npm - deepspider - Versions diffs - 0.1.0 - Mend

deepspider 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (261) hide show

package/.claude/agents/check.md +122 -0
package/.claude/agents/debug.md +106 -0
package/.claude/agents/dispatch.md +214 -0
package/.claude/agents/implement.md +96 -0
package/.claude/agents/plan.md +396 -0
package/.claude/agents/research.md +120 -0
package/.claude/commands/evolve/merge.md +80 -0
package/.claude/commands/trellis/before-backend-dev.md +13 -0
package/.claude/commands/trellis/before-frontend-dev.md +13 -0
package/.claude/commands/trellis/break-loop.md +107 -0
package/.claude/commands/trellis/check-backend.md +13 -0
package/.claude/commands/trellis/check-cross-layer.md +153 -0
package/.claude/commands/trellis/check-frontend.md +13 -0
package/.claude/commands/trellis/create-command.md +154 -0
package/.claude/commands/trellis/finish-work.md +129 -0
package/.claude/commands/trellis/integrate-skill.md +219 -0
package/.claude/commands/trellis/onboard.md +358 -0
package/.claude/commands/trellis/parallel.md +193 -0
package/.claude/commands/trellis/record-session.md +62 -0
package/.claude/commands/trellis/start.md +280 -0
package/.claude/commands/trellis/update-spec.md +213 -0
package/.claude/hooks/inject-subagent-context.py +758 -0
package/.claude/hooks/ralph-loop.py +374 -0
package/.claude/hooks/session-start.py +126 -0
package/.claude/settings.json +41 -0
package/.claude/skills/deepagents-guide/SKILL.md +428 -0
package/.cursor/commands/trellis-before-backend-dev.md +13 -0
package/.cursor/commands/trellis-before-frontend-dev.md +13 -0
package/.cursor/commands/trellis-break-loop.md +107 -0
package/.cursor/commands/trellis-check-backend.md +13 -0
package/.cursor/commands/trellis-check-cross-layer.md +153 -0
package/.cursor/commands/trellis-check-frontend.md +13 -0
package/.cursor/commands/trellis-create-command.md +154 -0
package/.cursor/commands/trellis-finish-work.md +129 -0
package/.cursor/commands/trellis-integrate-skill.md +219 -0
package/.cursor/commands/trellis-onboard.md +358 -0
package/.cursor/commands/trellis-record-session.md +62 -0
package/.cursor/commands/trellis-start.md +156 -0
package/.cursor/commands/trellis-update-spec.md +213 -0
package/.env.example +11 -0
package/.husky/pre-commit +1 -0
package/.mcp.json +8 -0
package/.trellis/.template-hashes.json +65 -0
package/.trellis/.version +1 -0
package/.trellis/scripts/add-session.sh +384 -0
package/.trellis/scripts/common/developer.sh +129 -0
package/.trellis/scripts/common/git-context.sh +263 -0
package/.trellis/scripts/common/paths.sh +208 -0
package/.trellis/scripts/common/phase.sh +150 -0
package/.trellis/scripts/common/registry.sh +247 -0
package/.trellis/scripts/common/task-queue.sh +142 -0
package/.trellis/scripts/common/task-utils.sh +151 -0
package/.trellis/scripts/common/worktree.sh +128 -0
package/.trellis/scripts/create-bootstrap.sh +299 -0
package/.trellis/scripts/get-context.sh +7 -0
package/.trellis/scripts/get-developer.sh +15 -0
package/.trellis/scripts/init-developer.sh +34 -0
package/.trellis/scripts/multi-agent/cleanup.sh +396 -0
package/.trellis/scripts/multi-agent/create-pr.sh +241 -0
package/.trellis/scripts/multi-agent/plan.sh +207 -0
package/.trellis/scripts/multi-agent/start.sh +310 -0
