skepticfx/hookish

Stars
162
Rank 232,284 (Top 5 %)
Language
JavaScript
License
MIT License
Created almost 10 years ago
Updated 3 months ago

skepticfx/hookish

skepticfx

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Hooks in to interesting functions and helps reverse the web app faster.

Hookish!

Hooks in to interesting functions and helps reverse the web app faster.

Get it from the Chrome Store

Tweet me @skeptic_fx to improve Hookish! if you feel that something makes sense.

Features:

Hook multiple DOM sources and sinks
Hook XHR requests and responses
Unsafe anchor tags (target=_blank)
Hook WebSocket responses.
Show function call trace.

License

The MIT License

Copyright (c) Ahamed Nafeez [email protected]

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, inclu ding without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

wshook

Easily intercept and modify WebSocket requests and message events.

arpjs

Send ARP packets and read ARP tables using Javascript

damnvulnerable.me

A deliberately vulnerable modern day app with lots of DOM related bugs

domstorm

A dashboard for interesting DOM tricks/techniques.

subquest

Fast, Elegant subdomain scanner using nodejs

tlsjack

A simple TLS forwarder that lets you intercept traffic and play with them.

fuzzcat

Fuzzing web services in style with nodejs

voracle

Compression Oracle Attack on OpenVPN

mitmjs

Be a Man-In-The-Middle between two hosts

node-radamsa

A simple, synchronous, pipe to Radamsa tool from your nodejs programs.

tlsscan

Testing TLS servers for weakness

seclint

A javascript dom security linter

git-watchdog

I collect post-receive from GitHub and alert you on security errors

dosa

A Javascript transpiler for instrumentation

symtable.js

An imperative symbol table library in JavaScript

esflow

Elegant, Fast JavaScript static security analyzer for finding issues like DOM XSS.

node-xstream

Duplex streams that can do operations

PoC-Stack-for-TCP-Simultaneous-Connection

Acts as a TCP Stack which handles SYN , SYN-ACK and responds with a New SYN . Part of the research work on the concept of mitigating DoS attacks using simultaneous connection initiation.

uglify-ast

All about the UglifyJS AST

insecure-commits-test

A test repo which frequently commits insecure code patterns.

tlsecho

A simple TLS echo server

temp-travis-test

A temporary repo to test Travis with custom binaries

mask

Tiny text masking utility

domato-fuzzer.skepticfx.com

The Domato Fuzzer but as an HTTP endpoint

dotfiles