JavaScript Security

A simple, lightweight JavaScript API for handling browser cookies


crypto-js JavaScript library of crypto standards. Node.js (Install) Requirements: Node.js npm (Node.js package manager) npm install crypto-js Usage Modular include: var AES = require("crypto

JavaScript Obfuscator
A powerful obfuscator for JavaScript and Node.js


JavaScript obfuscator JavaScript Obfuscator is a powerful free obfuscator for JavaScript, containing a variety of features which provide protection for your source code. Example of obfuscated code: O


Stanford Javascript Crypto Library


Website Introduction When browsing the internet looking for a good solution to RSA Javascript encryption, there is a whole slew of libraries that basically take the fantastic work do


hello.js A client-side JavaScript SDK for authenticating with OAuth2 (and OAuth1 with a oauth proxy) web services and querying their REST APIs. HelloJS standardizes paths and responses to common APIs like Google Data Services,


JavaScript MD5 Contents Demo Description Usage Client-side Server-side Requirements API Tests License Description JavaScript MD5 implementation. Compatible with server-side


Forge A native implementation of TLS (and various other cryptographic tools) in JavaScript. Introduction The Forge software is a fully native implementation of the TLS protocol in JavaScript, a set of cryptography


Learn how to use JSON Web Tokens (JWT) for much Authentication win! Learn how to use JSON Web Token (JWT) to secure your Web and/or Mobile Application! Why? JSON Web Tokens (JWTs) make it easy to send read-o


CASL CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access. All permissions are defined in a single location (the Ability class) and not duplicated across c

Henry Boldizsar
Next Level PGP


Felony is an open-source pgp keychain built on the modern web with Electron, React, and Redux. Felony is the first PGP app that's easy for anyone to use, without a tutorial. Download Felony You can download compiled versi


A place for creators and users of password managers to collaborate on resources to make password management better.


sonar Quick start user guide Once you have Node.js v8.x on your machine, you can use npx or install sonar globally to use it. Using npx Just run the following command: npx @sonarwhal


XDomain Summary A pure JavaScript CORS alternative. No server configuration required - just add a proxy.html on the domain you wish to communicate with. This library utilizes XHook to hook all XHR, so XDom


StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting the secret before cloaking it with special unicode invisible characters.

Robin Moisson
Password protect a static HTML page


StatiCrypt Based on the crypto-js library, StatiCrypt uses AES-256 to encrypt your string with your passphrase in your browser (client side). Download your encrypted string in a HTML page with a password prompt you can upload an


jsSHA A pure TypeScript/JavaScript streaming implementation of the complete Secure Hash Standard (SHA) family (SHA-1, SHA-224/256/384/512, SHA3-224/256/384/512, SHAKE128/256, cSHAKE128/256, and KMAC128/256) with HMAC.


? TypeScript bindings for Ethereum smart contracts


Browser Autofill Phishing ? This is a simple demonstration of form fields hidden from the user, but will be filled anyways when using the browser form autofill feature, which poses a security risk for users, unaware of


EGG Protocol multiplies yields by enabling assets escrowing on cross-chain smart contracts.


Mina is a new cryptocurrency with a constant size blockchain, improving scaling while maintaining decentralization and security.


One Time Password (OTP) / 2FA for Node.js and Browser - Supports HOTP, TOTP and Google Authenticator

 1.3k is a javascript app that provides secure file encryption using the AES-256-GCM algorithm from WebCryptoAPI provided by your browser. it was coded following the WebCrypto Documentations


PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.


E2EMail This is an experimental version of a simple Chrome application - a Gmail client that exchanges OpenPGP mail. At this stage, we recommend you use it only for testing and UI feedback. E2EMail is a simple way for non-techn


Encryption SDKs for JavaScript Overview · Core · Identity · FileKit · Browser support · Other platforms · Contributing · License Overview Tanker is an open-source solution to protect sensitive data in any appl

The SaaS CTO Security Checklist


The SaaS CTO Security Checklist This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your start


A fully implemented kernel exploit for the PS4 on 5.05FW


An open letter against Apple's new privacy-invasive client-side content scanning


crypto-hash Tiny hashing module that uses the native crypto API in Node.js and the browser Useful when you want the same hashing API in all environments. My cat calls it isomorphic. In Node.js it uses require('crypto'), w


Graphite Graphite is a secure, private, and encrypted alternative to Google's G-Suite. Using Blockstack's developer tools and protocol, Graphite gives people control over their identity. People get all the convenience of cloud co


box.js A utility to analyze malicious JavaScript (requires at least Node 6.0.0). To execute it, simply install its dependencies (npm install) and run node run.js file1.js file2.js folder ... If you are interested in receiv


Monero Mine Monero (XMR) mining app, built with Vue.js and hashes visualized with D3 built as an experiment with CPU mining and for educational purposes only Turn off Ad blockers to view demo. Try Demo Uses the Co

CryptoBlades Tracker


CryptoBlades Tracker

Start an exchange in under a minute


0x Launch Kit: Build an Exchange in Under a Minute ? ? ERC-20 ERC-721 Quick Start 0x Launch Kit is the easiest way to create your own 0x-based cryptoasse


README v0.3 / 25 May 2018 Private Internet Access Private Internet Access is the world's leading consumer VPN service. At Private Internet Access we believe in unfettered access for all, and as a firm supporter of the open sou


Powerful Chromium Browser to find XSS Vulnerabilites automatically while browsing web, it can detect many case scenarios with support for POST requests too


Link Lock is a tool for encrypting and decrypting URLs. When a user visits an encrypted URL, they will be prompted for a password. If the password is correct, Link Lock retrieves the original URL and then redirects there. Otherwise, an error is displayed. Users can also add hints to display near the password prompt.


Passwordless authentication with magic links for Passport.js ?


speaking-jpg A simple tool to hide encrypted text messages inside jpeg images. Why? I stumbled upon a comment on Hackernews the other day. A secure messaging app that used Tor just passed a security audit and the comm


? Zero-config peer-to-peer encrypted live folder syncing tool that respects your .gitignore.


Distributed Password Cracking Borrow CPU cycles from visitor's web browsers to crack MD5 password hashes. Embedding a hidden <iframe> to a website will automatically add a visitor's browser as a node in a password cracking


Fast JSON Web Token implementation


passprotect-js Protect your user's passwords. What is PassProtect? PassProtect is a developer library created and maintained by Randall Degges that you can drop into any web page which dramatically improves the secu


tarnish tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accom


Cryption In-Browser AES File Encryption with Data Integrity Check Website Introduction Cryption is an open-source tool that encrypts and decrypts your data in the browser. It does not upload data to any


Onyx is authentication middleware for Deno, inspired by Passport.js


An open-source project includes many scripts with no Access Token needed for Facebook users by directly manipulating the DOM.


?Zuccnet - End-to-end Encrypted Facebook Messenger


salteen A snappy and lightweight (259B) utility to encrypt and decrypt values with salt. Both encrypt and decrypt are factory functions that accept a salt key and return new functions to be called with the unique value(s)

Matthew Bryant
An easy-to-setup version of XSS Hunter


An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!


Brandis: End-to-end encryption for everyone Try it online: This app is intended to illustrate the ease with which secure, end-to-end encryption can be achieved in modern web browsers, using only a small amount


This Node.js module authenticates with Google API and parse Google Docs to human-readable JSON or Markdown without the need to use cumbersome methods like exporting it in HTML via Google Drive API and then parse it back to other formats.


This is a tiny promise-based crypto keyval store using IndexDB and the native Web Crypto API, having just two small dependencies: IDB for a better devxp using IndexDB and Web Crypto Tools for a better devxp using the Web Crypto API.


havetheybeenpwned Test if your user's password has been pwned using the API See Online Works in modern browsers or in NodeJS Small: ~3kb (with included fetch polyfill) Quickly make your users' pas


Advance XSS Persistence With Oauth When you ask "What's the worst thing that an attacker can do with Cross Site Scripting" in an interview setting, one of the first answers typically given is "You can steal session tokens with do


Certificate Generation and Validation Using Blockchain Built using Ethereum on local blockchain setup and deployed on Rinkeby test network. Contract deployed at 0x89c34c6a0d4c7587e9120a533757f380f467688


A collection of tiny XSS Payloads that can be used in different contexts.


