SoheilKhodayari / JAWView external linksLinks
JAW: A Graph-based Security Analysis Framework for Client-side JavaScript
☆117Sep 10, 2025Updated 5 months ago
Alternatives and similar repositories for JAW
Users that are interested in JAW are comparing it to the libraries listed below
Sorting:
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆60Dec 18, 2025Updated last month
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆57Oct 25, 2023Updated 2 years ago
- A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozi…☆159Feb 9, 2026Updated last week
- Testability Pattern Catalogs for SAST☆32Feb 18, 2025Updated 11 months ago
- YuraScanner☆73Feb 13, 2025Updated last year
- Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale☆79Nov 23, 2021Updated 4 years ago
- MDG-based static vulnerability scanner specialized in analyzing npm packages and detecting taint-style and prototype pollution vulnerabil…☆22Dec 10, 2025Updated 2 months ago
- A blazing fast and fully configurable Blind SQL Injection optimization and automation framework.☆141Jun 7, 2025Updated 8 months ago
- ☆31May 1, 2025Updated 9 months ago
- Mini-program Cross Page Request Forgery (MiniCPRF) Analysis Tool.☆18Oct 30, 2024Updated last year
- ObjLupAnsys is a tool to detect prototype pollution vulnerabilities in Node.js packages. This project is written in Python and JavaScript…☆26Nov 30, 2021Updated 4 years ago
- Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to s…☆18Jan 30, 2025Updated last year
- ☆18Oct 15, 2024Updated last year
- Artifacts of the paper "Arcanum: Detecting and Evaluating the Privacy Risks of Browser Extensions on Web Pages and Web Content" in USENIX…☆17Aug 9, 2024Updated last year
- Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis☆82Mar 19, 2024Updated last year
- MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps.☆31Dec 2, 2024Updated last year
- 🐛 A list of writeups from the MSRC (Microsoft) Bug Bounty program☆31Oct 29, 2025Updated 3 months ago
- Modular static malicious JavaScript detection system☆75Jan 18, 2021Updated 5 years ago
- HTML Universal Identifier☆65Dec 15, 2024Updated last year
- ☆56Aug 26, 2021Updated 4 years ago
- Perform file-based malware scan on your on-prem servers with AWS☆14Oct 31, 2023Updated 2 years ago
- 基于JavaFX框架做的一款安卓漏洞分析桌面软件,采用了反编译技术与静态分析技术,上传apk包即可分析APP可能包含的风险。☆14Nov 23, 2022Updated 3 years ago
- Android webviews and securiy☆23Sep 18, 2025Updated 4 months ago
- burp suite插件☆13Jul 9, 2023Updated 2 years ago
- Mass Assigner is a simple tool made to probe for mass assignment vulnerability through JSON field modification in HTTP requests☆15Jun 22, 2024Updated last year
- Discovered Data and Source Code☆10May 5, 2025Updated 9 months ago
- ☆10Sep 25, 2024Updated last year
- A CLI tool (and library) written in Go to simplify the process of retrieving IP addresses from infrastructure hosted on Google Cloud Plat…☆11Nov 20, 2025Updated 2 months ago
- TP-Framework: Testability Pattern Framework for SAST☆15May 10, 2024Updated last year
- Static JavaScript Analysis: AST, Control Flow, Data Flow, & Pointer Analysis☆28Feb 26, 2022Updated 3 years ago
- Apple PCC research☆16Mar 14, 2025Updated 11 months ago
- Automatically fuzz Rust projects from scratch☆59Jul 8, 2025Updated 7 months ago
- some fun php exploits☆81Nov 12, 2024Updated last year
- ☆92Jun 21, 2024Updated last year
- A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors☆90Feb 3, 2024Updated 2 years ago
- SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool☆57Dec 29, 2024Updated last year
- Automated JavaScript Debugging Tool using CDP - Automatically sets breakpoints for specified strings/patterns in JavaScript code☆96Dec 22, 2024Updated last year
- ☆27Jun 7, 2022Updated 3 years ago
- An Evil OIDC Server☆53Oct 19, 2022Updated 3 years ago