{"id":"https://openalex.org/W2901787515","doi":"https://doi.org/10.3390/informatics5040046","title":"Mayall: A Framework for Desktop JavaScript Auditing and Post-Exploitation Analysis","display_name":"Mayall: A Framework for Desktop JavaScript Auditing and Post-Exploitation Analysis","publication_year":2018,"publication_date":"2018-12-17","ids":{"openalex":"https://openalex.org/W2901787515","doi":"https://doi.org/10.3390/informatics5040046","mag":"2901787515"},"language":"en","primary_location":{"id":"doi:10.3390/informatics5040046","is_oa":true,"landing_page_url":"https://doi.org/10.3390/informatics5040046","pdf_url":"https://www.mdpi.com/2227-9709/5/4/46/pdf?version=1545027966","source":{"id":"https://openalex.org/S2738238905","display_name":"Informatics","issn_l":"2227-9709","issn":["2227-9709"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Informatics","raw_type":"journal-article"},"type":"article","indexed_in":["arxiv","crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2227-9709/5/4/46/pdf?version=1545027966","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040970214","display_name":"Adam Rapley","orcid":null},"institutions":[{"id":"https://openalex.org/I877506347","display_name":"Abertay University","ror":"https://ror.org/04mwwnx67","country_code":"GB","type":"education","lineage":["https://openalex.org/I877506347"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Adam Rapley","raw_affiliation_strings":["School of Design and Informatics, Abertay University, Dundee DD1 1HG, UK"],"affiliations":[{"raw_affiliation_string":"School of Design and Informatics, Abertay University, Dundee DD1 1HG, UK","institution_ids":["https://openalex.org/I877506347"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029196733","display_name":"Xavier Bellekens","orcid":"https://orcid.org/0000-0003-1849-5788"},"institutions":[{"id":"https://openalex.org/I877506347","display_name":"Abertay University","ror":"https://ror.org/04mwwnx67","country_code":"GB","type":"education","lineage":["https://openalex.org/I877506347"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Xavier Bellekens","raw_affiliation_strings":["School of Design and Informatics, Abertay University, Dundee DD1 1HG, UK"],"affiliations":[{"raw_affiliation_string":"School of Design and Informatics, Abertay University, Dundee DD1 1HG, UK","institution_ids":["https://openalex.org/I877506347"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046848175","display_name":"Lynsay A. Shepherd","orcid":"https://orcid.org/0000-0002-1082-1174"},"institutions":[{"id":"https://openalex.org/I877506347","display_name":"Abertay University","ror":"https://ror.org/04mwwnx67","country_code":"GB","type":"education","lineage":["https://openalex.org/I877506347"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Lynsay A. Shepherd","raw_affiliation_strings":["School of Design and Informatics, Abertay University, Dundee DD1 1HG, UK"],"affiliations":[{"raw_affiliation_string":"School of Design and Informatics, Abertay University, Dundee DD1 1HG, UK","institution_ids":["https://openalex.org/I877506347"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047469747","display_name":"Colin McLean","orcid":null},"institutions":[{"id":"https://openalex.org/I877506347","display_name":"Abertay University","ror":"https://ror.org/04mwwnx67","country_code":"GB","type":"education","lineage":["https://openalex.org/I877506347"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Colin McLean","raw_affiliation_strings":["School of Design and Informatics, Abertay University, Dundee DD1 1HG, UK"],"affiliations":[{"raw_affiliation_string":"School of Design and Informatics, Abertay University, Dundee DD1 1HG, UK","institution_ids":["https://openalex.org/I877506347"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5029196733"],"corresponding_institution_ids":["https://openalex.org/I877506347"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":0.0,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.16822534,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":"5","issue":"4","first_page":"46","last_page":"46"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.9044108390808105},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7386549115180969},{"id":"https://openalex.org/keywords/node","display_name":"Node (physics)","score":0.6031055450439453},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5831305384635925},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5496087670326233},{"id":"https://openalex.org/keywords/unobtrusive-javascript","display_name":"Unobtrusive