JAW is a hybrid, scalable framework to analyze client-side JavaScript programs for the detection of client-side CSRF vulnerabilities. JAW can be used to conduct interactive and exploratory analysis of JavaScript code
[  Home Page ] [  GitHub ] [  Paper ]

Black widow is a new data-driven web application scanner that combines three techniques: navigation modeling, graph traversing, and tracking inter-state dependencies.
[  Download code ] [  Paper ]

We released scripts, datasets, and trained YOLOv3 models of our work Ad-versarial: Defeating Perceptual Ad-Blocking
[  GitHub ] [  Paper ]

Fidelius is a new architecture with trusted path for user I/O/ and Web Enclaves, to protect user secrets even if the entire underlying browser and OS are fully controlled by a malicious attacker.
[  Home Page @Stanford ] [  GitHub ] [  Paper ]

Deemon detects CSRF in PHP/SQL web applications by combining dynamic analysis with property graphs.
[  GitHub ] [  Paper ]

Günter tests web applications against Server Side Request (SSR) abuse including Web Origin Laundering, Server Side Request Forgery (SSRF) and other abuses.
[  GitHub ] [  Paper ]

jÄk (jAEk) (yet Änother krawler, ja!) is a crawler that uses function hooking and other dynamic analysis techniques to identify JavaScript event function registratio to explore the attack surface of web applications.
[  GitHub ] [  Paper ]