Skip to content
/ DepFine Public

DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

26 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

M359AH/DepFine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
DepFine.py
DepFine.py
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

DepFine

DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

Installation:

  • You Can install the tool using the following command by pip3 -r requirmentes.txt install and the tool requirmentes will be installed inside your machine

Idea:

  • The tool until now is running for node.js dependencies only but in next realase will be allow for the other frameworks like gemfile, pypi

Usage :

  • You can use the tool using the following command by type:
python3 DepFine.py RawForPackage.com

Screenshot_2021-11-28_03-46-01

Example usage:

POC

Warning:

  • to use the tool the package.json file must be in a raw data for example If you found it on a outdated domain you should move it to a raw becuase If you run the proccess using the normal link or json type the tool will be coruupted and not run

  • Thanks

Hossam mesbah

Ahmed ibrahim

About

DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

Resources

Readme
Activity

Stars

26 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages