Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/doyensec/confuser
Dependency Confusion Security Testing Tool
https://github.com/doyensec/confuser
dependency-confusion npm security-audit security-tools
Last synced: about 1 month ago
JSON representation
Dependency Confusion Security Testing Tool
- Host: GitHub
- URL: https://github.com/doyensec/confuser
- Owner: doyensec
- Created: 2021-07-28T15:40:43.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-07-21T20:21:20.000Z (over 2 years ago)
- Last Synced: 2024-04-28T04:35:11.253Z (8 months ago)
- Topics: dependency-confusion, npm, security-audit, security-tools
- Language: Python
- Homepage: https://blog.doyensec.com/2022/07/21/dependency-confusion.html
- Size: 66.4 KB
- Stars: 37
- Watchers: 3
- Forks: 2
- Open Issues: 7
-
Metadata Files:
- Readme: Readme.md
Awesome Lists containing this project
README
# Confuser
A tool to detect Dependency Confusion vulnerabilities. It allows scanning ```packages.json``` files, generating and publishing payloads to the NPM repository, and finally aggregating the callbacks from vulnerable targets.
## Installation
```
pip3 install -r requirements.txt
```## Usage
```
python3 -m flask run --host=0.0.0.0 --port=1234
```
The flow starts with uploading a `package.json` file on the main page. The backend will analyze all packages looking for potentially vulnerable ones. From within the project page, it will be possible to review the list of packages. By clicking on "start campaign", the tool generates a new payload and uploads it to the NPM repository. By clicking on "stop campaign", it is possible to remove the package and clean up the environment.