WebSearcher

v0.8.6 suspicious
6.0
Medium Risk

Tools for conducting, collecting, and parsing web search

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits elevated risks due to its use of subprocess calls for potentially dangerous operations and low maintenance efforts. While there's no definitive proof of malicious activity, the combination of these factors raises concerns about its safety.

  • High shell risk due to subprocess calls
  • Low maintenance and effort suggesting possible neglect or misuse
Per-check LLM notes
  • Network: The network calls appear to be part of fetching web content and checking updates, which is not inherently suspicious but should be reviewed for the legitimacy of the URLs and data being accessed.
  • Shell: The use of subprocess calls to execute shell commands, particularly related to SSH tunnels and file permissions, suggests potential for unauthorized access or command execution, indicating higher risk.
  • Obfuscation: The use of base64 decoding suggests some form of data obfuscation, but it is not conclusive evidence of malicious intent without further context.
  • Credentials: No clear patterns indicating credential harvesting have been detected.
  • Metadata: The package shows signs of low maintenance and effort, but there are no clear indicators of malicious intent.

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • _latest}") response = requests.get(url_latest) response.raise_for_status() if
  • (url: str) -> str: html = requests.get(url).content soup = utils.make_soup(html) links = ut
  • ks5://127.0.0.1:" sesh = requests.Session() if headers: # Add headers to all requests se
  • nt headers.""" sesh = requests.Session() sesh.headers.update(self.headers) return s
⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • values protobuf_bytes = base64.b64decode(encoded_string) # Convert to protobuf bytes while pos <
⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • > None: self.tunnel = subprocess.Popen(self.cmd, shell=False) def generate_ssh_tunnels( ips:
  • ort, keyfile=keyfile) subprocess.call(["chmod", "600", keyfile]) log.info(f"{ssh_tunnel.cm
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: acm.org>

⚠ Suspicious Page Links score 6.0

Found 3 suspicious link(s) on the package page

  • Non-HTTPS external link: http://dl.acm.org/citation.cfm?doid=3178876.3186143
  • Non-HTTPS external link: http://googlesystem.blogspot.com/2008/04/google-search-rest-api.html
  • Non-HTTPS external link: http://www.gnu.org/licenses/
βœ“ Git Repository History

Repository gitronald/WebSearcher appears legitimate

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with WebSearcher 
Your task is to develop a fully-functional mini-app called 'WebScraperPro' using Python and the 'WebSearcher' package. This application will allow users to perform web searches on various search engines like Google, Bing, and Yahoo, collect the results, and parse them for further analysis. Here’s a detailed breakdown of the project requirements:

1. **User Interface**: Create a simple command-line interface where users can input their search queries and select the search engine they want to use.
2. **Search Functionality**: Utilize the 'WebSearcher' package to conduct searches based on user inputs. Ensure that the app supports at least three major search engines (Google, Bing, Yahoo).
3. **Result Collection**: After conducting a search, the application should collect the URLs of the top search results from each selected search engine.
4. **Parsing Results**: Implement a feature to parse the collected URLs, extracting metadata such as title, description, and meta tags from each webpage.
5. **Data Storage**: Store the parsed data into a SQLite database for easy querying and analysis later.
6. **Reporting**: Allow users to generate a report summarizing the collected data, including frequency of certain keywords across different search engines.
7. **Additional Features**:
   - Option to limit the number of search results per query.
   - Ability to filter search results based on specific criteria (e.g., domain type, language).
   - Support for saving search queries and results to a local file.
8. **Error Handling**: Ensure robust error handling to manage issues such as network errors, invalid search queries, and unsupported search engines.
9. **Documentation**: Provide clear documentation explaining how to install and run the application, along with examples of how to interact with it.

This project aims to demonstrate the versatility of the 'WebSearcher' package while also providing a useful tool for web analysis.