON 2023 x DEVCORE Wargame☆22Aug 24, 2023Updated 2 years ago
- Monorepo for challenges, infra, and theming for UIUCTF 2024 (https://2024.uiuc.tf/)☆17Jul 14, 2024Updated last year
- Pickle decompiler plugin for Radare2☆18Aug 6, 2023Updated 2 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- ☆35Jan 31, 2026Updated 5 months ago
- Challenges and write-ups for GCC-CTF 2024☆19Mar 3, 2024Updated 2 years ago
- Make your domain weird, but still works :/☆93Jan 4, 2023Updated 3 years ago
- WeCTF 2022 Source Code & Organizer's Writeup☆33Jun 12, 2022Updated 4 years ago
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆50Aug 31, 2025Updated 10 months ago
- ☆12Jan 10, 2024Updated 2 years ago
- Challenge repository for ACSC 2024☆13Apr 2, 2024Updated 2 years ago
- PWNable pyjail☆13Jan 13, 2025Updated last year
- static sites for blog.orange.tw☆22Jun 8, 2026Updated 3 weeks ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Writing PHP with only 5 characters☆38Mar 5, 2026Updated 4 months ago
- Installation guide for bWAPP on Kali Linux, Ubuntu, and Windows.☆16Sep 23, 2024Updated last year
- ☆16Apr 12, 2023Updated 3 years ago
- ☆11Dec 27, 2023Updated 2 years ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆42Jan 25, 2026Updated 5 months ago
- A toy compiler that can convert Python scripts 🐍 to pickle bytecode 🥒☆140Feb 20, 2023Updated 3 years ago
- Exploit for CVE-2024-0402 in Gitlab☆15Mar 18, 2025Updated last year