JavaScript","score":0.5379375219345093},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4929192066192627},{"id":"https://openalex.org/keywords/callback","display_name":"Callback","score":0.47355926036834717},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.42282789945602417},{"id":"https://openalex.org/keywords/covert","display_name":"Covert","score":0.42073044180870056},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.30099454522132874},{"id":"https://openalex.org/keywords/rich-internet-application","display_name":"Rich Internet application","score":0.2116633653640747},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.14383769035339355},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12234815955162048}],"concepts":[{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.9044108390808105},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7386549115180969},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.6031055450439453},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5831305384635925},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5496087670326233},{"id":"https://openalex.org/C198240166","wikidata":"https://www.wikidata.org/wiki/Q2298909","display_name":"Unobtrusive JavaScript","level":4,"score":0.5379375219345093},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4929192066192627},{"id":"https://openalex.org/C204495577","wikidata":"https://www.wikidata.org/wiki/Q1205349","display_name":"Callback","level":2,"score":0.47355926036834717},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.42282789945602417},{"id":"https://openalex.org/C2779338814","wikidata":"https://www.wikidata.org/wiki/Q5179285","display_name":"Covert","level":2,"score":0.42073044180870056},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.30099454522132874},{"id":"https://openalex.org/C103048170","wikidata":"https://www.wikidata.org/wiki/Q725485","display_name":"Rich Internet application","level":3,"score":0.2116633653640747},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.14383769035339355},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12234815955162048},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C66938386","wikidata":"https://www.wikidata.org/wiki/Q633538","display_name":"Structural engineering","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0}],"mesh":[],"locations_count":6,"locations":[{"id":"doi:10.3390/informatics5040046","is_oa":true,"landing_page_url":"https://doi.org/10.3390/informatics5040046","pdf_url":"https://www.mdpi.com/2227-9709/5/4/46/pdf?version=1545027966","source":{"id":"https://openalex.org/S2738238905","display_name":"Informatics","issn_l":"2227-9709","issn":["2227-9709"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Informatics","raw_type":"journal-article"},{"id":"pmh:oai:rke.abertay.ac.uk:openaire_cris_publications/41f7ffd0-717f-4bef-b38b-8032368220a3","is_oa":true,"landing_page_url":"https://rke.abertay.ac.uk/en/publications/41f7ffd0-717f-4bef-b38b-8032368220a3","pdf_url":null,"source":{"id":"https://openalex.org/S4306402526","display_name":"Abertay Research Portal (Abertay University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I877506347","host_organization_name":"Abertay University","host_organization_lineage":["https://openalex.org/I877506347"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":"Rapley , A , Bellekens , X , Shepherd , L A &amp; McLean , C 2018 , ' Mayall : a framework for desktop JavaScript auditing and post-exploitation analysis ' , Informatics , vol. 5 , no. 4 , 46 . https://doi.org/10.3390/informatics5040046","raw_type":"article"},{"id":"pmh:oai:strathprints.strath.ac.uk:69723","is_oa":false,"landing_page_url":"https://strathprints.strath.ac.uk/view/author/854955.html>","pdf_url":null,"source":{"id":"https://openalex.org/S4306402226","display_name":"Strathprints: The University of Strathclyde institutional repository (University of Strathclyde)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I181647926","host_organization_name":"University of Strathclyde","host_organization_lineage":["https://openalex.org/I181647926"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"},{"id":"pmh:oai:arXiv.org:1811.05945","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1811.05945","pdf_url":"https://arxiv.org/pdf/1811.05945","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"pmh:oai:doaj.org/article:d9f83813ffd64820a0f52477fb84767a","is_oa":true,"landing_page_url":"https://doaj.org/article/d9f83813ffd64820a0f52477fb84767a","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Informatics, Vol 