JavaScript Security

A simple, lightweight JavaScript API for handling browser cookies

 19k

crypto-js JavaScript library of crypto standards. Node.js (Install) Requirements: Node.js npm (Node.js package manager) npm install crypto-js Usage Modular include: var AES = require("crypto

 12.3k
JavaScript Obfuscator
A powerful obfuscator for JavaScript and Node.js

javascript-obfuscator/javascript-obfuscator

JavaScript obfuscator JavaScript Obfuscator is a powerful free obfuscator for JavaScript, containing a variety of features which provide protection for your source code. Example of obfuscated code: gist.github.com O

 8.4k

Stanford Javascript Crypto Library

 6.8k

Website http://travistidwell.com/jsencrypt Introduction When browsing the internet looking for a good solution to RSA Javascript encryption, there is a whole slew of libraries that basically take the fantastic work do

 5.6k

hello.js A client-side JavaScript SDK for authenticating with OAuth2 (and OAuth1 with a oauth proxy) web services and querying their REST APIs. HelloJS standardizes paths and responses to common APIs like Google Data Services,

 4.6k

JavaScript MD5 Contents Demo Description Usage Client-side Server-side Requirements API Tests License Description JavaScript MD5 implementation. Compatible with server-side

 4.3k

Forge A native implementation of TLS (and various other cryptographic tools) in JavaScript. Introduction The Forge software is a fully native implementation of the TLS protocol in JavaScript, a set of cryptography

 4.2k

Learn how to use JSON Web Tokens (JWT) for much Authentication win! Learn how to use JSON Web Token (JWT) to secure your Web and/or Mobile Application! Why? JSON Web Tokens (JWTs) make it easy to send read-o

 4.1k

CASL CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across c

 3.7k
Henry Boldizsar
Next Level PGP

henryboldi/felony

Felony is an open-source pgp keychain built on the modern web with Electron, React, and Redux. Felony is the first PGP app that's easy for anyone to use, without a tutorial. Download Felony You can download compiled versi

 3.5k

A place for creators and users of password managers to collaborate on resources to make password management better.

 3.4k

sonar Quick start user guide Once you have Node.js v8.x on your machine, you can use npx or install sonar globally to use it. Using npx Just run the following command: npx @sonarwhal

 3.3k

XDomain Summary A pure JavaScript CORS alternative. No server configuration required - just add a proxy.html on the domain you wish to communicate with. This library utilizes XHook to hook all XHR, so XDom

 3k

StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting the secret before cloaking it with special unicode invisible characters.

 2.4k
Robin Moisson
Password protect a static HTML page

robinmoisson/staticrypt

StatiCrypt Based on the crypto-js library, StatiCrypt uses AES-256 to encrypt your string with your passphrase in your browser (client side). Download your encrypted string in a HTML page with a password prompt you can upload an

 2.3k

jsSHA A pure TypeScript/JavaScript streaming implementation of the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC.

 2.1k

? TypeScript bindings for Ethereum smart contracts

 1.6k

Browser Autofill Phishing ? This is a simple demonstration of form fields hidden from the user, but will be filled anyways when using the browser form autofill feature, which poses a security risk for users, unaware of

 1.4k

EGG Protocol multiplies yields by enabling assets escrowing on cross-chain smart contracts.

 1.4k

Mina is a new cryptocurrency with a constant size blockchain, improving scaling while maintaining decentralization and security.

 1.3k

One Time Password (OTP) / 2FA for Node.js and Browser - Supports HOTP, TOTP and Google Authenticator

 1.3k

Hat.sh hat.sh is a javascript app that provides secure file encryption using the AES-256-GCM algorithm from WebCryptoAPI provided by your browser. it was coded following the WebCrypto Documentations

 1.2k

PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.

 1k

E2EMail This is an experimental version of a simple Chrome application - a Gmail client that exchanges OpenPGP mail. At this stage, we recommend you use it only for testing and UI feedback. E2EMail is a simple way for non-techn

 814

Encryption SDKs for JavaScript Overview · Core · Identity · FileKit · Browser support · Other platforms · Contributing · License Overview Tanker is an open-source solution to protect sensitive data in any appl

 795
Sqreen
The SaaS CTO Security Checklist

sqreen/CTOSecurityChecklist

The SaaS CTO Security Checklist https://cto-security-checklist.sqreen.io/ This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your start

 688

A fully implemented kernel exploit for the PS4 on 5.05FW

 609

An open letter against Apple's new privacy-invasive client-side content scanning

 604

crypto-hash Tiny hashing module that uses the native crypto API in Node.js and the browser Useful when you want the same hashing API in all environments. My cat calls it isomorphic. In Node.js it uses require('crypto'), w

