pwn 0.4.333
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.github/FUNDING.yml +1 -0
- data/.github/ISSUE_TEMPLATE/bug_report.md +38 -0
- data/.gitignore +62 -0
- data/.rubocop.yml +12 -0
- data/.rubocop_todo.yml +76 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/.travis.yml +24 -0
- data/CODE_OF_CONDUCT.md +46 -0
- data/CONTRIBUTING.md +10 -0
- data/Gemfile +75 -0
- data/LICENSE.txt +22 -0
- data/README.md +125 -0
- data/Rakefile +20 -0
- data/Vagrantfile +250 -0
- data/bin/pwn +74 -0
- data/bin/pwn_android_war_dialer +137 -0
- data/bin/pwn_arachni +132 -0
- data/bin/pwn_arachni_rest +174 -0
- data/bin/pwn_autoinc_version +50 -0
- data/bin/pwn_aws_describe_resources +728 -0
- data/bin/pwn_burp_suite_pro_active_scan +113 -0
- data/bin/pwn_char_base64_encoding +24 -0
- data/bin/pwn_char_dec_encoding +23 -0
- data/bin/pwn_char_hex_escaped_encoding +26 -0
- data/bin/pwn_char_html_entity_encoding +24 -0
- data/bin/pwn_char_unicode_escaped_encoding +23 -0
- data/bin/pwn_char_url_encoding +24 -0
- data/bin/pwn_defectdojo_engagement_create +158 -0
- data/bin/pwn_defectdojo_importscan +104 -0
- data/bin/pwn_defectdojo_reimportscan +104 -0
- data/bin/pwn_domain_reversewhois +89 -0
- data/bin/pwn_fuzz_net_app_proto +149 -0
- data/bin/pwn_ibm_appscan_enterprise +112 -0
- data/bin/pwn_jenkins_create_job +68 -0
- data/bin/pwn_jenkins_create_view +68 -0
- data/bin/pwn_jenkins_install_plugin +91 -0
- data/bin/pwn_jenkins_thinBackup_aws_s3 +123 -0
- data/bin/pwn_jenkins_update_plugins +87 -0
- data/bin/pwn_jenkins_useradd +86 -0
- data/bin/pwn_mail_agent +127 -0
- data/bin/pwn_msf_postgres_login +28 -0
- data/bin/pwn_nessus_cloud_vulnscan +103 -0
- data/bin/pwn_nexpose +52 -0
- data/bin/pwn_openvas_vulnscan +102 -0
- data/bin/pwn_owasp_zap_active_scan +134 -0
- data/bin/pwn_pastebin_sample_filter +61 -0
- data/bin/pwn_perimeter_recon +318 -0
- data/bin/pwn_sast +161 -0
- data/bin/pwn_serial_check_voicemail +66 -0
- data/bin/pwn_serial_qualcomm_commands +16 -0
- data/bin/pwn_simple_http_server +46 -0
- data/bin/pwn_web_cache_deception +233 -0
- data/bin/pwn_www_checkip +62 -0
- data/bin/pwn_xss_dom_vectors +169 -0
- data/build_pwn_gem.sh +33 -0
- data/documentation/CSI_Contributors_and_Users.png +0 -0
- data/documentation/CSI_Driver_Arch.png +0 -0
- data/documentation/fax-spectrogram.png +0 -0
- data/documentation/fax-waveform.png +0 -0
- data/documentation/pwn_android_war_dialer_session.png +0 -0
- data/documentation/pwn_wallpaper.jpg +0 -0
- data/documentation/ringing-spectrogram.png +0 -0
- data/documentation/ringing-waveform.png +0 -0
- data/etc/systemd/msfrpcd.service +12 -0
- data/etc/systemd/openvas.service +14 -0
- data/etc/userland/aws/apache2/jenkins_443.conf +90 -0
- data/etc/userland/aws/apache2/jenkins_80.conf +7 -0
- data/etc/userland/aws/apache2/openvas_443.conf +87 -0
- data/etc/userland/aws/apache2/openvas_80.conf +7 -0
- data/etc/userland/aws/apache2/sast_443.conf +87 -0
- data/etc/userland/aws/apache2/sast_80.conf +9 -0
- data/etc/userland/aws/apache2/vagrant.yaml.EXAMPLE +9 -0
- data/etc/userland/aws/arachni/navigation-REST.instruct.EXAMPLE +29 -0
- data/etc/userland/aws/arachni/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/aws/burpsuite/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/aws/burpsuite/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/aws/defectdojo/vagrant.yaml.EXAMPLE +3 -0
- data/etc/userland/aws/jenkins/inject_build_envs.sh +15 -0
- data/etc/userland/aws/jenkins/jenkins +81 -0
- data/etc/userland/aws/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
- data/etc/userland/aws/jenkins/jobs/pipeline-selfupdate.xml +462 -0
- data/etc/userland/aws/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
- data/etc/userland/aws/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
- data/etc/userland/aws/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
- data/etc/userland/aws/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
- data/etc/userland/aws/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
- data/etc/userland/aws/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
- data/etc/userland/aws/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
- data/etc/userland/aws/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-gem.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-metasploit.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-os.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-pwn.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-rvm.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
- data/etc/userland/aws/jenkins/jobs/selfupdate-wpscan.xml +42 -0
- data/etc/userland/aws/jenkins/jobs_userland/.gitkeep +0 -0
- data/etc/userland/aws/jenkins/log_parser_rules/arachni.rules +5 -0
- data/etc/userland/aws/jenkins/log_parser_rules/sast.rules +2 -0
- data/etc/userland/aws/jenkins/log_parser_rules/self_update.rules +14 -0
- data/etc/userland/aws/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
- data/etc/userland/aws/jenkins/log_parser_rules/system_maintenance.rules +9 -0
- data/etc/userland/aws/jenkins/log_parser_rules/wpscan.rules +2 -0
- data/etc/userland/aws/jenkins/vagrant.yaml.EXAMPLE +8 -0
- data/etc/userland/aws/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
- data/etc/userland/aws/metasploit/vagrant.yaml.EXAMPLE +4 -0
- data/etc/userland/aws/nessus/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/aws/openvas/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/aws/owasp_zap/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/aws/postgres/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/aws/recon-ng/vagrant.yaml.EXAMPLE +52 -0
- data/etc/userland/aws/vagrant.yaml.EXAMPLE +35 -0
- data/etc/userland/docker/apache2/jenkins_443.conf +90 -0
- data/etc/userland/docker/apache2/jenkins_80.conf +7 -0
- data/etc/userland/docker/apache2/openvas_443.conf +87 -0
