{"id":17977645,"url":"https://github.com/mandatoryprogrammer/sonar.js","last_synced_at":"2025-04-05T17:08:31.191Z","repository":{"id":36643316,"uuid":"40949595","full_name":"mandatoryprogrammer/sonar.js","owner":"mandatoryprogrammer","description":"A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.","archived":false,"fork":false,"pushed_at":"2015-11-06T21:24:40.000Z","size":792,"stargazers_count":542,"open_issues_count":12,"forks_count":75,"subscribers_count":38,"default_branch":"master","last_synced_at":"2025-03-29T16:09:45.450Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mandatoryprogrammer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-08-18T03:53:13.000Z","updated_at":"2025-02-27T14:14:27.000Z","dependencies_parsed_at":"2022-09-13T05:13:49.050Z","dependency_job_id":null,"html_url":"https://github.com/mandatoryprogrammer/sonar.js","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandatoryprogrammer%2Fsonar.js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandatoryprogrammer%2Fsonar.js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandatoryprogrammer%2Fsonar.js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mandatoryprogrammer%2Fsonar.js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mandatoryprogrammer","download_url":"https://codeload.github.com/mandatoryprogrammer/sonar.js/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247369952,"owners_count":20927928,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-29T17:28:55.649Z","updated_at":"2025-04-05T17:08:31.169Z","avatar_url":"https://github.com/mandatoryprogrammer.png","language":"JavaScript","readme":"# sonar.js\nA framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration, WebSocket host scanning, and external resource fingerprinting.\n\n## How does it work?\nUpon loading the sonar.js payload in a modern web browser the following will happen:\n* sonar.js will use WebRTC to enumerate what internal IPs the user loading the payload has.\n* sonar.js then attempts to find live hosts on the internal network via WebSockets.\n* If a live host is found, sonar.js begins to attempt to fingerprint the host by linking to it via ```\u003cimg src=\"x\"\u003e``` and ```\u003clink rel=\"stylesheet\" type=\"text/css\" href=\"x\"\u003e``` and hooking the ```onload``` event. If the expected resources load successfully it will trigger the pre-set JavaScript callback to start the user-supplied exploit.\n\n## Fingerprints\nsonar.js works off of a database of fingerprints. A fingerprint is simply a list of known resources on a device that can be linked to and detected via ```onload```. Examples of this include images, CSS stylesheets, and even external JavaScript.\n\nAn example fingerprint database can be seen below:\n```\nvar fingerprints = [\n    {\n        'name': \"ASUS RT-N66U\",\n        'resources': [\"/images/New_ui/asustitle.png\",\"/images/loading.gif\",\"/images/alertImg.png\",\"/images/New_ui/networkmap/line_one.png\",\"/images/New_ui/networkmap/lock.png\",\"/images/New_ui/networkmap/line_two.png\",\"/index_style.css\",\"/form_style.css\",\"/NM_style.css\",\"/other.css\"],\n        'callback': function( ip ) {\n            // Insert exploit here\n        },\n    },\n    {\n        'name': \"Linksys WRT54G\",\n        'resources': [\"/UILinksys.gif\",\"/UI_10.gif\",\"/UI_07.gif\",\"/UI_06.gif\",\"/UI_03.gif\",\"/UI_02.gif\",\"/UI_Cisco.gif\",\"/style.css\"],\n        'callback': function( ip ) {\n            // Insert exploit here\n        },\n    },\n]\n```\n\nThe above database contains fingerprints for two devices, the *ASUS RT-N66U* WiFi router and the *Linksys WRT54G* WiFi router.\n\nEach database entry has the following:\n* ``name``: A  field to identify what device the fingerprint is for. This could be something like *HP Officejet 4500 printer* or *Linksys WRT54G Router*.\n* ```resources```: This is an array of relative links to resources such as CSS stylesheets, images, or even JavaScript files. If you expect these resources to be on a non-standard port such as ``8080``, set the resource with the port included: ```:8080/unique.css```. Keep in mind using external resources with active content such as JavaScript is dangerous as it can interrupt the regular flow of execution.\n* ```callback```: If all of these resources are found to exist on the enumerated host then the ```callback``` function is called with a single argument of the device's IP address.\n\nBy creating your own fingerprints you can build custom exploits that will be launched against internal devices once they are detected by sonar.js. Common exploits include things such as Cross-site Request Forgery (CSRF), Cross-site Scripting (XSS), etc. The idea being that you can use these vulnerabilities to do things such as modifying router DNS configurations, dumping files from an internal fileserver, and more.\n\nFor an easier way to create fingerprints, see the following Chrome extension which generates fingerprint template code automatically for the page you're on:\n\n\u003ca href=\"https://chrome.google.com/webstore/detail/sonar.js-fingerprint-generat/pmijnndljolchjlfcncaeoejfpjjagef\"\u003eClick Here to Install Chrome Extension\u003c/a\u003e\n\n![sonar.js fingerprint generator](https://i.imgur.com/LR1X4Py.png)\n\n## What can be done using sonar.js?\nBy using sonar.js a pentesting team can build web exploits against things such as internal logging servers, routers, printers, VOIP phones, and more. Due to internal networks often being less guarded, attacks such as CSRF and XSS can be powerful to take over the configurations of devices on a hosts internal network. Did we mention this can all be done from an Internet webpage?\n\n## Help us build our database!\nIf you have a device such as a printer, router, or some other internal service please submit a fingerprint to us so we can add it to our master database. We will be adding more fingerprints for more devices overtime but we are limited to the devices that we have access to.\n","funding_links":[],"categories":["📦 Legacy \u0026 Inactive Projects"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandatoryprogrammer%2Fsonar.js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmandatoryprogrammer%2Fsonar.js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmandatoryprogrammer%2Fsonar.js/lists"}