This project aims to ease evaluating the parameters of javascript functions on a website.
Typically helps with deobfuscating https://stackoverflow.com/questions/32977908/how-can-i-deobfuscate-this-javascript using String.fromCharCode or window.eval or other functions like JSON.stringify
Deployed on Render at evaluator.onlyeum.io (beta 🏚️🕸️🕷️)
- https://www.getastra.com/e/malware/infections/the-presence-of-these-malicious-javascript-are-the-sign-of-hacked-opencart-magento-or-prestashop-store
- https://github.com/gwillem/magento-malware-scanner/blob/master/rules/frontend.txt
Use
evaluate/?url=[site url]&function=[function to evaluate]
Example
http://localhost:4200/evaluate/?url=https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_eval&function=window.eval
a screen shot of the website will be provided in the response stream.
Build and run image with Dockerfile 🏃♂️
cd docker
docker build -t evaluator . --force-rm
docker compose up- npm >= 8.19.2
- nodejs >= 18.7.0 & < 19
Run npm install to install the application.
npm installRun npm start for a dev server. Navigate to http://localhost:4200/. The app will automatically reload if you change any of the source files.
npm startRun npm run build to launch Jest test the project. The build artifacts will be stored in the dist/ directory.
npm run build📂 Go to
evaluatorsubfolder
cd ./evaluator
cargo build
cargo run
-
Five parameters :
-
-pathor-pcsv file to load (first column is website domain) -
-functionor-fthe function to evaluate -
-nb_threadsor-nthe number of threads -
-timeoutor-tthe navigation timeout -
-search_patternor-sa pattern to searchExample
cargo run -- -p All-Live-Magento-Sites.csv -f window.eval -n 5 -s checkout
If you see any typos or errors you can edit the code directly on GitHub and raise a Pull Request on master branch, many thanks !