- data/etc/userland/docker/apache2/openvas_80.conf +7 -0
- data/etc/userland/docker/apache2/sast_443.conf +87 -0
- data/etc/userland/docker/apache2/sast_80.conf +9 -0
- data/etc/userland/docker/apache2/vagrant.yaml.EXAMPLE +9 -0
- data/etc/userland/docker/arachni/navigation-REST.instruct.EXAMPLE +29 -0
- data/etc/userland/docker/arachni/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/docker/burpsuite/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/docker/burpsuite/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/docker/defectdojo/vagrant.yaml.EXAMPLE +3 -0
- data/etc/userland/docker/jenkins/inject_build_envs.sh +15 -0
- data/etc/userland/docker/jenkins/jenkins +81 -0
- data/etc/userland/docker/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
- data/etc/userland/docker/jenkins/jobs/pipeline-selfupdate.xml +462 -0
- data/etc/userland/docker/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
- data/etc/userland/docker/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
- data/etc/userland/docker/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
- data/etc/userland/docker/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
- data/etc/userland/docker/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
- data/etc/userland/docker/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
- data/etc/userland/docker/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
- data/etc/userland/docker/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-gem.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-metasploit.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-os.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-pwn.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-rvm.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
- data/etc/userland/docker/jenkins/jobs/selfupdate-wpscan.xml +42 -0
- data/etc/userland/docker/jenkins/jobs_userland/.gitkeep +0 -0
- data/etc/userland/docker/jenkins/log_parser_rules/arachni.rules +5 -0
- data/etc/userland/docker/jenkins/log_parser_rules/sast.rules +2 -0
- data/etc/userland/docker/jenkins/log_parser_rules/self_update.rules +14 -0
- data/etc/userland/docker/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
- data/etc/userland/docker/jenkins/log_parser_rules/system_maintenance.rules +9 -0
- data/etc/userland/docker/jenkins/log_parser_rules/wpscan.rules +2 -0
- data/etc/userland/docker/jenkins/vagrant.yaml.EXAMPLE +8 -0
- data/etc/userland/docker/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
- data/etc/userland/docker/metasploit/vagrant.yaml.EXAMPLE +4 -0
- data/etc/userland/docker/nessus/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/docker/openvas/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/docker/owasp_zap/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/docker/postgres/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/docker/recon-ng/vagrant.yaml.EXAMPLE +52 -0
- data/etc/userland/qemu/apache2/jenkins_443.conf +90 -0
- data/etc/userland/qemu/apache2/jenkins_80.conf +7 -0
- data/etc/userland/qemu/apache2/openvas_443.conf +87 -0
- data/etc/userland/qemu/apache2/openvas_80.conf +7 -0
- data/etc/userland/qemu/apache2/sast_443.conf +87 -0
- data/etc/userland/qemu/apache2/sast_80.conf +9 -0
- data/etc/userland/qemu/apache2/vagrant.yaml.EXAMPLE +9 -0
- data/etc/userland/qemu/arachni/navigation-REST.instruct.EXAMPLE +29 -0
- data/etc/userland/qemu/arachni/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/qemu/burpsuite/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/qemu/burpsuite/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/qemu/defectdojo/vagrant.yaml.EXAMPLE +3 -0
- data/etc/userland/qemu/jenkins/inject_build_envs.sh +15 -0
- data/etc/userland/qemu/jenkins/jenkins +81 -0
- data/etc/userland/qemu/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
- data/etc/userland/qemu/jenkins/jobs/pipeline-selfupdate.xml +462 -0
- data/etc/userland/qemu/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
- data/etc/userland/qemu/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
- data/etc/userland/qemu/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
- data/etc/userland/qemu/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
- data/etc/userland/qemu/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
- data/etc/userland/qemu/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
- data/etc/userland/qemu/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
- data/etc/userland/qemu/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-gem.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-metasploit.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-os.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-pwn.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-rvm.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs/selfupdate-wpscan.xml +42 -0
- data/etc/userland/qemu/jenkins/jobs_userland/.gitkeep +0 -0
- data/etc/userland/qemu/jenkins/log_parser_rules/arachni.rules +5 -0
- data/etc/userland/qemu/jenkins/log_parser_rules/sast.rules +2 -0
- data/etc/userland/qemu/jenkins/log_parser_rules/self_update.rules +14 -0
- data/etc/userland/qemu/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
- data/etc/userland/qemu/jenkins/log_parser_rules/system_maintenance.rules +9 -0
- data/etc/userland/qemu/jenkins/log_parser_rules/wpscan.rules +2 -0
- data/etc/userland/qemu/jenkins/vagrant.yaml.EXAMPLE +8 -0
- data/etc/userland/qemu/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
- data/etc/userland/qemu/metasploit/vagrant.yaml.EXAMPLE +4 -0
- data/etc/userland/qemu/nessus/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/qemu/openvas/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/qemu/owasp_zap/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/qemu/postgres/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/qemu/recon-ng/vagrant.yaml.EXAMPLE +52 -0
