plaxx + javascript   195

The infamous issue of target _blank code
a site opened with target=_blank can run javascript to affect the loading site
html  vulnerability  target  javascript  security  appsec 
march 2018 by plaxx
Cycript
Cycript allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion.
(It also runs standalone on Android and Linux and provides access to Java, but without injection.)
iphone  android  mobile  dynamic  debugging  analysis  reverse-engineering  ios  objective-c  javascript 
january 2018 by plaxx
michenriksen/aquatone: A Tool for Domain Flyovers
AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface.
dns  discovery  recon  scanner  web  screenshot  bruteforce  opensource  ruby  javascript 
june 2017 by plaxx
Cheerio
Fast, flexible, and lean implementation of core jQuery designed specifically for the server.
js  alternative  javascript  jquery  dom  server  node 
june 2017 by plaxx
AnC - VUSec
In this project, we show that the limitations of ASLR is fundamental to how modern processors manage memory and build an attack that can fully derandomize ASLR from JavaScript without relying on any software feature.
security  javascript  attack  aslr 
april 2017 by plaxx
jQuery TwentyTwenty Plugin | Playground from ZURB
very nice slider over images to visualize differences between images
design  javascript  plugin  image  gallery  diff  visualization  jquery 
march 2017 by plaxx
Bower — a package manager for the web
package and dependency management for web-based projects
javascript  css  web  package  management  dependency  nodejs 
march 2017 by plaxx
Handlebars.js: Minimal Templating on Steroids
more secure because it doesn't allow complex logic
javascript  template  library  security 
january 2017 by plaxx
Retire.js
scans for vulnerable libraries in a website
js  security  javascript  check  library  outdated  web 
november 2016 by plaxx
beautify-web/js-beautify
there's a cli version already packaged in blackarch
javascript  pretty  tidy  beautifier  formatter  unpacker  reverse-engineering 
december 2015 by plaxx
Metalsmith
Very pluggable static site generator
website  generator  static  cms  javascript  nodejs 
august 2015 by plaxx
Jade - Template Engine
pure javascript template engine
html  template  javascript  nodejs 
july 2015 by plaxx
« earlier      
per page:    204080120160

related tags

3d  ado  advertising  ajax  alternative  analysis  android  angularjs  animation  anti-debug  antivirus  api  apps  appsec  architecture  art  article  ascii  aslr  asp  ast  async  asynchronous  attack  automation  backdoor  badge  beanshell  beautifier  beef  bindings  bitcoin  blog  bootstrap  botnet  bounty  browser  bruteforce  bug  build  bypass  c++  canonical  canvas  charts  cheatsheet  check  chrome  chromium  clang  cli  client  client-side  cloud  cloudflare  cms  code  collaboration  collection  color  communication  community  comparison  compiler  component  compression  config  console  cookies  couchdb  covert-channel  crawler  cross-platform  cryptography  csp  css  css3  cve-2017-0199  d3  D3.js  d3js  dashboard  data  database  dataformat  ddos  debug  debugging  decompiler  demo  deobfuscation  dependencies  dependency  deployment  design  desktop  detection  dev  developement  development  diagram  diff  discovery  discussion  dns  docker  documentation  documents  dom  domain  dos  dosbox  dot-net  drawio  dropbox  dynamic  earth  eclipse  editor  elastic-search  embedded  emulation  emulator  encoding  encryption  engine  entropy  eval  event-driven  evercookie  example  exfil  exploit  exploit-kit  exploits  exploration  express  extension  fast  favicon  Fileformat  filesharing  firebug  firefox  flash  fork  form  formatter  forum  framework  fraud  front-end  fun  functional  funny  fuzzer  gallery  game  games  garbage-collection  gcc  gdocs  gecko  generator  geo  github  google  graph  graphics  graphs  groovy  gui  gwt  haxe  headless  highlight  highlighting  history  html  html5  http  humor  ide  ie  image  injection  inkscape  instrumentation  integration  interactive  interpreter  ios  iphone  ipv4  ipv6  java  javascript  jpeg  jquery  js  json  jvm  komodo  language  latex  launchpad  lazr  library  linux  llvm  logging  lua  macro  malware  management  manipulation  map  maps  markdown  markup  math  media  messaging  meteor  microsoft  minification  minify  minimalist  mining  mobile  mongodb  mozilla  mshtml  multi-platform  mvc  nacl  nat  neko  nes  network  node  node.js  nodejs  non-blocking  notes  npm  obfuscation  objective-c  observatory  ocr  office  offline  online  opensource  opera  optimization  os  outdated  outliner  p2p  package  paper  parser  password  payload  pdf  pentest  performance  perl  phantomjs  phishing  photos  php  physics  plugin  plugins  poc  polyglot  post-exploitation  post-message  postMessage  powerpoint  powershell  pptx  presentation  prettify  pretty  prezi  privacy  productivity  programming  protection  protobuf  python  QA  quality  queue  rails  rat  reactjs  realtime  rebinding  recognition  recon  redirects  reference  render  rendering  repl  research  responsive  rest  reverse-engineering  richtext  ruby  rubyonrails  rundll  runtime  scalability  scanner  screenshot  scripting  sdk  search  security  selenium  server  share  shell  side-channel  signing  slack  slideshow  slimerjs  social  software  some  spreadsheet  ssh  stack  static  steganography  strength  stun  svg  swf  symbolic  syntax  syntax-highlighter  sysadmin  talk  target  tcl  technique  template  terminal  test  testing  text  textarea  tidy  timeline  tool  tools  tracking  transformation  translation  trick  trojan  turing  tutorial  ui  unpacker  v8  validation  vbscript  vector  verification  video  visualization  vm  vulnerability  web  web-based  web2.0  webdesign  webdev  webgl  webkit  webrtc  website  websocket  win32  windows  word  world  wrapper  write-up  wysiwyg  xml  xorg  xss  xvfb-run  yahoo  yui  zope 

Copy this bookmark:



description:


tags: