Skip to content

Releases: SoheilKhodayari/JAW

JAW-v3.0 (Sheriff)

28 Oct 12:58
@SoheilKhodayari SoheilKhodayari
v3.0.1
51f67a5
Compare
Choose a tag to compare
JAW-v3.0 (Sheriff) Latest
Latest

This release provides the following features:

  • Integration with Foxhound for in-browser dynamic taint tracking
  • Analysis pipeline for detecting client-side request hijacking vulnerabilities
  • Improved SAST engine (call graph, data flow dependencies, pointer analysis)
  • Dynamic verification module for data flows based on run-time API instrumentation
  • Scripts for processing dynamic taint flows at scale
  • Test web application for JAW
Assets 3

JAW-v2.0.4 (TheThing)

25 Jul 19:47
@SoheilKhodayari SoheilKhodayari
v2.0.4
d166c41
Compare
Choose a tag to compare
JAW-v2.0.4 (TheThing)

This release contains the JAW source code of version 2.0.4, adding:

  • support for DOM Clobbering vulnerabilities, i.e., merged with TheThing.
  • improved static analysis engine
  • dynamic forced execution component based on Iroh
  • new CLI for graph construction and import
  • improved neo4j container orchestration
  • a new crawler based on Puppeteer and Chrome CDP
Assets 2

JAW-v1.1.5

25 Jul 19:53
@SoheilKhodayari SoheilKhodayari
v1.1.5
da11f7c
Compare
Choose a tag to compare
JAW-v1.1.5

This release contains the JAW source code of version 1.1.5, containing:

  • core code static analysis engine for JavaScript HPG generation
  • dockerized neo4j graph databases
  • general data flow, pointer analysis, reachability analysis and pattern matching queries
  • support for automated detection or interactive exploration of client-side CSRF vulnerabilities
  • CLIs for large-scale HPG imports and querying
  • symbolic modeler for modern JavaScript libraries
  • JavaScript-enabled crawler based on Selenium
Assets 2