- data/etc/userland/ruby-gem/apache2/jenkins_443.conf +90 -0
- data/etc/userland/ruby-gem/apache2/jenkins_80.conf +7 -0
- data/etc/userland/ruby-gem/apache2/openvas_443.conf +87 -0
- data/etc/userland/ruby-gem/apache2/openvas_80.conf +7 -0
- data/etc/userland/ruby-gem/apache2/sast_443.conf +87 -0
- data/etc/userland/ruby-gem/apache2/sast_80.conf +9 -0
- data/etc/userland/ruby-gem/apache2/vagrant.yaml.EXAMPLE +9 -0
- data/etc/userland/ruby-gem/arachni/navigation-REST.instruct.EXAMPLE +29 -0
- data/etc/userland/ruby-gem/arachni/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/ruby-gem/burpsuite/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/ruby-gem/burpsuite/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/ruby-gem/defectdojo/vagrant.yaml.EXAMPLE +3 -0
- data/etc/userland/ruby-gem/jenkins/inject_build_envs.sh +15 -0
- data/etc/userland/ruby-gem/jenkins/jenkins +81 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pipeline-selfupdate.xml +462 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
- data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-gem.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-metasploit.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-os.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-pwn.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-rvm.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-wpscan.xml +42 -0
- data/etc/userland/ruby-gem/jenkins/jobs_userland/.gitkeep +0 -0
- data/etc/userland/ruby-gem/jenkins/log_parser_rules/arachni.rules +5 -0
- data/etc/userland/ruby-gem/jenkins/log_parser_rules/sast.rules +2 -0
- data/etc/userland/ruby-gem/jenkins/log_parser_rules/self_update.rules +14 -0
- data/etc/userland/ruby-gem/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
- data/etc/userland/ruby-gem/jenkins/log_parser_rules/system_maintenance.rules +9 -0
- data/etc/userland/ruby-gem/jenkins/log_parser_rules/wpscan.rules +2 -0
- data/etc/userland/ruby-gem/jenkins/vagrant.yaml.EXAMPLE +8 -0
- data/etc/userland/ruby-gem/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
- data/etc/userland/ruby-gem/metasploit/vagrant.yaml.EXAMPLE +4 -0
- data/etc/userland/ruby-gem/nessus/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/ruby-gem/openvas/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/ruby-gem/owasp_zap/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/ruby-gem/postgres/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/ruby-gem/recon-ng/vagrant.yaml.EXAMPLE +52 -0
- data/etc/userland/virtualbox/apache2/jenkins_443.conf +90 -0
- data/etc/userland/virtualbox/apache2/jenkins_80.conf +7 -0
- data/etc/userland/virtualbox/apache2/openvas_443.conf +87 -0
- data/etc/userland/virtualbox/apache2/openvas_80.conf +7 -0
- data/etc/userland/virtualbox/apache2/sast_443.conf +87 -0
- data/etc/userland/virtualbox/apache2/sast_80.conf +9 -0
- data/etc/userland/virtualbox/apache2/vagrant.yaml.EXAMPLE +9 -0
- data/etc/userland/virtualbox/arachni/navigation-REST.instruct.EXAMPLE +29 -0
- data/etc/userland/virtualbox/arachni/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/virtualbox/burpsuite/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/virtualbox/burpsuite/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/virtualbox/defectdojo/vagrant.yaml.EXAMPLE +3 -0
- data/etc/userland/virtualbox/jenkins/inject_build_envs.sh +15 -0
- data/etc/userland/virtualbox/jenkins/jenkins +81 -0
- data/etc/userland/virtualbox/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
- data/etc/userland/virtualbox/jenkins/jobs/pipeline-selfupdate.xml +462 -0
- data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
- data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
- data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
- data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
- data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
- data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
- data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
- data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-gem.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-metasploit.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-os.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-pwn.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-rvm.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs/selfupdate-wpscan.xml +42 -0
- data/etc/userland/virtualbox/jenkins/jobs_userland/.gitkeep +0 -0
- data/etc/userland/virtualbox/jenkins/log_parser_rules/arachni.rules +5 -0
- data/etc/userland/virtualbox/jenkins/log_parser_rules/sast.rules +2 -0
- data/etc/userland/virtualbox/jenkins/log_parser_rules/self_update.rules +14 -0
- data/etc/userland/virtualbox/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
- data/etc/userland/virtualbox/jenkins/log_parser_rules/system_maintenance.rules +9 -0
- data/etc/userland/virtualbox/jenkins/log_parser_rules/wpscan.rules +2 -0
- data/etc/userland/virtualbox/jenkins/vagrant.yaml.EXAMPLE +8 -0
- data/etc/userland/virtualbox/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
- data/etc/userland/virtualbox/metasploit/vagrant.yaml.EXAMPLE +4 -0
- data/etc/userland/virtualbox/nessus/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/virtualbox/openvas/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/virtualbox/owasp_zap/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/virtualbox/postgres/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/virtualbox/recon-ng/vagrant.yaml.EXAMPLE +52 -0
- data/etc/userland/virtualbox/vagrant.yaml.EXAMPLE +4 -0
- data/etc/userland/vmware/apache2/jenkins_443.conf +90 -0
- data/etc/userland/vmware/apache2/jenkins_80.conf +7 -0
- data/etc/userland/vmware/apache2/openvas_443.conf +87 -0
- data/etc/userland/vmware/apache2/openvas_80.conf +7 -0
