TaintMonkey is a dynamic taint analysis library for Python Flask apps that uses monkey patching to instrument endpoints without changing source code. It includes a built-in fuzzer and plugin workflow to generate randomized inputs and detect vulnerabilities when tainted data reaches dangerous sinks without proper sanitization. The repo also ships with JungleGym, a dataset of 100+ intentionally vulnerable Flask apps mapped to CWE categories for testing and experiments.

As a researcher, I programmed 32 of the 118 JungleGym test applications and built the corresponding vulnerability plugins. I added JSON-input tainting support to TaintMonkey, fixed major GitHub issues affecting data-flow tracking, and contributed to debugging and core architectural decisions. I also wrote the Experimental Procedures section of our research paper, designed all research figures in Figma, formatted the manuscript in Overleaf, and created the 13-slide deck presented at MIT Undergraduate Research Techology Conference (URTC) 2025. Throughout the project, I coordinated deadlines, kept the team on pace, and actively incorporated feedback to improve the research.