
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
github.com/cptspacetoaster/adventurebot
A silly text based adventure that gloriously mangled the framework to build bots for Slack.... thank you trinchan
Schema - go get github.com/gorilla/schema
Is this your first project in GO? You might find this introduction useful
go get github.com/cptspacetoaster/adventurebot
Create a config file (config.json) in $GOPATH/bin
with the following format:
{
"port": {PORT_FOR_BOT},
"credentials": [
{
"domain": "{YOUR_FIRST_SLACK_DOMAIN}",
"token": "{YOUR_FIRST_SLACK_INCOMING_WEBHOOK_TOKEN}"
},
{
"domain": "{YOUR_SECOND_SLACK_DOMAIN}",
"token": "{YOUR_SECOND_SLACK_INCOMING_WEBHOOK_TOKEN}"
}
]
}
Adventurebot will respond to an Outgoing Webhook. (hard set for patterns that begin with question-mark's at the moment) and it will reply using an Incoming Webhooks
You'll need to find your Incoming Webhook Token and pair each slack domain with its token if you want Adventurebot to respond.
Note, adventurebot will only pay attention to commands that begin with a question-mark! That means your Outgoing Webhook must have this option set properly.
TODO: Lots
TODO: copy the blank.json and fill in the fields... more to come, and I'm not completely finished with the formatting at the moment.
cd $GOPATH/bin
./adventurebot
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.