🛡️ Aimless Security

---

💡 Why Aimless Security?

- ✅ 3-Line Setup - Seriously. Copy, paste, protected.
- 🎨 Beautiful UI - Custom loading screens with your branding
- 🔔 Instant Alerts - Get notified in Slack/Discord when attacks happen
- 🤖 Auto Bot Blocking - Stops scrapers, scanners, and automated attacks
- 📊 Built-in Analytics - See what's being attacked in real-time
- 🌐 Works Everywhere - Express, Next.js, Vercel, AWS Lambda, anywhere
- 🆓 Completely Free - MIT licensed, use it anywhere

🚀 Quick Start (3 Lines)

$3

``bash
npm install CamozDevelopment/Aimless-Security
`

$3

`javascript
const express = require('express');
const { Aimless } = require('aimless-sdk');

const app = express();
app.use(express.json());

const aimless = new Aimless({ rasp: { enabled: true } });
app.use(aimless.middleware()); // ← That's it! You're protected 🎉

app.listen(3000);
`

Done! Your app is now protected against:
- ✅ SQL Injection
- ✅ XSS Attacks
- ✅ Command Injection
- ✅ Path Traversal
- ✅ NoSQL Injection
- ✅ CSRF Attacks
- ✅ XXE & SSRF
- ✅ Rate Limit Abuse
- ✅ Bot/Scanner Traffic
- ✅ Unicode SQL Injection
- ✅ Polyglot Attacks

✨ What's New in v1.3.4

✨ What's New in v1.3.4

$3

`javascript
const aimless = new Aimless({
rasp: {
// Beautiful loading screen while checking security
loadingScreen: {
enabled: true,
message: 'Verifying your request...'
},
// Custom message when blocking attacks
customBlockMessage: 'Contact support@yourcompany.com'
}
});

app.use(aimless.loading()); // Add before middleware
app.use(aimless.middleware());
`

$3

Get instant alerts in Slack or Discord when attacks happen:

`javascript
webhooks: {
enabled: true,
url: 'https://hooks.slack.com/services/YOUR/WEBHOOK/URL',
events: ['block', 'threat'] // What to notify about
}
`

$3

Automatically detect and block bots, scrapers, and automated attacks:

`javascript
requestFingerprinting: {
enabled: true,
blockAutomatedTraffic: true // Auto-block bots
}
`

$3

Track what's being attacked in real-time:

`javascript
app.get('/analytics', (req, res) => {
res.json(aimless.getAnalytics()); // Get detailed metrics
});
`

$3

Rate limits that adapt based on IP reputation:

`javascript
rateLimiting: {
enabled: true,
maxRequests: 100,
windowMs: 60000,
dynamicThrottling: true // Lower limits for suspicious IPs
}
`

🎯 Features

$3

- SQL Injection - 30+ patterns including Unicode SQL
- XSS Protection - Multi-layer detection with sanitization
- Polyglot Attacks - Detects combined SQL+XSS attacks
- Command Injection - PowerShell, Bash, file operations
- Path Traversal - Directory traversal prevention
- NoSQL Injection - MongoDB, Redis, CouchDB
- CSRF Protection - Automatic token generation
- XXE & SSRF - XML and server-side request forgery
- Rate Limiting - Prevent abuse and DoS attacks

$3

- Custom Loading Screens - Beautiful security check UI
- Webhook Notifications - Slack/Discord alerts
- Bot Detection - Block automated traffic
- Security Analytics - Real-time attack metrics
- IP Reputation - Automatic threat scoring
- Access Control - Define allowed/blocked endpoints
- API Fuzzing - Find vulnerabilities before attackers do

📖 Examples

$3

`javascript
const aimless = new Aimless({ rasp: { enabled: true } });
app.use(aimless.middleware());
`

$3

`javascript
const aimless = new Aimless({
rasp: {
enabled: true,
blockMode: true,

// Custom UI
customBlockMessage: 'For support: security@example.com',
loadingScreen: {
enabled: true,
message: 'Checking security...',
minDuration: 500
},

// Webhooks
webhooks: {
enabled: true,
url: 'https://discord.com/api/webhooks/YOUR/WEBHOOK',
events: ['block', 'threat']
},

// Bot detection
requestFingerprinting: {
enabled: true,
blockAutomatedTraffic: true
},

