Repositories list

• state-of-passkeys-artifacts

  Public
  Artifacts for the paper "The State of Passkeys: Studying the Adoption and Security of Passkeys on the Web", accepted at the 35th USENIX Security Symposium 2026.

  testing-toolsmeasurementsecurity-tools+ 4webauthnusenixpasskeysusenix-security-2026

  Jupyter Notebook

  •

  Apache License 2.0

  •0•1•0•0•Updated Feb 23, 2026Feb 23, 2026

• ShareJSXML

  Public
  Library to allow concurrent editing of XML documents using Operational Transforms based on ShareJS 0.6

  CoffeeScript

  •

  MIT License

  •1•2•0•1•Updated Feb 21, 2026Feb 21, 2026

• passkeys.tools

  Public
  A comprehensive security testing and development toolkit for WebAuthn (passkey) implementations. Passkeys.Tools provides full emulation of both the client (brow…

  testing-toolssecurity-toolswebauthn+ 1passkeys

  JavaScript

  •

  Apache License 2.0

  •0•5•0•0•Updated Feb 4, 2026Feb 4, 2026

• graphdiff.js

  Public
  Compare the DOM of two browser windows by using graph comparison. JavaScript port of the corresponding AutoLeak functionality.

  JavaScript

  •

  GNU General Public License v3.0

  •0•0•0•0•Updated Jan 23, 2026Jan 23, 2026

• exposee_layout

  Public template
  Latex template for students writing an exposé for a seminar or thesis

  TeX

  •8•9•0•0•Updated Dec 15, 2025Dec 15, 2025

• thesis_layout

  Public template
  Latex template for students writing a bachelor or master thesis

  TeX

  •21•26•0•0•Updated Dec 15, 2025Dec 15, 2025

• DISTINCT

  Public
  Dynamic In-Browser Single Sign-On Tracer Inspecting Novel Communication Techniques

  oauthauthenticationpopup+ 9authorizationiframeresearch-toolweb-securityopenid-connectresearch-papersingle-sign-on+ 2

  JavaScript

  •

  Apache License 2.0

  •1•12•0•0•Updated Oct 26, 2025Oct 26, 2025

• SSH-Strict-Kex-Violations-State-Learning-Artifacts

  Public
  Artifacts for the paper "Finding SSH Strict Key Exchange Violations by State Learning", accepted at the ACM Conference on Computer and Communications Security (…

  sshcryptographyattack+ 6vulnerabilityartifactscve-2025-32433statelearningstrict-kexcve-2025-32942

  Java

  •

  Apache License 2.0

  •1•0•0•1•Updated Oct 2, 2025Oct 2, 2025

• SSH-Client-Signatures-Artifacts

  Public
  Artifacts for the paper "On the Security of SSH Client Signatures", accepted at the ACM Conference on Computer and Communications Security (CCS) 2025.

  githubsshcryptography+ 6gitlablaunchpadssh-clientmeasurementpublic-keyscve-2024-31497

  Go

  •

  Apache License 2.0

  •0•1•0•0•Updated Oct 2, 2025Oct 2, 2025

• TlsPraktikumServer

  Public
  TLS 1.3 Server framework for our TLS Praktikum lecture

  Java

  •2•0•0•2•Updated Sep 23, 2025Sep 23, 2025

• pdf-attacker

  Public
  Python

  •13•30•0•0•Updated Sep 19, 2025Sep 19, 2025

• SSO-Monitor

  Public
  SSO-Monitor.Me: The First Reproducible and Reliable SSO-Archive for Single Sign-On Landscape and Security Measurements

  JavaScript

  •

  MIT License

  •3•4•1•1•Updated Aug 6, 2025Aug 6, 2025

• Artifacts-TLS-State-Learner

  Public
  Java

  •0•0•0•0•Updated Aug 4, 2025Aug 4, 2025

• BouncyCastleTLS

  Public
  BouncyCastle TLS examples

  Java

  •2•3•0•2•Updated Jan 31, 2025Jan 31, 2025

• JsseTLS

  Public
  Java

  •2•2•0•0•Updated Jan 31, 2025Jan 31, 2025

• AutoLeak

  Public
  Find XS-Leaks in the browser by diffing DOM-Graphs in two states

  xs-leaks

  JavaScript

  •

  GNU General Public License v3.0

  •1•18•0•0•Updated Jan 20, 2025Jan 20, 2025

• disclaimer

  Public
  HTML

  •0•0•0•0•Updated Dec 20, 2024Dec 20, 2024

• WS-Attacker

  Public
  WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (http…

  Java

  •

  GNU General Public License v2.0

  •116•491•17•2•Updated Oct 3, 2024Oct 3, 2024

• alpaca-attack

  Public
  HTML

  •2•1•0•0•Updated Sep 21, 2024Sep 21, 2024

• RTLF

  Public
  0•0•0•0•Updated Sep 16, 2024Sep 16, 2024

• Terrapin-Website

  Public
  This repository hosts the public website for the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation" via GitHub Pages.

  sshcryptographyattack+ 1vulnerability

  HTML

  •0•4•0•0•Updated Sep 2, 2024Sep 2, 2024

• SSO-Privacy-Guard

  Public
  SSO Privacy Guard is a Chrome browser extension blocking all automatically issued SSO messages to protect the user's privacy.

  JavaScript

  •0•0•0•0•Updated Aug 26, 2024Aug 26, 2024

• PRET

  Public
  Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

  Python

  •

  GNU General Public License v2.0

  •645•4.2k•62•7•Updated Aug 2, 2024Aug 2, 2024

• Terrapin-Artifacts

  Public
  This repository contains the artifacts for the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

  sshcryptographyattack+ 7pocvulnerabilityartifactsterrapincve-2023-48795cve-2023-46445cve-2023-46446

  Python

  •

  Apache License 2.0

  •14•73•0•0•Updated May 3, 2024May 3, 2024

• Artifacts-With-Great-Power-Come-Great-Side-Channels

  Public
  Python

  •

  Apache License 2.0

  •0•0•0•0•Updated May 3, 2024May 3, 2024

• Terrapin-Scanner

  Public
  This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequenc…

  sshcryptographyattack+ 2vulnerabilityvulnerability-scanner

  Go

  •

  Apache License 2.0

  •69•990•5•0•Updated Mar 17, 2024Mar 17, 2024

• xsinator.com

  Public
  XS-Leak Browser Test Suite

  xs-leaks

  JavaScript

  •

  GNU General Public License v3.0

  •8•85•0•0•Updated Dec 19, 2023Dec 19, 2023

• AKE-Cryptoverif-Tutorial

  Public
  HTML

  •

  BSD 2-Clause "Simplified" License

  •1•1•2•0•Updated Feb 16, 2023Feb 16, 2023

• DocumentSignatureValidator

  Public
  Automation tool for evaluating the signature status of office documents

  C++

  •2•2•0•0•Updated Feb 14, 2023Feb 14, 2023

• internet-crypto

  Public
  0•0•0•0•Updated Feb 2, 2023Feb 2, 2023