radekk/detect.malicious.npm.sh

## detect.malicious.npm.sh
#!/bin/bash
# Author: @radekk
# List of vulnerable packages is from https://twitter.com/iamakulov/status/892485192883073024
# ----------------------
_IFS=$IFS
_COUNTER=0
_COUNTER_ALL=0
_SCAN_PATH=${1:-~/}
_VULN_PACKAGES="babelcli crossenv cross-env.js d3.js fabric-js ffmepg gruntcli http-proxy.js jquery.js mariadb mongose mssql.js mssql-node mysqljs nodecaffe nodefabric node-fabric nodeffmpeg nodemailer-js nodemailer.js nodemssql node-opencv node-opensl node-openssl noderequest nodesass nodesqlite node-sqlite node-tkinter opencv.js openssl.js proxy.js shadowsock smb sqlite.js sqliter sqlserver tkinter"
_REGEXP="(babelcli|crossenv|cross-env\.js|d3\.js|fabric-js|ffmepg|gruntcli|http-proxy\.js|jquery\.js|mariadb|mongose|mssql\.js|nodecaffe|nodefabric|node-fabric|nodeffmpeg|nodemailer-js|nodemailer\.js|nodemssql|node-opencv|node-opensl|node-openssl|noderequest|nodesass|nodesqlite|node-sqlite|node-tkinter|opencv\.js|openssl\.js|proxy\.js|shadowsock|smb|sqlite\.js|sqliter|sqlserver|tkinter)"
_REQUIRED_BIN="jq grep find"

for app in $_REQUIRED_BIN; do
  which "$app" > /dev/null
  if [ $? -ne 0 ]; then
    echo "+ [ERROR] '$app' is not installed"
    exit 1
  fi
done

echo "+ Scanning your local package.json files in: ${_SCAN_PATH}"
echo "----------------------------------------------------------"

IFS=$'\n'
for file in $(find "$_SCAN_PATH" -type f -name 'package.json' 2> /dev/null);
do
  if [ -f "$file" ]; then
    _COUNTER_ALL=$((_COUNTER_ALL + 1))
    grep -Eiqr $_REGEXP "$file"
    if [ $? -eq 0 ]; then
      _PACKAGES=$(cat "$file" | jq -r '.dependencies, .devDependencies | keys []' 2> /dev/null)
      for package in $_PACKAGES; do
        _IS_VULN=$(echo $package | grep -Eiq $_REGEXP && echo 1)
        if [ "$_IS_VULN" == "1" ]; then
          echo "${package} in ${file}"
          _COUNTER=$((_COUNTER + 1))
        fi
      done
    fi
  fi
done;

IFS=$_IFS

echo "----------------------------------------------------------"
echo "+ Scanning is done. Detected affected projects: ${_COUNTER} among all scanned ${_COUNTER_ALL} files."
	#!/bin/bash
	# Author: @radekk
	# List of vulnerable packages is from https://twitter.com/iamakulov/status/892485192883073024
	# ----------------------
	_IFS=$IFS
	_COUNTER=0
	_COUNTER_ALL=0
	_SCAN_PATH=${1:-~/}
	_VULN_PACKAGES="babelcli crossenv cross-env.js d3.js fabric-js ffmepg gruntcli http-proxy.js jquery.js mariadb mongose mssql.js mssql-node mysqljs nodecaffe nodefabric node-fabric nodeffmpeg nodemailer-js nodemailer.js nodemssql node-opencv node-opensl node-openssl noderequest nodesass nodesqlite node-sqlite node-tkinter opencv.js openssl.js proxy.js shadowsock smb sqlite.js sqliter sqlserver tkinter"
	_REGEXP="(babelcli\|crossenv\|cross-env\.js\|d3\.js\|fabric-js\|ffmepg\|gruntcli\|http-proxy\.js\|jquery\.js\|mariadb\|mongose\|mssql\.js\|nodecaffe\|nodefabric\|node-fabric\|nodeffmpeg\|nodemailer-js\|nodemailer\.js\|nodemssql\|node-opencv\|node-opensl\|node-openssl\|noderequest\|nodesass\|nodesqlite\|node-sqlite\|node-tkinter\|opencv\.js\|openssl\.js\|proxy\.js\|shadowsock\|smb\|sqlite\.js\|sqliter\|sqlserver\|tkinter)"
	_REQUIRED_BIN="jq grep find"

	for app in $_REQUIRED_BIN; do
	which "$app" > /dev/null
	if [ $? -ne 0 ]; then
	echo "+ [ERROR] '$app' is not installed"
	exit 1
	fi
	done

	echo "+ Scanning your local package.json files in: ${_SCAN_PATH}"
	echo "----------------------------------------------------------"

	IFS=$'\n'
	for file in $(find "$_SCAN_PATH" -type f -name 'package.json' 2> /dev/null);
	do
	if [ -f "$file" ]; then
	_COUNTER_ALL=$((_COUNTER_ALL + 1))
	grep -Eiqr $_REGEXP "$file"
	if [ $? -eq 0 ]; then
	_PACKAGES=$(cat "$file" \| jq -r '.dependencies, .devDependencies \| keys []' 2> /dev/null)
	for package in $_PACKAGES; do
	_IS_VULN=$(echo $package \| grep -Eiq $_REGEXP && echo 1)
	if [ "$_IS_VULN" == "1" ]; then
	echo "${package} in ${file}"
	_COUNTER=$((_COUNTER + 1))
	fi
	done
	fi
	fi
	done;

	IFS=$_IFS

	echo "----------------------------------------------------------"
	echo "+ Scanning is done. Detected affected projects: ${_COUNTER} among all scanned ${_COUNTER_ALL} files."