Here is a list of tools, prototypes, datasets, and more.


We released scripts, datasets, and trained YOLOv3 models of our work Ad-versarial: Defeating Perceptual Ad-Blocking
GitHub ] Paper ]


Fidelius is a new architecture with trusted path for user I/O/ and Web Enclaves, to protect user secrets even if the entire underlying browser and OS are fully controlled by a malicious attacker.
Home Page @Stanford ] GitHub ] Paper ]

Deemon logo

Deemon detects CSRF in PHP/SQL web applications by combining dynamic analysis with property graphs.
GitHub ] Paper ]

Guenter logo

Günter tests web applications against Server Side Request (SSR) abuse including Web Origin Laundering, Server Side Request Forgery (SSRF) and other abuses.
GitHub ] Paper ]

jAEk Logo

jÄk (jAEk) (yet Änother krawler, ja!) is a crawler that uses function hooking and other dynamic analysis techniques to identify JavaScript event function registratio to explore the attack surface of web applications.
GitHub ] Paper ]