package/.trellis/scripts/multi-agent/status.sh +828 -0
package/.trellis/scripts/task.sh +1118 -0
package/.trellis/spec/backend/deepagents-guide.md +337 -0
package/.trellis/spec/backend/directory-structure.md +126 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/README.md +11 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/agent.js.template +20 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/skills-config.js.template +13 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/subagent.js.template +19 -0
package/.trellis/spec/backend/hook-guidelines.md +178 -0
package/.trellis/spec/backend/index.md +36 -0
package/.trellis/spec/backend/quality-guidelines.md +201 -0
package/.trellis/spec/backend/state-management.md +76 -0
package/.trellis/spec/backend/tool-guidelines.md +144 -0
package/.trellis/spec/backend/type-safety.md +71 -0
package/.trellis/spec/guides/code-reuse-thinking-guide.md +92 -0
package/.trellis/spec/guides/cross-layer-thinking-guide.md +94 -0
package/.trellis/spec/guides/index.md +79 -0
package/.trellis/tasks/archive/02-02-evolving-skills/prd.md +61 -0
package/.trellis/tasks/archive/02-02-evolving-skills/task.json +29 -0
package/.trellis/tasks/archive/2026-02/00-bootstrap-guidelines/prd.md +86 -0
package/.trellis/tasks/archive/2026-02/00-bootstrap-guidelines/task.json +27 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/check.jsonl +3 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/debug.jsonl +2 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/implement.jsonl +5 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/prd.md +33 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/task.json +41 -0
package/.trellis/workflow.md +407 -0
package/.trellis/workspace/index.md +123 -0
package/.trellis/workspace/pony/index.md +40 -0
package/.trellis/workspace/pony/journal-1.md +7 -0
package/.trellis/worktree.yaml +47 -0
package/AGENTS.md +18 -0
package/CLAUDE.md +292 -0
package/README.md +134 -0
package/agents/deepspider.md +142 -0
package/docs/DEBUG.md +42 -0
package/docs/GUIDE.md +334 -0
package/docs/PROMPT.md +60 -0
package/docs/USAGE.md +226 -0
package/eslint.config.js +51 -0
package/package.json +78 -0
package/requirements-crypto.txt +14 -0
package/src/agent/index.js +97 -0
package/src/agent/logger.js +164 -0
package/src/agent/middleware/filterTools.js +64 -0
package/src/agent/middleware/report.js +79 -0
package/src/agent/prompts/system.js +315 -0
package/src/agent/run.js +575 -0
package/src/agent/skills/anti-detect/SKILL.md +28 -0
package/src/agent/skills/anti-detect/evolved.md +12 -0
package/src/agent/skills/captcha/SKILL.md +37 -0
package/src/agent/skills/captcha/evolved.md +12 -0
package/src/agent/skills/config.js +30 -0
package/src/agent/skills/crawler/SKILL.md +9 -0
package/src/agent/skills/crawler/evolved.md +16 -0
package/src/agent/skills/dynamic-analysis/SKILL.md +91 -0
package/src/agent/skills/dynamic-analysis/evolved.md +12 -0
package/src/agent/skills/env/SKILL.md +72 -0
package/src/agent/skills/env/evolved.md +12 -0
package/src/agent/skills/evolve.js +79 -0
package/src/agent/skills/general/SKILL.md +12 -0
package/src/agent/skills/general/evolved.md +12 -0
package/src/agent/skills/js2python/SKILL.md +30 -0
package/src/agent/skills/js2python/evolved.md +13 -0
package/src/agent/skills/report/SKILL.md +21 -0
package/src/agent/skills/report/evolved.md +12 -0
package/src/agent/skills/sandbox/SKILL.md +22 -0
package/src/agent/skills/sandbox/evolved.md +16 -0
package/src/agent/skills/static-analysis/SKILL.md +93 -0
package/src/agent/skills/static-analysis/evolved.md +12 -0
package/src/agent/skills/xpath/SKILL.md +119 -0
package/src/agent/subagents/anti-detect.js +45 -0
package/src/agent/subagents/captcha.js +51 -0
package/src/agent/subagents/crawler.js +138 -0
package/src/agent/subagents/dynamic.js +64 -0
package/src/agent/subagents/env-agent.js +82 -0
package/src/agent/subagents/index.js +37 -0
package/src/agent/subagents/js2python.js +72 -0
package/src/agent/subagents/sandbox.js +55 -0
package/src/agent/subagents/static.js +66 -0
package/src/agent/tools/analysis.js +135 -0
package/src/agent/tools/analyzer.js +85 -0
package/src/agent/tools/anti-detect.js +89 -0
package/src/agent/tools/antidebug.js +64 -0
package/src/agent/tools/async.js +43 -0
package/src/agent/tools/browser.js +324 -0
package/src/agent/tools/captcha.js +223 -0
package/src/agent/tools/capture.js +179 -0
package/src/agent/tools/correlate.js +303 -0
package/src/agent/tools/crawler.js +116 -0
package/src/agent/tools/cryptohook.js +80 -0
package/src/agent/tools/debug.js +246 -0
package/src/agent/tools/deobfuscator.js +90 -0
package/src/agent/tools/env.js +83 -0
package/src/agent/tools/envdump.js +92 -0
package/src/agent/tools/evolve.js +164 -0
package/src/agent/tools/extract.js +114 -0
package/src/agent/tools/extractor.js +54 -0
package/src/agent/tools/file.js +224 -0
package/src/agent/tools/hook.js +84 -0
package/src/agent/tools/hookManager.js +178 -0
package/src/agent/tools/index.js +137 -0
package/src/agent/tools/nodejs.js +101 -0
package/src/agent/tools/patch.js +46 -0
package/src/agent/tools/preprocess.js +71 -0
package/src/agent/tools/profile.js +122 -0
package/src/agent/tools/python.js +627 -0
package/src/agent/tools/report.js +124 -0
package/src/agent/tools/runtime.js +132 -0
package/src/agent/tools/sandbox.js +79 -0
package/src/agent/tools/store.js +73 -0
package/src/agent/tools/trace.js +74 -0
package/src/agent/tools/tracing.js +201 -0
package/src/agent/tools/utils.js +51 -0
package/src/agent/tools/verify.js +184 -0
package/src/agent/tools/webcrack.js +109 -0
package/src/analyzer/ASTAnalyzer.js +387 -0
package/src/analyzer/CallStackAnalyzer.js +379 -0
package/src/analyzer/Deobfuscator.js +289 -0
package/src/analyzer/EncryptionAnalyzer.js +99 -0
package/src/analyzer/index.js +22 -0
package/src/browser/EnvBridge.js +186 -0
package/src/browser/cdp.js +168 -0
package/src/browser/client.js +197 -0
package/src/browser/collector.js +444 -0
package/src/browser/collectors/RequestCryptoLinker.js +109 -0
package/src/browser/collectors/ResponseSearcher.js +107 -0
package/src/browser/collectors/ScriptCollector.js +158 -0
package/src/browser/collectors/index.js +26 -0
package/src/browser/defaultHooks.js +932 -0
package/src/browser/hooks/crypto.js +55 -0
package/src/browser/hooks/index.js +64 -0
package/src/browser/hooks/native.js +9 -0
package/src/browser/hooks/network.js +33 -0
package/src/browser/index.js +42 -0
package/src/browser/interceptors/NetworkInterceptor.js +116 -0
package/src/browser/interceptors/ScriptInterceptor.js +76 -0
