leaky-forms / leaky-forms-crawler
Puppeteer based crawler to measure email and password exfiltration
☆21Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for leaky-forms-crawler
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆40Updated last year
- List of periodically validated public DNS resolvers☆23Updated this week
- XS-Leak Browser Test Suite☆73Updated 11 months ago
- ☆27Updated 3 weeks ago
- ☆15Updated 3 years ago
- Find XS-Leaks in the browser by diffing DOM-Graphs in two states☆14Updated 11 months ago
- Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale☆67Updated 2 years ago
- Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"☆12Updated last month
- Chrome extension that lists Amazon S3 Buckets while browsing☆78Updated 3 weeks ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆100Updated last week
- A collection of my Semgrep rules☆47Updated last year
- Using EPUBs for the semi-automated evaluation of security and privacy implications of EPUB reading systems.☆30Updated 2 years ago
- ☆69Updated 3 years ago
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆43Updated last week
- apkizer is a mass downloader for android applications for all available versions.☆46Updated 3 years ago
- WebSocket Connection Smuggler☆44Updated 2 years ago
- swagroutes is a command-line tool that extracts and lists API routes from Swagger files in YAML or JSON format.☆54Updated last year
- Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.☆29Updated 2 years ago
- Finds the End-Points in JavaScript files☆88Updated 3 years ago
- Searcher for cross-site leaks (XS-Leaks)☆81Updated last year
- Collection of wordlists containing dangerous function calls in many languages☆22Updated 3 weeks ago
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)☆39Updated 3 months ago
- Let's check if your target is vulnerable for client side prototype pollution.☆63Updated 10 months ago
- Subdomain enumeration using Cloudflare's scanning tool.☆40Updated last year
- Collection of CVEs from Sick Codes, or collaborations on https://sick.codes security research & advisories.☆85Updated 2 years ago
- Wrapper around LinkFinder to quickly determine whether endpoints have been added/removed to JavaScript files.☆40Updated 4 years ago
- Get URLs from the Wayback Machine. Able to handle large outputs.☆22Updated last year
- Prototype Pollution in JavaScript☆75Updated 2 years ago
- Python script implementing the favicon hash trick to find subdomains.☆26Updated last year