- data/etc/userland/vmware/apache2/sast_443.conf +87 -0
- data/etc/userland/vmware/apache2/sast_80.conf +9 -0
- data/etc/userland/vmware/apache2/vagrant.yaml.EXAMPLE +9 -0
- data/etc/userland/vmware/arachni/navigation-REST.instruct.EXAMPLE +29 -0
- data/etc/userland/vmware/arachni/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/vmware/burpsuite/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/vmware/burpsuite/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/vmware/defectdojo/vagrant.yaml.EXAMPLE +3 -0
- data/etc/userland/vmware/jenkins/inject_build_envs.sh +15 -0
- data/etc/userland/vmware/jenkins/jenkins +81 -0
- data/etc/userland/vmware/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
- data/etc/userland/vmware/jenkins/jobs/pipeline-selfupdate.xml +462 -0
- data/etc/userland/vmware/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
- data/etc/userland/vmware/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
- data/etc/userland/vmware/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
- data/etc/userland/vmware/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
- data/etc/userland/vmware/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
- data/etc/userland/vmware/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
- data/etc/userland/vmware/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
- data/etc/userland/vmware/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-gem.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-metasploit.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-os.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-pwn.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-rvm.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs/selfupdate-wpscan.xml +42 -0
- data/etc/userland/vmware/jenkins/jobs_userland/.gitkeep +0 -0
- data/etc/userland/vmware/jenkins/log_parser_rules/arachni.rules +5 -0
- data/etc/userland/vmware/jenkins/log_parser_rules/sast.rules +2 -0
- data/etc/userland/vmware/jenkins/log_parser_rules/self_update.rules +14 -0
- data/etc/userland/vmware/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
- data/etc/userland/vmware/jenkins/log_parser_rules/system_maintenance.rules +9 -0
- data/etc/userland/vmware/jenkins/log_parser_rules/wpscan.rules +2 -0
- data/etc/userland/vmware/jenkins/vagrant.yaml.EXAMPLE +8 -0
- data/etc/userland/vmware/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
- data/etc/userland/vmware/metasploit/vagrant.yaml.EXAMPLE +4 -0
- data/etc/userland/vmware/nessus/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/vmware/openvas/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/vmware/owasp_zap/navigation.instruct.EXAMPLE +3 -0
- data/etc/userland/vmware/postgres/vagrant.yaml.EXAMPLE +2 -0
- data/etc/userland/vmware/recon-ng/vagrant.yaml.EXAMPLE +52 -0
- data/etc/userland/vmware/vagrant.yaml.EXAMPLE +5 -0
- data/find_latest_gem_versions_per_Gemfile.sh +11 -0
- data/git_commit_test_reinit_gem.sh +22 -0
- data/install.sh +180 -0
- data/lib/pwn/aws/acm.rb +92 -0
- data/lib/pwn/aws/api_gateway.rb +92 -0
- data/lib/pwn/aws/app_stream.rb +92 -0
- data/lib/pwn/aws/application_auto_scaling.rb +92 -0
- data/lib/pwn/aws/application_discovery_service.rb +92 -0
- data/lib/pwn/aws/auto_scaling.rb +92 -0
- data/lib/pwn/aws/batch.rb +92 -0
- data/lib/pwn/aws/budgets.rb +92 -0
- data/lib/pwn/aws/cloud_formation.rb +92 -0
- data/lib/pwn/aws/cloud_front.rb +92 -0
- data/lib/pwn/aws/cloud_hsm.rb +92 -0
- data/lib/pwn/aws/cloud_search.rb +92 -0
- data/lib/pwn/aws/cloud_search_domain.rb +92 -0
- data/lib/pwn/aws/cloud_trail.rb +92 -0
- data/lib/pwn/aws/cloud_watch.rb +92 -0
- data/lib/pwn/aws/cloud_watch_events.rb +92 -0
- data/lib/pwn/aws/cloud_watch_logs.rb +92 -0
- data/lib/pwn/aws/code_build.rb +92 -0
- data/lib/pwn/aws/code_commit.rb +92 -0
- data/lib/pwn/aws/code_deploy.rb +92 -0
- data/lib/pwn/aws/code_pipeline.rb +92 -0
- data/lib/pwn/aws/cognito_identity.rb +92 -0
- data/lib/pwn/aws/cognito_identity_provider.rb +92 -0
- data/lib/pwn/aws/cognito_sync.rb +92 -0
- data/lib/pwn/aws/config_service.rb +92 -0
- data/lib/pwn/aws/data_pipleline.rb +92 -0
- data/lib/pwn/aws/database_migration_service.rb +92 -0
- data/lib/pwn/aws/device_farm.rb +92 -0
- data/lib/pwn/aws/direct_connect.rb +92 -0
- data/lib/pwn/aws/directory_service.rb +92 -0
- data/lib/pwn/aws/dynamo_db.rb +92 -0
- data/lib/pwn/aws/dynamo_db_streams.rb +92 -0
- data/lib/pwn/aws/ec2.rb +92 -0
- data/lib/pwn/aws/ecr.rb +92 -0
- data/lib/pwn/aws/ecs.rb +92 -0
- data/lib/pwn/aws/efs.rb +92 -0
- data/lib/pwn/aws/elasti_cache.rb +92 -0
- data/lib/pwn/aws/elastic_beanstalk.rb +89 -0
- data/lib/pwn/aws/elastic_load_balancing.rb +92 -0
- data/lib/pwn/aws/elastic_load_balancing_v2.rb +92 -0
- data/lib/pwn/aws/elastic_transcoder.rb +92 -0
- data/lib/pwn/aws/elasticsearch_service.rb +92 -0
- data/lib/pwn/aws/emr.rb +92 -0
- data/lib/pwn/aws/firehose.rb +92 -0
- data/lib/pwn/aws/game_lift.rb +92 -0
- data/lib/pwn/aws/glacier.rb +92 -0
- data/lib/pwn/aws/health.rb +92 -0
- data/lib/pwn/aws/iam.rb +92 -0
- data/lib/pwn/aws/import_export.rb +92 -0
- data/lib/pwn/aws/inspector.rb +92 -0
- data/lib/pwn/aws/iot.rb +92 -0
- data/lib/pwn/aws/iot_data_plane.rb +92 -0
- data/lib/pwn/aws/kinesis.rb +92 -0
- data/lib/pwn/aws/kinesis_analytics.rb +92 -0
- data/lib/pwn/aws/kms.rb +92 -0
- data/lib/pwn/aws/lambda.rb +92 -0
- data/lib/pwn/aws/lambda_preview.rb +92 -0
- data/lib/pwn/aws/lex.rb +92 -0
- data/lib/pwn/aws/lightsail.rb +92 -0
- data/lib/pwn/aws/machine_learning.rb +92 -0
- data/lib/pwn/aws/marketplace_commerce_analytics.rb +92 -0
- data/lib/pwn/aws/marketplace_metering.rb +92 -0
- data/lib/pwn/aws/ops_works.rb +92 -0
- data/lib/pwn/aws/ops_works_cm.rb +92 -0
- data/lib/pwn/aws/pinpoint.rb +92 -0
- data/lib/pwn/aws/polly.rb +92 -0
- data/lib/pwn/aws/rds.rb +92 -0
- data/lib/pwn/aws/redshift.rb +92 -0
- data/lib/pwn/aws/rekognition.rb +92 -0
