Skip to content

FameHelsinki/suspicious-package

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENCE
LICENCE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

suspicious-package

⚠️ RESEARCH FIXTURE

This package intentionally exhibits behaviors typical of malicious npm packages. It exists solely to evaluate supply-chain security scanners

What it does

When installed, npm runs scripts/postinstall.js. That script simulates a supply-chain attack and exercises suspicious runtime behaviors without doing anything malicious. A behavioral scanner is expected to catch these actions

Behavior simulated Where in the code
System fingerprinting (hostname, user, network interfaces, CPU, memory) fingerprintHost()
Sensitive file recon (~/.ssh, ~/.aws/credentials, …) readSensitiveFiles()
Environment-variable harvesting (NPM_TOKEN, GITHUB_TOKEN, AWS_*, …) harvestEnv()
Child-process recon (whoami, id, uname -a, ifconfig) shellRecon()
Outbound HTTPS POST of the collected payload exfiltrate()

About

Intentionally suspicious node package; for researching supply-chain attacks.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages