Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
PRAWtools is a collection of tools that utilize reddit's API through PRAW. PRAWtools is currently made up of three utillities:
sudo apt-get install python-setuptools
sudo easy_install pip
sudo pip install prawtools
sudo pacman -S python-pip
sudo easy_install pip
sudo pip install prawtools
sudo easy_install pip
sudo pip install prawtools
modutils is a tool to assist reddit community moderators in moderating their community. At present, it is mostly useful for automatically building flair templates from existing user flair, however, it can also be used to quickly list banned users, contributors, and moderators.
Note: all examples require you to be a moderator for the subreddit
List banned users for subreddit foo
modutils -l banned foo
Get current flair for subreddit bar
modutils -f bar
Synchronize flair templates with existing flair for subreddit baz, building non-editable templates for any flair whose flair-text is common among at least 2 users.
modutils --sync --ignore-css --limit=2 baz
Send a message to approved submitters of subreddit blah. You will be prompted for the message, and asked to verify prior to sending the messages.
modutils --message contributors --subject "The message subject" blah
reddit_alert will notify you when certain keywords are used in comments. For instance, to be notified whenever your username is mentioned you might run it as:
reddit_alert bboe
You can receive multiple alerts by specifying multiple keywords separated by spaces. If you want to be alerted for keyphrases (those containing spaces) you must put quotes around the term:
reddit_alert bboe praw "reddit api"
By default reddit_alert will only provide links to the same terminal screen (or
command prompt) it's running in. To be notified via a reddit message specify
the -m USER
option:
reddit_alert -m bboe bboe praw "reddit_api"
When using the -m USER
you will be prompted to login.
By default comments from all subreddits are considered. If you want to
restrict the notifications to only a few subreddits use one or more -s SUBREDDIT
options:
reddit_alert -m bboe -s redditdev -s learnpython bboe praw "reddit_api"
Finally, you may want to ignore notifications from certain users. You can use
the -I USER
option to ignore comments from a certain user:
reddit_alert -m bboe -I bizarrobboe bboe
To see a complete set of available options run:
reddit_alert --help
subreddit_stats is a tool to provide basic statistics on a subreddit. To see the what sort of output subreddit stats generates check out /r/subreddit_stats.
The tool will only analyze up to 1,000 submissions.
In order to run subreddit_stats you will need to create a praw.ini
file in
the same directory that you run the scripts in. This file should look like:
[DEFAULT]
client_id: XXX
client_secret: XXX
password: XXX
username: XXX
Generate stats for subreddit foo for the last 30 days.
subreddit_stats foo 30
Passing a number, N
, as the second argument will get all submissions from the
last N days, but will ignore submissions from the most recent 24 hours. As a
result, you may experience messages like "No submissions found". To analyze the
top submissions made within the last month run:
subreddit_stats foo month
Similarly, to analyze the top submissions to foo over the last year, run:
subreddit_stats foo year
0. To see other possible options
subreddit_stats --help
FAQs
A collection of utilities that utilize the reddit API.
We found that prawtools demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.