- data/lib/pwn/aws/route53.rb +92 -0
- data/lib/pwn/aws/route53_domains.rb +92 -0
- data/lib/pwn/aws/s3.rb +92 -0
- data/lib/pwn/aws/service_catalog.rb +92 -0
- data/lib/pwn/aws/ses.rb +92 -0
- data/lib/pwn/aws/shield.rb +92 -0
- data/lib/pwn/aws/simple_db.rb +92 -0
- data/lib/pwn/aws/sms.rb +92 -0
- data/lib/pwn/aws/snowball.rb +92 -0
- data/lib/pwn/aws/sns.rb +92 -0
- data/lib/pwn/aws/sqs.rb +92 -0
- data/lib/pwn/aws/ssm.rb +92 -0
- data/lib/pwn/aws/states.rb +92 -0
- data/lib/pwn/aws/storage_gateway.rb +92 -0
- data/lib/pwn/aws/sts.rb +63 -0
- data/lib/pwn/aws/support.rb +92 -0
- data/lib/pwn/aws/swf.rb +92 -0
- data/lib/pwn/aws/waf.rb +92 -0
- data/lib/pwn/aws/waf_regional.rb +92 -0
- data/lib/pwn/aws/workspaces.rb +92 -0
- data/lib/pwn/aws/x_ray.rb +92 -0
- data/lib/pwn/aws.rb +105 -0
- data/lib/pwn/ffi.rb +16 -0
- data/lib/pwn/plugins/android.rb +1616 -0
- data/lib/pwn/plugins/ansible_vault.rb +75 -0
- data/lib/pwn/plugins/authentication_helper.rb +79 -0
- data/lib/pwn/plugins/basic_auth.rb +63 -0
- data/lib/pwn/plugins/beef.rb +309 -0
- data/lib/pwn/plugins/burp_suite.rb +340 -0
- data/lib/pwn/plugins/bus_pirate.rb +150 -0
- data/lib/pwn/plugins/char.rb +459 -0
- data/lib/pwn/plugins/credit_card.rb +53 -0
- data/lib/pwn/plugins/dao_ldap.rb +131 -0
- data/lib/pwn/plugins/dao_mongo.rb +96 -0
- data/lib/pwn/plugins/dao_postgres.rb +224 -0
- data/lib/pwn/plugins/dao_sqlite3.rb +125 -0
- data/lib/pwn/plugins/defect_dojo.rb +759 -0
- data/lib/pwn/plugins/detect_os.rb +40 -0
- data/lib/pwn/plugins/ein.rb +141 -0
- data/lib/pwn/plugins/file_fu.rb +73 -0
- data/lib/pwn/plugins/fuzz.rb +206 -0
- data/lib/pwn/plugins/git.rb +166 -0
- data/lib/pwn/plugins/hacker_one.rb +152 -0
- data/lib/pwn/plugins/http_intercept_helper.rb +122 -0
- data/lib/pwn/plugins/ibm_appscan.rb +927 -0
- data/lib/pwn/plugins/ip_info.rb +100 -0
- data/lib/pwn/plugins/jenkins.rb +545 -0
- data/lib/pwn/plugins/json_pathify.rb +46 -0
- data/lib/pwn/plugins/mail_agent.rb +344 -0
- data/lib/pwn/plugins/metasploit.rb +151 -0
- data/lib/pwn/plugins/nessus_cloud.rb +325 -0
- data/lib/pwn/plugins/nexpose_vuln_scan.rb +356 -0
- data/lib/pwn/plugins/nmap_it.rb +99 -0
- data/lib/pwn/plugins/oauth2.rb +67 -0
- data/lib/pwn/plugins/ocr.rb +43 -0
- data/lib/pwn/plugins/openvas.rb +308 -0
- data/lib/pwn/plugins/owasp_zap.rb +550 -0
- data/lib/pwn/plugins/packet.rb +1271 -0
- data/lib/pwn/plugins/pdf_parse.rb +53 -0
- data/lib/pwn/plugins/pony.rb +282 -0
- data/lib/pwn/plugins/pwn_logger.rb +46 -0
- data/lib/pwn/plugins/rabbit_mq_hole.rb +66 -0
- data/lib/pwn/plugins/rfidler.rb +58 -0
- data/lib/pwn/plugins/serial.rb +268 -0
- data/lib/pwn/plugins/shodan.rb +566 -0
- data/lib/pwn/plugins/slack_client.rb +104 -0
- data/lib/pwn/plugins/sock.rb +156 -0
- data/lib/pwn/plugins/son_micro_rfid.rb +432 -0
- data/lib/pwn/plugins/spider.rb +80 -0
- data/lib/pwn/plugins/ssn.rb +52 -0
- data/lib/pwn/plugins/thread_pool.rb +71 -0
- data/lib/pwn/plugins/transparent_browser.rb +337 -0
- data/lib/pwn/plugins/twitter_api.rb +148 -0
- data/lib/pwn/plugins/uri_scheme.rb +328 -0
- data/lib/pwn/plugins/vsphere.rb +82 -0
- data/lib/pwn/plugins.rb +66 -0
- data/lib/pwn/reports/fuzz.rb +270 -0
- data/lib/pwn/reports/sast.rb +306 -0
- data/lib/pwn/reports.rb +21 -0
- data/lib/pwn/sast/amqp_connect_as_guest.rb +140 -0
- data/lib/pwn/sast/apache_file_system_util_api.rb +137 -0
- data/lib/pwn/sast/aws.rb +142 -0
- data/lib/pwn/sast/banned_function_calls_c.rb +265 -0
- data/lib/pwn/sast/base64.rb +143 -0
- data/lib/pwn/sast/beef_hook.rb +137 -0
- data/lib/pwn/sast/cmd_execution_java.rb +142 -0
- data/lib/pwn/sast/cmd_execution_python.rb +144 -0
- data/lib/pwn/sast/cmd_execution_ruby.rb +152 -0
- data/lib/pwn/sast/cmd_execution_scala.rb +142 -0
- data/lib/pwn/sast/csrf.rb +136 -0
- data/lib/pwn/sast/deserial_java.rb +135 -0
- data/lib/pwn/sast/emoticon.rb +145 -0
- data/lib/pwn/sast/eval.rb +140 -0
- data/lib/pwn/sast/factory.rb +135 -0
- data/lib/pwn/sast/file_permission.rb +142 -0
- data/lib/pwn/sast/inner_html.rb +140 -0
- data/lib/pwn/sast/keystore.rb +137 -0
- data/lib/pwn/sast/location_hash.rb +140 -0
- data/lib/pwn/sast/log4j.rb +140 -0
- data/lib/pwn/sast/logger.rb +155 -0
- data/lib/pwn/sast/outer_html.rb +140 -0
- data/lib/pwn/sast/password.rb +140 -0
- data/lib/pwn/sast/pom_version.rb +144 -0
- data/lib/pwn/sast/port.rb +147 -0
- data/lib/pwn/sast/private_key.rb +140 -0
- data/lib/pwn/sast/redirect.rb +142 -0
- data/lib/pwn/sast/redos.rb +147 -0
- data/lib/pwn/sast/shell.rb +148 -0
- data/lib/pwn/sast/sql.rb +144 -0
- data/lib/pwn/sast/ssl.rb +137 -0
- data/lib/pwn/sast/sudo.rb +140 -0
- data/lib/pwn/sast/task_tag.rb +154 -0
- data/lib/pwn/sast/throw_errors.rb +139 -0
- data/lib/pwn/sast/token.rb +137 -0
- data/lib/pwn/sast/version.rb +137 -0
- data/lib/pwn/sast/window_location_hash.rb +139 -0
- data/lib/pwn/sast.rb +53 -0
- data/lib/pwn/version.rb +5 -0
- data/lib/pwn/www/app_cobalt_io.rb +168 -0
- data/lib/pwn/www/bing.rb +119 -0
- data/lib/pwn/www/bug_crowd.rb +165 -0
- data/lib/pwn/www/checkip.rb +101 -0
- data/lib/pwn/www/duckduckgo.rb +141 -0
- data/lib/pwn/www/facebook.rb +153 -0
- data/lib/pwn/www/google.rb +145 -0
- data/lib/pwn/www/hacker_one.rb +153 -0
- data/lib/pwn/www/linkedin.rb +153 -0
- data/lib/pwn/www/pandora.rb +153 -0
- data/lib/pwn/www/pastebin.rb +114 -0
- data/lib/pwn/www/paypal.rb +235 -0
- data/lib/pwn/www/synack.rb +165 -0
- data/lib/pwn/www/torch.rb +138 -0
- data/lib/pwn/www/twitter.rb +165 -0
- data/lib/pwn/www/uber.rb +153 -0
- data/lib/pwn/www/upwork.rb +153 -0
- data/lib/pwn/www/youtube.rb +119 -0
- data/lib/pwn/www.rb +33 -0
- data/lib/pwn.rb +24 -0
- data/packer/daemons/msfrpcd.rb +64 -0
- data/packer/daemons/openvas.rb +51 -0
- data/packer/deploy_docker_containers.sh +9 -0
- data/packer/deploy_packer_box.sh +87 -0
- data/packer/docker/kali_rolling_docker_pwn_fuzz_net_app_proto.json +44 -0
