Advanced Client-Side Prototype Pollution Scanner

精选不同站点的JS逆向实例，内含详细讲解，并辅以知识点概括、加密算法、难度对比与链接跳转。涵盖补环境、扣JS、webpack与瑞数等诸多难点

☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!

Get and extract the frontend code of a SPA, finding all chunks and recreating the original code from source maps. Should support common webpack/vite configurations, but note it's still experimental.

A client-side web security tool that sanitizes potentially malicious HTML and JavaScript input by stripping unsafe tags and event attributes. Designed to demonstrate XSS prevention concepts, safe input handling, and frontend security practices using pure HTML, CSS, and JavaScript in a beginner-friendly interface.

hat is a powerful tool designed to provide secure file encryption and decryption directly within your browser. This project, primarily written in JavaScript, ensures that your sensitive data remains private by performing all encryption processes client-side, without the need for server interactions.

Demo of a secure Next.js application

Passive client-side exposure analysis platform for detecting leaked secrets, risky frontend configs, and security-relevant JavaScript patterns.

A high-performance, keyless, rule-based envelope for protecting web/API/stream data.

Hisec is a set of extremely intolerant server configs using CSP and headers.

Next.js code obfuscation setup using webpack-obfuscator – secure and protect your production builds.

Rubik is a comprehensive toolkit designed to enhance frontend security by automating common security tasks and providing valuable insights.

A high-performance reconnaissance tool built specifically for frontend web security.

Free Chrome extension that scans AI-built websites for frontend security risks and generates copy-ready AI fix prompts.

AI Monitoring Layer for web apps – performance, network, error analytics & anomaly detection.

The 'CyberGuard' delivers a modular, multi-layer security system for modern web applications. It bundles client-side anomaly detection, DDoS-Guard, DOM protection, input shielding, service-worker hardening and UI blackout controls into one compact package.

🚀 Protect web data with FISE, a high-performance, keyless semantic envelope for fast, rule-based transformations and unbounded customization.

Client-side History API abuse, shown as a safe educational PoC

A security PoC demonstrating how a public form with an embedded API key can bypass backend authentication, allowing attackers to access protected Express endpoints without credentials.

Frontguard by Pubflow CLI scans frontend builds, public URLs, localhost apps, HAR files, and interactive browser traffic for client-side exposure risks.