Nishant Das Patnaik (nishant.dp@)
Sarathi Sabyasachi Sahoo (sarathisahoo@)
I would like to highlight some of the interesting features of the tool below:
JS Library Aware Source & Sinks
- Variable & Function Tracing (This feature is a part of our code flow analysis algorithm)
- Variable & Function Scope Aware analysis (This feature is a part of our code flow analysis algorithm)
- Known filter function aware
- OOP & Protoype Compliant
- Minimum False Positive alerts
- Blazing fast performance
- Point and Click :-) (my personal favorite)
- Upcoming features:
- Automatic code de-obfuscation & decompression through Hybrid Analysis (Ra.2 improvisation; http://code.google.com/p/ra2-dom-xss-scanner)
- ECMAScript family support (ActionScript 3, Node.JS, WinJS)
- Test Cases Document URL: http://goo.gl/vf61Km
- Sources & Sinks Document URL: http://goo.gl/olzYM4
- BlackHat Slide: http://www.slideshare.net/nishantdp/jsprime-bhusa13new
Open "index.html" in your browser.
- In the terminal type "node server.js"
- Go to 127.0.0.1:8888 in your browser.