- data/packer/docker/kali_rolling_docker_pwn_prototyper.json +48 -0
- data/packer/docker/kali_rolling_docker_pwn_sast.json +44 -0
- data/packer/docker/kali_rolling_docker_pwn_transparent_browser.json +46 -0
- data/packer/docker/kali_rolling_docker_pwn_www_checkip.json +34 -0
- data/packer/http/kali_rolling_preseed.cfg +81 -0
- data/packer/kali_rolling_aws_ami.json +135 -0
- data/packer/kali_rolling_qemu_kvm.json +155 -0
- data/packer/kali_rolling_virtualbox.json +182 -0
- data/packer/kali_rolling_vmware.json +163 -0
- data/packer/packer_secrets.json.EXAMPLE +9 -0
- data/packer/provisioners/PayloadsAllTheThings.sh +5 -0
- data/packer/provisioners/SecLists.sh +5 -0
- data/packer/provisioners/afl.sh +28 -0
- data/packer/provisioners/aliases.rb +18 -0
- data/packer/provisioners/amass.sh +5 -0
- data/packer/provisioners/android.sh +18 -0
- data/packer/provisioners/ansible.sh +5 -0
- data/packer/provisioners/apache2.sh +24 -0
- data/packer/provisioners/arachni.sh +28 -0
- data/packer/provisioners/awscli.sh +5 -0
- data/packer/provisioners/bashrc.sh +13 -0
- data/packer/provisioners/beef.rb +23 -0
- data/packer/provisioners/burpsuite.sh +23 -0
- data/packer/provisioners/chrome.sh +11 -0
- data/packer/provisioners/coreutils.sh +6 -0
- data/packer/provisioners/curl.sh +6 -0
- data/packer/provisioners/docker.sh +43 -0
- data/packer/provisioners/docker_bashrc.sh +2 -0
- data/packer/provisioners/docker_rvm.sh +22 -0
- data/packer/provisioners/eyewitness.sh +5 -0
- data/packer/provisioners/ffmpeg.sh +6 -0
- data/packer/provisioners/firefox.sh +7 -0
- data/packer/provisioners/fuzzdb.sh +5 -0
- data/packer/provisioners/gdb.sh +5 -0
- data/packer/provisioners/geckodriver.sh +9 -0
- data/packer/provisioners/ghidra.sh +5 -0
- data/packer/provisioners/git.sh +6 -0
- data/packer/provisioners/init_image.sh +103 -0
- data/packer/provisioners/install_vagrant_ssh_key.sh +15 -0
- data/packer/provisioners/jenkins.sh +62 -0
- data/packer/provisioners/metasploit.rb +59 -0
- data/packer/provisioners/nmap_all_live_hosts.sh +8 -0
- data/packer/provisioners/openvas.sh +23 -0
- data/packer/provisioners/openvas_wrappers.sh +4 -0
- data/packer/provisioners/openvpn.sh +7 -0
- data/packer/provisioners/peda.sh +4 -0
- data/packer/provisioners/phantomjs.rb +28 -0
- data/packer/provisioners/phantomjs_wrapper.sh +22 -0
- data/packer/provisioners/post_install.sh +41 -0
- data/packer/provisioners/postgresql.sh +49 -0
- data/packer/provisioners/preeny.sh +8 -0
- data/packer/provisioners/pwn.sh +89 -0
- data/packer/provisioners/pwntools.sh +13 -0
- data/packer/provisioners/radamsa.sh +7 -0
- data/packer/provisioners/rc.local.sh +16 -0
- data/packer/provisioners/reboot_os.sh +7 -0
- data/packer/provisioners/ruby.sh +36 -0
- data/packer/provisioners/rvm.sh +30 -0
- data/packer/provisioners/scapy.sh +5 -0
- data/packer/provisioners/scout2.sh +5 -0
- data/packer/provisioners/sox.sh +5 -0
- data/packer/provisioners/ssllabs-scan.sh +9 -0
- data/packer/provisioners/strace.sh +5 -0
- data/packer/provisioners/sublist3r.sh +5 -0
- data/packer/provisioners/terminator.sh +5 -0
- data/packer/provisioners/toggle_tor.sh +2 -0
- data/packer/provisioners/tor.sh +5 -0
- data/packer/provisioners/twinkle.sh +6 -0
- data/packer/provisioners/update_os.sh +108 -0
- data/packer/provisioners/upload_globals.sh +55 -0
- data/packer/provisioners/vim.sh +19 -0
- data/packer/provisioners/virtualbox_guest_additions.sh +20 -0
- data/packer/provisioners/vmware_tools.sh +8 -0
- data/packer/provisioners/wpscan.rb +23 -0
- data/packer/provisioners/xrdp.sh +22 -0
- data/packer/provisioners/zzuf.sh +5 -0
- data/pwn.gemspec +34 -0
- data/reinstall_pwn_gemset.sh +31 -0
- data/spec/lib/pwn/aws/acm_spec.rb +15 -0
- data/spec/lib/pwn/aws/api_gateway_spec.rb +15 -0
- data/spec/lib/pwn/aws/app_stream_spec.rb +15 -0
- data/spec/lib/pwn/aws/application_auto_scaling_spec.rb +15 -0
- data/spec/lib/pwn/aws/application_discovery_service_spec.rb +15 -0
- data/spec/lib/pwn/aws/auto_scaling_spec.rb +15 -0
- data/spec/lib/pwn/aws/batch_spec.rb +15 -0
- data/spec/lib/pwn/aws/budgets_spec.rb +15 -0
- data/spec/lib/pwn/aws/cloud_formation_spec.rb +15 -0
- data/spec/lib/pwn/aws/cloud_front_spec.rb +15 -0
- data/spec/lib/pwn/aws/cloud_hsm_spec.rb +15 -0
- data/spec/lib/pwn/aws/cloud_search_domain_spec.rb +15 -0
- data/spec/lib/pwn/aws/cloud_search_spec.rb +15 -0
- data/spec/lib/pwn/aws/cloud_trail_spec.rb +15 -0
- data/spec/lib/pwn/aws/cloud_watch_events_spec.rb +15 -0
- data/spec/lib/pwn/aws/cloud_watch_logs_spec.rb +15 -0
- data/spec/lib/pwn/aws/cloud_watch_spec.rb +15 -0
- data/spec/lib/pwn/aws/code_build_spec.rb +15 -0
- data/spec/lib/pwn/aws/code_commit_spec.rb +15 -0
- data/spec/lib/pwn/aws/code_deploy_spec.rb +15 -0
- data/spec/lib/pwn/aws/code_pipeline_spec.rb +15 -0
- data/spec/lib/pwn/aws/cognito_identity_provider_spec.rb +15 -0
- data/spec/lib/pwn/aws/cognito_identity_spec.rb +15 -0
- data/spec/lib/pwn/aws/cognito_sync_spec.rb +15 -0
- data/spec/lib/pwn/aws/config_service_spec.rb +15 -0
- data/spec/lib/pwn/aws/data_pipleline_spec.rb +15 -0
- data/spec/lib/pwn/aws/database_migration_service_spec.rb +15 -0
- data/spec/lib/pwn/aws/device_farm_spec.rb +15 -0
- data/spec/lib/pwn/aws/direct_connect_spec.rb +15 -0
- data/spec/lib/pwn/aws/directory_service_spec.rb +15 -0
- data/spec/lib/pwn/aws/dynamo_db_spec.rb +15 -0
- data/spec/lib/pwn/aws/dynamo_db_streams_spec.rb +15 -0
- data/spec/lib/pwn/aws/ec2_spec.rb +15 -0
- data/spec/lib/pwn/aws/ecr_spec.rb +15 -0
- data/spec/lib/pwn/aws/ecs_spec.rb +15 -0
- data/spec/lib/pwn/aws/efs_spec.rb +15 -0
- data/spec/lib/pwn/aws/elasti_cache_spec.rb +15 -0
- data/spec/lib/pwn/aws/elastic_beanstalk_spec.rb +15 -0
- data/spec/lib/pwn/aws/elastic_load_balancing_spec.rb +15 -0
- data/spec/lib/pwn/aws/elastic_load_balancing_v2_spec.rb +15 -0
- data/spec/lib/pwn/aws/elastic_transcoder_spec.rb +15 -0
