Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/SaltGan/CookieScanner
GDPR requires that all websites that provide services to European users must provide a complete report on the use of cookies to record user information and continue to use it with the express consent of the user. There are several commercial Cookie Scanner online.
But we decide to make our implementation Open Source. Hope to help more people getting aware of the privacy problems.
Cookie Scanner is a simple utility to analyze website cookie status and generate reports for GDPR-compliance.
For how to use the "Cookie Database", please see CQL QuickStart
Frontpage sets Cookie without user Consent:
Nice HTML or PDF report
Detailed cookie description
We collected more than 10000 cookie description and put them in free DB service CQL:
Your can just try Cookie Scanner on gdprExpert.io
Requires MacOS/Linux system.
First, install Google Chrome
in your operating system.
Or you can start a headless Chrome in docker with
$ docker container run -d -p 9222:9222 zenika/alpine-chrome --no-sandbox \
--remote-debugging-address=0.0.0.0 --remote-debugging-port=9222
Then, install the CookieScanner
using go get
.
$ go get github.com/CovenantSQL/CookieScanner
CookieScanner is capable of geneating reports in json/html/pdf
format.
$ CookieScanner --help
usage: CookieScanner [<flags>] <command> [<args> ...]
website cookie usage report generator
Flags:
--help Show context-sensitive help (also try --help-long
and --help-man).
--chrome=CHROME chrome application to run as remote debugger
--verbose run debugger in verbose mode
--timeout=1m0s timeout for a single cookie scan
--wait=WAIT wait duration after page load in scan
--classifier=CLASSIFIER classifier database for cookie report
--log-level=LOG-LEVEL set log level
Commands:
help [<command>...]
Show help.
cli [<flags>] <site>
generate report for a single website
version
get debugger version
server [<flags>]
start a report generation server
$ CookieScanner cli --help
usage: CookieScanner cli [<flags>] <site>
generate report for a single website
Flags:
--help Show context-sensitive help (also try --help-long
and --help-man).
--chrome=CHROME chrome application to run as remote debugger
--verbose run debugger in verbose mode
--timeout=1m0s timeout for a single cookie scan
--wait=WAIT wait duration after page load in scan
--classifier=CLASSIFIER classifier database for cookie report
--log-level=LOG-LEVEL set log level
--headless run chrome in headless mode
--port=9222 chrome remote debugger listen port
--json print report as json
--html=HTML save report as html
--pdf=PDF save report as pdf
Args:
<site> site url
Generate HTML report for covenantsql.io
using cli mode.
$ CookieScanner cli \
--headless \
--classifier "covenantsql://050cdf3b860c699524bf6f6dce28c4f3e8282ac58b0e410eb340195c379adc3a?config=./config/config.yaml" \
--html cql.html covenantsql.io
Just wait for a while, you will found cql.html
showing results like this:
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.