sola-da / ReDoS-vulnerabilities
A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-concept exploit, showing how the slowdown may occur. The resources in this repository are provided for research purpose only. Please read below for more details.
☆58Updated 6 years ago
Related projects ⓘ
Alternatives and complementary repositories for ReDoS-vulnerabilities
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]☆42Updated 4 months ago
- HTML5 WebSocket message fuzzer☆143Updated 5 years ago
- A fuzzing library in JavaScript. ✨☆117Updated 3 weeks ago
- X41 Browser Security White Paper - Tools and PoCs☆184Updated 7 years ago
- ☆29Updated 5 years ago
- Fuzz testing: Beginner's guide☆77Updated 6 months ago
- A tool for detecting regular expression denial-of-service vulnerabilities in Android apps.☆33Updated 8 years ago
- An extensible, heuristic-based vulnerability scanning tool for installed npm packages☆50Updated 3 years ago
- JWT fuzzer☆104Updated 6 years ago
- A Node.js vulnerability finding tool.☆95Updated 4 years ago
- ☆70Updated 6 years ago
- JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing.☆98Updated 5 years ago
- ☆122Updated 3 years ago
- ZIP File Raider - Burp Extension for ZIP File Payload Testing☆70Updated 4 years ago
- This test suite contains over 40 different test cases that have proven to work with different mobile browsers in my research or testing S…☆31Updated 5 years ago
- ☆18Updated 5 years ago
- Hunt Open MongoDB instances☆78Updated 5 years ago
- Scripts and auxiliary files for fuzzing PHP's unserialize function☆43Updated 7 years ago
- ☆159Updated 6 years ago
- A regular expression fuzzer.☆42Updated 6 years ago
- Automatically exported from code.google.com/p/ra2-dom-xss-scanner☆29Updated 8 years ago
- Automate common Chrome Debug Protocol tasks to help debug web applications from the command-line and actively monitor and intercept HTTP …☆73Updated 3 years ago
- Growing list of potentially dangerous PHP functions☆52Updated 5 years ago
- CTF Write-ups☆26Updated 5 years ago
- Nodejs application intentionally vulnerable to SSRF☆41Updated last year
- Repo for CSAW CTF 2018 Finals challenges☆56Updated 5 years ago
- Time Trial - A tool for performing feasibility analyses of timing attacks☆83Updated 10 years ago
- Repository to showcase various configuration recipes with various technologies☆35Updated last year
- A front-end JavaScript toolkit for creating DNS rebinding attacks.☆45Updated 6 years ago
- PoC for leaking text nodes via CSS injection☆35Updated 6 years ago