npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@k7eon/bruteforce-security-checker

v1.1.8

Published

By this module you can: 1. Test site for bruteforce security by implement HTTP/WS login requests 2. Test site accessibility on mass user signups.

Downloads

7

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

k7eonk7eon

Keywords

bruteforcebrutecheckerbruteforce security

Readme

bruteforce-security-checker

By this module you can:

  1. Test site for bruteforce security by implement HTTP/WS login requests
  2. Test site accessibility on mass user signups.

Table of contents

Installation

npm i @k7eon/bruteforce-security-checker --save

Documentation

For methods documentation visit Doxdox generated docs

BruteForce

const b = require('@k7eon/bruteforce-security-checker').bruteforce;
// or
const {bruteforce} = require('@k7eon/bruteforce-security-checker');

Service class

Service is a class with some usefully methods for implement HTTP request

const Service = require('@k7eon/bruteforce-security-checker').Service;
// or
const {Service} = require('@k7eon/bruteforce-security-checker');

ProxyChecker

Return created class that are ready to check 'http' proxies from files:

usage:

// someFile.js
const proxyChecker = require('@k7eon/bruteforce-security-checker').proxyChecker;
proxyChecker.run(
  'files/proxy.txt',
  'files/valid_proxies.txt',
  'http', // proxy type 'http' or 'https' or 'socks'
  100,    // threads,
  60000,  // timeout in ms
);

Examples

Example of Service usage

  // MySiteClass.js
  const Service = require('@k7eon/bruteforce-security-checker').Service;

  class MySiteClass extends Service {
    
    /**
    * if login success return cookies or null or throw HTTP layer exception;
    * @param login
    * @param password
    * @param agent      - socks proxy agent
    * @return {Promise<*>}
    */
    async login(login, password, agent=null) {
      let config = {
        method: 'POST',
        url: 'http://mysite.com/login',
        headers: {
          'accept':           'application/json, text/javascript, */*; q=0.01',
          'content-type':     'application/x-www-form-urlencoded; charset=UTF-8',
          'x-requested-with': 'XMLHttpRequest',
        },
        form: {
          'username': login,
          'password': password,
        },
        json: true,
      };
      let {response, body} = await this.r(config, agent);
      
      if (!body.success) return null;
      return this.getSetCookies(response);
    }
  }
  module.exports = new MySiteClass();

More about request configs there

Example of Bruteforce with MySiteClass

// login.js
const fs     = require('fs');
const b      = require('@k7eon/bruteforce-security-checker').bruteforce;
const mySite = require('./MySiteClass');
const FILE = {
  proxies:      'files/proxy_valid.txt',
  registered:   'files/registered.log',
  bad:          'files/bad.log',
  good:         'files/good.log',
  errors:       'files/errors_login.log',
};

b.createFilesIfNotExists(FILE);
b.loadAccounts(FILE.registered); // {email, password}[]
b.removeAccountsBy('email', [FILE.bad, FILE.good]);
b.loadProxyAgents(FILE.proxies);

b.showMetrics({'good':0, 'bad':0, 'errors':0}, 1000);

b.start({
  THREADS:      1,
  whatToQueue:  'accounts',
  useProxy:     true,
  // handlerFunc execute by every account
  handlerFunc: async (task, agent) => {
    /* workflow start */
    let account = task;
    console.log('account', account);
    let {email, password} = account;
    
    try {
      let cookie = await mySite.login(email, password, agent);

      if (!cookie) {
        console.log('bad');
        b.save(FILE.bad, email, 'bad');  
        return {agent};
      }
      
      console.log('good');
      b.save(FILE.good, [email, password].join(':'), 'good');  
      return {agent};
      
    } catch (e) {
      console.log('error', e);
      b.save(FILE.errors, `${JSON.stringify({account, proxy: agent.options.host})}\n${e.stack}\n`, 'errors');
      b.reCheck(account);
      return {agent};
    }
    /* end workflow */
  },
  drainCallback: () => {
    console.log('All accounts are checked');
  }
});
  • Run node login.js