TheHulk is a dynamic analysis tool designed to detect and exploit DOM Clobbering vulnerabilities.
☆91Aug 25, 2025Updated 7 months ago
Alternatives and similar repositories for TheHulk
Users that are interested in TheHulk are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆48Aug 31, 2025Updated 6 months ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆57Oct 25, 2023Updated 2 years ago
- ☆14Feb 11, 2023Updated 3 years ago
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆61Dec 18, 2025Updated 3 months ago
- Awesome MXSS ??☆56Sep 30, 2024Updated last year
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- This repository contains a number of insecure self-hosted applications that allows interested security engineers to test vulnerabilities …☆26Apr 30, 2025Updated 10 months ago
- A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozi…☆164Feb 25, 2026Updated last month
- Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"☆14Dec 12, 2024Updated last year
- Legitimate bug bounty programs value ethical practices and provide clear rewards to researchers for identifying security flaws☆44Sep 22, 2024Updated last year
- Stats about HTTP response security headers usage mentioned by the OSHP.☆17Jan 25, 2026Updated 2 months ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆14Mar 31, 2025Updated 11 months ago
- ☆18Dec 2, 2018Updated 7 years ago
- How effective are LLMs in identifying and exploiting security vulnerabilities?☆69Feb 28, 2025Updated last year
- XS-Leak Browser Test Suite☆86Dec 19, 2023Updated 2 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- AI Substitutor is an extension for Burp Suite that uses AI functionality to substitute values of HTTP request parameters and headers.☆27Apr 30, 2025Updated 10 months ago
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆148Dec 9, 2024Updated last year
- A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…☆21Jan 20, 2025Updated last year
- My mobile writeups repository☆27Nov 19, 2025Updated 4 months ago
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.��☆779Dec 9, 2025Updated 3 months ago
- Self-hosted bug bounty programs that are "scammy" or unethical☆173Feb 10, 2026Updated last month
- Differential testing framework for HTTP implementations☆929Jan 21, 2026Updated 2 months ago
- ☆32May 1, 2025Updated 10 months ago
- Burp插件,转发处理☆14Jan 17, 2023Updated 3 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-…☆17Sep 26, 2025Updated 6 months ago
- ☆40Sep 21, 2025Updated 6 months ago
- Discovered Data and Source Code☆10May 5, 2025Updated 10 months ago
- Looks for parameters in urls☆34Oct 14, 2024Updated last year
- Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis (IEEE S&P 2024)☆15Oct 3, 2024Updated last year
- Automated JavaScript Debugging Tool using CDP - Automatically sets breakpoints for specified strings/patterns in JavaScript code☆96Dec 22, 2024Updated last year
- AFL++ using the Ball-Larus path profiling algorithm for coverage feedback☆15Oct 31, 2022Updated 3 years ago
- Awesome LLM for Cybersecurity☆12Nov 16, 2024Updated last year
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆75Jan 21, 2024Updated 2 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- 一款基于James Forshaw的.NET Remoting反序列化工具升级版在TypeFilterLevel.Low模式无文件payload任意代码执行poc的开发心得☆48Jan 23, 2025Updated last year
- Binary Only Thread Sanitizer☆18Aug 10, 2024Updated last year
- Downloader for Firefox/jsshell/Thunderbird builds for fuzzing.☆44Dec 11, 2025Updated 3 months ago
- Cracking V8 Math.random() from arbitrary bit leaks☆35Mar 16, 2026Updated last week
- Useful configurations for the DomLogger++ extension☆48Sep 7, 2024Updated last year
- ☆32Jan 24, 2025Updated last year
- FireProx written in Go☆20Apr 13, 2024Updated last year