Compare the contents of your hosted and proxy repositories for coordinate collisions

Related tags

Networkingrepo-diff
Overview

Nexus Repository Manager dependency/namespace confusion checker

This repository contains a script to check if you have artifacts containing the same name between your repositories. This can be used to check if you're affected by a Dependency Confusion Attack

For example

npm-hosted has packages published with the @mycompany/[email protected]
npm-proxy has a package called @mycompany/[email protected]

This would be a match.

Requirements

  • Python3
  • NXRM3 OSS or PRO

Instructions

Step 1: Customise values in repo-diff.py

You'll need to modify the script to include

  1. Auth creds or tokens from your NXRM3.
  2. URL to your Nexus
  3. Repositories to compare in REPOS. e.g. to compare ruby and npm hosted to their proxies
REPOS = {
    # hosted: proxy
    "ruby-hosted": "ruby-proxy",
    "npm-hosted": "npm-group-proxy"
}

You'll find examples of all in the script.

Step 2: Create new virtual environment

python3 -m venv my-venv

Step 3: Activate your virtual environment

Do this in your terminal or by using your favorite IDE

Windows

my-venv\Scripts\activate.bat

MacOs *NIX Linux

source my-venv/bin/activate

Step 4: Install dependencies

pip install -r requirements.txt

Step 5: Run script

To run the script simply type - results will be printed out to stdout and can be piped to a file for later use.

 python3 repo-diff.py
Owner
Sonatype Community
Community projects meant for the Sonatype Nexus Platform. Affiliated with Sonatype, but inclusive of work our community has done!
Sonatype Community
GitHub Repository
Simple P2P application for sending files over open and forwarded network ports.

FileShareV2 A major overhaul to the V1 (now deprecated) FileShare application. V2 brings major improvements in both UI and performance. V2 is now base

Michael Wang 1 Nov 23, 2021
With Py-Autocrack you can crack WPA2 networks in no time.

With Py-Autocrack you can crack WPA2 networks in no time. All based on Aircrack-ng and Crunch.

Paul - FloatDesign 1 Dec 10, 2021
Build surface water network for MODFLOW's SFR Package

Surface water network Creates surface water network, which can be used to create MODFLOW's SFR. Python packages Python 3.6+ is required. Required geop

Mike Taves 20 Nov 22, 2022
A Python Tor template on Gitpod

A Python Tor template on Gitpod This is template configured for ephemeral development environments on Gitpod. prebuild Get Started With Your Own Proje

Ivan Yastrebov 1 Dec 17, 2021
WARP+ uses Cloudflare’s virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet

WARP+ uses Cloudflare’s virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet

Rivane Rasetiansyah 3 Apr 01, 2022
A python 3 library which helps in using nmap port scanner.

A python 3 library which helps in using nmap port scanner. This is done by converting each nmap command into a callable python3 method or function. System administrators can now automatic nmap scans

Nmmapper 179 Dec 19, 2022
This is the code repository for the USENIX Security 2021 paper, "Weaponizing Middleboxes for TCP Reflected Amplification".

weaponizing-censors Censors pose a threat to the entire Internet. In this work, we show that censoring middleboxes and firewalls can be weaponized by

UMD Breakerspace 119 Dec 31, 2022
This is a zeep based SOAP client wrapper for simple communication with the Bricknode SOAP API.

This is a zeep based SOAP client wrapper for simple communication with the Bricknode SOAP API.

Nord Fondkommission AB 2 Dec 15, 2021
Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool.

Tor Network Top 100 IPs Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool. Just execute top100ipstor.py to get th

Juan Manuel 0 Jan 23, 2022
Easy-to-setup bot, ChatOps project for handling telegram chat logging over docker-compose services, being runned as one of them.

Easy-to-setup bot, ChatOps project for handling telegram chat logging over docker-compose services, being runned as one of them.

Rashid 7 Aug 08, 2022
🌐 Tools for Networking

🌐 Network Tools Tools for Networking This repository contains the tools needed to make networking easier. Make sure to download all of the requiremen

Tornaido 1 Jan 15, 2022
PetrickScanner is a simple Python OOP TCP Port Scanner

PetrickScanner PetrickScanner is a simple Python OOP TCP Port Scanner Functions Python TCP Port Scanner DNS Resolver Random Scanner PLEASE ANY PROBLEM

11 Nov 30, 2021
This repository contain sample code of gRPC Communication between Python and GoLang

This repository contain sample code of gRPC Communication between Python and GoLang, the Server is running on GoLang while Python is running the client

Abdullahi Muhammad 2 Nov 29, 2021
This is a python based command line Network Scanner utility, which input as an argument for the exact IP address or the relative IP Address range you wish to do the Network Scan for and returns all the available IP addresses with their MAC addresses on your current Network.

This is a python based command line Network Scanner utility, which input as an argument for the exact IP address or the relative IP Address range you wish to do the Network Scan for and returns all t

Abhinandan Khurana 1 Feb 09, 2022
Qtas(Quite a Storage)is an experimental distributed storage system developed by Q-team in BJFU Advanced Computer Network sources.

Qtas(Quite a Storage)is a experimental distributed storage system developed by Q-team in BJFU Advanced Computer Network sources.

Jiaming Zhang 3 Jan 12, 2022
A Python package for handling free proxies from sslproxies.org

SSLProxies Get free working proxy from https://www.sslproxies.org/ and use it in your script This is a port/rewrite of free-proxy with additional feat

Nate Harris 2 Mar 17, 2022
Py script to aid in setting up the boot chime in OpenCore.

BootChime Py script to aid in setting up the boot chime in OpenCore. It does so by helping you locate your IOHDACodecDevices, IOHDACodecAddress values

CorpNewt 7 Sep 19, 2022
Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package

Build custom OSINT tools and APIs with this python package - It includes different OSINT modules (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whoi

QeeqBox 52 Jan 06, 2023
Public HTTPS access to Home Assistant with Dataplicity service

Custom component for public HTTPS access to Home Assistant with Dataplicity service. Should work on any Linux PC or ARM, not only Raspberry as Dataplicity service said. Don't work on Windows.

Alex X 70 Oct 03, 2022
A simple GitHub Action that physically puts your senses on alert when your build/release fails

GH Release Paniker A simple GitHub Action that physically puts your senses on alert when your build/release fails Usage Requirements: Raspberry Pi, LE

Hemanth Krishna 5 Dec 20, 2021