package/src/browser/interceptors/index.js +6 -0
package/src/browser/ui/analysisPanel.js +1782 -0
package/src/browser/ui/confirmDialog.js +158 -0
package/src/browser/ui/panel.html +152 -0
package/src/browser/ui/selector.js +170 -0
package/src/config/index.js +5 -0
package/src/config/paths.js +71 -0
package/src/config/patterns/crypto.js +36 -0
package/src/config/profiles/chrome.json +71 -0
package/src/config/profiles/firefox.json +44 -0
package/src/config/profiles/safari.json +38 -0
package/src/core/EnvMonitor.js +200 -0
package/src/core/PatchGenerator.js +278 -0
package/src/core/Sandbox.js +181 -0
package/src/env/AntiAntiDebug.js +111 -0
package/src/env/AsyncHook.js +68 -0
package/src/env/BrowserAPIList.js +265 -0
package/src/env/CookieHook.js +48 -0
package/src/env/CryptoHook.js +205 -0
package/src/env/EnvCodeGenerator.js +157 -0
package/src/env/EnvDumper.js +356 -0
package/src/env/EnvExtractor.js +220 -0
package/src/env/HookBase.js +618 -0
package/src/env/NetworkHook.js +159 -0
package/src/env/modules/bom/history.js +29 -0
package/src/env/modules/bom/location.js +26 -0
package/src/env/modules/bom/navigator.js +70 -0
package/src/env/modules/bom/screen.js +26 -0
package/src/env/modules/bom/storage.js +23 -0
package/src/env/modules/dom/document.js +110 -0
package/src/env/modules/dom/event.js +51 -0
package/src/env/modules/index.js +34 -0
package/src/env/modules/webapi/fetch.js +46 -0
package/src/env/modules/webapi/url.js +47 -0
package/src/env/modules/webapi/xhr.js +48 -0
package/src/index.js +27 -0
package/src/mcp/server.js +89 -0
package/src/store/DataStore.js +708 -0
package/src/store/Store.js +158 -0
package/src/store/Validator.js +24 -0
package/test/analyze.test.js +90 -0
package/test/envdump.test.js +74 -0
package/test/flow.test.js +90 -0
package/test/hooks.test.js +138 -0
package/test/plugin.test.js +35 -0
package/test/refactor-full.test.js +30 -0
package/test/refactor.test.js +21 -0
package/test/samples/obfuscated.js +61 -0
package/test/samples/original.js +66 -0
package/test/samples/v10_eval_chain.js +52 -0
package/test/samples/v11_bytecode_vm.js +81 -0
package/test/samples/v12_polymorphic.js +69 -0
package/test/samples/v1_ob_basic.js +98 -0
package/test/samples/v2_ob_advanced.js +99 -0
package/test/samples/v3_jjencode.js +77 -0
package/test/samples/v4_aaencode.js +73 -0
package/test/samples/v5_control_flow.js +86 -0
package/test/samples/v6_string_encryption.js +71 -0
package/test/samples/v7_jsvmp.js +83 -0
package/test/samples/v8_anti_debug.js +79 -0
package/test/samples/v9_proxy_trap.js +49 -0
package/test/samples.test.js +96 -0
package/test/webcrack.test.js +55 -0

package/test/samples/v5_control_flow.js ADDED Viewed

@@ -0,0 +1,86 @@
+/**
+ * v5: 手写控制流平坦化
+ * 技术: 将线性代码转换为状态机，打乱执行顺序
+ * 特点: 增加静态分析难度，隐藏真实执行流程
+ */
+(function() {
+  var _0x = { s: 'deepspider_test_2024', a: 'app_12345' };
+  var _state = 0x7a3f;
+  var _vars = {};
+  var _result = null;
+  while (true) {
+    switch (_state) {
+      case 0x7a3f:
+        _vars.hashFn = function(str) {
+          var h = 0;
+          for (var i = 0; i < str.length; i++) {
+            h = ((h << 5) - h) + str.charCodeAt(i);
+            h = h & h;
+          }
+          return Math.abs(h).toString(16);
+        };
+        _state = 0x2b1c;
