Skip to content

tophat-cloud/cumulus

Repository files navigation

Cumulus

Application Weakness Monitoring Software

Build & Test codecov npm version Discord

What's Cumulus

Cumulus is a service that helps you monitor and fix security weakness in realtime. The issues will be reported on web dashboard. It's very simple and powerful.

Key features

Just install SDK to web front, can be found security weakness on service

  • SDK detect weakness from Inner Layer, dynamically (ex_ DOM Event, XHR Request)
  • Scanner detect weakness from Out Layer, statically (ex_ Web crawling based analysis)
Name Origin Description
XSS SDK When user input a xss pattern string, trigger detection of XSS
SQLInjection SDK When user input a sqlinjection pattern, trigger detection of SQLInjection
Sensitive Payload SDK When requesting with sensitive payload. for example, unencoded raw password
File Upload SDK When user embed any file worried for system. for example, web shell
Unnecessary Comment Scanner Code comments are on the served HTML or JS
Directory Traversal Scanner Detect directory listing vulnerability
Guessing Scanner Detect sensitive page like admin
Unobfuscated Code Scanner Detect unobfuscated vulnerable codes

If you think about able to detect additional weakness, please contribute on SDK or Scanner

Cumulus SDK for JavaScript

The official Cumulus SDK for JavaScript, providing as npm

Note: current version is unsupported version on typescript project but we considering now and gonna make it, quickly! (#2)

Installation

To install a SDK, simply add package like belows:

npm install --save https://github.com/tophat-cloud/cumulus
yarn add https://github.com/tophat-cloud/cumulus

Setup and usage of SDK always follow the same principle.

import { protect, captureMessage } from 'cumulus';

protect({
  key: '__key__',
});

captureMessage('Hello, world!');

If you haven't __key__, please sign-up and create project to get to key

Contents

Resources

Author

TopHat

@Jinny You  from TopHat