sola-da / ReDoS-vulnerabilities
A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-concept exploit, showing how the slowdown may occur. The resources in this repository are provided for research purpose only. Please read below for more details.
☆58Updated 6 years ago
Related projects ⓘ
Alternatives and complementary repositories for ReDoS-vulnerabilities
- HTML5 WebSocket message fuzzer☆144Updated 5 years ago
- Fuzz testing: Beginner's guide☆77Updated 7 months ago
- Automatically Preventing Code Injection Attacks on Node.js☆78Updated 2 years ago
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]☆42Updated 4 months ago
- Fuzz testing framework for network protocols.☆16Updated 4 years ago
- OWASP WAP - Web Application Protection Project☆11Updated 5 years ago
- ☆16Updated 6 years ago
- Repository to showcase various configuration recipes with various technologies☆35Updated last year
- A tool for detecting regular expression denial-of-service vulnerabilities in Android apps.☆33Updated 8 years ago
- ☆70Updated 7 years ago
- A front-end JavaScript toolkit for creating DNS rebinding attacks.☆45Updated 6 years ago
- An extended Node.js runtime with additional security mechanisms built-in. Protects your Node.js applications from injection attacks such …☆31Updated 3 years ago
- ☆18Updated 5 years ago
- Symbolic execution inspired PHP application scanner for code-path discovery☆30Updated 5 years ago
- This test suite contains over 40 different test cases that have proven to work with different mobile browsers in my research or testing S…☆31Updated 5 years ago
- ☆20Updated 8 years ago
- ☆23Updated 5 years ago
- ZIP File Raider - Burp Extension for ZIP File Payload Testing☆70Updated 4 years ago
- ☆29Updated 5 years ago
- Dockerfile for AFL++ and helpful other tools☆21Updated 4 years ago
- HTTPWookiee is an HTTP server and proxy stress tool (respect of RFC, HTTP Smuggling issues, etc). If you run an HTTP server project conta…☆49Updated 6 years ago
- CVE-2019-6467 (BIND nxdomain-redirect)☆26Updated 5 years ago
- Another web fuzzer written in NodeJS☆58Updated 6 years ago
- A Node.js vulnerability finding tool.☆95Updated 4 years ago
- Scripts and auxiliary files for fuzzing PHP's unserialize function☆43Updated 7 years ago
- Exploitation challenges for CTF☆62Updated 6 years ago
- ☆122Updated 3 years ago
- Funny project to create an encoder/obfuscator that converts any javascript code into a code that only consist of /[a-z().]/ characters☆76Updated 5 years ago
- A deliberately vulnerable modern day app with lots of DOM related bugs☆36Updated 5 years ago
- A tool to perform static analysis on regexes to determine whether they are vulnerable to ReDoS.☆110Updated 2 years ago