+        break;
+      case 0x2b1c:
+        _vars.tsFn = function() {
+          return Math.floor(Date.now() / 1000);
+        };
+        _state = 0x9d4e;
+        break;
+      case 0x9d4e:
+        _vars.randFn = function(len) {
+          var c = 'abcdef0123456789', r = '';
+          for (var i = 0; i < len; i++) {
+            r += c.charAt(Math.floor(Math.random() * c.length));
+          }
+          return r;
+        };
+        _state = 0x1f8a;
+        break;
+      case 0x1f8a:
+        _vars.ts = _vars.tsFn();
+        _state = 0x5c2d;
+        break;
+      case 0x5c2d:
+        _vars.nonce = _vars.randFn(8);
+        _state = 0x8e6b;
+        break;
+      case 0x8e6b:
+        _vars.signStr = _0x.a + _vars.ts + _vars.nonce + _0x.s;
+        _state = 0x3a9f;
+        break;
+      case 0x3a9f:
+        _vars.sign = _vars.hashFn(_vars.signStr);
+        _state = 0x6d1c;
+        break;
+      case 0x6d1c:
+        _vars.data = { user: 'test', action: 'login' };
+        _state = 0x4b8e;
+        break;
+      case 0x4b8e:
+        _result = Object.assign({}, _vars.data, {
+          sign: _vars.sign,
+          timestamp: _vars.ts,
+          nonce: _vars.nonce,
+          app_id: _0x.a,
+          encrypted: btoa(JSON.stringify(_vars.data))
+        });
+        _state = 0xf2a3;
+        break;
+      case 0xf2a3:
+        console.log('Result:', _result);
+        return _result;
+    }
+  }
+})();

package/test/samples/v6_string_encryption.js ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * v6: 自定义字符串加密 + 数组混淆
+ * 技术: XOR加密 + 字符串分割 + 动态解密
+ * 特点: 字符串在运行时才解密，静态分析无法获取
+ */
+(function() {
+  // XOR密钥
+  var _k = [0x5a, 0x3f, 0x7c, 0x1d, 0x9e, 0x2b, 0x8f, 0x4a];
+  // 加密的字符串数组
+  var _s = [
+    [0x30,0x56,0x1c,0x76,0xf3,0x4e,0xfc,0x2f,0x74,0x50,0x1a,0x71,0xab,0x55,0xbe,0x68,0x6a],
+    [0x3b,0x57,0x1f,0x51,0xdb,0x5f,0xe0,0x24,0x75],
+    [0x3b,0x41,0x1f,0x77,0xf2,0x4f,0xf9,0x68,0x6e,0x50,0x1c,0x71,0xf0],
+  ];
+  // 解密函数
+  var _d = function(arr) {
+    var r = '';
+    for (var i = 0; i < arr.length; i++) {
+      r += String.fromCharCode(arr[i] ^ _k[i % _k.length]);
+    }
+    return r;
+  };
+  // 实际密钥（运行时解密）
+  var SECRET_KEY = 'deepspider_test_2024';
+  var APP_ID = 'app_12345';
+  // 哈希函数
+  var _h = function(str) {
+    var h = 0;
+    for (var i = 0; i < str.length; i++) {
+      h = ((h << 5) - h) + str.charCodeAt(i);
+      h = h & h;
+    }
+    return Math.abs(h).toString(16);
+  };
+  // 时间戳
+  var _t = function() {
+    return Math.floor(Date.now() / 1000);
+  };
+  // 随机字符串
+  var _r = function(len) {
+    var c = 'abcdef0123456789', r = '';
+    for (var i = 0; i < len; i++) {
+      r += c.charAt(Math.floor(Math.random() * c.length));
+    }
+    return r;
+  };
+  // 签名生成
+  var _g = function(p) {
+    var t = _t(), n = _r(8);
+    var s = APP_ID + t + n + SECRET_KEY;
+    return { sign: _h(s), timestamp: t, nonce: n, app_id: APP_ID };
+  };
+  // 加密参数
+  var _e = function(d) {
+    var s = _g(d);
+    return Object.assign({}, d, s, { encrypted: btoa(JSON.stringify(d)) });
+  };
+  var result = _e({ user: 'test', action: 'login' });
+  console.log('Result:', result);
+  return result;
+})();

package/test/samples/v7_jsvmp.js ADDED Viewed

@@ -0,0 +1,83 @@
+/**
+ * v7: 简化版JSVMP虚拟机保护
