search

smicallef / spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
http://www.spiderfoot.net
MIT License
13.28k stars 2.29k forks source link

Malware packages #1714

Closed reinethernal closed 2 years ago

reinethernal commented 2 years ago

After scanning requiremets.txt by https://packj.dev/ got a report that there's 5 dependencies thar have malwares. image

bcoles commented 2 years ago

Are you sure? Which requirements.txt file did you upload? None of those dependencies you've listed are directly defined in requirements.txt. Although it is possible that some of the dependencies are dependent on these dependencies (i-am-malicious seems unlikely...).

I uploaded the latest requirements.txt from the master branch to https://packj.dev/ and it found zero matches.

The requirements.txt file forces a minimum version for each dependency but does not lock to a specific version.

reinethernal commented 2 years ago

That one requirements.txt

bcoles commented 2 years ago

That one requirements.txt

Are you sure? That's the requirements.txt from the SiderFoot 4.0 release. It is out of date.

None the less, I uploaded it and no matches were returned.

Found 0/26 packages.
reinethernal commented 2 years ago

Tried your file, and the same result

bcoles commented 2 years ago

I think you misunderstand how https://packj.dev/ works.

If you browse to https://packj.dev/malware now it will list 5 known malicious packages. These are unrelated to the file you upload.

reinethernal commented 2 years ago

Sure, thx. That's my fault. Sorry for bothering you)