@ginger_tea/bug_finder 1.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -0
- package/index.js +108 -0
- package/package.json +23 -0
- package/tea.yaml +6 -0
- package/test/test.js +39 -0
package/README.md
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# bug-finder
|
|
2
|
+
|
|
3
|
+
**bug-finder** adalah utilitas otomatisasi untuk menemukan kerentanan keamanan dasar di aplikasi web. Ini memungkinkan Anda untuk memeriksa tautan yang rusak dan melakukan pemeriksaan dasar pada formulir di situs web target.
|
|
4
|
+
|
|
5
|
+
## Instalasi
|
|
6
|
+
|
|
7
|
+
Untuk menginstal dependensi yang diperlukan, jalankan:
|
|
8
|
+
|
|
9
|
+
```sh
|
|
10
|
+
npm install
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
### Tambahan
|
|
14
|
+
|
|
15
|
+
Untuk menyempurnakan proyek ini, Anda bisa menambahkan fitur-fitur berikut:
|
|
16
|
+
- **Pemeriksaan Formulir:** Menambahkan fungsi untuk memeriksa formulir tanpa validasi.
|
|
17
|
+
- **Laporan Kerentanan:** Membuat laporan yang merangkum semua kerentanan yang ditemukan.
|
|
18
|
+
- **Konfigurasi Lebih Lanjut:** Menambahkan opsi konfigurasi untuk URL target, batas waktu permintaan, dll.
|
|
19
|
+
|
package/index.js
ADDED
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
// index.js
|
|
2
|
+
|
|
3
|
+
const axios = require('axios');
|
|
4
|
+
const cheerio = require('cheerio');
|
|
5
|
+
const Web3 = require('web3');
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
const config = {
|
|
10
|
+
url: 'https://pancakeswap.finance/',
|
|
11
|
+
timeout: 5000, // Milidetik
|
|
12
|
+
web3Provider: 'https://eth-mainnet.g.alchemy.com/v2/V3ooohLuofPLdWS0UqJG5rhf-bE7zKzL' // Ganti dengan URL node Ethereum Anda
|
|
13
|
+
};
|
|
14
|
+
|
|
15
|
+
async function checkBrokenLinks(url) {
|
|
16
|
+
try {
|
|
17
|
+
const { data } = await axios.get(url);
|
|
18
|
+
const $ = cheerio.load(data);
|
|
19
|
+
const links = $('a');
|
|
20
|
+
const brokenLinks = [];
|
|
21
|
+
|
|
22
|
+
await Promise.all(links.map(async (i, link) => {
|
|
23
|
+
const href = $(link).attr('href');
|
|
24
|
+
if (href && href.startsWith('http')) {
|
|
25
|
+
try {
|
|
26
|
+
await axios.get(href);
|
|
27
|
+
} catch (error) {
|
|
28
|
+
brokenLinks.push(href);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
}).get());
|
|
32
|
+
|
|
33
|
+
return brokenLinks;
|
|
34
|
+
} catch (error) {
|
|
35
|
+
console.error(`Error checking URL ${url} for broken links:`, error);
|
|
36
|
+
return [];
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
async function checkForms(url) {
|
|
41
|
+
try {
|
|
42
|
+
const { data } = await axios.get(url);
|
|
43
|
+
const $ = cheerio.load(data);
|
|
44
|
+
const forms = $('form');
|
|
45
|
+
const formsWithoutValidation = [];
|
|
46
|
+
|
|
47
|
+
forms.each((i, form) => {
|
|
48
|
+
const inputs = $(form).find('input, textarea, select');
|
|
49
|
+
let hasValidation = false;
|
|
50
|
+
|
|
51
|
+
inputs.each((j, input) => {
|
|
52
|
+
const required = $(input).attr('required');
|
|
53
|
+
const pattern = $(input).attr('pattern');
|
|
54
|
+
if (required || pattern) {
|
|
55
|
+
hasValidation = true;
|
|
56
|
+
}
|
|
57
|
+
});
|
|
58
|
+
|
|
59
|
+
if (!hasValidation) {
|
|
60
|
+
formsWithoutValidation.push($(form).attr('action'));
|
|
61
|
+
}
|
|
62
|
+
});
|
|
63
|
+
|
|
64
|
+
return formsWithoutValidation;
|
|
65
|
+
} catch (error) {
|
|
66
|
+
console.error(`Error checking forms on URL ${url}:`, error);
|
|
67
|
+
return [];
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
async function checkWeb3Bug(web3Provider) {
|
|
72
|
+
try {
|
|
73
|
+
const web3 = new Web3(web3Provider);
|
|
74
|
+
const latestBlock = await web3.eth.getBlockNumber();
|
|
75
|
+
console.log('Latest block number:', latestBlock);
|
|
76
|
+
return true;
|
|
77
|
+
} catch (error) {
|
|
78
|
+
console.error('Error checking Web3 connection:', error);
|
|
79
|
+
return false;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
async function generateVulnerabilityReport(url, timeout) {
|
|
84
|
+
try {
|
|
85
|
+
const brokenLinks = await checkBrokenLinks(url);
|
|
86
|
+
const formsWithoutValidation = await checkForms(url);
|
|
87
|
+
const web3Bug = await checkWeb3Bug(config.web3Provider);
|
|
88
|
+
|
|
89
|
+
return {
|
|
90
|
+
brokenLinks,
|
|
91
|
+
formsWithoutValidation,
|
|
92
|
+
web3Bug
|
|
93
|
+
};
|
|
94
|
+
} catch (error) {
|
|
95
|
+
console.error(`Error generating vulnerability report for URL ${url}:`, error);
|
|
96
|
+
return {};
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
async function main() {
|
|
101
|
+
const { url, timeout } = config;
|
|
102
|
+
const vulnerabilityReport = await generateVulnerabilityReport(url, timeout);
|
|
103
|
+
console.log('Vulnerability Report:', vulnerabilityReport);
|
|
104
|
+
}
|
|
105
|
+
|
|
106
|
+
main();
|
|
107
|
+
|
|
108
|
+
module.exports = { checkBrokenLinks, checkForms, generateVulnerabilityReport };
|
package/package.json
ADDED
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@ginger_tea/bug_finder",
|
|
3
|
+
"version": "1.4.1",
|
|
4
|
+
"description": "A utility to automate basic security vulnerability detection in web applications.",
|
|
5
|
+
"main": "index.js",
|
|
6
|
+
"scripts": {
|
|
7
|
+
"test": "mocha"
|
|
8
|
+
},
|
|
9
|
+
"author": "zocchi",
|
|
10
|
+
"license": "ISC",
|
|
11
|
+
"dependencies": {
|
|
12
|
+
"axios": "^1.7.2",
|
|
13
|
+
"cheerio": "^1.0.0-rc.5",
|
|
14
|
+
"web3": "^4.9.0"
|
|
15
|
+
},
|
|
16
|
+
"devDependencies": {
|
|
17
|
+
"mocha": "^10.4.0"
|
|
18
|
+
},
|
|
19
|
+
"repository": {
|
|
20
|
+
"type": "git",
|
|
21
|
+
"url": "https://github.com/ekoadit/bug_finder.git"
|
|
22
|
+
}
|
|
23
|
+
}
|
package/tea.yaml
ADDED
package/test/test.js
ADDED
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
// test/test.js
|
|
2
|
+
|
|
3
|
+
const assert = require('assert');
|
|
4
|
+
const { checkBrokenLinks, checkForms, generateVulnerabilityReport } = require('../index');
|
|
5
|
+
|
|
6
|
+
describe('checkBrokenLinks', function() {
|
|
7
|
+
it('should return an array', async function() {
|
|
8
|
+
const result = await checkBrokenLinks('https://pancakeswap.finance/');
|
|
9
|
+
assert(Array.isArray(result));
|
|
10
|
+
});
|
|
11
|
+
});
|
|
12
|
+
|
|
13
|
+
describe('checkForms', function() {
|
|
14
|
+
it('should return an array', async function() {
|
|
15
|
+
const result = await checkForms('https://pancakeswap.finance/');
|
|
16
|
+
assert(Array.isArray(result));
|
|
17
|
+
});
|
|
18
|
+
});
|
|
19
|
+
|
|
20
|
+
describe('generateVulnerabilityReport', function() {
|
|
21
|
+
it('should return an object with correct keys', async function() {
|
|
22
|
+
const result = await generateVulnerabilityReport('https://pancakeswap.finance/', 5000);
|
|
23
|
+
assert.strictEqual(typeof result, 'object');
|
|
24
|
+
assert.ok(result.hasOwnProperty('brokenLinks'));
|
|
25
|
+
assert.ok(result.hasOwnProperty('formsWithoutValidation'));
|
|
26
|
+
assert.ok(result.hasOwnProperty('web3Bug'));
|
|
27
|
+
});
|
|
28
|
+
|
|
29
|
+
it('should have arrays as values', async function() {
|
|
30
|
+
const result = await generateVulnerabilityReport('https://pancakeswap.finance/', 5000);
|
|
31
|
+
assert(Array.isArray(result.brokenLinks));
|
|
32
|
+
assert(Array.isArray(result.formsWithoutValidation));
|
|
33
|
+
});
|
|
34
|
+
|
|
35
|
+
it('should have boolean as value for web3Bug', async function() {
|
|
36
|
+
const result = await generateVulnerabilityReport('https://pancakeswap.finance/', 5000);
|
|
37
|
+
assert.strictEqual(typeof result.web3Bug, 'boolean');
|
|
38
|
+
});
|
|
39
|
+
});
|