W4SP-Stealer
autobox
W4SP-Stealer | autobox | |
---|---|---|
2 | 3 | |
121 | 16 | |
- | - | |
10.0 | 10.0 | |
over 1 year ago | over 1 year ago | |
Python | Rust | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
W4SP-Stealer
- Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
-
Dozens of malicious PyPI packages discovered targeting developers
Yep. You can read the source code for it here: https://github.com/loTus04/W4SP-Stealer
autobox
-
Dozens of malicious PyPI packages discovered targeting developers
Once I'm done with (2) though I think I'll tackle (3).
`autobox` is fun but I think it may be impractical without more language level support and no matter what I'd end up having to implement it in the compiler at some point, which means it would be unusable without nightly or a fork.
I'm going to try to wrap up an autobox POC that handles branching and loops, publish it, and see if someone who does more compilery things is willing to pick it up. As for (2) and (3) I believe I can build practical implementations for both.
[0] https://github.com/insanitybit/autobox/
- autobox v0.0.2 - now with nom parser, inference, improved tracing
- (POC) autobox - compile time analysis for runtime sandboxing
What are some alternatives?
cargo-vet - supply-chain security for Rust
secimport - eBPF Python runtime sandbox with seccomp (Blocks RCE).
Luna-Grabber - The best discord token grabber made in python
birdcage - Cross-platform embeddable sandboxing
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
crev - Socially scalable Code REView and recommendation system that we desperately need. See http://github.com/crev-dev/cargo-crev for real implemenation.
security-wg - Node.js Ecosystem Security Working Group
wapm-cli - 📦 WebAssembly Package Manager (CLI)
Contents - Community documentation, code, links to third-party resources, ... See the issues and pull requests for pending content. Contributions are welcome !
conductor - Conductor is a microservices orchestration engine.