ajinabraham / njsscanView external linksLinks
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
☆423Nov 14, 2024Updated last year
Alternatives and similar repositories for njsscan
Users that are interested in njsscan are comparing it to the libraries listed below
Sorting:
- nodejsscan is a static security code scanner for Node.js applications.☆2,545Oct 10, 2025Updated 4 months ago
- Generic SAST Library☆135Jun 17, 2025Updated 7 months ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,072Feb 8, 2026Updated last week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆865Sep 1, 2023Updated 2 years ago
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆14,074Feb 6, 2026Updated last week
- Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilit…☆553Apr 10, 2022Updated 3 years ago
- Awesome Node.js Security resources☆2,979Jan 16, 2026Updated 3 weeks ago
- Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure D…☆150Sep 4, 2020Updated 5 years ago
- Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in …☆206Jan 3, 2024Updated 2 years ago
- Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.☆1,299Updated this week
- ☆11Jan 6, 2020Updated 6 years ago
- Dependency Combobulator☆95Jan 10, 2024Updated 2 years ago
- Semgrep queries developed by Trail of Bits.☆474Nov 12, 2025Updated 3 months ago
- ☆57Jun 17, 2020Updated 5 years ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,731Updated this week
- ☆226Dec 18, 2025Updated last month
- Package verification for npm☆62Feb 12, 2022Updated 4 years ago
- OWASP ZAP add-on to detect reflected parameter vulnerabilities efficiently☆12Feb 19, 2021Updated 4 years ago
- Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.☆2,555Updated this week
- The Swiss Army knife for automated Web Application Testing☆2,324May 8, 2024Updated last year
- Open-Source Unified Vulnerability Management, DevSecOps & ASPM☆4,511Updated this week
- A front-end JavaScript toolkit for creating DNS rebinding attacks.☆45Jun 19, 2018Updated 7 years ago
- This Burp Suite extension enables the generation of shareable links to specific requests which other Burp Suite users can import.☆12May 20, 2022Updated 3 years ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,411Jun 17, 2025Updated 7 months ago
- scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.☆4,066Jan 25, 2026Updated 3 weeks ago
- Find cloud assets that no one wants exposed 🔎 ☁️☆349Jul 20, 2020Updated 5 years ago
- ☆72Nov 20, 2017Updated 8 years ago
- A collection of my Semgrep rules☆51Jul 4, 2023Updated 2 years ago
- mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swif…☆738Jan 31, 2026Updated 2 weeks ago
- Prototype Pollution and useful Script Gadgets☆1,581Jan 27, 2024Updated 2 years ago
- A security focused static analysis tool for Android and Java applications.☆1,210Updated this week
- DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source☆109Nov 18, 2019Updated 6 years ago
- Scan your code for security misconfiguration, search for passwords and secrets.☆653Jun 23, 2023Updated 2 years ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers…☆136Updated this week
- ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.☆2,239Jan 8, 2026Updated last month
- Azure DevOps Services Attack Toolkit☆150Mar 15, 2025Updated 10 months ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆139Sep 14, 2021Updated 4 years ago
- "HeaderScan" Burp Plugin☆16Apr 26, 2014Updated 11 years ago
- Apache Solr Injection Research☆579Jan 28, 2020Updated 6 years ago