sola-da / ReDoS-vulnerabilities
A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-concept exploit, showing how the slowdown may occur. The resources in this repository are provided for research purpose only. Please read below for more details.
☆59Updated 7 years ago
Alternatives and similar repositories for ReDoS-vulnerabilities:
Users that are interested in ReDoS-vulnerabilities are comparing it to the libraries listed below
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]☆43Updated 10 months ago
- A tool for detecting regular expression denial-of-service vulnerabilities in Android apps.☆34Updated 8 years ago
- A fuzzing library in JavaScript. ✨☆118Updated 6 months ago
- An extensible, heuristic-based vulnerability scanning tool for installed npm packages☆50Updated 3 years ago
- Fuzz testing: Beginner's guide☆76Updated last year
- Automatically Preventing Code Injection Attacks on Node.js☆78Updated 3 years ago
- A front-end JavaScript toolkit for creating DNS rebinding attacks.☆45Updated 6 years ago
- This novel black-box web vulnerability scanner attempts to infer the state machine of the web application.☆19Updated 5 years ago
- ☆17Updated 6 years ago
- Automate common Chrome Debug Protocol tasks to help debug web applications from the command-line and actively monitor and intercept HTTP …☆73Updated 3 years ago
- Dockerfile for AFL++ and helpful other tools☆21Updated 4 years ago
- ☆123Updated 3 years ago
- CVE-2018-6574 POC : golang 'go get' remote command execution during source code build☆24Updated 3 years ago
- HTML5 WebSocket message fuzzer☆145Updated 6 years ago
- A Node.js vulnerability finding tool.☆96Updated 4 years ago
- X41 Browser Security White Paper - Tools and PoCs☆185Updated 7 years ago
- HTTPWookiee is an HTTP server and proxy stress tool (respect of RFC, HTTP Smuggling issues, etc). If you run an HTTP server project conta…☆50Updated 7 years ago
- A Heroku-based web honeypot that can be used to create and monitor fake HTTP endpoints (i.e. honeytokens).☆64Updated 6 years ago
- Symbolic execution inspired PHP application scanner for code-path discovery☆32Updated 5 years ago
- A tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS.☆109Updated 2 years ago
- ZIP File Raider - Burp Extension for ZIP File Payload Testing☆71Updated 4 years ago
- TLS CBC Padding Oracle Checker☆52Updated 3 years ago
- A fully featured malware scanner for Linux desktops and servers.☆67Updated 2 years ago
- A regular expression fuzzer.☆43Updated 7 years ago
- An investigative study on the security and privacy aspects of Progressive Web Apps☆18Updated 6 years ago
- Hunt Open MongoDB instances☆78Updated 5 years ago
- Proof Of Concept of the BEAST attack against SSL/TLS CVE-2011-3389☆73Updated 6 years ago
- Write-Ups for CTF challenges☆11Updated 8 years ago
- ☆91Updated 6 years ago
- Vulners signature-base software version detection rules☆37Updated 3 years ago