5, Iss 4, p 46 (2018)","raw_type":"article"},{"id":"pmh:oai:mdpi.com:/2227-9709/5/4/46/","is_oa":true,"landing_page_url":"http://dx.doi.org/10.3390/informatics5040046","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Informatics","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.3390/informatics5040046","is_oa":true,"landing_page_url":"https://doi.org/10.3390/informatics5040046","pdf_url":"https://www.mdpi.com/2227-9709/5/4/46/pdf?version=1545027966","source":{"id":"https://openalex.org/S2738238905","display_name":"Informatics","issn_l":"2227-9709","issn":["2227-9709"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Informatics","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2901787515.pdf","grobid_xml":"https://content.openalex.org/works/W2901787515.grobid-xml"},"referenced_works_count":14,"referenced_works":["https://openalex.org/W1542440159","https://openalex.org/W1577719850","https://openalex.org/W1658564704","https://openalex.org/W1972700774","https://openalex.org/W1999579337","https://openalex.org/W2055931054","https://openalex.org/W2101678831","https://openalex.org/W2104594675","https://openalex.org/W2162316255","https://openalex.org/W2333725978","https://openalex.org/W2551973953","https://openalex.org/W2591793539","https://openalex.org/W2742244373","https://openalex.org/W6601352311"],"related_works":["https://openalex.org/W650647575","https://openalex.org/W2472584751","https://openalex.org/W2476571673","https://openalex.org/W597036300","https://openalex.org/W827014118","https://openalex.org/W2737557375","https://openalex.org/W2737171366","https://openalex.org/W4206210324","https://openalex.org/W2488213809","https://openalex.org/W4284698742"],"abstract_inverted_index":{"Writing":[0],"desktop":[1],"applications":[2,12,124,130,188],"in":[3,17,94],"JavaScript":[4,39,54,110],"offers":[5],"developers":[6],"the":[7,52,65,77,102,157,167],"opportunity":[8],"to":[9,26,64,73,76,89,133,176],"create":[10],"cross-platform":[11],"with":[13,139,170],"cutting-edge":[14],"capabilities.":[15],"However,":[16],"doing":[18],"so,":[19],"they":[20],"are":[21,71,197,202],"potentially":[22],"submitting":[23],"their":[24],"code":[25,179],"a":[27,86,151,162,192],"number":[28,193],"of":[29,129,165,194],"unsanctioned":[30],"modifications":[31],"from":[32],"malicious":[33,174],"actors.":[34],"Electron":[35,123,158],"is":[36,49,161],"one":[37],"such":[38],"application":[40],"framework":[41],"which":[42,160],"facilitates":[43],"this":[44,62,99,148],"multi-platform":[45],"out-the-box":[46],"paradigm":[47],"and":[48,113,125,153,180,186,199],"based":[50],"upon":[51],"Node.js":[53,83],"runtime\u2014an":[55],"increasingly":[56],"popular":[57,122],"server-side":[58],"technology.":[59],"By":[60],"bringing":[61],"technology":[63],"client-side":[66],"environment,":[67],"previously":[68,91],"unrealized":[69],"risks":[70,93],"exposed":[72],"users":[74],"due":[75],"powerful":[78],"system":[79],"programming":[80],"interface":[81],"that":[82,127],"exposes.":[84],"In":[85],"concerted":[87],"effort":[88],"highlight":[90],"unexposed":[92],"these":[95],"rapidly":[96],"expanding":[97],"frameworks,":[98],"paper":[100,117,149],"presents":[101],"Mayall":[103],"Framework,":[104],"an":[105],"extensible":[106],"toolkit":[107],"aimed":[108],"at":[109],"security":[111],"auditing":[112],"post-exploitation":[114],"analysis.":[115],"This":[116],"also":[118],"exposes":[119],"fifteen":[120],"highly":[121],"demonstrates":[126],"two-thirds":[128],"were":[131],"found":[132],"be":[134],"using":[135],"known":[136],"vulnerable":[137],"elements":[138],"high":[140],"CVSS":[141],"(Common":[142],"Vulnerability":[143],"Scoring":[144],"System)":[145],"scores.":[146],"Moreover,":[147],"discloses":[150],"wide-reaching":[152],"overlooked":[154],"vulnerability":[155],"within":[156],"Framework":[159],"direct":[163],"byproduct":[164],"shipping":[166],"runtime":[168],"unaltered":[169],"each":[171],"application,":[172],"allowing":[173],"actors":[175],"modify":[177],"source":[178],"inject":[181],"covert":[182],"malware":[183],"inside":[184],"verified":[185],"signed":[187],"without":[189],"restriction.":[190],"Finally,":[191],"injection":[195],"vectors":[196],"explored":[198],"appropriate":[200],"remediations":[201],"proposed.":[203]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}