npm - openpen - Versions diffs - 0.2.0 - Mend

openpen 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/LICENSE +21 -0
package/README.md +30 -0
package/dist/checks/auth-bypass.d.ts +12 -0
package/dist/checks/auth-bypass.js +93 -0
package/dist/checks/bac.d.ts +12 -0
package/dist/checks/bac.js +107 -0
package/dist/checks/base.d.ts +22 -0
package/dist/checks/base.js +13 -0
package/dist/checks/index.d.ts +7 -0
package/dist/checks/index.js +40 -0
package/dist/checks/llm-leak.d.ts +23 -0
package/dist/checks/llm-leak.js +251 -0
package/dist/checks/mass-assignment.d.ts +12 -0
package/dist/checks/mass-assignment.js +169 -0
package/dist/checks/prompt-injection.d.ts +23 -0
package/dist/checks/prompt-injection.js +262 -0
package/dist/checks/security-headers.d.ts +12 -0
package/dist/checks/security-headers.js +133 -0
package/dist/checks/sensitive-data.d.ts +12 -0
package/dist/checks/sensitive-data.js +122 -0
package/dist/checks/sqli.d.ts +12 -0
package/dist/checks/sqli.js +178 -0
package/dist/checks/ssrf.d.ts +12 -0
package/dist/checks/ssrf.js +126 -0
package/dist/checks/xss.d.ts +12 -0
package/dist/checks/xss.js +79 -0
package/dist/cli.d.ts +5 -0
package/dist/cli.js +300 -0
package/dist/fuzzer/engine.d.ts +27 -0
package/dist/fuzzer/engine.js +126 -0
package/dist/fuzzer/mutator.d.ts +8 -0
package/dist/fuzzer/mutator.js +54 -0
package/dist/fuzzer/payloads.d.ts +13 -0
package/dist/fuzzer/payloads.js +167 -0
package/dist/reporter/index.d.ts +5 -0
package/dist/reporter/index.js +5 -0
package/dist/reporter/json.d.ts +5 -0
package/dist/reporter/json.js +14 -0
package/dist/reporter/terminal.d.ts +5 -0
package/dist/reporter/terminal.js +59 -0
package/dist/spec/openapi.d.ts +5 -0
package/dist/spec/openapi.js +119 -0
package/dist/spec/parser.d.ts +11 -0
package/dist/spec/parser.js +45 -0
package/dist/types.d.ts +145 -0
package/dist/types.js +4 -0
package/dist/utils/http.d.ts +37 -0
package/dist/utils/http.js +92 -0
package/dist/utils/logger.d.ts +8 -0
package/dist/utils/logger.js +20 -0
package/dist/ws/checks.d.ts +18 -0
package/dist/ws/checks.js +558 -0
package/dist/ws/engine.d.ts +47 -0
package/dist/ws/engine.js +139 -0
package/package.json +41 -0

package/dist/ws/engine.js ADDED Viewed

@@ -0,0 +1,139 @@
+/**
+ * WebSocket test engine
+ * Handles connections, message exchange, and response collection
+ */
+import WebSocket from 'ws';
+/**
+ * Open a WebSocket connection to the target
+ */
+export function connect(url, options = {}) {
+    const timeout = options.timeout || 5000;
+    return new Promise((resolve, reject) => {
+        const ws = new WebSocket(url, {
+            headers: options.headers || {},
+            handshakeTimeout: timeout,
+        });
+        const conn = {
+            ws,
+            messages: [],
+            connected: false,
+        };
+        const timer = setTimeout(() => {
+            if (!conn.connected) {
+                ws.terminate();
+                reject(new Error(`Connection timeout after ${timeout}ms`));
+            }
+        }, timeout);
+        ws.on('open', () => {
+            clearTimeout(timer);
+            conn.connected = true;
+            resolve(conn);
+        });
+        ws.on('message', (data) => {
+            conn.messages.push({
+                direction: 'received',
+                data: data.toString(),
+                timestamp: Date.now(),
+            });
+        });
+        ws.on('close', (code, reason) => {
+            conn.connected = false;
+            conn.closedCode = code;
+            conn.closedReason = reason.toString();
+        });
+        ws.on('error', (err) => {
+            clearTimeout(timer);
+            if (!conn.connected) {
+                reject(err);
+            }
+        });
+    });
+}
+/**
+ * Send a message and wait for a response
+ */
+export function sendAndWait(conn, data, options = {}) {
+    const timeout = options.timeout || 3000;
+    const startIdx = conn.messages.length;
+    return new Promise((resolve) => {
+        const timer = setTimeout(() => {
+            conn.ws.removeListener('message', onMessage);
+            resolve(null);
+        }, timeout);
+        const check = () => {
+            for (let i = startIdx; i < conn.messages.length; i++) {
+                const msg = conn.messages[i];
+                if (msg.direction === 'received') {
+                    if (!options.matchFn || options.matchFn(msg.data)) {
+                        clearTimeout(timer);
+                        conn.ws.removeListener('message', onMessage);
+                        resolve(msg.data);
+                        return true;
+                    }
+                }
+            }
+            return false;
+        };
+        const onMessage = () => { check(); };
+        conn.ws.on('message', onMessage);
+        conn.messages.push({
+            direction: 'sent',
+            data,
+            timestamp: Date.now(),
+        });
+        conn.ws.send(data);
+        // Check messages already received
+        check();
+    });
+}
+/**
+ * Send raw data (string or buffer) without recording
+ */
+export function sendRaw(conn, data) {
+    conn.ws.send(data);
+}
+/**
+ * Close a connection gracefully
+ */
+export function close(conn) {
+    return new Promise((resolve) => {
+        if (!conn.connected) {
+            resolve();
+            return;
+        }
+        conn.ws.on('close', () => resolve());
+        conn.ws.close();
+        setTimeout(() => resolve(), 1000);
+    });
+}
+/**
+ * Wait for a specific number of messages or timeout
+ */
+export function waitForMessages(conn, count, timeout = 3000) {
+    const startIdx = conn.messages.length;
+    return new Promise((resolve) => {
+        const timer = setTimeout(() => {
+            resolve(conn.messages.slice(startIdx));
+        }, timeout);
+        const check = () => {
+            const received = conn.messages.slice(startIdx).filter(m => m.direction === 'received');
+            if (received.length >= count) {
+                clearTimeout(timer);
+                resolve(conn.messages.slice(startIdx));
+            }
+        };
+        conn.ws.on('message', () => check());
+        check();
+    });
+}
+/**
+ * Try to parse a message as JSON
+ */
+export function parseJson(data) {
+    try {
+        return { parsed: true, value: JSON.parse(data) };
+    }
+    catch (e) {
+        return { parsed: false, error: e.message };
+    }
+}

package/package.json ADDED Viewed

@@ -0,0 +1,41 @@
+{
+  "name": "openpen",
+  "version": "0.2.0",
+  "description": "Open source CLI for API fuzzing and penetration testing",
+  "type": "module",
+  "bin": {
+    "openpen": "./dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/cli.js",
+    "dev": "tsx src/cli.ts",
+    "test": "node --test dist/**/*.test.js"
+  },
+  "keywords": [
+    "api",
+    "security",
+    "fuzzing",
+    "pentest",
+    "owasp"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/tjamescouch/openpen"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "chalk": "^5.0.0",
+    "commander": "^12.0.0",
+    "yaml": "^2.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "@types/ws": "^8.18.1",
+    "tsx": "^4.0.0",
+    "typescript": "^5.3.0"
+  }
+}