muaddib-scanner 2.10.39 → 2.10.40

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.10.39",
+  "version": "2.10.40",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/scripts/ossf-benchmark.js

@@ -33,7 +33,7 @@ const SCAN_TIMEOUT_MS = 30000;
 const SAFE_PKG_RE = /^(@[\w._-]+\/)?[\w._-]+$/;
 
 // --- CLI args ---
-const SAMPLE_SIZE = parseInt(process.argv.find((a, i) => process.argv[i - 1] === '--sample') || '500', 10);
+const SAMPLE_SIZE = parseInt(process.argv.find((a, i) => process.argv[i - 1] === '--sample') || '5000', 10);
 const SEED = parseInt(process.argv.find((a, i) => process.argv[i - 1] === '--seed') || '42', 10);
 const REFRESH = process.argv.includes('--refresh');
 
@@ -220,9 +220,21 @@ function stratifySample(index, sampleSize, seed) {
   const downloadable = index.filter(e => e.version !== '*' && SAFE_PKG_RE.test(e.name));
   console.log('  Downloadable (non-wildcard, valid name): ' + downloadable.length);
 
+  // Filter out spam packages (SEO junk uploaded to npm — never available, waste time)
+  const SPAM_WORDS = /\b(watch|movie|free|generator|download|stream|online|full|episode|subtitle)\b/i;
+  const filtered = downloadable.filter(function(e) {
+    if (e.name.length > 100) return false;
+    if (/\s/.test(e.name)) return false;
+    if (SPAM_WORDS.test(e.name)) return false;
+    return true;
+  });
+  const spamRemoved = downloadable.length - filtered.length;
+  if (spamRemoved > 0) console.log('  Spam filtered: ' + spamRemoved + ' entries removed');
+  console.log('  After spam filter: ' + filtered.length);
+
   // Group by source
   const bySource = {};
-  for (const entry of downloadable) {
+  for (const entry of filtered) {
     const src = entry.source || 'unknown';
     if (!bySource[src]) bySource[src] = [];
     bySource[src].push(entry);
@@ -243,7 +255,7 @@ function stratifySample(index, sampleSize, seed) {
 
   // Proportional allocation per source
   const sources = Object.keys(bySource);
-  const totalDownloadable = downloadable.length;
+  const totalDownloadable = filtered.length;
   const sample = [];
 
   for (const src of sources) {

package/src/monitor/classify.js

@@ -49,6 +49,7 @@ const HIGH_CONFIDENCE_MALICE_TYPES = new Set([
   'cross_file_dataflow',                   // proven taint cross-modules
   'canary_exfiltration',                   // canary sandbox exfiltrated
   'sandbox_network_after_sensitive_read',  // compound sandbox detection
+  'sandbox_known_exfil_domain',            // known exfil/C2 domain contacted during install
   'detached_credential_exfil',            // detached process + credential exfil (DPRK/Lazarus)
   'node_modules_write',                    // writeFile to node_modules/ (worm propagation)
   'npm_publish_worm',                      // exec("npm publish") (worm propagation)

package/src/response/playbooks.js

@@ -243,6 +243,15 @@ const PLAYBOOKS = {
     'Acces a des variables d\'environnement sensibles detecte via monkey-patching runtime (TOKEN, SECRET, KEY, PASSWORD). ' +
     'Verifier si le package a une raison legitime d\'acceder a ces variables. Revoquer les credentials si necessaire.',
 
+  sandbox_network_outlier:
+    'Package contacte un domaine/IP hors allowlist pendant l\'installation. Seulement 0.027% des packages font du DNS hors infrastructure npm. ' +
+    'Verifier le domaine contacte. Si aucune raison legitime (CDN de binaires, service declare en dep), considerer comme suspect.',
+
+  sandbox_known_exfil_domain:
+    'CRITIQUE: Package contacte un domaine d\'exfiltration/C2 connu (OAST, webhook.site, infrastructure de campagne). ' +
+    'Taux de faux positif quasi-nul. Actions: 1. NE PAS installer. 2. Signaler au registry. ' +
+    '3. Si deja installe, isoler la machine et regenerer TOUS les secrets.',
+
   high_entropy_string:
     'Chaine a haute entropie detectee. Verifier si c\'est du base64, hex, ou un payload chiffre. Analyser le contexte d\'utilisation.',
   js_obfuscation_pattern:

