sola-da / ReDoS-vulnerabilitiesLinks
A list of ReDoS vulnerabilities in npm modules found by the Software Lab at TU Darmstadt. For each vulnerability, there is a proof-of-concept exploit, showing how the slowdown may occur. The resources in this repository are provided for research purpose only. Please read below for more details.
☆59Updated 7 years ago
Alternatives and similar repositories for ReDoS-vulnerabilities
Users that are interested in ReDoS-vulnerabilities are comparing it to the libraries listed below
Sorting:
- Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]☆42Updated last year
- A tool for detecting regular expression denial-of-service vulnerabilities in Android apps.☆34Updated 9 years ago
- An extensible, heuristic-based vulnerability scanning tool for installed npm packages☆50Updated 3 years ago
- This test suite contains over 40 different test cases that have proven to work with different mobile browsers in my research or testing S…☆30Updated 5 years ago
- Repository to showcase various configuration recipes with various technologies☆36Updated 2 years ago
- HTML5 WebSocket message fuzzer☆146Updated 6 years ago
- Automatically Preventing Code Injection Attacks on Node.js☆78Updated 3 years ago
- Fuzz testing: Beginner's guide☆76Updated last year
- A fuzzing library in JavaScript. ✨☆118Updated last month
- Another web fuzzer written in NodeJS☆58Updated 7 years ago
- A front-end JavaScript toolkit for creating DNS rebinding attacks.☆45Updated 7 years ago
- OWASP WAP - Web Application Protection Project☆11Updated 5 years ago
- XSS in pastebin.com and reddit.com via unsanitized markdown output☆87Updated 7 years ago
- RegEx Denial of Service (ReDos) Scanner☆163Updated 7 years ago
- CVE-2018-6574 POC : golang 'go get' remote command execution during source code build☆24Updated 3 years ago
- Fuzz testing framework for network protocols.☆17Updated 5 years ago
- ☆71Updated 7 years ago
- BlindRef serves as the basis for an automated Blind-Based XXE Exploitation Framework☆26Updated 8 years ago
- CodeIgniter <=2.1.4 session cookie decryption vulnerability☆39Updated 8 years ago
- Dockerfile for AFL++ and helpful other tools☆21Updated 5 years ago
- Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.☆140Updated 9 months ago
- An investigative study on the security and privacy aspects of Progressive Web Apps☆19Updated 6 years ago
- X41 Browser Security White Paper - Tools and PoCs☆184Updated 7 years ago
- Symbolic execution inspired PHP application scanner for code-path discovery☆32Updated 6 years ago
- Nodejs application intentionally vulnerable to SSRF☆41Updated 2 years ago
- A Node.js vulnerability finding tool.☆95Updated 4 years ago
- Transparently log all data passed into known JavaScript sinks - Sink Logger extension for Burp.☆49Updated 2 years ago
- ZIP File Raider - Burp Extension for ZIP File Payload Testing☆71Updated 4 years ago
- Docker based Wargame Platform - To practice your CTF skills☆32Updated 8 years ago
- Elasticsearch 1.4.0 < 1.4.2 Remote Code Execution exploit and vulnerable container☆33Updated 7 years ago