// Analytics
analytics: {
enabled: true,
retention: 30
},

// Smart rate limiting
rateLimiting: {
enabled: true,
maxRequests: 100,
windowMs: 60000,
dynamicThrottling: true
}
}
});

// Add middleware (order matters!)
app.use(aimless.loading()); // 1. Loading screen
app.use(aimless.middleware()); // 2. Security protection
`

$3

`javascript
app.post('/api/user', (req, res) => {
const result = aimless.validate(req.body.username)
.against(['sql', 'xss'])
.sanitize()
.result();

if (!result.safe) {
return res.status(403).json({ error: 'Invalid input' });
}

// Use result.sanitized safely
createUser(result.sanitized);
});
`

$3

`javascript
app.use(aimless.csrf()); // Adds CSRF tokens

app.get('/form', (req, res) => {
res.send(

Submit

);
});
`

$3

`javascript
app.get('/admin/security', (req, res) => {
const analytics = aimless.getAnalytics();
res.json({
totalRequests: analytics.totalRequests,
threats: analytics.threatsDetected,
blocked: analytics.threatsBlocked,
topAttackTypes: analytics.topAttackTypes,
topAttackIPs: analytics.topAttackIPs
});
});
`

🎨 Customization

$3

The loading screen shows while Aimless checks requests. Perfect for user-facing apps:

`javascript
loadingScreen: {
enabled: true,
message: 'Verifying your request security...',
minDuration: 1000 // Show for at least 1 second
}
`

Features:
- Dark theme design with your logo
- Smooth animations
- Customizable message
- Only shows on HTML responses

$3

Get notified instantly when attacks happen:

Discord:
`javascript
webhooks: {
enabled: true,
url: 'https://discord.com/api/webhooks/YOUR/WEBHOOK/URL',
events: ['block', 'threat', 'rateLimit']
}
`

Slack:
`javascript
webhooks: {
enabled: true,
url: 'https://hooks.slack.com/services/YOUR/WEBHOOK/URL',
events: ['all']
}
`

$3

Automatically identify and block:
- curl, wget, python-requests
- Headless browsers (Puppeteer, Selenium)
- Security scanners (SQLMap, Burp, ZAP)
- Missing browser headers
- Suspicious patterns

`javascript
requestFingerprinting: {
enabled: true,
blockAutomatedTraffic: true
}
`

📊 API Reference

$3

- aimless.middleware() - Main security middleware
- aimless.loading() - Loading screen middleware
- aimless.csrf() - CSRF protection
- aimless.validate(input) - Validate user input
- aimless.sanitize(text) - Sanitize output
- aimless.getAnalytics() - Get security metrics
- aimless.getIPReputation(ip) - Get IP score (0-100)

$3

`javascript
{
rasp: {
enabled: boolean, // Enable protection
blockMode: boolean, // Block threats (false = monitor)
customBlockMessage: string, // Custom block message
loadingScreen: { ... }, // Loading screen config
webhooks: { ... }, // Webhook config
requestFingerprinting: { ... },// Bot detection
analytics: { ... }, // Analytics config
rateLimiting: { ... } // Rate limit config
},
logging: {
enabled: boolean,
level: 'info' | 'warn' | 'error'
}
}
`

🚀 Deployment

$3

`javascript
// pages/api/[...all].js
import { Aimless } from 'aimless-sdk';

const aimless = new Aimless({ rasp: { enabled: true } });

export default async function handler(req, res) {
// Analyze request
const threats = aimless.analyze({
method: req.method,
path: req.url,
query: req.query,
body: req.body,
headers: req.headers,
ip: req.headers['x-forwarded-for'] || req.socket.remoteAddress
});

// Block if threats found
if (threats.length > 0) {
return res.status(403).json({ error: 'Request blocked' });
}

// Your API logic
res.json({ status: 'ok' });
}
`

$3

Works out of the box with serverless frameworks!

$3

See examples above - just app.use(aimless.middleware())`

📚 More Documentation

- Complete Documentation - Full API reference
- Examples - Working code examples
- Changelog - Version history

🤝 Contributing

Contributions welcome! Please see our contributing guidelines.

📄 License

MIT - Use it anywhere, for free!

💬 Support

- 🐛 Report Issues
- ⭐ Star on GitHub
- 📧 Contact: CamozDevelopment

---