Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tophat-cloud/cumulus
Cumulus is web application weakness monitoring, works with just 3 code lines
https://github.com/tophat-cloud/cumulus
javascript security vulnerability weakness weakness-reporting
Last synced: about 2 months ago
JSON representation
Cumulus is web application weakness monitoring, works with just 3 code lines
- Host: GitHub
- URL: https://github.com/tophat-cloud/cumulus
- Owner: tophat-cloud
- License: bsd-3-clause
- Created: 2021-07-28T15:08:16.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2023-01-27T06:14:58.000Z (almost 2 years ago)
- Last Synced: 2024-08-05T17:38:00.326Z (5 months ago)
- Topics: javascript, security, vulnerability, weakness, weakness-reporting
- Language: JavaScript
- Homepage: https://cumulus.tophat.cloud
- Size: 7.25 MB
- Stars: 41
- Watchers: 2
- Forks: 3
- Open Issues: 45
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - tophat-cloud/cumulus - Cumulus is web application weakness monitoring, works with just 3 code lines (JavaScript)
README
Application Weakness Monitoring Software
[](https://codecov.io/gh/tophat-cloud/cumulus)
[](https://github.com/tophat-cloud/cumulus/releases/tag/v0.0.2)
[](https://discord.gg/BH7h6F2C7N)
# What's Cumulus
Cumulus is a service that helps you monitor and fix security weakness
in realtime. The issues will be reported on web dashboard. It's very simple and powerful.
# Key features
Just install SDK to web front, can be found security weakness on service
- SDK detect weakness from Inner Layer, dynamically (ex_ DOM Event, XHR Request)
- Scanner detect weakness from Out Layer, statically (ex_ Web crawling based analysis)
| Name | Origin | Description |
| ---- | ---- | ---- |
| XSS | SDK | When user input a xss pattern string, trigger detection of XSS
| SQLInjection | SDK | When user input a sqlinjection pattern, trigger detection of SQLInjection
| Sensitive Payload | SDK | When requesting with sensitive payload. for example, unencoded raw password
| File Upload | SDK | When user embed any file worried for system. for example, web shell
| Unnecessary Comment | Scanner | Code comments are on the served HTML or JS
| Directory Traversal | Scanner | Detect directory listing vulnerability
| Guessing | Scanner | Detect sensitive page like admin
| Unobfuscated Code | Scanner | Detect unobfuscated vulnerable codes
If you think about able to detect additional weakness, please contribute on SDK or Scanner
# Cumulus SDK for JavaScript
The official Cumulus SDK for JavaScript, providing as npm
> Note: current version is unsupported version on typescript project but we considering now and gonna make it, quickly! ([#2](https://github.com/tophat-cloud/cumulus/issues/2))
## Installation
To install a SDK, simply add package like belows:
```
npm install --save https://github.com/tophat-cloud/cumulus
yarn add https://github.com/tophat-cloud/cumulus
```
Setup and usage of SDK always follow the same principle.
```javascript
import { protect, captureMessage } from 'cumulus';
protect({
key: '__key__',
});
captureMessage('Hello, world!');
```
> If you haven't `__key__`, please [sign-up](https://cumulus.tophat.cloud/signup) and create project to get to key
## Contents
- [Official Site](https://cumulus.tophat.cloud)
- [Contributing](https://github.com/tophat-cloud/cumulus/blob/main/CONTRIBUTING.md)
- [Change log](https://github.com/tophat-cloud/cumulus/blob/main/CHANGELOG.md)
- [OpenSource License](https://cumulus.tophat.cloud/license.html)
- [Documents](https://github.com/tophat-cloud/cumulus/wiki)
- [Roadmap](https://github.com/tophat-cloud/cumulus/projects/1)
## Resources
- [cumulus-scanner](https://github.com/tophat-cloud/cumulus-scanner)
- [cumulus-front](https://github.com/tophat-cloud/cumulus-front)
- [cumulus-back](https://github.com/tophat-cloud/cumulus-back)
## Author
@Jinny You  from TopHat