Frameworks Vulnerability scanner

Mr.NodeBot : IRC Bot Framework by Fsociety

Written by Mubassir patel

Mr. NodeBot

An IronY / FSociety Production

Build Status Dependencies devDependencies Status Known Vulnerabilities

Snyk Intergration

Since Mr.Nodebot is  an IRC bot, and one cannot predict the type of character the bot may encounter in the wild, this project makes use of the Snyk vulnerabilitie patching system. You should regularly check the snyk patching system by running npm run snyk-protect.

Special Considerations of Mr.NodeBot

The bot currently depends on NickServ services supporting the ACC command for certain command authentication types. Networks confirmed to work include

  • freenode
  • DALnet

Dependencies of Mr.NodeBot

  • A Database engine, either MySql, MariaDB, Postgres, Sqlite3
  • libicu (character encoding detection) More Instructions
    • Debian (Ubuntu) apt-get install libicu-dev
    • Gentoo emerge icu
    • Fedora/CentOS yum install libicu-devel
    • macOS
      • Homebrew brew install icu4c; brew link icu4c --force
      • MacPorts port install icu +devel

Installation of Mr.NodeBot

  • Install Node Modules npm install
  • Create a configuration file from a template cp config.sample.js config.js
  • Edit the configuration file
  • Configure a database
    • By default, the bot will use SQLite 3, npm install sqlite3
    • If using MySQL, npm install mysql2 (Knex supports both the node-mysql and node-mysql2 flavours, with the second being faster and more secure)
      • Create a Schema and be sure to give it a utf8mb4_unicode_ci character set (CREATE DATABASE db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci)
      • Modify the config.js accordingly
      • Once properly configured and run for the first time, the Bot will provision the database schema using migrations
  • Start the bot node index.js [--config config.js-path] or npm start

Keep the Bot Running

Included in the root directory is a sample systemd script (misc/mrnodebot.service), you can do it this way or use forever or any other node task runner. If you want to be able to use commands like update, restart, and halt while having the Bot come back it is important you take this into consideration.

Features of Mr.NodeBot

  • Logging / Analytics
  • SED Corrections
  • URL Announce
  • Popularity (upvote/downvote) system
  • Mention system
  • A Seen/Last-seen command to track usage
  • API Endpoints connected to Analytics
  • Express/Pug Web Front end
  • SocketIO connected to Express to deliver real time notifictions and bi-directional communication with the client


You will find various debugging flags inside the config file. These will granually conroll file based debugging options. This framework does take advantage of SocketIO and express, which both utilize the Debug module. If you would like to see very intricate debugging for both express and socketIO, start the bot with the following command DEBUG=* node index.js.

Unit Testing

Unit testing is being introduced and has a long way to go to catch up. To run available tests npm test

Documentation of Mr.NodeBot

I am currently in the processes of providing jsdoc style docblocks for documentation generation. You can generate the documentation by running npm run generate-docs


API Keys For Mr.NodeBot

  • Google API Key – For most features a Google API key with Shortener service, SafeSearch service, and YouTube searchservice enabled is required, however, if one is not provided, the bot will try to gracefully fall back onto
  • Imgur API Key – A Imgur API key is required to extract meta data on Imgur links in the URL announcer
  • Twitter API Key A Twitter API key is required to be able to send tweets, subscribe to tweets, or have a tweet sent out during the announce process
  • Bitly API Key A Bitly API key assists the amount of url shortners you have available to you
  • OMDB API Key Used in the imdb command and in the link matcher to pull info for imdb links

URL Shortner service by Mr.NodeBot

The Url shortner service, found in scripts/libs/_getShortService will provide a url shortner based on your API key availability.const shortService = require('../lib/_getShortService')(DOMAIN?)

  • DOMAIN is optional, but usefull for things like avoiding googles blocking of certain domains.
  • If a google api key is provided, the Google API will be used to shorten
  • After Google, if a Bitly API key is provided, Bitly will be used to shorten
  • If neither API key is available, isGd will be used to shorten (no key required, but certain pitfalls attached)

Command Access Levels in Mr.NodeBot

  • owner – The Command can only be run by the bot owner (hard coded username/host combo in config.js)
  • admin – The Command can be run by the owner or anyone in the admin list
  • identified – The Command can be run by anyone using a nick identified with services
  • guest – The Command can be run by anyone
  • channelOp – The Command can be run by the owner, or anyone with ops in the channel it is being originated from
  • channelOpIdentified – the Command can be run by the owner, the admins, or anyone with ops in the channel who are also identified
  • channelVoice – the Command can be run by the owner, the the ops, and the voices in the channel it is originated from
  • channelVoiceIdentified – the Command can be run by identified voices, ops in the channel originated from, or owner and admins

Magic Functions

If a script exports the following functions, they will be run at the respective run level

  • onLoad Runs on initial load, and reload
  • unUnload Runs during reload prior to the destruction of the require / loadedScripts cache

Knex Migrations

This project is powered by knexjs and takes advantage of its migration system. In order to use migrations npm install -g knex and use the knex command, e.g. knex migrate:make add_users_table. More instructions can be found here. The bot will check for and install new migrations on startup.

Have questions? Looking to chat? Join us on #fsociety on

Pull Requests Welcome

Suggested Utils

  • Yarn – Fast, Reliable, and secure Dep Management
  • Node Publish – A better NPM Publish

About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.

Leave a Comment