 558

Graphite Graphite is a secure, private, and encrypted alternative to Google's G-Suite. Using Blockstack's developer tools and protocol, Graphite gives people control over their identity. People get all the convenience of cloud co

 538

box.js A utility to analyze malicious JavaScript (requires at least Node 6.0.0). To execute it, simply install its dependencies (npm install) and run node run.js file1.js file2.js folder ... If you are interested in receiv

 494

Monero Mine Monero (XMR) mining app, built with Vue.js and hashes visualized with D3 built as an experiment with CPU mining and for educational purposes only Turn off Ad blockers to view demo. Try Demo Uses the Co

 476
null
CryptoBlades Tracker

ed3ath/cbtracker

CryptoBlades Tracker

 348
0x
Start an exchange in under a minute

0xProject/0x-launch-kit

0x Launch Kit: Build an Exchange in Under a Minute ? ? ERC-20 ERC-721 Quick Start 0x Launch Kit is the easiest way to create your own 0x-based cryptoasse

 319

README v0.3 / 25 May 2018 Private Internet Access Private Internet Access is the world's leading consumer VPN service. At Private Internet Access we believe in unfettered access for all, and as a firm supporter of the open sou

 249

Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web, it can detect many case scenarios with support for POST requests too

 245

Link Lock is a tool for encrypting and decrypting URLs. When a user visits an encrypted URL, they will be prompted for a password. If the password is correct, Link Lock retrieves the original URL and then redirects there. Otherwise, an error is displayed. Users can also add hints to display near the password prompt.

 243

Passwordless authentication with magic links for Passport.js ?

 214

speaking-jpg A simple tool to hide encrypted text messages inside jpeg images. Why? I stumbled upon a comment on Hackernews the other day. A secure messaging app that used Tor just passed a security audit and the comm

 189

? Zero-config peer-to-peer encrypted live folder syncing tool that respects your .gitignore.

 161

Distributed Password Cracking Borrow CPU cycles from visitor's web browsers to crack MD5 password hashes. Embedding a hidden <iframe> to a website will automatically add a visitor's browser as a node in a password cracking

 153

Fast JSON Web Token implementation

 143

passprotect-js Protect your user's passwords. What is PassProtect? PassProtect is a developer library created and maintained by Randall Degges that you can drop into any web page which dramatically improves the secu

 142

tarnish tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accom

 123

Cryption In-Browser AES File Encryption with Data Integrity Check Website Introduction Cryption is an open-source tool that encrypts and decrypts your data in the browser. It does not upload data to any

 117

Onyx is authentication middleware for Deno, inspired by Passport.js

 115

An open-source project includes many scripts with no Access Token needed for Facebook users by directly manipulating the DOM.

 110

?Zuccnet - End-to-end Encrypted Facebook Messenger

 94

salteen A snappy and lightweight (259B) utility to encrypt and decrypt values with salt. Both encrypt and decrypt are factory functions that accept a salt key and return new functions to be called with the unique value(s)

 88
Matthew Bryant
An easy-to-setup version of XSS Hunter

mandatoryprogrammer/xsshunter-express

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!

 81

Brandis: End-to-end encryption for everyone Try it online: https://brandis.io This app is intended to illustrate the ease with which secure, end-to-end encryption can be achieved in modern web browsers, using only a small amount

 77

This Node.js module authenticates with Google API and parse Google Docs to human-readable JSON or Markdown without the need to use cumbersome methods like exporting it in HTML via Google Drive API and then parse it back to other formats.

 74

This is a tiny promise-based crypto keyval store using IndexDB and the native Web Crypto API, having just two small dependencies: IDB for a better devxp using IndexDB and Web Crypto Tools for a better devxp using the Web Crypto API.

 72

havetheybeenpwned Test if your user's password has been pwned using the haveibeenpwned.com API See Online Works in modern browsers or in NodeJS Small: ~3kb (with included fetch polyfill) Quickly make your users' pas

 69

Advance XSS Persistence With Oauth When you ask "What's the worst thing that an attacker can do with Cross Site Scripting" in an interview setting, one of the first answers typically given is "You can steal session tokens with do

 66

Certificate Generation and Validation Using Blockchain Built using Ethereum on local blockchain setup and deployed on Rinkeby test network. Contract deployed at 0x89c34c6a0d4c7587e9120a533757f380f467688

 64

A collection of tiny XSS Payloads that can be used in different contexts.

 58

Your 5-Min. Secure Password Scoring and Pwnage Protection API Deploy your very own serverless API on AWS Lambda to score users' new passwords with Dropbox's fantastic zxcvbn library and anonymously (range) search for matches in T

 57

secure-require A secure require implementation for ECMAScript Feel more confident running a bunch of untrusted dependencies as a part of your application or module by allowing said dependency to only use a subset of core

 55

Authentication library for use with SvelteKit featuring built-in OAuth providers and zero restriction customization!

 52

Compute the digits of pi on the Ethereum blockchain and preserve them in an NFT. You get your digits. Some NFTs will contain multiple digits if you spend the gas. Free to mint, and "unlimited" supply.

 51

The purpose of EncryptLab is to make it easier for developers to understand how each encryption works with tools and example code in Node.js.

 50
Nader Dabit
An authentication system built with Ceramic & IDX

dabit3/decentralized-identity-example

An authentication system built with Ceramic & IDX

 46

siphash24 SipHash (2-4) implemented in pure Javascript and WebAssembly. npm install siphash24 The Javascript fallback is adapted from https://github.com/jedisct1/siphash-js to support Uint8Arrays and the (fast!) WebAssembly im

 46

colorful-phish: prevent your users from falling for phishing emails Colorful-phish gives each of your users a unique color that adversaries can't guess. Just include this color whenever you email your users, and now they will n

 43

simple-sha256 Generate SHA-256 hashes (in Node and the Browser) In Node.js, this package uses crypto.createHash(). In the browser, it uses crypto.subtle.digest(). install npm install simple-sha256

 42

classified.html is a portable encryption solution

 38

Login with Yubikey or TouchID on your Chrome browser.

 38

Simple-PGP Simple-PGP is a desktop application which you can use to manage your PGP keys, contacts public keys, and easily encrypt and decrypt text for safe communication with the PGP encryption protocol. Simple PGP is an open

 37

?? Save secrets in S3 using KMS envelope encryption

 35

check-for-leaks a tool to help avoid publishing secrets to github and npm Why? It's too easy to publish secrets to GitHub and npm by accident. It's even easier to make this mistake when your project has both a .gitign

 35

Tool to generate csrf payloads based on vulnerable requests

 35

Watering hole attacks Phishing attacks Automated deployment.

 34

One-stop TLS traffic inspection and manipulation using dynamic instrumentation

 34

SaltShaker Use nacl (tweetnacl) easily to create public private keypairs to sign, verify, encrypt and decrypt messages. This provides a simple wrapper interface around dchests's tweetnacl.js which is based on tweetnacl.

 32

HawkEye is a malware dynamic instrumentation tool based on frida.re framework. It will hook common functions to log malware activities and output the results in a nice web page report.

 32

Simple Authentication for Remix

 30

Cead (pronounced kee-yed)is a cookie and tracking consent manager that is extremely simple and lightweight. It is designed to help websites implement a simple Accept or Deny dialog that will actually enable or disable tracking.

 28

A tiny (~90B) isomorphic wrapper for crypto.randomBytes in Node.js and browsers.

 26

A repository built to compliment the executium trending news API. This repository will concentrate on the timeline of articles released and the effect.

 26

Securely collect browsing history over browsers.

 25

Tiny module for easy encryption of Buffers

 25

Streaming encryption for Wormhole.app, based on Encrypted Content-Encoding for HTTP (RFC 8188)

 24

A ready-to-use solution for personal data and consent management. Pryv.io is a solid foundation on which you build your own digital health solution, so you can collect, store, share and rightfully use personal data.

 24

Example project implementing authentication, authorization, and routing with Next.js and Supabase

 21

Bringing an all Open-Source Platform to study Data Structures and Algorithms ⚡

 17

Frida module to dump, manipulate and hijack any IL2CPP application at runtime with a high level of abstraction.

 16

Bitimulate is compound word of Bitcoin and Simulate. This service provides a simulated cryptocurrency trading system. Data used in this service rely on realtime information at Poloniex.

 15

Gembok Authenticator is software based (virtual) authenticator to generate 2-Steps authentication token using browser. It is written in HTML and Javascript so it should works on Google Chrome, Firefox, Safari and other browsers. It uses simple JSON file to store all data which needed to generate the token.

 11

in-memory-otp is a lightweight JavaScript package for generating and validating OTP (One Time Password) maintaining high performance using on demand in-memory database.

 11

Funny, Human-Memorable, SHA-256 Fingerprints

 11

Per CVE-2021-44228 and CVE-2021-45046, Apache log4j2 versions < 2.16.0 (except 2.12.2) are vulnerable to remote code execution and potential data exfi

 6

Encrypt Everything without fear of losing the Key

 5

git-remote-gitern is a git remote helper that end to end encrypts git repos without a custom remote receiver and without additional user key management.

 3