Skip to content

Releases: SoheilKhodayari/JAW

JAW-v4

01 Dec 12:05
Compare
Choose a tag to compare

This version provides an analysis pipeline for the detection of client-side open redirect vulnerabilities.

Other pipeline changes

JAW-v3.0 (Sheriff)

28 Oct 12:58
Compare
Choose a tag to compare

This release provides the following features:

  • Integration with Foxhound for in-browser dynamic taint tracking
  • Analysis pipeline for detecting client-side request hijacking vulnerabilities
  • Improved SAST engine (call graph, data flow dependencies, pointer analysis)
  • Dynamic verification module for data flows based on run-time API instrumentation
  • Scripts for processing dynamic taint flows at scale
  • Test web application for JAW

JAW-v2.0.4 (TheThing)

25 Jul 19:47
Compare
Choose a tag to compare

This release contains the JAW source code of version 2.0.4, adding:

  • support for DOM Clobbering vulnerabilities, i.e., merged with TheThing.
  • improved static analysis engine
  • dynamic forced execution component based on Iroh
  • new CLI for graph construction and import
  • improved neo4j container orchestration
  • a new crawler based on Puppeteer and Chrome CDP

JAW-v1.1.5

25 Jul 19:53
Compare
Choose a tag to compare

This release contains the JAW source code of version 1.1.5, containing:

  • core code static analysis engine for JavaScript HPG generation
  • dockerized neo4j graph databases
  • general data flow, pointer analysis, reachability analysis and pattern matching queries
  • support for automated detection or interactive exploration of client-side CSRF vulnerabilities
  • CLIs for large-scale HPG imports and querying
  • symbolic modeler for modern JavaScript libraries
  • JavaScript-enabled crawler based on Selenium