Supply Chain Security
Vulnerability
Quality
Maintenance
License
Unpopular package
QualityThis package is not very popular.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
UDP-server to execute shell commands. Designed for development, prototyping or remote control. Settings through two command line arguments, path and shell command. By default bind to :8080.
shell2udp [options] ["shell command" for /] /path "shell command" /path2 "shell command2" ...
options:
-p, --port NNNN : port for udp server ( default 8080 )
pip install shell2udp
shell2udp 'shutdown -s -t 0'
shell2udp 'shutdown -s -t 0' /beep "powershell -c echo `a"
shell2udp --port 3306 /beep 'powershell -command [Console]::Beep(440,2000)'
[System.Net.Sockets.UdpClient]::New().Send("", 0, "localhost", 8080)
[System.Net.Sockets.UdpClient]::New().Send([System.Text.Encoding]::UTF8.GetBytes("/beep"), 5, "localhost", 8080)
# [System.Text.Encoding]::UTF8.GetBytes("/beep").Length
shell2udp 'notify-send Hello root'
shell2udp -p3000 'notify-send Hello root' /path 'canberra-gtk-play -i desktop-login'
shell2udp -p3000 /path 'canberra-gtk-play -i desktop-login'
echo > /dev/udp/localhost/8080
echo /path > /dev/udp/localhost/8080
FAQs
Executing shell commands via UDP server
We found that shell2udp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s Threat Research Team has uncovered 60 npm packages using post-install scripts to silently exfiltrate hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.
Security News
TypeScript Native Previews offers a 10x faster Go-based compiler, now available on npm for public testing with early editor and language support.
Research
Security News
Malicious npm packages targeting React, Vue, Vite, Node.js, and Quill remained undetected for two years while deploying destructive payloads.