add webhook search

KTibow · Jan 12, 2024 · 8511a77 · 8511a77
1 parent 75d80cf
commit 8511a77
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 0 deletions.
diff --git a/src/lib/analysis/Results.svelte b/src/lib/analysis/Results.svelte
@@ -3,6 +3,7 @@
   import type { Writable } from "svelte/store";
   import { file, view, type Loaded } from "$lib/state";
   import { createAnalysis, type Analysis, type Progress } from "./createAnalysis";
+  import { scanWebhooks } from "./webhook";
   import ObfuscationTable from "./ObfuscationTable.svelte";
   import FlagCard from "./FlagCard.svelte";
 
@@ -22,11 +23,16 @@
 
   let analysis: Writable<Analysis>;
   let progress: Writable<Progress>;
+  let webhooks: Set<string> | undefined;
   $: if ("zip" in $file) {
     ({ analysis, progress } = createAnalysis());
+    webhooks = undefined;
   }
 
   $: obfuscation = Object.entries($analysis.obfuscation);
+  const getWebhooks = async () => {
+    webhooks = await scanWebhooks();
+  };
 </script>
 
 <div class="flex gap-2 max-lg:flex-col">
@@ -93,6 +99,23 @@
   {#each Object.entries($analysis.flags) as [name, flag]}
     <FlagCard {name} {flag} />
   {/each}
+  {#if webhooks}
+    <div
+      class="flex flex-col items-center gap-4 overflow-hidden rounded-lg bg-primary-container p-4 text-on-primary-container transition-all"
+    >
+      <h2 class="m3-font-title-large">Webhooks</h2>
+      {#each webhooks as webhook}
+        <a href={webhook} target="_blank">{webhook}</a>
+      {/each}
+    </div>
+  {:else}
+    <button
+      class="m3-font-title-large rounded-lg bg-primary-container/80 px-4 py-8 text-on-primary-container transition-all hover:bg-primary-container"
+      on:click={getWebhooks}
+    >
+      Scan for webhooks
+    </button>
+  {/if}
 </div>
 
 <style lang="postcss">

diff --git a/src/lib/analysis/webhook.ts b/src/lib/analysis/webhook.ts
@@ -0,0 +1,54 @@
+import type JSZip from "jszip";
+import type { JSZipObject } from "jszip";
+import { get } from "svelte/store";
+import { file, type Loaded } from "$lib/state";
+
+const whRegex =
+  /(https?:\/\/(ptb\.|canary\.)?discord(app)?\.com\/api\/webhooks\/(\d{10,20})\/([\w\-]{68}))/g;
+const b64Regex = /(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})/g;
+export const scanWebhooks = async () => {
+  const fileData = get(file) as Loaded;
+  const zip = fileData.zip as JSZip & JSZipObject;
+  const files = Object.values(zip.files)
+    .filter((f) => !f.dir)
+    .map((f) => f.name);
+
+  const process = async (file: string) => {
+    const contents = await zip.files[file].async("string");
+    const webhooks = contents.matchAll(whRegex);
+    const base64 = contents.matchAll(b64Regex);
+
+    const list: string[] = [];
+    for (const webhook of webhooks) {
+      list.push(webhook[0]);
+    }
+    for (const [base] of base64) {
+      if (base.length < 40 || base.length > 200) continue;
+      try {
+        const decoded = atob(base);
+        const webhook = decoded.match(whRegex);
+        if (webhook) {
+          list.push(webhook[0]);
+        } else if (b64Regex.test(decoded)) {
+          try {
+            const decoded2 = atob(decoded);
+            const webhook = decoded2.match(whRegex);
+            if (webhook) {
+              list.push(webhook[0]);
+            }
+          } catch {}
+        }
+      } catch {}
+    }
+    return list;
+  };
+
+  const list: Set<string> = new Set();
+  await Promise.all(
+    files.map(async (f) => {
+      const result = await process(f);
+      result.forEach((w) => list.add(w));
+    }),
+  );
+  return list;
+};