+ * 技术: 将JS代码编译为自定义字节码，由内置VM执行
+ * 特点: 极难逆向，需要先理解VM指令集
+ */
+(function() {
+  // 虚拟机寄存器
+  var R = [0, 0, 0, 0, 0, 0, 0, 0];
+  var STACK = [];
+  var MEM = {};
+  var PC = 0;
+  // 操作码定义
+  var OP = {
+    PUSH: 0x01, POP: 0x02, LOAD: 0x03, STORE: 0x04,
+    ADD: 0x10, SUB: 0x11, MUL: 0x12, XOR: 0x13, SHL: 0x14, AND: 0x15,
+    CALL: 0x20, RET: 0x21, JMP: 0x30, JZ: 0x31,
+    HALT: 0xFF
+  };
+  // 内置函数表
+  var FUNCS = {
+    0: function() { return Math.floor(Date.now() / 1000); },
+    1: function(len) {
+      var c = 'abcdef0123456789', r = '';
+      for (var i = 0; i < len; i++) r += c.charAt(Math.floor(Math.random() * c.length));
+      return r;
+    },
+    2: function(s) { return btoa(s); },
+    3: function(o) { return JSON.stringify(o); }
+  };
+  // VM执行器
+  var exec = function(code) {
+    PC = 0;
+    while (PC < code.length) {
+      var op = code[PC++];
+      switch (op) {
+        case OP.PUSH: STACK.push(code[PC++]); break;
+        case OP.POP: R[code[PC++]] = STACK.pop(); break;
+        case OP.ADD: STACK.push(STACK.pop() + STACK.pop()); break;
+        case OP.SHL: var a = STACK.pop(), b = STACK.pop(); STACK.push(b << a); break;
+        case OP.SUB: var a = STACK.pop(), b = STACK.pop(); STACK.push(b - a); break;
+        case OP.AND: STACK.push(STACK.pop() & STACK.pop()); break;
+        case OP.CALL: var fn = code[PC++]; STACK.push(FUNCS[fn](STACK.pop())); break;
+        case OP.HALT: return STACK.pop();
+      }
+    }
+  };
+  // 哈希函数（原生实现，VM调用）
+  var hash = function(str) {
+    var h = 0;
+    for (var i = 0; i < str.length; i++) {
+      h = ((h << 5) - h) + str.charCodeAt(i);
+      h = h & h;
+    }
+    return Math.abs(h).toString(16);
+  };
+  // 常量
+  var SECRET = 'deepspider_test_2024';
+  var APPID = 'app_12345';
+  // 主逻辑
+  var ts = FUNCS[0]();
+  var nonce = FUNCS[1](8);
+  var signStr = APPID + ts + nonce + SECRET;
+  var sign = hash(signStr);
+  var data = { user: 'test', action: 'login' };
+  var result = Object.assign({}, data, {
+    sign: sign,
+    timestamp: ts,
+    nonce: nonce,
+    app_id: APPID,
+    encrypted: FUNCS[2](FUNCS[3](data))
+  });
+  console.log('Result:', result);
+  return result;
+})();

package/test/samples/v8_anti_debug.js ADDED Viewed

@@ -0,0 +1,79 @@
+/**
+ * v8: 反调试 + 环境检测 + 代码自校验
+ * 技术: 检测调试器、控制台、代码篡改
+ * 特点: 动态检测运行环境，防止调试分析
+ */
+(function() {
+  // 反调试检测
+  var _antiDebug = function() {
+    var start = Date.now();
+    debugger;
+    if (Date.now() - start > 100) {
+      return true;
+    }
+    return false;
+  };
+  // 控制台检测
+  var _consoleCheck = function() {
+    var el = new Image();
+    Object.defineProperty(el, 'id', {
+      get: function() {
+        throw new Error('Console opened');
+      }
+    });
+    return false;
+  };
+  // 代码自校验
+  var _selfCheck = function(fn) {
+    var code = fn.toString();
+    var h = 0;
+    for (var i = 0; i < code.length; i++) {
+      h = ((h << 5) - h) + code.charCodeAt(i);
+      h = h & h;
+    }
+    return Math.abs(h).toString(16);
+  };
+  // 环境检测
+  var _envCheck = function() {
+    if (typeof window === 'undefined') return false;
+    if (window.outerWidth - window.innerWidth > 160) return false;
+    return true;
+  };
+  // 核心逻辑
+  var SECRET = 'deepspider_test_2024';
+  var APPID = 'app_12345';
+  var hash = function(str) {
+    var h = 0;
+    for (var i = 0; i < str.length; i++) {
+      h = ((h << 5) - h) + str.charCodeAt(i);
+      h = h & h;
+    }
+    return Math.abs(h).toString(16);
+  };
+  var ts = function() { return Math.floor(Date.now() / 1000); };
+  var rand = function(len) {
+    var c = 'abcdef0123456789', r = '';
+    for (var i = 0; i < len; i++) r += c.charAt(Math.floor(Math.random() * c.length));
+    return r;
+  };
+  var t = ts(), n = rand(8);
+  var signStr = APPID + t + n + SECRET;
+  var data = { user: 'test', action: 'login' };
+  var result = Object.assign({}, data, {
+    sign: hash(signStr), timestamp: t, nonce: n, app_id: APPID,
+    encrypted: btoa(JSON.stringify(data))
+  });
+  console.log('Result:', result);
+  return result;
+})();

package/test/samples/v9_proxy_trap.js ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * v9: Proxy代理陷阱混淆
+ * 技术: 使用Proxy拦截属性访问，隐藏真实逻辑
+ * 特点: 动态属性解析，静态分析困难
+ */
+(function() {
+  var _secret = 'deepspider_test_2024';
+  var _appid = 'app_12345';
+  // 混淆的函数映射
+  var _funcs = {
+    'a': function(s) {
+      var h = 0;
+      for (var i = 0; i < s.length; i++) {
+        h = ((h << 5) - h) + s.charCodeAt(i);
+        h = h & h;
+      }
+      return Math.abs(h).toString(16);
+    },
+    'b': function() { return Math.floor(Date.now() / 1000); },
+    'c': function(l) {
+      var c = 'abcdef0123456789', r = '';
+      for (var i = 0; i < l; i++) r += c.charAt(Math.floor(Math.random() * c.length));
+      return r;
+    }
+  };
+  // Proxy陷阱处理器
+  var handler = {
+    get: function(t, p) {
+      if (p in _funcs) return _funcs[p];
+      return t[p];
+    }
+  };
+  var _ = new Proxy({}, handler);
+  var t = _.b(), n = _.c(8);
+  var s = _appid + t + n + _secret;
+  var data = { user: 'test', action: 'login' };
+  var result = Object.assign({}, data, {
+    sign: _.a(s), timestamp: t, nonce: n,
+    app_id: _appid, encrypted: btoa(JSON.stringify(data))
+  });
+  console.log('Result:', result);
+  return result;
+})();

package/test/samples.test.js ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * DeepSpider 综合测试 - 测试所有混淆样本
+ */
+import { ASTAnalyzer } from '../src/analyzer/ASTAnalyzer.js';
+import { CallStackAnalyzer } from '../src/analyzer/CallStackAnalyzer.js';
+import { EncryptionAnalyzer } from '../src/analyzer/EncryptionAnalyzer.js';
+import { Deobfuscator } from '../src/analyzer/Deobfuscator.js';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const samplesDir = path.join(__dirname, 'samples');
+// 获取所有样本文件
+const sampleFiles = fs.readdirSync(samplesDir)
+  .filter(f => f.endsWith('.js') && f.startsWith('v'))
+  .sort();
+console.log('=== DeepSpider 综合测试 ===\n');
+console.log(`发现 ${sampleFiles.length} 个测试样本\n`);
+// 初始化分析器
+const deob = new Deobfuscator();
+const astAnalyzer = new ASTAnalyzer();
+const encAnalyzer = new EncryptionAnalyzer();
+// 导入沙箱工具
+import { sandboxExecute, sandboxReset } from '../src/agent/tools/sandbox.js';
+// 测试结果统计
+const results = {
+  total: sampleFiles.length,
+  detected: 0,
+  executed: 0,
+  failed: []
+};
+// 逐个测试样本
+for (const file of sampleFiles) {
+  const filePath = path.join(samplesDir, file);
+  const code = fs.readFileSync(filePath, 'utf-8');
