Javascript
Explore 58 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A JavaScript security scanning platform that detects exposed secrets, API keys, and vulnerabilities in JavaScript files through continuous monitoring and automated discovery.
A JavaScript security scanning platform that detects exposed secrets, API keys, and vulnerabilities in JavaScript files through continuous monitoring and automated discovery.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.
A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
A collection of XSS payloads designed to turn alert(1) into P1
A collection of XSS payloads designed to turn alert(1) into P1
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A Burp Suite extension that passively scans JavaScript files to discover endpoint links and potential attack surfaces in web applications.
A Burp Suite extension that passively scans JavaScript files to discover endpoint links and potential attack surfaces in web applications.
A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.
A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.
A tool to search for Sentry config on a page or in JavaScript files and check for blind SSRF
A tool to search for Sentry config on a page or in JavaScript files and check for blind SSRF
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
JavaScript library scanner and SBOM generator
Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.
Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.
Retraced is an audit logging solution that provides compliant, searchable audit trails for applications with client libraries for Go and JavaScript.
Hapi is a Node.js web application framework that provides built-in functionality for building scalable server-side applications and APIs with security features and plugin architecture.
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.
AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.
AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.
A honeypot for remote file inclusion (RFI) and local file inclusion (LFI) using fake URLs to catch scanning bots and malwares.
NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.
NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.
A JavaScript steganography module that hides encrypted secrets within text using invisible Unicode characters for covert communication across web platforms.
A JavaScript steganography module that hides encrypted secrets within text using invisible Unicode characters for covert communication across web platforms.
A Node.js library for validating environment variables and providing immutable access to configuration values in applications.
A Node.js library for validating environment variables and providing immutable access to configuration values in applications.
Report on a malicious module posing as a cookie parsing library on npm blog archive.
Report on a malicious module posing as a cookie parsing library on npm blog archive.
A set of tools for securing JavaScript projects against software supply chain attacks.
A set of tools for securing JavaScript projects against software supply chain attacks.
A HackerOne-managed bug bounty program dedicated to identifying and fixing security vulnerabilities in the Node.js ecosystem.
A HackerOne-managed bug bounty program dedicated to identifying and fixing security vulnerabilities in the Node.js ecosystem.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.
A Fastify plugin that implements HTTP security headers through a wrapper around the helmet library to protect web applications from common vulnerabilities.
A Fastify plugin that implements HTTP security headers through a wrapper around the helmet library to protect web applications from common vulnerabilities.
Statistical renaming, Type inference, and Deobfuscation tool for JavaScript code.
Statistical renaming, Type inference, and Deobfuscation tool for JavaScript code.
Detect users' operating systems and perform redirection with Apache mod_rewrite.
Detect users' operating systems and perform redirection with Apache mod_rewrite.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
A low interaction client honeypot that detects malicious websites using signature, anomaly and pattern matching techniques with automated URL collection and JavaScript analysis capabilities.
UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.
UglifyJS 3 is a JavaScript toolkit that provides parsing, minification, compression, and beautification capabilities for JavaScript code optimization and processing.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A command-line tool that scans websites to detect publicly known security vulnerabilities in frontend JavaScript libraries using Snyk's vulnerability database.
A command-line tool that scans websites to detect publicly known security vulnerabilities in frontend JavaScript libraries using Snyk's vulnerability database.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
A Fastify plugin that provides utilities and middleware to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.
A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.
DOMPurify is a fast XSS sanitizer for HTML, MathML, and SVG.
A tool that reveals invisible links within JavaScript files
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Phish Report is inaccessible without JavaScript and cookies enabled.
Phish Report is inaccessible without JavaScript and cookies enabled.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.
Developer documentation providing REST API and SDK resources for ThreatConnect platform integration across Python, Java, and JavaScript environments.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.
Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.
Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
A javascript malware analysis tool with backend code execution.
A Node.js Ebook by GENTILHOMME Thomas, covering Node.js development and resources
A Node.js Ebook by GENTILHOMME Thomas, covering Node.js development and resources
A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.
A CLI tool that performs security assessments on Joi validator schemas by testing them against various attack vectors including XSS, SQL injection, RCE, and SSRF.
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
FingerprintJS is a client-side browser fingerprinting library that provides a unique visitor identifier unaffected by incognito mode.
FingerprintJS is a client-side browser fingerprinting library that provides a unique visitor identifier unaffected by incognito mode.
A comprehensive mind map diagram summarizing Javascript syntax and concepts in a single picture.
A comprehensive mind map diagram summarizing Javascript syntax and concepts in a single picture.
A comprehensive guide to Python 3 syntax, features, and resources in a single image.
A comprehensive guide to Python 3 syntax, features, and resources in a single image.