2023-08-14 14:01:01 +00:00
|
|
|
# Malpacks
|
|
|
|
|
Tools to find malicious packages inside package manager (PyPI, npm, and Gem)
|
|
|
|
|
|
2023-08-14 14:04:46 +00:00
|
|
|
|
|
|
|
|
|
2023-08-14 14:02:57 +00:00
|
|
|
## Total malicious packages
|
2023-08-14 14:01:01 +00:00
|
|
|
* npm: 1823
|
2023-08-14 14:02:57 +00:00
|
|
|
* PyPI: 5985
|
|
|
|
|
* Gem: 725
|
2023-08-14 14:01:01 +00:00
|
|
|
|
|
|
|
|
## Installation
|
|
|
|
|
Simply clone the repository, install requirements and run the script
|
|
|
|
|
|
|
|
|
|
* $ git clone https://github.com/daffainfo/malpacks
|
|
|
|
|
* $ pip3 install -r requirements.txt
|
|
|
|
|
* $ python3 main.py
|
|
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
Available options:
|
|
|
|
|
* `--all` option
|
|
|
|
|
|
|
|
|
|
To scan all the package managers (PyPI, npm, and Gem)
|
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
```bash
|
|
|
|
|
$ python3 main.py --all
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
* `--packages` option
|
|
|
|
|
|
|
|
|
|
Define package manager to test (PyPI, npm, and Gem)
|
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
```bash
|
2023-08-14 14:03:18 +00:00
|
|
|
$ python3 main.py --packages npm,pypi
|
2023-08-14 14:01:01 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## To-Do List
|
|
|
|
|
- [ ] Scan a file that contain list of packages
|
|
|
|
|
- [ ] Scan requirements.txt (Python)
|
|
|
|
|
- [ ] Scan package.json (npm)
|
|
|
|
|
- [ ] More output options
|
|
|
|
|
- [ ] JSON
|
|
|
|
|
- [ ] YAML
|
|
|
|
|
- [ ] Add more package manager
|
|
|
|
|
- [x] PyPI
|
|
|
|
|
- [x] npm
|
|
|
|
|
- [x] Gem
|
|
|
|
|
- [ ] Go
|
|
|
|
|
- [ ] Composer
|
|
|
|
|
- [ ] Add more malicious packages
|
|
|
|
|
- [x] https://blog.phylum.io/phylum-discovers-another-attack-on-pypi/
|
|
|
|
|
- [x] https://www.reversinglabs.com/blog/mining-for-malicious-ruby-gems
|
2023-08-14 14:04:46 +00:00
|
|
|
- [ ] https://github.com/DataDog/malicious-software-packages-dataset
|