- data/spec/lib/pwn/aws/elasticsearch_service_spec.rb +15 -0
- data/spec/lib/pwn/aws/emr_spec.rb +15 -0
- data/spec/lib/pwn/aws/firehose_spec.rb +15 -0
- data/spec/lib/pwn/aws/game_lift_spec.rb +15 -0
- data/spec/lib/pwn/aws/glacier_spec.rb +15 -0
- data/spec/lib/pwn/aws/health_spec.rb +15 -0
- data/spec/lib/pwn/aws/iam_spec.rb +15 -0
- data/spec/lib/pwn/aws/import_export_spec.rb +15 -0
- data/spec/lib/pwn/aws/inspector_spec.rb +15 -0
- data/spec/lib/pwn/aws/iot_data_plane_spec.rb +15 -0
- data/spec/lib/pwn/aws/iot_spec.rb +15 -0
- data/spec/lib/pwn/aws/kinesis_analytics_spec.rb +15 -0
- data/spec/lib/pwn/aws/kinesis_spec.rb +15 -0
- data/spec/lib/pwn/aws/kms_spec.rb +15 -0
- data/spec/lib/pwn/aws/lambda_preview_spec.rb +15 -0
- data/spec/lib/pwn/aws/lambda_spec.rb +15 -0
- data/spec/lib/pwn/aws/lex_spec.rb +15 -0
- data/spec/lib/pwn/aws/lightsail_spec.rb +15 -0
- data/spec/lib/pwn/aws/machine_learning_spec.rb +15 -0
- data/spec/lib/pwn/aws/marketplace_commerce_analytics_spec.rb +15 -0
- data/spec/lib/pwn/aws/marketplace_metering_spec.rb +15 -0
- data/spec/lib/pwn/aws/ops_works_cm_spec.rb +15 -0
- data/spec/lib/pwn/aws/ops_works_spec.rb +15 -0
- data/spec/lib/pwn/aws/pinpoint_spec.rb +15 -0
- data/spec/lib/pwn/aws/polly_spec.rb +15 -0
- data/spec/lib/pwn/aws/rds_spec.rb +15 -0
- data/spec/lib/pwn/aws/redshift_spec.rb +15 -0
- data/spec/lib/pwn/aws/rekognition_spec.rb +15 -0
- data/spec/lib/pwn/aws/route53_domains_spec.rb +15 -0
- data/spec/lib/pwn/aws/route53_spec.rb +15 -0
- data/spec/lib/pwn/aws/s3_spec.rb +15 -0
- data/spec/lib/pwn/aws/service_catalog_spec.rb +15 -0
- data/spec/lib/pwn/aws/ses_spec.rb +15 -0
- data/spec/lib/pwn/aws/shield_spec.rb +15 -0
- data/spec/lib/pwn/aws/simple_db_spec.rb +15 -0
- data/spec/lib/pwn/aws/sms_spec.rb +15 -0
- data/spec/lib/pwn/aws/snowball_spec.rb +15 -0
- data/spec/lib/pwn/aws/sns_spec.rb +15 -0
- data/spec/lib/pwn/aws/sqs_spec.rb +15 -0
- data/spec/lib/pwn/aws/ssm_spec.rb +15 -0
- data/spec/lib/pwn/aws/states_spec.rb +15 -0
- data/spec/lib/pwn/aws/storage_gateway_spec.rb +15 -0
- data/spec/lib/pwn/aws/sts_spec.rb +15 -0
- data/spec/lib/pwn/aws/support_spec.rb +15 -0
- data/spec/lib/pwn/aws/swf_spec.rb +15 -0
- data/spec/lib/pwn/aws/waf_regional_spec.rb +15 -0
- data/spec/lib/pwn/aws/waf_spec.rb +15 -0
- data/spec/lib/pwn/aws/workspaces_spec.rb +15 -0
- data/spec/lib/pwn/aws/x_ray_spec.rb +15 -0
- data/spec/lib/pwn/aws_spec.rb +10 -0
- data/spec/lib/pwn/ffi_spec.rb +10 -0
- data/spec/lib/pwn/plugins/android_spec.rb +15 -0
- data/spec/lib/pwn/plugins/authentication_helper_spec.rb +15 -0
- data/spec/lib/pwn/plugins/basic_auth_spec.rb +15 -0
- data/spec/lib/pwn/plugins/beef_spec.rb +15 -0
- data/spec/lib/pwn/plugins/burp_suite_spec.rb +15 -0
- data/spec/lib/pwn/plugins/bus_pirate_spec.rb +15 -0
- data/spec/lib/pwn/plugins/char_spec.rb +15 -0
- data/spec/lib/pwn/plugins/credit_card_spec.rb +15 -0
- data/spec/lib/pwn/plugins/dao_ldap_spec.rb +15 -0
- data/spec/lib/pwn/plugins/dao_mongo_spec.rb +15 -0
- data/spec/lib/pwn/plugins/dao_postgres_spec.rb +15 -0
- data/spec/lib/pwn/plugins/dao_sqlite3_spec.rb +15 -0
- data/spec/lib/pwn/plugins/defect_dojo_spec.rb +15 -0
- data/spec/lib/pwn/plugins/detect_os_spec.rb +15 -0
- data/spec/lib/pwn/plugins/ein_spec.rb +15 -0
- data/spec/lib/pwn/plugins/file_fu_spec.rb +15 -0
- data/spec/lib/pwn/plugins/fuzz_spec.rb +15 -0
- data/spec/lib/pwn/plugins/git_spec.rb +15 -0
- data/spec/lib/pwn/plugins/hacker_one_spec.rb +15 -0
- data/spec/lib/pwn/plugins/ibm_appscan_spec.rb +15 -0
- data/spec/lib/pwn/plugins/ip_info_spec.rb +15 -0
- data/spec/lib/pwn/plugins/jenkins_spec.rb +15 -0
- data/spec/lib/pwn/plugins/json_pathify_spec.rb +15 -0
- data/spec/lib/pwn/plugins/mail_agent_spec.rb +15 -0
- data/spec/lib/pwn/plugins/metasploit_spec.rb +15 -0
- data/spec/lib/pwn/plugins/nessus_cloud_spec.rb +15 -0
- data/spec/lib/pwn/plugins/nexpose_vuln_scan_spec.rb +15 -0
- data/spec/lib/pwn/plugins/nmap_it_spec.rb +15 -0
- data/spec/lib/pwn/plugins/oauth2_spec.rb +15 -0
- data/spec/lib/pwn/plugins/ocr_spec.rb +15 -0
- data/spec/lib/pwn/plugins/openvas_spec.rb +15 -0
- data/spec/lib/pwn/plugins/owasp_zap_spec.rb +15 -0
- data/spec/lib/pwn/plugins/packet_spec.rb +15 -0
- data/spec/lib/pwn/plugins/pdf_parse_spec.rb +15 -0
- data/spec/lib/pwn/plugins/pony_spec.rb +15 -0
- data/spec/lib/pwn/plugins/rabbit_mq_hole_spec.rb +15 -0
- data/spec/lib/pwn/plugins/rfidler_spec.rb +15 -0
- data/spec/lib/pwn/plugins/serial_spec.rb +15 -0
- data/spec/lib/pwn/plugins/shodan_spec.rb +15 -0
- data/spec/lib/pwn/plugins/slack_client_spec.rb +15 -0
- data/spec/lib/pwn/plugins/sock_spec.rb +15 -0
- data/spec/lib/pwn/plugins/son_micro_rfid_spec.rb +15 -0
- data/spec/lib/pwn/plugins/spider_spec.rb +15 -0
- data/spec/lib/pwn/plugins/ssn_spec.rb +15 -0
- data/spec/lib/pwn/plugins/thread_pool_spec.rb +15 -0
- data/spec/lib/pwn/plugins/transparent_browser_spec.rb +15 -0
- data/spec/lib/pwn/plugins/twitter_api_spec.rb +15 -0
- data/spec/lib/pwn/plugins/uri_scheme_spec.rb +15 -0
- data/spec/lib/pwn/plugins/vsphere_spec.rb +15 -0
- data/spec/lib/pwn/plugins_spec.rb +10 -0
- data/spec/lib/pwn/reports/fuzz_spec.rb +15 -0
- data/spec/lib/pwn/reports/sast_spec.rb +15 -0
- data/spec/lib/pwn/reports_spec.rb +10 -0
- data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb +25 -0
- data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb +25 -0
- data/spec/lib/pwn/sast/aws_spec.rb +25 -0
- data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb +25 -0
- data/spec/lib/pwn/sast/base64_spec.rb +25 -0
- data/spec/lib/pwn/sast/beef_hook_spec.rb +25 -0
- data/spec/lib/pwn/sast/cmd_execution_java_spec.rb +25 -0
- data/spec/lib/pwn/sast/cmd_execution_python_spec.rb +25 -0
- data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb +25 -0
- data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb +25 -0
- data/spec/lib/pwn/sast/csrf_spec.rb +25 -0
