Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@microsoft/gscan
Advanced tools
The Google Site Scanner (gscan) cli tool allows you to gather basic statistics around existing v1 Google Sites. These include number of sites, types of content, and last updated values.
npm install -g @microsoft/gscan
The behavior of the cli tool is controlled by a JavaScript configuration file named gscan-config.js
. This allows you some flexibility as you can use code in the configuration. This file should be located in your app working directory and be named gscan-config.js
. The application expects a single export with the following structure. "credentialPath", "domain", and "impersonatingAccount" are required, the rest are optional.
{
credentialPath: string,
domain: string,
impersonatingAccount: string,
maxResultsPerPage: 100,
output: ["csv", "json"],
verbose: boolean,
loggingListener: (entry: {}) => void,
useDefaultLogging: boolean,
logFileName: string,
proxyUrl: string,
}
Example Configuration File
Minimal:
module.exports = {
credentialPath: "./credentials.json",
domain: "mydomain.com",
impersonatingAccount: "admin@mydomain.com"
};
Extended:
module.exports = {
credentialPath: "./credentials.json",
domain: "mydomain.com",
impersonatingAccount: "admin@mydomain.com",
maxResultsPerPage: 25,
output: ["json", "csv"],
verbose: true,
loggingListener: (entry) => console.log(entry.message),
useDefaultLogging: false,
logFileName: "mylog.txt",
proxyUrl: "https://my.proxy.url",
};
Suppress log file:
module.exports = {
credentialPath: "./credentials.json",
domain: "mydomain.com",
impersonatingAccount: "admin@mydomain.com",
logFileName: "",
};
Option | Description |
---|---|
credentialPath | Path relative to the working directory where the Google credentials file can be found |
domain | The Google domain to scan. The tool can process a single domain at a time |
impersonatingAccount | The account the app will impersonate, must have access to all of the sites you want to scan.= |
maxResultsPerPage | [Optional, default 100] Controls the page size when reading feeds |
output | [Optional, default "json"] Controls what output is generated. Array of "json" or "csv" |
verbose | [Optional, default false] If true extended information will be included in the logs |
loggingListener | [Optional, default null] Allows you to supply an additional logging function that will receive all logging messages. Function takes a single argument and returns null. The argument will be `{ message: string, level: 0 |
useDefaultLogging | [Optional, default true] If true logging is also written to the console. |
logFileName | [Optional, default 'gscan_log_{timestamp}.txt'] Name of the log file, set to empty string to supress log file generation. |
proxyUrl | [Optional]Url to a network proxy (added in 0.0.3) |
gscan
To build the solution execute:
npm run build
To publish a new version you need to increment the version number appropriately and then publish the solution. The publish command handles rebuilding the solution.
npm version patch
npm publish
If you are using VS Code F5 debugging is setup. It expects a local folder named "gscan-local-testing" containing the credentials and config files, you can adjust this path in the launch file.
FAQs
Provides reporting on G-Suite assets
The npm package @microsoft/gscan receives a total of 0 weekly downloads. As such, @microsoft/gscan popularity was classified as not popular.
We found that @microsoft/gscan demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.