ajinabraham / njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
☆370Updated 5 months ago
Related projects: ⓘ
- Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilit…☆506Updated 2 years ago
- JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.☆224Updated this week
- Security Auditor Utility for GraphQL APIs☆346Updated last week
- nodejsscan is a static security code scanner for Node.js applications.☆2,375Updated last month
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆790Updated last year
- DOM XSS scanner for Single Page Applications☆394Updated 2 months ago
- Damn Vulnerable NodeJS Application☆695Updated 5 months ago
- A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of se…☆443Updated 3 weeks ago
- Audits an NPM package.json file to identify known vulnerabilities.☆223Updated 3 months ago
- graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology…☆540Updated last week
- A Broken Application - Very Vulnerable!☆120Updated this week
- Check any website (or set of websites) for insecure security headers.☆232Updated last year
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,519Updated 2 months ago
- Semgrep rules registry☆773Updated this week
- Delightful Node.js packages useful for penetration testing, exploiting, reverse engineer, cryptography ...☆417Updated 3 years ago
- NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.☆351Updated 2 years ago
- Research on GraphQL from an AppSec point of view.☆405Updated last year
- Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure D…☆145Updated 4 years ago
- Zap baseline scanner in Docker with authentication☆104Updated 4 months ago
- Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an outp…☆451Updated last year
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆684Updated last month
- GraphQL automated security testing toolkit☆296Updated 6 months ago
- Scan your code for security misconfiguration, search for passwords and secrets.☆633Updated last year
- Repo for all the OWASP-SKF Docker lab examples☆431Updated last month
- a Damn Vulnerable Serverless Application☆532Updated last year
- GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations☆273Updated 9 months ago
- A starter secure code review checklist☆175Updated 5 years ago
- A Node.js vulnerability finding tool.☆95Updated 3 years ago
- threatspec - continuous threat modeling, through code☆327Updated 3 years ago
- Generic SAST Library☆123Updated 2 months ago