npm - muaddib-scanner - Versions diffs - 1.0.5 → 1.0.6 - Mend

muaddib-scanner 1.0.5 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +109 -22
package/package.json +1 -1
package/src/scanner/ast.js +1 -1
package/src/scanner/dataflow.js +1 -1
package/src/scanner/obfuscation.js +1 -1

package/README.md CHANGED Viewed

@@ -9,10 +9,18 @@
 </p>
 <p align="center">
-  <img src="https://img.shields.io/badge/version-1.0.0-blue" alt="Version">
+  <img src="https://img.shields.io/npm/v/muaddib-scanner" alt="npm version">
+  <img src="https://img.shields.io/npm/dt/muaddib-scanner" alt="npm downloads">
   <img src="https://img.shields.io/badge/license-MIT-green" alt="License">
   <img src="https://img.shields.io/badge/node-%3E%3D18-brightgreen" alt="Node">
-  <img src="https://img.shields.io/badge/IOCs-58%2B%20packages-red" alt="IOCs">
+</p>
+<p align="center">
+  <a href="#installation">Installation</a> |
+  <a href="#utilisation">Utilisation</a> |
+  <a href="#features">Features</a> |
+  <a href="#vs-code">VS Code</a> |
+  <a href="#discord">Discord</a>
 </p>
 ---
@@ -28,14 +36,26 @@ MUAD'DIB detecte ET guide la reponse.
 | Detection IOCs | Oui | Oui | Oui |
 | Analyse AST | Oui | Oui | Non |
 | Analyse Dataflow | Oui | Non | Non |
+| Detection Typosquatting | Oui | Oui | Non |
 | Playbooks reponse | Oui | Non | Non |
+| Score de risque | Oui | Oui | Oui |
 | SARIF / GitHub Security | Oui | Oui | Oui |
 | MITRE ATT&CK mapping | Oui | Non | Non |
+| Webhook Discord/Slack | Oui | Non | Non |
+| Extension VS Code | Oui | Oui | Oui |
+| Mode daemon | Oui | Non | Non |
 | 100% Open Source | Oui | Non | Non |
 ---
 ## Installation
+### npm (recommande)
+```bash
+npm install -g muaddib-scanner
+```
+### Depuis les sources
 ```bash
 git clone https://github.com/DNSZLSK/muad-dib.git
 cd muad-dib
@@ -48,13 +68,20 @@ npm install
 ### Scan basique
 ```bash
-node bin/muaddib.js scan .
-node bin/muaddib.js scan /chemin/vers/projet
+muaddib scan .
+muaddib scan /chemin/vers/projet
+```
+### Score de risque
+Chaque scan affiche un score de risque 0-100 :
+```
+[SCORE] 58/100 [███████████░░░░░░░░░] HIGH
 ```
 ### Mode explain (details complets)
 ```bash
-node bin/muaddib.js scan . --explain
+muaddib scan . --explain
 ```
 Affiche pour chaque detection :
@@ -63,41 +90,62 @@ Affiche pour chaque detection :
 - References (articles, CVEs)
 - Playbook de reponse
-### Export JSON
+### Export
 ```bash
-node bin/muaddib.js scan . --json > results.json
+muaddib scan . --json > results.json     # JSON
+muaddib scan . --html rapport.html       # HTML
+muaddib scan . --sarif results.sarif     # SARIF (GitHub Security)
 ```
-### Rapport HTML
+### Seuil de severite
 ```bash
-node bin/muaddib.js scan . --html rapport.html
+muaddib scan . --fail-on critical  # Fail seulement sur CRITICAL
+muaddib scan . --fail-on high      # Fail sur HIGH et CRITICAL (defaut)
+muaddib scan . --fail-on medium    # Fail sur MEDIUM, HIGH, CRITICAL
 ```
-### Rapport SARIF (GitHub Security)
+### Webhook Discord/Slack
 ```bash
-node bin/muaddib.js scan . --sarif results.sarif
+muaddib scan . --webhook "https://discord.com/api/webhooks/..."
 ```
-### Seuil de severite
+Envoie une alerte avec le score et les menaces sur Discord ou Slack.
+### Surveillance temps reel
 ```bash
-node bin/muaddib.js scan . --fail-on critical  # Fail seulement sur CRITICAL
-node bin/muaddib.js scan . --fail-on high      # Fail sur HIGH et CRITICAL (defaut)
-node bin/muaddib.js scan . --fail-on medium    # Fail sur MEDIUM, HIGH, CRITICAL
+muaddib watch .
 ```
-### Surveillance temps reel
+### Mode daemon
 ```bash
-node bin/muaddib.js watch .
+muaddib daemon
+muaddib daemon --webhook "https://discord.com/api/webhooks/..."
 ```
+Surveille automatiquement tous les `npm install` et scanne les nouveaux packages.
 ### Mise a jour des IOCs
 ```bash
-node bin/muaddib.js update
+muaddib update
 ```
 ---
-## Detection
+## Features
+### Detection typosquatting
+MUAD'DIB detecte les packages dont le nom ressemble a un package populaire :
+```
+[HIGH] Package "lodahs" ressemble a "lodash" (swapped_chars). Possible typosquatting.
+```
+### Analyse dataflow
+Detecte quand du code lit des credentials ET les envoie sur le reseau :
+```
+[CRITICAL] Flux suspect: lecture credentials (readFileSync, GITHUB_TOKEN) + envoi reseau (fetch)
+```
 ### Attaques detectees
@@ -121,10 +169,36 @@ node bin/muaddib.js update
 | Reverse shell | T1059.004 | Pattern |
 | Dead man's switch | T1485 | Pattern |
 | Code obfusque | T1027 | Heuristiques |
+| Typosquatting | T1195.002 | Levenshtein |
 | Supply chain compromise | T1195.002 | IOC matching |
 ---
+## VS Code
+L'extension VS Code scanne automatiquement vos projets npm.
+### Installation
+Le dossier `vscode-extension/` contient l'extension. Pour tester :
+1. Ouvrir le dossier `vscode-extension` dans VS Code
+2. Appuyer sur F5
+3. Dans la nouvelle fenetre, ouvrir un projet npm
+### Commandes
+- `MUAD'DIB: Scan Project` - Scanner tout le projet
+- `MUAD'DIB: Scan Current File` - Scanner le fichier actuel
+### Configuration
+- `muaddib.autoScan` - Scanner automatiquement a l'ouverture (defaut: true)
+- `muaddib.webhookUrl` - URL webhook Discord/Slack
+- `muaddib.failLevel` - Niveau d'alerte (critical/high/medium/low)
+---
 ## Integration CI/CD
 ### GitHub Actions
@@ -144,8 +218,8 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: '20'
-      - run: npm install
-      - run: node bin/muaddib.js scan . --sarif results.sarif
+      - run: npm install -g muaddib-scanner
+      - run: muaddib scan . --sarif results.sarif
       - uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
@@ -155,6 +229,15 @@ Les alertes apparaissent dans Security > Code scanning alerts.
 ---
+## Discord
+Rejoignez le serveur Discord pour :
+- Recevoir les alertes de scan
+- Partager des IOCs
+- Contribuer au projet
+---
 ## Architecture
 ```
 MUAD'DIB Scanner
@@ -162,12 +245,16 @@ MUAD'DIB Scanner
 +-- IOC Match (YAML DB)
 +-- AST Parse (acorn)
 +-- Pattern Matching (shell, scripts)
++-- Typosquat Detection (Levenshtein)
 |
 v
 Dataflow Analysis (credential read -> network send)
 |
 v
 Threat Enrichment (rules, MITRE ATT&CK, playbooks)
+|
+v
+Output (CLI, JSON, HTML, SARIF, Webhook)
 ```
 ---
@@ -195,7 +282,7 @@ Editez les fichiers YAML dans `iocs/` :
 git clone https://github.com/DNSZLSK/muad-dib.git
 cd muad-dib
 npm install
-node bin/muaddib.js scan test/samples --explain
+npm test
 ```
 ---

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "Supply-chain threat detection & response for npm",
   "main": "src/index.js",
   "bin": {

package/src/scanner/ast.js CHANGED Viewed

@@ -11,7 +11,7 @@ const EXCLUDED_FILES = [
   'src/response/playbooks.js'
 ];
-const EXCLUDED_DIRS = ['test', 'tests', 'node_modules', '.git', 'src'];
+const EXCLUDED_DIRS = ['test', 'tests', 'node_modules', '.git', 'src', 'vscode-extension'];
 const DANGEROUS_CALLS = [
   'eval',

package/src/scanner/dataflow.js CHANGED Viewed

@@ -3,7 +3,7 @@ const path = require('path');
 const acorn = require('acorn');
 const walk = require('acorn-walk');
-const EXCLUDED_DIRS = ['test', 'tests', 'node_modules', '.git', 'src'];
+const EXCLUDED_DIRS = ['test', 'tests', 'node_modules', '.git', 'src', 'vscode-extension'];
 async function analyzeDataFlow(targetPath) {
   const threats = [];

package/src/scanner/obfuscation.js CHANGED Viewed

@@ -66,7 +66,7 @@ function detectObfuscation(targetPath) {
   return threats;
 }
-const EXCLUDED_DIRS = ['test', 'tests', 'node_modules', '.git', 'src'];
+const EXCLUDED_DIRS = ['test', 'tests', 'node_modules', '.git', 'src', 'vscode-extension'];
 function findJsFiles(dir) {
   const results = [];