Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
Cendertron
Cendertron = Crawler + cendertron
Crawl AJAX-heavy client-side Single Page Applications (SPAs), deploying with docker, focusing on scraping requests(page urls, apis, etc.), followed by pentest tools(Sqlmap, etc.).
Cendertron can be used for extracting requests(page urls, apis, etc.) from your Web 2.0 page, view in demo page, or result page.
Deploy
- Run locally
$ git clone ...
$ yarn install
$ npm run dev
- Deploy in Docker
# build image
$ docker build -t cendertron .
# run as contaner
$ docker run -it --rm -p 3000:3000 --name cendertron-instance cendertron
# run as container, fix with Jessie Frazelle seccomp profile for Chrome.
$ wget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json
$ docker run -it -p 3000:3000 --security-opt seccomp=$HOME/chrome.json --name cendertron-instance cendertron
# or
$ docker run -it -p 3000:3000 --cap-add=SYS_ADMIN --name cendertron-instance cendertron
# use network and mapping logs
$ docker run -d -p 5000:3000 --cap-add=SYS_ADMIN --name cendertron-instance --network wsat-network cendertron
Test Urls
Use as Libs
Install cendertron from NPM:
# set not downloading chromium
$ PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
$ yarn add cendertron
# or
$ npm install cendertron -S
Import Crawler and use in your code:
About
Roadmap
- 将自定义参数的爬虫全部划归到 POST 中,POST 请求会进行 Body 存储与匹配
- 引入自定义的 BrowserEventEmitter,全局仅注册单个 Browser 监听器
- add https://github.com/winstonjs/winston as logger
- https://123.125.98.210/essframe
- 分别添加调度器级别与爬虫级别的监控
Motivation & Credits
- gremlins.js: Monkey testing library for web apps and Node.js
FAQs
Renders webpages using headless Chrome for usage by bots
The npm package cendertron receives a total of 0 weekly downloads. As such, cendertron popularity was classified as not popular.
We found that cendertron demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 20 May 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025