Skip to content

moshikoHassan/parsed_shai_hulud_20

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
.gitignore
.gitignore
 
 
DEOBFUSCATION_SUMMARY.md
DEOBFUSCATION_SUMMARY.md
 
 
README.md
README.md
 
 

Repository files navigation

Code Structure

This project has been split from a single large obfuscated file (deofcode.js) into multiple organized modules.

Directory Structure

src/
├── utils/
│   ├── moduleHelpers.js    # Module system helper functions
│   └── systemInfo.js       # System information utilities
├── modules/
│   ├── grpcConstants.js    # gRPC status codes and constants
│   ├── logger.js           # Logging utilities
│   ├── packageInfo.js     # Package metadata
│   └── protobufDefinitions.js  # Google Cloud protobuf definitions
└── main.js                # Main execution entry point

Module Descriptions

Utilities (src/utils/)

  • moduleHelpers.js: Contains helper functions for module creation and property definition
  • systemInfo.js: Functions for getting system information (platform, architecture) and generating random strings

Modules (src/modules/)

  • grpcConstants.js: gRPC status codes, log verbosity levels, and propagation flags
  • logger.js: Logging system for gRPC operations with configurable verbosity
  • packageInfo.js: Package.json metadata for the gRPC library
  • protobufDefinitions.js: Large protobuf definitions for Google Cloud Secret Manager

Main Entry Point

  • main.js: Main execution logic that orchestrates data collection from various cloud providers and systems

Variable Naming

Variables have been renamed from obfuscated names to more meaningful ones:

  • rL0objectCreate
  • sL0getPrototypeOf
  • KIdefineProperty
  • eL0getOwnPropertyNames
  • OM0hasOwnProperty
  • acreateModuleWrapper
  • ycreateModule
  • e1defineGetters
  • _0lazyInit
  • erequireModule
  • G1grpcConstants
  • p1logger
  • NIprotobufDefinitions
  • tL0generateRandomString
  • $y1getSystemInfo
  • aL0collectSystemAndCloudData
  • jy1main

TODO

The following components still need to be extracted from the original deofcode.js:

  1. Cloud Providers:

    • AWS Secrets Manager (WX class)
    • GCP Secrets Manager (Hw class)
    • Azure Secrets Manager (Eq class)

  2. GitHub Integration:

    • GitHub client (dq class)
    • GitHub Actions secrets collection
    • Repository management

  3. NPM Integration:

    • NPM token validation
    • NPM package management

  4. Security Scanning:

    • Trufflehog integration (Tl class)
    • File system scanning

  5. Additional Utilities:

    • Browser detection
    • Platform-specific utilities
    • HTTP proxy agents

Notes

  • The original deofcode.js file is preserved for reference
  • Some modules still have dependencies on the original file structure
  • Further refactoring is needed to fully modularize all components

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages