Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tophat-cloud/cumulus

Cumulus is web application weakness monitoring, works with just 3 code lines
https://github.com/tophat-cloud/cumulus

javascript security vulnerability weakness weakness-reporting

Last synced: 21 days ago
JSON representation

Cumulus is web application weakness monitoring, works with just 3 code lines

Awesome Lists containing this project

README

        




Cumulus



Application Weakness Monitoring Software

![Build & Test](https://github.com/tophat-cloud/cumulus/actions/workflows/main.yml/badge.svg)
[![codecov](https://codecov.io/gh/tophat-cloud/cumulus/branch/main/graph/badge.svg?token=HDT8UJHMNN)](https://codecov.io/gh/tophat-cloud/cumulus)
[![npm version](https://img.shields.io/badge/npm-0.0.2-orange)](https://github.com/tophat-cloud/cumulus/releases/tag/v0.0.2)
[![Discord](https://img.shields.io/discord/898906919878668299)](https://discord.gg/BH7h6F2C7N)

# What's Cumulus

Cumulus is a service that helps you monitor and fix security weakness
in realtime. The issues will be reported on web dashboard. It's very simple and powerful.





# Key features
Just install SDK to web front, can be found security weakness on service

- SDK detect weakness from Inner Layer, dynamically (ex_ DOM Event, XHR Request)
- Scanner detect weakness from Out Layer, statically (ex_ Web crawling based analysis)

| Name | Origin | Description |
| ---- | ---- | ---- |
| XSS | SDK | When user input a xss pattern string, trigger detection of XSS
| SQLInjection | SDK | When user input a sqlinjection pattern, trigger detection of SQLInjection
| Sensitive Payload | SDK | When requesting with sensitive payload. for example, unencoded raw password
| File Upload | SDK | When user embed any file worried for system. for example, web shell
| Unnecessary Comment | Scanner | Code comments are on the served HTML or JS
| Directory Traversal | Scanner | Detect directory listing vulnerability
| Guessing | Scanner | Detect sensitive page like admin
| Unobfuscated Code | Scanner | Detect unobfuscated vulnerable codes

If you think about able to detect additional weakness, please contribute on SDK or Scanner

# Cumulus SDK for JavaScript

The official Cumulus SDK for JavaScript, providing as npm

> Note: current version is unsupported version on typescript project but we considering now and gonna make it, quickly! ([#2](https://github.com/tophat-cloud/cumulus/issues/2))

## Installation

To install a SDK, simply add package like belows:

```
npm install --save https://github.com/tophat-cloud/cumulus
yarn add https://github.com/tophat-cloud/cumulus
```

Setup and usage of SDK always follow the same principle.

```javascript
import { protect, captureMessage } from 'cumulus';

protect({
key: '__key__',
});

captureMessage('Hello, world!');
```

> If you haven't `__key__`, please [sign-up](https://cumulus.tophat.cloud/signup) and create project to get to key

## Contents
- [Official Site](https://cumulus.tophat.cloud)
- [Contributing](https://github.com/tophat-cloud/cumulus/blob/main/CONTRIBUTING.md)
- [Change log](https://github.com/tophat-cloud/cumulus/blob/main/CHANGELOG.md)
- [OpenSource License](https://cumulus.tophat.cloud/license.html)
- [Documents](https://github.com/tophat-cloud/cumulus/wiki)
- [Roadmap](https://github.com/tophat-cloud/cumulus/projects/1)

## Resources
- [cumulus-scanner](https://github.com/tophat-cloud/cumulus-scanner)
- [cumulus-front](https://github.com/tophat-cloud/cumulus-front)
- [cumulus-back](https://github.com/tophat-cloud/cumulus-back)

## Author




TopHat


@Jinny You&nbsp from TopHat