package/src/rules/index.js

@@ -1011,6 +1011,29 @@ const RULES = {
     mitre: 'T1552.001'
   },
 
+  // Sandbox network outlier detections
+  sandbox_network_outlier: {
+    id: 'MUADDIB-SANDBOX-015',
+    name: 'Sandbox: Network Outlier',
+    severity: 'HIGH',
+    confidence: 'medium',
+    description: 'Package contacts a non-registry domain/IP during install. Only 0.027% of packages make DNS queries outside npm infrastructure — this is a high-precision outlier signal.',
+    references: ['https://attack.mitre.org/techniques/T1071/001/'],
+    mitre: 'T1071.001'
+  },
+  sandbox_known_exfil_domain: {
+    id: 'MUADDIB-SANDBOX-016',
+    name: 'Sandbox: Known Exfiltration Domain',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Package contacts a known exfiltration/C2 domain during install (OAST, webhook sinks, campaign infrastructure). Near-zero false positive rate.',
+    references: [
+      'https://attack.mitre.org/techniques/T1041/',
+      'https://attack.mitre.org/techniques/T1071/001/'
+    ],
+    mitre: 'T1041'
+  },
+
   // Entropy detections
   high_entropy_string: {
     id: 'MUADDIB-ENTROPY-001',

package/src/sandbox/index.js

@@ -15,6 +15,7 @@ const {
 
 const { NPM_PACKAGE_REGEX } = require('../shared/constants.js');
 const { analyzePreloadLog } = require('./analyzer.js');
+const { classifyDomain } = require('./network-allowlist.js');
 
 const DOCKER_IMAGE = 'muaddib-sandbox';
 const CONTAINER_TIMEOUT = 120000; // 120 seconds
@@ -646,34 +647,56 @@ function scoreFindings(report) {
     }
   }
 
-  // 4a. DNS queries (exclude safe domains)
+  // 4a. DNS queries — classify via network allowlist
   for (const domain of (report.network?.dns_queries || [])) {
-    if (isSafeDomain(domain)) continue;
-    score += 20;
-    findings.push({ type: 'suspicious_dns', severity: 'HIGH', detail: `DNS query to non-registry domain: ${domain}`, evidence: domain });
+    const cls = classifyDomain(domain);
+    if (cls === 'safe') continue;
+    if (cls === 'blacklisted') {
+      score += 50;
+      findings.push({ type: 'sandbox_known_exfil_domain', severity: 'CRITICAL', detail: `DNS query to known exfiltration domain: ${domain}`, evidence: domain });
+    } else if (cls === 'tunnel') {
+      score += 30;
+      findings.push({ type: 'sandbox_network_outlier', severity: 'HIGH', detail: `DNS query to tunnel/proxy domain: ${domain}`, evidence: domain });
+    } else {
+      score += 20;
+      findings.push({ type: 'sandbox_network_outlier', severity: 'HIGH', detail: `DNS query to non-registry domain: ${domain}`, evidence: domain });
+    }
   }
 
   // 4b. DNS resolutions — extra detail
   for (const res of (report.network?.dns_resolutions || [])) {
-    if (isSafeDomain(res.domain)) continue;
+    const cls = classifyDomain(res.domain);
+    if (cls === 'safe') continue;
     // Already scored in 4a via dns_queries, but flag the resolution for reporting
     findings.push({ type: 'dns_resolution', severity: 'INFO', detail: `${res.domain} → ${res.ip}`, evidence: `${res.domain}:${res.ip}` });
   }
 
-  // 5a. TCP connections (exclude safe hosts, probe ports, localhost)
+  // 5a. TCP connections — classify via network allowlist
   for (const conn of (report.network?.http_connections || [])) {
-    if (isSafeHost(conn.host)) continue;
     if (SAFE_IPS.includes(conn.host)) continue;
     if (PROBE_PORTS.includes(conn.port)) continue;
-    score += 25;
-    findings.push({ type: 'suspicious_connection', severity: 'HIGH', detail: `TCP connection to ${conn.host}:${conn.port}`, evidence: `${conn.host}:${conn.port}` });
+    const cls = classifyDomain(conn.host);
+    if (cls === 'safe') continue;
+    if (cls === 'blacklisted') {
+      score += 50;
+      findings.push({ type: 'sandbox_known_exfil_domain', severity: 'CRITICAL', detail: `TCP connection to known exfiltration host: ${conn.host}:${conn.port}`, evidence: `${conn.host}:${conn.port}` });
+    } else {
+      score += 25;
+      findings.push({ type: 'suspicious_connection', severity: 'HIGH', detail: `TCP connection to ${conn.host}:${conn.port}`, evidence: `${conn.host}:${conn.port}` });
+    }
   }
 
