• Stars
    star
    26
  • Rank 930,752 (Top 19 %)
  • Language
    Python
  • License
    GNU Affero Genera...
  • Created almost 6 years ago
  • Updated almost 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Exploit generator and Taint Engine to find persistent (and reflected) client-side XSS

More Repositories

1

GhostWrite

Proof-of-concept for the GhostWrite CPU bug.
C
100
star
2

CacheWarp

Proof-of-concept implementation for the paper "CacheWarp: Software-based Fault Injection using Selective State Reset" (USENIX Security 2024)
C
58
star
3

Security-RISC

Proof-of-concept implementation for the paper "A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs" (IEEE S&P 2023)
C
53
star
4

osiris

Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)
C++
52
star
5

browser-cpu-fingerprinting

This repository contains the code for our paper "Browser-based CPU Fingerprinting".
Jupyter Notebook
35
star
6

loop-DoS

Repository for application-layer loop DoS
Python
28
star
7

BranchDifferent

Implementation for the DIMVA'22 paper "Branch Different - Spectre Attacks on Apple Silicon"
C
26
star
8

Microarchitectural-Hash-Function-Recovery

Proof-of-concept implementation for the paper "Efficient and Generic Microarchitectural Hash-Function Recovery" (IEEE S&P 2024)
C++
25
star
9

mwait

Proof-of-concept implementation for the paper "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels" (USENIX Security'23)
C
20
star
10

indirect-meltdown

Proof-of-concept implementation for the paper "Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks" (ESORICS 2023)
C
20
star
11

full-domain-functional-bootstrap

C++
14
star
12

xs-observations

Code for our 2023 IEEE S&P Paper "The Leaky Web: Automated Discovery of Cross-Site Information Leaks in Browsers and the Web"
Jupyter Notebook
12
star
13

ampfuzz

Fuzzer for Amplification Vulnerabilities (USENIX '22, Krupp et al)
C++
11
star
14

hammulator

Proof-of-concept implementation for the paper "Hammulator: Simulate Now - Exploit Later" (DRAMSec 2023)
C
11
star
15

regcheck

Proof-of-concept implementation for the paper "Reviving Meltdown 3a" (ESORICS 2023)
C
11
star
16

Switchpoline

Proof-of-concept implementation for the paper "Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8" (AsiaCCS 2024)
C++
9
star
17

http-conformance

Code for our 2024 ACM AsiaCCS Paper "Who's Breaking the Rules? Studying Conformance to the HTTP Specifications and its Security Impact"
Python
9
star
18

gdpr-consent

Code for our paper: "Share First, Ask Later (or Never?) - Studying Violations of GDPR's Explicit Consent in Android Apps"
Python
8
star
19

login-security-landscape

Code for our 2024 IEEE S&P Paper "To Auth or Not To Auth? A Comparative Analysis of the Pre- and Post-Login Security Landscape"
TypeScript
8
star
20

micsec-training

The material for the hands-on session "Turning Timing Differences into Data Leakage" at Mic-Sec 2022
C
3
star
21

IRQGuard

C
3
star
22

cascading-spy-sheets

This repository contains the artifact for our paper "Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting" published at NDSS 2025.
HTML
2
star
23

framing-control-proxy

A server-side proxy to convert X-Frame-Options into CSP frame-ancestors and vice versa.
Python
2
star
24

the-security-lottery

This repository contains our code for the data collection and analysis. It is a product of our work published at the 31st USENIX Security Symposium 2022.
Python
2
star
25

bitahoy

Python
2
star
26

artist

1
star
27

framing-control-analytics

Analysis Library used for the paper "A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web"
Python
1
star
28

12-angry-developers-web-applications

This repository contains our code for each version (programming language) for the Coding Task. It is a product of our work published at the 28th ACM Conference on Computer and Communications Security (CCS) in 2021.
HTML
1
star
29

consent-notices

Python
1
star
30

DNS-Applayer-DDoS-Protection

Code and datasets for protecting DNS infrastructures against application-layer DDoS attacks (EuroS&P '23 paper)
Rust
1
star