npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@sectester/repeater

v0.33.3

Published

Package for managing repeaters, which are mandatory for scanning targets on a local network.

Downloads

904

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

pmstsspmstssderevnjukderevnjuk

Keywords

securitytestinge2etesttypescriptappsecpentestingqabrightsecrepeateronprem

Readme

@sectester/repeater

Maintainability Test Coverage Build Status NPM Downloads

Package to manage repeaters and their lifecycle.

Repeaters are mandatory for scanning targets on a local network. More info about repeaters.

Setup

npm i -s @sectester/repeater

Usage

To establish a secure connection between the Bright cloud engine and a target on a local network, you just need to use the RepeaterFactory constructed with Configuration instance as constructor argument.

import { Configuration } from '@sectester/core';
import { RepeaterFactory } from '@sectester/repeater';

const configuration = new Configuration({
  hostname: 'app.neuralegion.com'
});

const repeaterFactory = new RepeaterFactory(configuration);

The factory exposes the createRepeater method that returns a new Repeater instance:

const repeater = await repeaterFactory.createRepeater();

You can customize some properties, e.g. name prefix or description, passing options as follows:

const repeater = await repeaterFactory.createRepeater({
  namePrefix: 'my-repeater',
  description: 'My repeater'
});

The createRepeater method accepts the options described below:

| Option | Description | | :---------------------------- | ----------------------------------------------------------------------------------------------------- | | namePrefix | Enter a name prefix that will be used as a constant part of the unique name. By default, sectester. | | description | Set a short description of the Repeater. | | requestRunnerOptions | Custom the request runner settings that will be used to execute requests to your application. | | projectId | Specify the project ID to associate the Repeater with. | | disableRandomNameGeneration | Disable random name generation for the Repeater's name. |

The default requestRunnerOptions is as follows:

{
  timeout: 30000,
  maxContentLength: 100,
  reuseConnection: false,
  allowedMimes: [
    'text/html',
    'text/plain',
    'text/css',
    'text/javascript',
    'text/markdown',
    'text/xml',
    'application/javascript',
    'application/x-javascript',
    'application/json',
    'application/xml',
    'application/x-www-form-urlencoded',
    'application/msgpack',
    'application/ld+json',
    'application/graphql'
  ]
};

The RequestRunnerOptions exposes the following options that can used to customize the request runner's behavior:

export interface RequestRunnerOptions {
  timeout?: number;
  proxyUrl?: string;
  headers?: Record<string, string | string[]>;
  allowedMimes?: string[];
  maxContentLength?: number;
  reuseConnection?: boolean;
}

The RepeaterFactory also provides a method to create a Repeater instance using an existing repeater ID. You can use the createRepeaterFromExisting method to accomplish this:

const existingRepeaterId = '<your repater ID>';
const repeater = await repeaterFactory.createRepeaterFromExisting(
  existingRepeaterId
);

This method retrieves the existing repeater's details from the cloud using its ID and returns a Repeater instance associated with the specified ID.

You can also customize the request runner options for the existing repeater by passing them as options:

const existingRepeaterId = '<your repater ID>';
const repeater = await repeaterFactory.createRepeaterFromExisting(
  existingRepeaterId,
  {
    requestRunnerOptions: {
      timeout: 10000,
      maxContentLength: 200,
      allowedMimes: ['text/html']
    }
  }
);

The Repeater instance provides the start method. This method is required to establish a connection with the Bright cloud engine and interact with other services.

await repeater.start();

To dispose of the connection, stop accepting any incoming commands, and handle events, you can call the stop method if the Repeater instance is started:

await repeater.stop();

Repeater instance also has a repeaterId field, that is required to start a new scan for local targets.

Usage in unit tests

There are multiple strategies of how to run a repeater: before-all or before-each (recommended). The two most viable options are running before all the tests vs running before every single test.

Below you can find the implementation of before-each strategy:

import { Configuration } from '@sectester/core';
import { RepeaterFactory, Repeater } from '@sectester/repeater';

describe('Scan', () => {
  let repeater!: Repeater;

  beforeAll(async () => {
    const configuration = new Configuration({
      hostname: 'app.neuralegion.com'
    });

    repeater = await new RepeaterFactory(configuration).createRepeater();
    await repeater.start();
  });

  afterAll(() => repeater.stop());

  it('should be not vulnerable', () => {
    // run scan of local target passing `repeater.repeaterId` to scan config
  });
});

Implementation details

Under the hood, Repeater connects to the Bright engine using the WebSocket protocol and then listens for incoming commands from the engine. These commands are executed by the RequestRunner to process the requests coming from the engine:

export interface RequestRunner {
  protocol: Protocol;
  run(request: Request): Promise<Response>;
}

Package contains RequestRunner implementations for HTTP protocol only. To support other protocol new class implementation of RequestRunner should be registered in global IoC container:

import { container } from 'tsyringe';

container.register(RequestRunner, {
  useClass: CustomProtocolRequestRunner
});

Limitations

Custom scripts and self-signed certificates (see Bright CLI) are not supported yet.

License

Copyright © 2024 Bright Security.

This project is licensed under the MIT License - see the LICENSE file for details.