muaddib-scanner 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/muaddib.js +60 -58
- package/package.json +1 -1
package/bin/muaddib.js
CHANGED
|
@@ -44,7 +44,7 @@ for (let i = 0; i < options.length; i++) {
|
|
|
44
44
|
}
|
|
45
45
|
}
|
|
46
46
|
|
|
47
|
-
//
|
|
47
|
+
// Interactive menu
|
|
48
48
|
async function interactiveMenu() {
|
|
49
49
|
const { select, input, confirm } = await import('@inquirer/prompts');
|
|
50
50
|
|
|
@@ -56,15 +56,16 @@ async function interactiveMenu() {
|
|
|
56
56
|
`);
|
|
57
57
|
|
|
58
58
|
const action = await select({
|
|
59
|
-
message: '
|
|
59
|
+
message: 'What do you want to do?',
|
|
60
60
|
choices: [
|
|
61
|
-
{ name: '
|
|
62
|
-
{ name: '
|
|
63
|
-
{ name: '
|
|
64
|
-
{ name: '
|
|
65
|
-
{ name: '
|
|
66
|
-
{ name: '
|
|
67
|
-
{ name: '
|
|
61
|
+
{ name: 'Scan a project', value: 'scan' },
|
|
62
|
+
{ name: 'Scan with paranoid mode', value: 'scan-paranoid' },
|
|
63
|
+
{ name: 'Install packages (safe)', value: 'install' },
|
|
64
|
+
{ name: 'Watch a project (real-time)', value: 'watch' },
|
|
65
|
+
{ name: 'Start daemon', value: 'daemon' },
|
|
66
|
+
{ name: 'Update IOCs', value: 'update' },
|
|
67
|
+
{ name: 'Scrape new IOCs', value: 'scrape' },
|
|
68
|
+
{ name: 'Quit', value: 'quit' }
|
|
68
69
|
]
|
|
69
70
|
});
|
|
70
71
|
|
|
@@ -75,14 +76,14 @@ async function interactiveMenu() {
|
|
|
75
76
|
|
|
76
77
|
if (action === 'scan' || action === 'scan-paranoid') {
|
|
77
78
|
const path = await input({
|
|
78
|
-
message: '
|
|
79
|
+
message: 'Project path:',
|
|
79
80
|
default: '.'
|
|
80
81
|
});
|
|
81
82
|
|
|
82
83
|
const outputFormat = await select({
|
|
83
|
-
message: '
|
|
84
|
+
message: 'Output format:',
|
|
84
85
|
choices: [
|
|
85
|
-
{ name: 'Console (
|
|
86
|
+
{ name: 'Console (default)', value: 'console' },
|
|
86
87
|
{ name: 'JSON', value: 'json' },
|
|
87
88
|
{ name: 'HTML', value: 'html' },
|
|
88
89
|
{ name: 'SARIF (GitHub Security)', value: 'sarif' }
|
|
@@ -102,9 +103,24 @@ async function interactiveMenu() {
|
|
|
102
103
|
process.exit(exitCode);
|
|
103
104
|
}
|
|
104
105
|
|
|
106
|
+
if (action === 'install') {
|
|
107
|
+
const pkgInput = await input({
|
|
108
|
+
message: 'Package(s) to install (space-separated):'
|
|
109
|
+
});
|
|
110
|
+
|
|
111
|
+
const packages = pkgInput.split(' ').filter(p => p.trim());
|
|
112
|
+
if (packages.length === 0) {
|
|
113
|
+
console.log('No packages specified.');
|
|
114
|
+
process.exit(1);
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
const result = await safeInstall(packages, {});
|
|
118
|
+
process.exit(result.blocked ? 1 : 0);
|
|
119
|
+
}
|
|
120
|
+
|
|
105
121
|
if (action === 'watch') {
|
|
106
122
|
const path = await input({
|
|
107
|
-
message: '
|
|
123
|
+
message: 'Project path:',
|
|
108
124
|
default: '.'
