Scumblr
Perform periodic syncs of data sources and performing analysis on the identified results.
Scumblr is a web application that allows performing periodic syncs of data sources (such as Github repositories and URLs) and performing analysis (such as static analysis, dynamic checks, and metadata collection) on the identified results. Scumblr helps you streamline proactive security through an intelligent automation framework to help you identify, track, and resolve security issues faster.
Scumblr ships with a number of tasks to help you streamline security automation including:
Sync Tasks:
- Github - Sync results from github Repositories
- Route53 DNS - Sync FQDNs from Route53 DNS
- Manual Result Upload - Specify a new line delimited list of results you'd like to sync into Scumblr
Security Tasks:
- Github Search - Search Github for secrets, anti-patterns, and vulnerabilities in your repositories
- Curl - Execute curl commands to identify vulnerabilities or issues against Scumblr results
- Bandit - Perform static code analysis against Python projects
- Brakeman - Perform static code analysis against Ruby on Rails projects.
- Search Tasks (legacy):
- Google
- Facebook
- Twitter
- iTunes Store
- Certificate Transparency
- Ebay
- Google Play
- Reddit
- RSS Feeds (useful for full disclosure searches)
- YouTube
Scumblr also provides a number of novel features that streamline security automation including:
- Tracking, ticketing, regression monitoring, and auto-remediation of security vulnerabilities
- Metadata storage in results to allow for advanced result filtering
- Customizable views and sorting of results and tasks to get you to the important details faster
- Saveable result filters that can be shared with colleagues
- Event model for auditing changes to results so you can keep an eye on what is happening
- Email subscriptions for specific results or tasks you care about (such as monitoring when a security task finds a new vulnerability)
- Advanced asynchronous task scheduling to allow for task chaining and task batching
Scumblr uses the Workflowable gem to allow setting up flexible workflows for different types of results.