3x-ui-setup
3x-ui-vpn-setup · v · by
58.5
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 60.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 100.0 | 15% |
| Clickfix | 100.0 | 15% |
| Credential | 0.0 | 15% |
| Twostage | 0.0 | 10% |
| Infrastructure | 0.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 9.4 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 60
[CRITICAL] Remote code download and execution via curl pipe
(line 505)
ssh {nickname} 'PANEL_PORT={panel_port}; curl -sk -b /tmp/3x-cookie "https://127.0.0.1:${PANEL_PORT}/{web_base_path}/pan
[MEDIUM] Fetching content from non-OpenClaw GitHub repositories
(line 288)
ssh {nickname} "curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh -o /tmp/3x-ui-install.sh &&
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 100
No findings.
CLICKFIX — Score: 100
No findings.
INFRASTRUCTURE — Score: 0
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 100)
| Panel access | Via SSH tunnel | Direct: `https://127.0.0.1:{panel_port}/{web_base_path}` |
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 309)
URL: https://127.0.0.1:{panel_port}/{web_base_path} (через SSH-туннель)
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 434)
ssh {nickname} 'PANEL_PORT={panel_port}; curl -sk -c /tmp/3x-cookie -b /tmp/3x-cookie -X POST "https://127.0.0.1:${PANEL
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 460)
ssh {nickname} 'PANEL_PORT={panel_port}; curl -sk -c /tmp/3x-cookie -b /tmp/3x-cookie -X POST "https://127.0.0.1:${PANEL
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 487)
Then open in browser: `https://127.0.0.1:{panel_port}/{web_base_path}` (browser will warn about self-signed cert -- acce
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 505)
ssh {nickname} 'PANEL_PORT={panel_port}; curl -sk -b /tmp/3x-cookie "https://127.0.0.1:${PANEL_PORT}/{web_base_path}/pan
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 807)
| URL | `https://127.0.0.1:{panel_port}/{web_base_path}` |
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 815)
Затем открой: `https://127.0.0.1:{panel_port}/{web_base_path}`
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 1023)
URL: https://127.0.0.1:{panel_port}/{web_base_path} (через SSH-туннель)
[HIGH] Direct IP URL with no domain (likely C2 server)
(line 1043)
Затем открыть: https://127.0.0.1:{panel_port}/{web_base_path}
TWOSTAGE — Score: 0
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 505)
ssh {nickname} 'PANEL_PORT={panel_port}; curl -sk -b /tmp/3x-cookie "https://127.0.0.1:${PANEL_PORT}/{web_base_path}/pan
[CRITICAL] Download to /tmp then execute (two-stage loader)
(line 288)
ssh {nickname} "curl -Ls https://raw.githubusercontent.com/mhsanaei/3x-ui/master/install.sh -o /tmp/3x-ui-install.sh &&
[CRITICAL] Download to /tmp then execute (two-stage loader)
(line 378)
ssh {nickname} 'ARCH=$(dpkg --print-architecture); case "$ARCH" in amd64) SA="64";; arm64|aarch64) SA="arm64-v8a";; *) S
[CRITICAL] Download to /tmp then execute (two-stage loader)
(line 383)
ARCH=$(dpkg --print-architecture); case "$ARCH" in amd64) SA="64";; arm64|aarch64) SA="arm64-v8a";; *) SA="$ARCH";; esac
[CRITICAL] URL hidden in variable assignment then evaluated
(line 378)
ssh {nickname} 'ARCH=$(dpkg --print-architecture); case "$ARCH" in amd64) SA="64";; arm64|aarch64) SA="arm64-v8a";; *) S
[CRITICAL] URL hidden in variable assignment then evaluated
(line 383)
ARCH=$(dpkg --print-architecture); case "$ARCH" in amd64) SA="64";; arm64|aarch64) SA="arm64-v8a";; *) SA="$ARCH";; esac
CREDENTIAL — Score: 0
[CRITICAL] SSH key file access or exfiltration
(line 115)
cat ~/.ssh/{nickname}_key.pub
[CRITICAL] SSH key file access or exfiltration
(line 191)
cat /home/{username}/.ssh/authorized_keys
[CRITICAL] SSH key file access or exfiltration
(line 249)
cat >> ~/.ssh/config << 'EOF'
[CRITICAL] SSH key file access or exfiltration
(line 683)
scp ~/.ssh/{nickname}_key.pub {username}@{SERVER_IP}:~/
[CRITICAL] SSH key file access or exfiltration
(line 694)
cat /home/{username}/{nickname}_key.pub >> /home/{username}/.ssh/authorized_keys
[CRITICAL] SSH key file access or exfiltration
(line 842)
scp ~/.ssh/{nickname}_key.pub {username}@{SERVER_IP}:~/
[CRITICAL] SSH key file access or exfiltration
(line 848)
cat >> ~/.ssh/config << 'SSHEOF'
[CRITICAL] SSH key file access or exfiltration
(line 956)
cat >> ~/.ssh/config << 'EOF'
TYPOSQUAT — Score: 100
No findings.