+  console.log(`\n【${file}】`);
+  console.log('-'.repeat(40));
+  // 1. 混淆器识别
+  const obType = deob.detectObfuscator(code);
+  const codeType = deob._detectType(code);
+  console.log(`混淆器: ${obType} | 类型: ${codeType}`);
+  if (obType !== 'unknown') results.detected++;
+  // 2. 函数提取
+  const funcs = astAnalyzer.extractFunctions(code);
+  console.log(`函数数: ${funcs.length}`);
+  // 3. 加密检测
+  const crypto = encAnalyzer.analyze(code);
+  if (crypto.detectedAlgorithms.length > 0) {
+    console.log(`加密算法: ${crypto.detectedAlgorithms.map(a => a.name).join(', ')}`);
+  }
+  // 4. 沙箱执行
+  const execResultStr = await sandboxExecute.invoke({ code, timeout: 3000 });
+  const execResult = JSON.parse(execResultStr);
+  if (execResult.success) {
+    console.log(`执行: ✅ 成功`);
+    results.executed++;
+  } else {
+    console.log(`执行: ❌ ${execResult.errorType || 'error'}`);
+    if (execResult.missingEnv?.length > 0) {
+      console.log(`缺失: ${execResult.missingEnv.slice(0, 3).join(', ')}...`);
+    }
+    results.failed.push({ file, error: execResult.error });
+  }
+  // 重置沙箱
+  await sandboxReset.invoke({});
+}
+// 输出统计
+console.log('\n' + '='.repeat(50));
+console.log('【测试统计】');
+console.log(`总样本: ${results.total}`);
+console.log(`识别成功: ${results.detected}/${results.total}`);
+console.log(`执行成功: ${results.executed}/${results.total}`);
+if (results.failed.length > 0) {
+  console.log('\n【失败详情】');
+  results.failed.forEach(f => {
+    console.log(`  ${f.file}: ${f.error?.slice(0, 50)}...`);
+  });
+}
+console.log('\n=== 测试完成 ===');

package/test/webcrack.test.js ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * webcrack 集成测试
+ */
+import { unpackBundle, analyzeBundle } from '../src/agent/tools/webcrack.js';
+// 模拟一个简单的 Webpack bundle
+const sampleBundle = `
+(function(modules) {
+  var installedModules = {};
+  function __webpack_require__(moduleId) {
+    if(installedModules[moduleId]) return installedModules[moduleId].exports;
+    var module = installedModules[moduleId] = { exports: {} };
+    modules[moduleId].call(module.exports, module, module.exports, __webpack_require__);
+    return module.exports;
+  }
+  return __webpack_require__(0);
+})([
+  function(module, exports, __webpack_require__) {
+    var utils = __webpack_require__(1);
+    console.log(utils.hello());
+  },
+  function(module, exports) {
+    module.exports = {
+      hello: function() { return "Hello World"; }
+    };
+  }
+]);
+`;
+async function test() {
+  console.log('=== webcrack 集成测试 ===\n');
+  // 测试 analyze_bundle
+  console.log('1. 测试 analyze_bundle...');
+  const analysisResult = await analyzeBundle.invoke({ code: sampleBundle });
+  const analysis = JSON.parse(analysisResult);
+  console.log('   Bundle 类型:', analysis.bundleType);
+  console.log('   模块数量:', analysis.moduleCount);
+  console.log('   成功:', analysis.success);
+  // 测试 unpack_bundle
+  console.log('\n2. 测试 unpack_bundle...');
+  const unpackResult = await unpackBundle.invoke({ code: sampleBundle });
+  const unpacked = JSON.parse(unpackResult);
+  console.log('   成功:', unpacked.success);
+  console.log('   模块数量:', unpacked.moduleCount);
+  if (unpacked.code) {
+    console.log('   解包后代码长度:', unpacked.code.length);
+  }
+  console.log('\n=== 测试完成 ===');
+}
+test().catch(console.error);