-  // 5b. TLS connections — non-safe domains
+  // 5b. TLS connections — classify via network allowlist
   for (const tls of (report.network?.tls_connections || [])) {
-    if (isSafeDomain(tls.domain)) continue;
-    score += 20;
-    findings.push({ type: 'suspicious_tls', severity: 'HIGH', detail: `TLS connection to ${tls.domain} (${tls.ip}:${tls.port})`, evidence: tls.domain });
+    const cls = classifyDomain(tls.domain);
+    if (cls === 'safe') continue;
+    if (cls === 'blacklisted') {
+      score += 50;
+      findings.push({ type: 'sandbox_known_exfil_domain', severity: 'CRITICAL', detail: `TLS to known exfiltration domain: ${tls.domain} (${tls.ip}:${tls.port})`, evidence: tls.domain });
+    } else {
+      score += 20;
+      findings.push({ type: 'suspicious_tls', severity: 'HIGH', detail: `TLS connection to ${tls.domain} (${tls.ip}:${tls.port})`, evidence: tls.domain });
+    }
   }
 
   // 5c. HTTP exfiltration detection — scan body snippets for sensitive data
@@ -692,11 +715,17 @@ function scoreFindings(report) {
     }
   }
 
-  // 5d. HTTP requests to non-safe hosts
+  // 5d. HTTP requests — classify via network allowlist
   for (const req of (report.network?.http_requests || [])) {
-    if (isSafeDomain(req.host)) continue;
-    score += 20;
-    findings.push({ type: 'suspicious_http_request', severity: 'HIGH', detail: `${req.method} ${req.host}${req.path}`, evidence: `${req.method} ${req.host}${req.path}` });
+    const cls = classifyDomain(req.host);
+    if (cls === 'safe') continue;
+    if (cls === 'blacklisted') {
+      score += 50;
+      findings.push({ type: 'sandbox_known_exfil_domain', severity: 'CRITICAL', detail: `HTTP request to known exfiltration host: ${req.method} ${req.host}${req.path}`, evidence: `${req.method} ${req.host}${req.path}` });
+    } else {
+      score += 20;
+      findings.push({ type: 'suspicious_http_request', severity: 'HIGH', detail: `${req.method} ${req.host}${req.path}`, evidence: `${req.method} ${req.host}${req.path}` });
+    }
   }
 
   // 5e. Blocked connections (strict mode)

package/src/sandbox/network-allowlist.js

@@ -0,0 +1,162 @@
+'use strict';
+
+// ── Network Allowlist & Blacklist for Sandbox Analysis ──
+//
+// Classifies domains/IPs contacted during npm install into three categories:
+//   - safe:        legitimate install-time traffic (registries, CDNs, GitHub)
+//   - blacklisted: known exfiltration/C2 infrastructure (OAST, webhook sinks, campaign IPs)
+//   - unknown:     everything else — potential outlier requiring investigation
+//
+// Threat model: SafeDep found only 0.027% of 3M+ packages make DNS queries to
+// non-npm domains during install. Network outliers are the highest-precision
+// signal available for detecting supply chain attacks at install time.
+
+// ── Safe domains: legitimate traffic during npm install ──
+// These domains are expected during normal package installation.
+// Subdomains are matched (e.g., foo.github.com matches github.com).
+const SAFE_INSTALL_DOMAINS = [
+  // npm registry
+  'registry.npmjs.org',
+  'npmjs.com',
+  'npmjs.org',
+  // yarn registry
+  'registry.yarnpkg.com',
+  'yarnpkg.com',
+  // GitHub (source tarballs, git deps)
+  'github.com',
+  'api.github.com',
+  'objects.githubusercontent.com',
+  'raw.githubusercontent.com',
+  'codeload.github.com',
+  'github.githubassets.com',
+  // CDNs (native binary downloads via node-gyp, prebuild)
+  'cdn.jsdelivr.net',
+  'unpkg.com',
+  'cdnjs.cloudflare.com',
+  'cloudflare.com',
+  // AWS S3 (prebuild binaries: sharp, canvas, sqlite3, etc.)
+  'amazonaws.com',
+  // Google (googleapis client, protobuf downloads)
+  'googleapis.com',
+  'storage.googleapis.com',
+  // Node.js (node-gyp headers)
+  'nodejs.org',
+  // GitLab (git deps)
+  'gitlab.com',
+  // Bitbucket (git deps)
+  'bitbucket.org'
+];
+
+// ── Known exfiltration / C2 domains ──
+// Any contact during install is near-certain malicious (quasi-zero FP).
+// Sources: OAST tooling, known campaign C2, webhook sink services.
+const KNOWN_EXFIL_DOMAINS = [
+  // OAST / Interactsh / BurpSuite
+  'oastify.com',
+  'oast.fun',
+  'oast.me',
+  'oast.live',
+  'oast.online',
+  'oast.site',
+  'burpcollaborator.net',
+  'interact.sh',
+  // Webhook sink services
+  'webhook.site',
+  'pipedream.net',
+  'requestbin.com',
+  'hookbin.com',
+  'canarytokens.com',
+  // GlassWorm C2 IPs (mars 2026, 433+ packages)
+  '217.69.3.218',
+  '217.69.3.152',
+  '199.247.10.166',
+  '199.247.13.106',
+  '140.82.52.31',
+  '45.32.150.251',
+  // TeamPCP / CanisterWorm C2 (mars 2026)
+  'icp0.io',
+  'raw.icp0.io',
+  'ic0.app',
+  'hackmoltrepeat.com',
+  'recv.hackmoltrepeat.com',
+  'scan.aquasecurtiy.org',    // Trivy exfil C2 (typosquat of aquasecurity)
+  'api.telegram.org',          // Telegram bot exfiltration
+  'checkmarx.zone',
+  '45.148.10.212',
+  '83.142.209.11'
+];
+
+// ── Regex patterns for wildcard exfil domains ──
+// Matches subdomains of OAST/exfil infrastructure.
+const KNOWN_EXFIL_PATTERNS = [
+  /\.oast\.(online|site|live|fun|me)$/i,
+  /\.oastify\.com$/i,
+  /\.burpcollaborator\.net$/i,
+  /\.interact\.sh$/i,
+  /\.webhook\.site$/i,
+  /\.pipedream\.net$/i,
+  /\.requestbin\.com$/i
+];
+
+// ── Suspicious tunnel/proxy domains (not blacklisted, but escalate unknown → suspicious) ──
+const TUNNEL_DOMAINS = [
+  'ngrok.io',
+  'ngrok-free.app',
+  'serveo.net',
+  'localhost.run',
+  'loca.lt',
+  'trycloudflare.com'
+];
+
+// Parse MUADDIB_SANDBOX_NETWORK_ALLOWLIST env var (comma-separated domains)
+function getCustomAllowlist() {
+  const envVal = process.env.MUADDIB_SANDBOX_NETWORK_ALLOWLIST;
+  if (!envVal) return [];
+  return envVal.split(',')
+    .map(d => d.trim().toLowerCase())
+    .filter(d => d.length > 0 && d.length < 256);
+}
+
+/**
+ * Classify a domain/IP contacted during sandbox install.
+ *
+ * @param {string} domain - Domain name or IP address
+ * @returns {'safe'|'blacklisted'|'tunnel'|'unknown'} classification
+ */
+function classifyDomain(domain) {
+  if (!domain || typeof domain !== 'string') return 'unknown';
+  const d = domain.toLowerCase().trim();
+  if (d.length === 0) return 'unknown';
+
+  // Check safe domains (exact or subdomain match)
+  const allSafe = SAFE_INSTALL_DOMAINS.concat(getCustomAllowlist());
+  for (const safe of allSafe) {
+    if (d === safe || d.endsWith('.' + safe)) return 'safe';
+  }
+
+  // Check blacklisted domains (exact match)
+  for (const exfil of KNOWN_EXFIL_DOMAINS) {
+    if (d === exfil || d.endsWith('.' + exfil)) return 'blacklisted';
+  }
+
+  // Check blacklisted patterns (regex — catches subdomains like abc123.oast.online)
+  for (const pat of KNOWN_EXFIL_PATTERNS) {
+    if (pat.test(d)) return 'blacklisted';
+  }
+
+  // Check tunnel domains
+  for (const tunnel of TUNNEL_DOMAINS) {
+    if (d === tunnel || d.endsWith('.' + tunnel)) return 'tunnel';
+  }
+
+  return 'unknown';
+}
+
+module.exports = {
+  SAFE_INSTALL_DOMAINS,
+  KNOWN_EXFIL_DOMAINS,
+  KNOWN_EXFIL_PATTERNS,
+  TUNNEL_DOMAINS,
+  classifyDomain,
+  getCustomAllowlist
+};