search

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
https://retirejs.github.io/retire.js/
Other
3.68k stars 416 forks source link

Looking for vulnerable samples #57

Closed h3xstream closed 9 years ago

h3xstream commented 10 years ago

I was wondering where do you keep the vulnerable Javascript files (used for testing).

I am building a tool that is based on retire.js 'repository.json' and would like to test most of the vulnerable libraries.

Thanks

eoftedal commented 10 years ago

Currently we don't have that, all though I guess that would make sense. Would help us to detect if some of the regexes were off.

h3xstream commented 10 years ago

Ok thanks for the response. I'll share the samples when I build the repository.

Note: I have just started a Burp/ZAP plugin that will reuse retire.js big list. (Don't hold your breath for the samples)

h3xstream commented 9 years ago

Currently I am only doing basic tests so I include it in my own repo : https://github.com/h3xstream/burp-retire-js/tree/master/test-samples

If you create a repo, I would be happy contribute new vulnerable script samples. I think a dedicated repo would be better on the long term.

h3xstream commented 9 years ago

I'm closing this question. I have my answer. :+1: