https://web.archive.org/web/20201105144800/https://codeload.github.com/nyaadevs/...

femto113 · on Jan 19, 2021

The smoking gun is right there in config.example.py:

    TRACKER_API_AUTH = 'topsecret'
    TRACKER_API_URL = 'http://127.0.0.1:6881/api'

swirepe · on Jan 19, 2021

A smoking gun is just circumstantial evidence.

The real damning thing in that repository are the few lines that play Toy Story 2 if you run them.

gnomewascool · on Jan 19, 2021

How is that a smoking gun?

It connects with a tracker, which might be used to help distribute copyrighted works illegally, but also any other types of files.

It's possible I'm not getting your sarcasm.

blitblitblit · on Jan 19, 2021

It's a sarcastic joke, nothing there but a place holder for your own API key and you would have to set it up. There's no place like 127.0.0.1. :D

contravariant · on Jan 19, 2021

Okay this is just getting weird. One of those is just a database update that counts how many comments a torrent has. Another is just some database credentials (probably not the ones you want to use in production, unless you don't mind people knowing your passwords). The HTML template for the home page is also in there for some reason. And then to finish things off they added the OpenSearch definition which I think you can use to add Nyaa/Sukebei as a search engine to your browser.

Really the most suspicious ones are the python scripts in utils, which connect to the api on https://nyaa.si by default. Although those also only seem to allow you to upload torrents (not an infrinfing activity) and download the info of a single entry on nyaa (possibly infringing?).

Also they curiously left out sync_es.py, not that that one does anything too interesting (it synchronizes a elasticsearch database with a MySql database) but it is the script that actually uses those configuration files they picked out.