DependConfusion-X
DependConfusion-X Tool is written in Python3 which allows security researcher/bug bounty hunter to scan and monitor list of hosts for Dependency Confusion. Currently, it extracts application dependencies from https://example.com/package.json
, and tries to find unclaimed dependency on https://registry.npmjs.org.
- Python 3
- Linux/Windows/MAC OSX
- Slack Webhook (Optional)
Installation
-
Installing Python dependencies
pip3 install -r requirements.txt
-
Configuring Slack Webhook as env variable
export slack_webhook=""
Usage
-
To run DependConfusion-X:
python3 dependconfusion-x.py -l hosts_file [--slack, --threads 20]