39 tools and resources
A collection of XSS payloads designed to turn alert(1) into P1
An interactive multi-user web JS shell
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A Burp extension for scanning JavaScript files for endpoint links
A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.
A tool to search for Sentry config on a page or in JavaScript files and check for blind SSRF
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
JavaScript library scanner and SBOM generator
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
A tool to find S3 buckets from HTML, JS, and bucket misconfiguration testing
A honeypot for remote file inclusion (RFI) and local file inclusion (LFI) using fake URLs to catch scanning bots and malwares.
Cybersecurity project for security monitoring of Node.js applications.
StegCloak is a JavaScript steganography module for hiding secrets inside text using invisible characters.
Report on a malicious module posing as a cookie parsing library on npm blog archive.
A set of tools for securing JavaScript projects against software supply chain attacks.
Statistical renaming, Type inference, and Deobfuscation tool for JavaScript code.
A library of string validators and sanitizers.
Detect users' operating systems and perform redirection with Apache mod_rewrite.
JavaScript parser, minifier, compressor, and beautifier toolkit with simplified API and CLI.
Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.
A tool that reveals invisible links within JavaScript files
Python library and command line tools for log visualization with interactive plots.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Phish Report is inaccessible without JavaScript and cookies enabled.
A DFIR console integrating various cybersecurity tools and frameworks for efficient incident response.
A Python tool for in-depth PDF analysis and modification.
A detailed analysis of malicious packages and how they work
Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
A javascript malware analysis tool with backend code execution.
A Node.js Ebook by GENTILHOMME Thomas, covering Node.js development and resources
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
FingerprintJS is a client-side browser fingerprinting library that provides a unique visitor identifier unaffected by incognito mode.
A comprehensive mind map diagram summarizing Javascript syntax and concepts in a single picture.
A comprehensive guide to Python 3 syntax, features, and resources in a single image.
