I would like to highlight some of the interesting features of the tool below:
- JS Library Aware Source & Sinks
- Variable & Function Tracing (This feature is a part of our code flow analysis algorithm)
- Variable & Function Scope Aware analysis (This feature is a part of our code flow analysis algorithm)
- Known filter function aware
- OOP & Protoype Compliant
- Minimum False Positive alerts
- Blazing fast performance
- Point and Click :-) (my personal favorite)
- Automatic code de-obfuscation & decompression through Hybrid Analysis (Ra.2 improvisation; http://code.google.com/p/ra2-dom-xss-scanner )
- ECMAScript family support (ActionScript 3, Node.JS, WinJS)
Open "index.html" in your browser.
- In the terminal type "node server.js"
- Go to 127.0.0.1:8888 in your browser.