|
|
109
125
|
});
|
|
110
126
|
watch(path);
|
|
@@ -112,14 +128,14 @@ async function interactiveMenu() {
|
|
|
112
128
|
|
|
113
129
|
if (action === 'daemon') {
|
|
114
130
|
const useWebhook = await confirm({
|
|
115
|
-
message: '
|
|
131
|
+
message: 'Configure Discord/Slack webhook?',
|
|
116
132
|
default: false
|
|
117
133
|
});
|
|
118
134
|
|
|
119
135
|
let webhook = null;
|
|
120
136
|
if (useWebhook) {
|
|
121
137
|
webhook = await input({
|
|
122
|
-
message: 'URL
|
|
138
|
+
message: 'Webhook URL:'
|
|
123
139
|
});
|
|
124
140
|
}
|
|
125
141
|
startDaemon({ webhook });
|
|
@@ -132,35 +148,40 @@ async function interactiveMenu() {
|
|
|
132
148
|
|
|
133
149
|
if (action === 'scrape') {
|
|
134
150
|
const result = await runScraper();
|
|
135
|
-
console.log(`[OK] ${result.added}
|
|
151
|
+
console.log(`[OK] ${result.added} new IOCs (total: ${result.total})`);
|
|
136
152
|
process.exit(0);
|
|
137
153
|
}
|
|
138
154
|
}
|
|
139
155
|
|
|
140
|
-
|
|
141
|
-
if (!command || command === '--help' || command === '-h') {
|
|
142
|
-
if (command === '--help' || command === '-h') {
|
|
143
|
-
console.log(`
|
|
156
|
+
const helpText = `
|
|
144
157
|
MUAD'DIB - npm Supply Chain Threat Hunter
|
|
145
158
|
|
|
146
159
|
Usage:
|
|
147
|
-
muaddib
|
|
148
|
-
muaddib scan [path] [options]
|
|
149
|
-
muaddib
|
|
150
|
-
muaddib
|
|
151
|
-
muaddib
|
|
152
|
-
muaddib
|
|
153
|
-
muaddib
|
|
160
|
+
muaddib Interactive mode
|
|
161
|
+
muaddib scan [path] [options] Scan a project
|
|
162
|
+
muaddib install <pkg> [options] Safe install (scan before install)
|
|
163
|
+
muaddib watch [path] Watch in real-time
|
|
164
|
+
muaddib daemon [options] Start daemon
|
|
165
|
+
muaddib update Update IOCs
|
|
166
|
+
muaddib scrape Scrape new IOCs
|
|
154
167
|
|
|
155
168
|
Options:
|
|
156
|
-
--json
|
|
157
|
-
--html [file]
|
|
158
|
-
--sarif [file]
|
|
159
|
-
--explain
|
|
160
|
-
--fail-on [level]
|
|
161
|
-
--webhook [url]
|
|
162
|
-
--paranoid
|
|
163
|
-
|
|
169
|
+
--json JSON output
|
|
170
|
+
--html [file] HTML report
|
|
171
|
+
--sarif [file] SARIF report (GitHub Security)
|
|
172
|
+
--explain Detailed explanations
|
|
173
|
+
--fail-on [level] Fail level (critical|high|medium|low)
|
|
174
|
+
--webhook [url] Discord/Slack webhook
|
|
175
|
+
--paranoid Ultra-strict mode
|
|
176
|
+
--save-dev, -D Install as dev dependency
|
|
177
|
+
-g, --global Install globally
|
|
178
|
+
--force Force install despite threats
|
|
179
|
+
`;
|
|
180
|
+
|
|
181
|
+
// Main
|
|
182
|
+
if (!command || command === '--help' || command === '-h') {
|
|
183
|
+
if (command === '--help' || command === '-h') {
|
|
184
|
+
console.log(helpText);
|
|
164
185
|
process.exit(0);
|
|
165
186
|
}
|
|
166
187
|
interactiveMenu().catch(err => {
|
|
@@ -190,7 +211,7 @@ if (!command || command === '--help' || command === '-h') {
|
|
|
190
211
|
});
|
|
191
212
|
} else if (command === 'scrape') {
|
|
192
213
|
runScraper().then(result => {
|
|
193
|
-
console.log(`[OK] ${result.added}
|
|
214
|
+
console.log(`[OK] ${result.added} new IOCs (total: ${result.total})`);
|
|
194
215
|
process.exit(0);
|
|
195
216
|
}).catch(err => {
|
|
196
217
|
console.error('[ERROR]', err.message);
|
|
@@ -219,29 +240,10 @@ if (!command || command === '--help' || command === '-h') {
|
|
|
219
240
|
process.exit(1);
|
|
220
241
|
});
|
|
221
242
|
} else if (command === 'help') {
|
|
222
|
-
console.log(
|
|
223
|
-
MUAD'DIB - npm Supply Chain Threat Hunter
|
|
224
|
-
|
|
225
|
-
Usage:
|
|
226
|
-
muaddib Mode interactif
|
|
227
|
-
muaddib scan [path] [options] Scanner un projet
|
|
228
|
-
muaddib watch [path] Surveiller en temps reel
|
|
229
|
-
muaddib daemon [options] Lancer le daemon
|
|
230
|
-
muaddib update Mettre a jour les IOCs
|
|
231
|
-
muaddib scrape Scraper nouveaux IOCs
|
|
232
|
-
|
|
233
|
-
Options:
|
|
234
|
-
--json Sortie JSON
|
|
235
|
-
--html [file] Rapport HTML
|
|
236
|
-
--sarif [file] Rapport SARIF (GitHub Security)
|
|
237
|
-
--explain Explications detaillees
|
|
238
|
-
--fail-on [level] Niveau d'echec (critical|high|medium|low)
|
|
239
|
-
--webhook [url] Webhook Discord/Slack
|
|
240
|
-
--paranoid Mode ultra-strict
|
|
241
|
-
`);
|
|
243
|
+
console.log(helpText);
|
|
242
244
|
process.exit(0);
|
|
243
245
|
} else {
|
|
244
|
-
console.log(`
|
|
245
|
-
console.log('
|
|
246
|
+
console.log(`Unknown command: ${command}`);
|
|
247
|
+
console.log('Type "muaddib help" to see available commands.');
|
|
246
248
|
process.exit(1);
|
|
247
249
|
}
|