npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

securewebcmd

v9.3.1

Published

Run commands on a linux server through a nodejs server

Downloads

55

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hughperkinshughperkins

Keywords

webcmdsecurelinuxnodejs

Readme

Table of Contents generated with DocToc

securewebcmd

Execute commands on a linux server through a webpage. Secured using md5 hashing.

Security:

  • works with http or https
  • password protected
  • password not transmitted
  • you can use https, which provides protection against replay attacks, and encrypts traffic, in both directions

Functions:

  • see history of commands run previously
  • watch results of command in real-time, don't have to wait for command to finish running first
  • view results of any command, currently running, or historic
  • results are persistent, even after server restart
  • uses nodejs, simple to install and run
    • doesn't need apache etc ...
  • can kill jobs after starting them

screenshot-server

screenshot0

screenshot1

screenshot2

Using

Install

npm install -g securewebcmd

Run

From any directory, do:

securewebcmd

... then type in a password of your choice twice

  • Connect to the server from a webbrowser, at port 8888, ie localhost://http:8888
  • Type in the password, same as the one you entered at the server, and 'Login'
  • Type in a command, which will run in the same directory where you started securewebcmd, and click 'Launch'
  • the command should run, on the server, and the results appear in real-time
  • you can kill the job by clicking 'kill' button next to the running job, in the 'History' section
  • you can view the results for any job, current or past, by clicking the 'Results' button, next to the job, in the 'History' section

What if I launch a task while another is already running?

  • it will be queued
  • it will start once the running task finishes, or if you kill the currently running task

Supported platforms

  • tested on Ubuntu 14.04 64-bit, using Firefox 35, and node v0.12.0
  • website should plausibly be viewable with Chrome and Firefox, on any platform, and possibly IE9 or newer
  • server should probably run anywhere that nodejs will run?

server-side options

How to set options

  • server-side options are passed in as environment-variables, eg:
WHITELIST='ls pwd ./gpuinfo' securewebcmd

Available options

| Option | Description | |---------|-------------| | PORT=2000 | Change the port that securewebcmd listens on | | WHITELIST='ls pwd groups ./gpuinfo ./clconvolve1' | Create whitelist of allowed commands. Note: ignores parameters, so ./clconvolve1 and ./clconvolve1 numtrain=128 will both be allowed by this example | | JOBSFILE | Path to jobs json file, default is jobs.json |

Activate https

From the directory where you want to run securewebcmd, do:

openssl genrsa -out key.pem
#(note: just hit return several times, to accept the defaults)
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem

... then restart the securewebcmd nodejs server ... and connect to https://localhost:8888, instead of http://localhost:8888

  • since it is using a self-signed certificate, you will need to accept the warnings that appear

Security

How is it secured?

In https mode?

  • everything is encrypted, by virtue of using https
  • all commands, including viewing, and running things, are password-protected (but the password is never sent to the server, just used to create a salted hash)

In http mode?

  • all commands, including viewing, and running things, are password-protected, using password hashes
  • so, it would be challenging for someone to run arbitrary commands against the server
  • however, in http mode, if someone can sniff the traffic they can:
    • do replay attacks, ie run the same commands over and over again
      • this includes sending viewing any results in the history
    • read all the traffic (except the password)

Is my data encrypted during transport, in either direction?

Yes, if you use https. No, if you don't.

Is it secure from a man-in-middle attack?

Yes, if you use https, and have some way of validating the certificate from the browser side. Otherwise, not.

If I use https, can people do a man-in-the middle attack etc?

If you have some way of ensuring that the certificate you see from the browser is the one that the server is using, then tricky. Otherwise, yes.

What libraries/platforms does it use?

Main libraries/platforms