From e25556c041b7987255c7a9ea7d1c833208f68af2 Mon Sep 17 00:00:00 2001 From: x1337loser <78683355+x1337loser@users.noreply.github.com> Date: Thu, 2 Feb 2023 21:57:29 +0600 Subject: [PATCH] more accurate fix some issue --- npm-automation.sh | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/npm-automation.sh b/npm-automation.sh index a132382..b9795fc 100644 --- a/npm-automation.sh +++ b/npm-automation.sh @@ -6,15 +6,12 @@ echo ''' / /| / /_/ / / / / / / / ___ / /_/ / /_/ /_/ / /_/ |_/ .___/_/ /_/ /_/ /_/ |_\__,_/\__/\____/ /_/ v1.0.1 - twitter.com/@0xnirob - - warning: BE AWARE OF FALSE POSITIVE, CONFIRM YOUR FINDING MANUALLY. Good Luck. Use with caution. You are responsible for your actions. Developers assume no liability and are not responsible for any misuse or damage. ''' -num='3 4 5 6 7' + if [ -d $1 ];then echo '' >/dev/null 2>&1 else @@ -23,7 +20,7 @@ fi echo -e "Running waybackurls on $1" waybackurls $1 | sort -u | grep .js | sed 's/?.*//' | grep -v '/wp-content/\|/wp-includes/\|.json\|jpg\|png\|css|\|/member/\|.jsp\|oauth\|login\|en-us\|v=\|=\|?\|/help/\|/id/\|paragon\|/wp-json/' | sort -u | tee -a $PWD/$1/$1-js-urls.txt >/dev/null 2>&1; echo -e "Running gau on $1" -gau $1 | sort -u | grep .js | sed 's/?.*//' | grep -v '/wp-content/\|/wp-includes/\|.json\|jpg\|png\|css|\|/member/\|.jsp\|oauth\|login\|en-us\|v=\|=\|?\|/help/\|/id/\|paragon\|/wp-json/' | sort -u | tee -a $PWD/$1/$1-js-urls.txt >/dev/null 2>&1; +#gau $1 | sort -u | grep .js | sed 's/?.*//' | grep -v '/wp-content/\|/wp-includes/\|.json\|jpg\|png\|css|\|/member/\|.jsp\|oauth\|login\|en-us\|v=\|=\|?\|/help/\|/id/\|paragon\|/wp-json/' | sort -u | tee -a $PWD/$1/$1-js-urls.txt >/dev/null 2>&1; cd $PWD/$1; echo -e "Found $(cat $1-js-urls.txt | sort -u |wc -l) js file url "; @@ -31,9 +28,7 @@ cat $1-js-urls.txt | sort -u |while read ut;do wget $ut.map >/dev/null 2>&1; done -for val in $num;do - grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' | grep -v '@' | cut -d '/' -f"$val" | sort -u | grep -v '.js\|.ts\|.tsx\|.css' | egrep '\b[a-z]+\b' | grep -v '.png\|.pnp' | tee -a $1-npm-packages.txt >/dev/null 2>&1; - done +grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' | grep -v '@' | sed 's:.*/node_modules::' | cut -d '/' -f 2 | sort -u | grep -v '.js\|.ts\|.tsx\|.css' | egrep '\b[a-z]+\b' | grep -v '.png\|.pnp' | tee -a $1-npm-packages.txt >/dev/null 2>&1; rm $1-js-urls.txt; if [ -s $1-npm-packages.txt ];then @@ -50,20 +45,21 @@ else echo -e "Didn't found any npm packages, now going for scope test " fi #this part is for scope package test please be carefull with that, some times `www.npmjs.com` will show you 429 response code -for val in $num;do - grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' | cut -d '/' -f"$val" | sort -u | grep '@' | grep -v '.js\|.ts\|.tsx\|.css' | egrep '\b[a-z]+\b' | grep -v '.png\|.pnp' | grep '@' | cut -d '@' -f 2 | tee -a $1-npm-scope.txt >/dev/null 2>&1; - done +grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' | sed 's:.*/node_modules::' | cut -d '/' -f 2 | sort -u | grep '@' | grep -v '.js\|.ts\|.tsx\|.css' | egrep '\b[a-z]+\b' | grep -v '.png\|.pnp' | grep '@' | cut -d '@' -f 2 | tee -a $1-npm-scope.txt >/dev/null 2>&1; + if [ -s $1-npm-scope.txt ];then echo -e " Found some Scope names now going for final test on "$1-npm-scope.txt""; cat $1-npm-scope.txt | sort -u | while read pkg;do OPTION=`curl -o /dev/null -s -w "%{http_code}\n" "https://www.npmjs.com/org/$pkg"` if $(echo "$OPTION" | grep "200\|302" >/dev/null 2>&1);then echo -e "@"$pkg"\e[1;33m Available in Public Registry \e[0m" && echo $pkg >> $1-npm-scope-vuln.txt; + grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' |grep '@'$pkg'' | sed 's:.*/@'$pkg'::' | cut -d '/' -f 2 | sort -u | while read ut;do echo "Full pacakge name of @"$pkg" is @"$pkg"/"$ut" ";done elif $(echo "$OPTION" | grep "429" >/dev/null 2>&1);then echo -e "@"$pkg" \e[1;31m Rate limit detected \e[0m" else echo -e "@"$pkg"\e[1;31m Found Unclaimed scope Name\e[0m"; + grep -oriahE "[^\"\\'> ]+" | grep 'node_modules' |grep '@'$pkg'' | sed 's:.*/@'$pkg'::' | cut -d '/' -f 2 | sort -u | while read ut;do echo -e "\e[1;31mFull pacakge name of @"$pkg" is @"$pkg"/"$ut", this is unclaimed, Add @"$pkg"/"$ut" in your package.json file like {package: @"$pkg"/"$ut"}, \e[0m";done fi done else