npm - fire-marshal-ebay - Versions diffs - 0.0.1-security.2 → 1.0.0 - Mend

fire-marshal-ebay 0.0.1-security.2 → 1.0.0

Potentially problematic release.

This version of fire-marshal-ebay might be problematic. Click here for more details.

Files changed (41) hide show

package/PadBuster/LICENSE +202 -0
package/PadBuster/README +16 -0
package/PadBuster/padBuster.pl +889 -0
package/confused/.github/workflows/codeql-analysis.yml +67 -0
package/confused/.github/workflows/golangci-lint.yml +28 -0
package/confused/.goreleaser.yml +40 -0
package/confused/CHANGELOG.md +31 -0
package/confused/LICENSE +21 -0
package/confused/README.md +93 -0
package/confused/composer.go +105 -0
package/confused/confused +0 -0
package/confused/interfaces.go +11 -0
package/confused/main.go +104 -0
package/confused/mvn.go +120 -0
package/confused/mvnparser.go +139 -0
package/confused/npm.go +210 -0
package/confused/packages.json +86 -0
package/confused/pip.go +99 -0
package/confused/util.go +11 -0
package/index.js +47 -0
package/package.json +9 -4
package/synackAPI/Dockerfile +36 -0
package/synackAPI/README.md +238 -0
package/synackAPI/RHINOSPIDER/burpOOS.txt +25 -0
package/synackAPI/RHINOSPIDER/burpScope.txt +1 -0
package/synackAPI/RHINOSPIDER/scope.txt +1 -0
package/synackAPI/bot.py +72 -0
package/synackAPI/checkCerts.py +67 -0
package/synackAPI/connect.py +9 -0
package/synackAPI/currentTarget +24 -0
package/synackAPI/getAnalytics.py +40 -0
package/synackAPI/getHydra.py +46 -0
package/synackAPI/getPayouts.py +11 -0
package/synackAPI/getscope.py +123 -0
package/synackAPI/polling.py +27 -0
package/synackAPI/register.py +7 -0
package/synackAPI/requirements.txt +7 -0
package/synackAPI/synack.py +1046 -0
package/synackAPI/synstats.py +54 -0
package/synackAPI/target.py +17 -0
package/README.md +0 -5

package/synackAPI/synstats.py ADDED Viewed

@@ -0,0 +1,54 @@
+from synack import synack
+from datetime import datetime
+from os import path
+import csv
+import json
+import os
+os.makedirs("vulns", exist_ok=True)
+s = synack()
+s.connectToPlatform()
+s.getSessionToken()
+vulns = s.getVulns("accepted")
+vulns_data = []
+count = 0
+for v in vulns:
+    if count % 50 == 0:
+        print("Analyzing %d of %d" % (count, len(vulns)))
+    count = count + 1
+    vuln_fname = "vulns/%s.json" % v['id']
+    # read extended vuln data
+    if not path.exists(vuln_fname):
+        expanded_vuln = s.getVuln(v['id'])
+        with open(vuln_fname,"w") as f:
+            json.dump(expanded_vuln, f, ensure_ascii=False, indent=4)
+    else:
+        with open(vuln_fname,"r") as f:
+            expanded_vuln = json.load(f)
+    vulns_data.append({
+        "id": v['id'],
+        "title": v['title'],
+        # not sure what to do with timestamp format :)
+        "created_at": expanded_vuln['created_at'],
+        "resolved_at": expanded_vuln['resolved_at'],
+        "amount": v['market_value_final'],
+        "subcategory": v['category'],
+        "category": v['category_parent'],
+        "target": v['listing']['codename'],
+        "cvss": expanded_vuln['cvss_final'],
+        "quality": expanded_vuln['quality_score']
+    })
+columns = ["id", "created_at", "title", "amount", "category", "subcategory", "target", "cvss", "quality", "created_at", "resolved_at"]
+now = datetime.now()
+filename = "synstats-%s-%s-%s.csv"%(str(now.year),str(now.month),str(now.day))
+with open(filename,"w") as f:
+    writer = csv.DictWriter(f, fieldnames=columns, extrasaction="ignore", lineterminator="\n")
+    writer.writeheader()
+    writer.writerows(vulns_data)

package/synackAPI/target.py ADDED Viewed

@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+import sys
+from synack import synack
+import time
+s1 = synack()
+s1.gecko = False
+#s1.Proxy = True
+s1.getSessionToken()
+s1.getAllTargets()
+args = len(sys.argv)
+if args == 1:
+    s1.connectToTarget("OPTIMUSDOWNLOAD")
+elif args == 2:
+    s1.connectToTarget(sys.argv[1])
+else:
+    print("Too many arguments")

package/README.md DELETED Viewed

@@ -1,5 +0,0 @@
-# Security holding package
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-Please refer to www.npmjs.com/advisories?search=fire-marshal-ebay for more information.