welsonjs/SECURITY.MD
2023-07-02 02:22:19 +09:00

1.9 KiB

Security Note for WelsonJS

Caution

This repository contains information on accessing Windows APIs and functions on the JavaScript runtime, along with recent case studies. While this can provide a flexible development environment for anyone, it can also be misused for malicious purposes. Please be aware that using this project to create abuse tools, such as a DoS attack, may result in legal punishment in your country. We encourage you to use this project only for creating web technology-based applications, like Electron, or legally permitted testing tools.

Known use cases

WelsonJS is typically used for the following purposes:

  • Testing web accessibility and compliance, including adherence to W3C standards (WEB-ARIA, WCAG), national laws (ADA/DDA, GDPR), and other relevant regulations.
  • Exploring vulnerabilities of equipment within the local network.
  • Improving the availability of VPN or Proxy clients.
  • Building automation, CD/CI (Continuous Integration/Continuous Delivery), DevOps, and SecOps.
  • Asset evaluation (e.g. Online shopping history)

Note 1: If you plan to use WelsonJS for a purpose other than those mentioned above, please contact us beforehand.

Note 2: A similar approach to WelsonJS has been called LOLBins in the cybersecurity community since 2018. While WelsonJS is not intended to be used for malicious purposes, it may provide useful hints for extensions.

Guidelines for the use of online shopping platforms

It has been observed within the past two years that some users of this tool have produced results similar to DDoS attacks when using online shopping platforms. When using online shopping platforms, it is strongly advised to use them only for asset evaluation purposes. Failure to comply with this recommendation may result in legal action being taken.

Report abuse

If you discover any instances of this project being misused, please report them.