Releases: SoheilKhodayari/JAW
Releases · SoheilKhodayari/JAW
JAW-v4
This version provides an analysis pipeline for the detection of client-side open redirect vulnerabilities.
Other pipeline changes
- Engine improvements
- Support querying neo4j through ineo for DOM Clobbering analysis by @jackfromeast in #19
- Fix installation issues on latest Debian/Ubuntu releases by @VainlyStrain in #20
- Fix a few minor issues with the pipeline by @VainlyStrain in #21
- Update graphbuilder.js by @VainlyStrain in #22
JAW-v3.0 (Sheriff)
This release provides the following features:
- Integration with Foxhound for in-browser dynamic taint tracking
- Analysis pipeline for detecting client-side request hijacking vulnerabilities
- Improved SAST engine (call graph, data flow dependencies, pointer analysis)
- Dynamic verification module for data flows based on run-time API instrumentation
- Scripts for processing dynamic taint flows at scale
- Test web application for JAW
JAW-v2.0.4 (TheThing)
This release contains the JAW source code of version 2.0.4
, adding:
JAW-v1.1.5
This release contains the JAW source code of version 1.1.5
, containing:
- core code static analysis engine for JavaScript HPG generation
- dockerized neo4j graph databases
- general data flow, pointer analysis, reachability analysis and pattern matching queries
- support for automated detection or interactive exploration of client-side CSRF vulnerabilities
- CLIs for large-scale HPG imports and querying
- symbolic modeler for modern JavaScript libraries
- JavaScript-enabled crawler based on Selenium