Your 5-Min. Secure Password Scoring and Pwnage Protection API Deploy your very own serverless API on AWS Lambda to score users' new passwords with Dropbox's fantastic zxcvbn library and anonymously (range) search for matches in T


secure-require A secure require implementation for ECMAScript Feel more confident running a bunch of untrusted dependencies as a part of your application or module by allowing said dependency to only use a subset of core


Authentication library for use with SvelteKit featuring built-in OAuth providers and zero restriction customization!


Compute the digits of pi on the Ethereum blockchain and preserve them in an NFT. You get your digits. Some NFTs will contain multiple digits if you spend the gas. Free to mint, and "unlimited" supply.


The purpose of EncryptLab is to make it easier for developers to understand how each encryption works with tools and example code in Node.js.

Nader Dabit
An authentication system built with Ceramic & IDX


An authentication system built with Ceramic & IDX


siphash24 SipHash (2-4) implemented in pure Javascript and WebAssembly. npm install siphash24 The Javascript fallback is adapted from to support Uint8Arrays and the (fast!) WebAssembly im


colorful-phish: prevent your users from falling for phishing emails Colorful-phish gives each of your users a unique color that adversaries can't guess. Just include this color whenever you email your users, and now they will n


simple-sha256 Generate SHA-256 hashes (in Node and the Browser) In Node.js, this package uses crypto.createHash(). In the browser, it uses crypto.subtle.digest(). install npm install simple-sha256


classified.html is a portable encryption solution


Login with Yubikey or TouchID on your Chrome browser.


Simple-PGP Simple-PGP is a desktop application which you can use to manage your PGP keys, contacts public keys, and easily encrypt and decrypt text for safe communication with the PGP encryption protocol. Simple PGP is an open


?? Save secrets in S3 using KMS envelope encryption


check-for-leaks a tool to help avoid publishing secrets to github and npm Why? It's too easy to publish secrets to GitHub and npm by accident. It's even easier to make this mistake when your project has both a .gitign


Tool to generate csrf payloads based on vulnerable requests


Watering hole attacks Phishing attacks Automated deployment.


One-stop TLS traffic inspection and manipulation using dynamic instrumentation


SaltShaker Use nacl (tweetnacl) easily to create public private keypairs to sign, verify, encrypt and decrypt messages. This provides a simple wrapper interface around dchests's tweetnacl.js which is based on tweetnacl.


HawkEye is a malware dynamic instrumentation tool based on framework. It will hook common functions to log malware activities and output the results in a nice web page report.


Simple Authentication for Remix


Cead (pronounced kee-yed)is a cookie and tracking consent manager that is extremely simple and lightweight. It is designed to help websites implement a simple Accept or Deny dialog that will actually enable or disable tracking.


A tiny (~90B) isomorphic wrapper for crypto.randomBytes in Node.js and browsers.


A repository built to compliment the executium trending news API. This repository will concentrate on the timeline of articles released and the effect.


Securely collect browsing history over browsers.


Tiny module for easy encryption of Buffers


Streaming encryption for, based on Encrypted Content-Encoding for HTTP (RFC 8188)


A ready-to-use solution for personal data and consent management. is a solid foundation on which you build your own digital health solution, so you can collect, store, share and rightfully use personal data.


Example project implementing authentication, authorization, and routing with Next.js and Supabase


Bringing an all Open-Source Platform to study Data Structures and Algorithms ⚡


Frida module to dump, manipulate and hijack any IL2CPP application at runtime with a high level of abstraction.


Bitimulate is compound word of Bitcoin and Simulate. This service provides a simulated cryptocurrency trading system. Data used in this service rely on realtime information at Poloniex.


Gembok Authenticator is software based (virtual) authenticator to generate 2-Steps authentication token using browser. It is written in HTML and Javascript so it should works on Google Chrome, Firefox, Safari and other browsers. It uses simple JSON file to store all data which needed to generate the token.


in-memory-otp is a lightweight JavaScript package for generating and validating OTP (One Time Password) maintaining high performance using on demand in-memory database.


Funny, Human-Memorable, SHA-256 Fingerprints


Per CVE-2021-44228 and CVE-2021-45046, Apache log4j2 versions < 2.16.0 (except 2.12.2) are vulnerable to remote code execution and potential data exfi


Encrypt Everything without fear of losing the Key


git-remote-gitern is a git remote helper that end to end encrypts git repos without a custom remote receiver and without additional user key management.