ODGen is a JavaScript Static Analysis tool to detect multiple types of vulnerabilities in Node.js packages.

Official ECMAScript Conformance Test Suite

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Performant prototype pollution gadgets detection tool for Node.js applications.

Ollama JavaScript library

Minimal keyword extraction with BERT

A Node.js vulnerability finding tool.

Interact with your documents using the power of GPT, 100% privately, no data leaks

Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js

TC39 proposal for mitigating prototype pollution

A constraint solver abstraction layer for Java

Node.js wrappers for SMT-Lib 2.0

Instrumentation framework for Node.js compliant to ECMAScript 2020 based on GraalVM.

Performant taint analysis for Node.js

Static detection tool for runc and Docker "Leaky Vessels" vulnerabilities

a project repository for a paper

Automatically Preventing Code Injection Attacks on Node.js

Content released at NorthSec 2018 for my talk on prototype pollution

TaintFlow, a framework for JavaScript dynamic information flow analysis.

Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.

String validation

Challenges for Binary Exploitation Workshop

An open and flexible framework for developing enclave applications

Private npm repository server

Prototype Pollution and useful Script Gadgets

get popular npm packages

Install package programmatically.