- data/spec/lib/pwn/sast/deserial_java_spec.rb +25 -0
- data/spec/lib/pwn/sast/emoticon_spec.rb +25 -0
- data/spec/lib/pwn/sast/eval_spec.rb +25 -0
- data/spec/lib/pwn/sast/factory_spec.rb +25 -0
- data/spec/lib/pwn/sast/file_permission_spec.rb +25 -0
- data/spec/lib/pwn/sast/inner_html_spec.rb +25 -0
- data/spec/lib/pwn/sast/keystore_spec.rb +25 -0
- data/spec/lib/pwn/sast/location_hash_spec.rb +25 -0
- data/spec/lib/pwn/sast/log4j_spec.rb +25 -0
- data/spec/lib/pwn/sast/logger_spec.rb +25 -0
- data/spec/lib/pwn/sast/password_spec.rb +25 -0
- data/spec/lib/pwn/sast/pom_version_spec.rb +25 -0
- data/spec/lib/pwn/sast/port_spec.rb +25 -0
- data/spec/lib/pwn/sast/private_key_spec.rb +25 -0
- data/spec/lib/pwn/sast/redirect_spec.rb +25 -0
- data/spec/lib/pwn/sast/redos_spec.rb +25 -0
- data/spec/lib/pwn/sast/shell_spec.rb +25 -0
- data/spec/lib/pwn/sast/sql_spec.rb +25 -0
- data/spec/lib/pwn/sast/ssl_spec.rb +25 -0
- data/spec/lib/pwn/sast/sudo_spec.rb +25 -0
- data/spec/lib/pwn/sast/task_tag_spec.rb +25 -0
- data/spec/lib/pwn/sast/throw_errors_spec.rb +25 -0
- data/spec/lib/pwn/sast/token_spec.rb +25 -0
- data/spec/lib/pwn/sast/version_spec.rb +25 -0
- data/spec/lib/pwn/sast/window_location_hash_spec.rb +25 -0
- data/spec/lib/pwn/sast_spec.rb +10 -0
- data/spec/lib/pwn/www/app_cobalt_io_spec.rb +15 -0
- data/spec/lib/pwn/www/bing_spec.rb +15 -0
- data/spec/lib/pwn/www/bug_crowd.rb +15 -0
- data/spec/lib/pwn/www/checkip_spec.rb +15 -0
- data/spec/lib/pwn/www/duckduckgo_spec.rb +15 -0
- data/spec/lib/pwn/www/facebook_spec.rb +15 -0
- data/spec/lib/pwn/www/google_spec.rb +15 -0
- data/spec/lib/pwn/www/hacker_one_spec.rb +15 -0
- data/spec/lib/pwn/www/linkedin_spec.rb +15 -0
- data/spec/lib/pwn/www/pandora_spec.rb +15 -0
- data/spec/lib/pwn/www/pastebin_spec.rb +15 -0
- data/spec/lib/pwn/www/paypal_spec.rb +15 -0
- data/spec/lib/pwn/www/synack_spec.rb +15 -0
- data/spec/lib/pwn/www/torch_spec.rb +15 -0
- data/spec/lib/pwn/www/twitter_spec.rb +15 -0
- data/spec/lib/pwn/www/uber_spec.rb +15 -0
- data/spec/lib/pwn/www/upwork_spec.rb +15 -0
- data/spec/lib/pwn/www/youtube_spec.rb +15 -0
- data/spec/lib/pwn/www_spec.rb +10 -0
- data/spec/lib/pwn_spec.rb +10 -0
- data/spec/spec_helper.rb +3 -0
- data/third_party/.gitkeep +0 -0
- data/update_pwn.sh +15 -0
- data/upgrade_ruby.sh +46 -0
- data/vagrant/provisioners/apache2.sh +76 -0
- data/vagrant/provisioners/beef.rb +30 -0
- data/vagrant/provisioners/burpsuite_pro.rb +37 -0
- data/vagrant/provisioners/exploit-db.sh +2 -0
- data/vagrant/provisioners/gem.sh +4 -0
- data/vagrant/provisioners/init_env.sh +22 -0
- data/vagrant/provisioners/jenkins.sh +87 -0
- data/vagrant/provisioners/jenkins_ssh-keygen.rb +86 -0
- data/vagrant/provisioners/kali_customize.rb +130 -0
- data/vagrant/provisioners/letsencrypt.rb +35 -0
- data/vagrant/provisioners/metasploit.rb +25 -0
- data/vagrant/provisioners/nmap_all_live_hosts.sh +2 -0
- data/vagrant/provisioners/openvas.sh +23 -0
- data/vagrant/provisioners/openvas_wrappers.sh +2 -0
- data/vagrant/provisioners/post_install.sh +14 -0
- data/vagrant/provisioners/postgres.sh +22 -0
- data/vagrant/provisioners/pwn.sh +15 -0
- data/vagrant/provisioners/rvm.sh +18 -0
- data/vagrant/provisioners/ssllabs-scan.sh +10 -0
- data/vagrant/provisioners/toggle_tor.sh +2 -0
- data/vagrant/provisioners/update_jenkins_plugins.rb +30 -0
- data/vagrant/provisioners/update_os.sh +108 -0
- data/vagrant/provisioners/upload_globals.sh +55 -0
- data/vagrant/provisioners/userland_fdisk.sh +22 -0
- data/vagrant/provisioners/userland_lvm.sh +5 -0
- data/vagrant/provisioners/wpscan.rb +25 -0
- data/vagrant_rsync_third_party.lst +1 -0
- data/vagrant_rsync_userland_template.lst +8 -0
- metadata +1245 -0
|
@@ -0,0 +1,759 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'json'
|
|
4
|
+
|
|
5
|
+
module PWN
|
|
6
|
+
module Plugins
|
|
7
|
+
# This plugin converts images to readable text
|
|
8
|
+
# TODO: Convert all rest requests to POST instead of GET
|
|
9
|
+
module DefectDojo
|
|
10
|
+
@@logger = PWN::Plugins::PWNLogger.create
|
|
11
|
+
|
|
12
|
+
# Supported Method Parameters::
|
|
13
|
+
# dd_obj = PWN::Plugins::DefectDojo.login(
|
|
14
|
+
# url: 'required - url of DefectDojo Server',
|
|
15
|
+
# api_version: 'required - api version to use v1 || v2',
|
|
16
|
+
# username: 'required - username to AuthN w/ api v1)',
|
|
17
|
+
# api_key: 'optional - defect dojo api key (will prompt if nil)',
|
|
18
|
+
# proxy: 'optional - proxy all traffic through MITM proxy (defaults to nil)'
|
|
19
|
+
# )
|
|
20
|
+
|
|
21
|
+
public_class_method def self.login(opts = {})
|
|
22
|
+
url = opts[:url]
|
|
23
|
+
opts[:api_version] ? (api_version = opts[:api_version]) : (api_version = 'v2')
|
|
24
|
+
username = opts[:username].to_s.scrub
|
|
25
|
+
|
|
26
|
+
api_key = opts[:api_key].to_s.scrub
|
|
27
|
+
api_key = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'API Key') if opts[:api_key].nil?
|
|
28
|
+
|
|
29
|
+
proxy = opts[:proxy]
|
|
30
|
+
|
|
31
|
+
dd_obj = {}
|
|
32
|
+
dd_obj[:url] = url
|
|
33
|
+
dd_obj[:authz_header] = "Token #{api_key}"
|
|
34
|
+
dd_obj[:authz_header] = "ApiKey #{username}:#{api_key}" if api_version == 'v1'
|
|
35
|
+
dd_obj[:proxy] = proxy
|
|
36
|
+
dd_obj[:api_version] = api_version
|
|
37
|
+
dd_obj[:api_version] = 'v1' if api_version == 'v1'
|
|
38
|
+
|
|
39
|
+
dd_obj
|
|
40
|
+
rescue StandardError => e
|
|
41
|
+
raise e
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# Supported Method Parameters::
|
|
45
|
+
# rest_call(
|
|
46
|
+
# dd_obj: 'required dd_obj returned from #login method',
|
|
47
|
+
# rest_call: 'required rest call to make per the schema',
|
|
48
|
+
# http_method: 'optional HTTP method (defaults to GET)
|
|
49
|
+
# http_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'
|
|
50
|
+
# )
|
|
51
|
+
|
|
52
|
+
private_class_method def self.rest_call(opts = {})
|
|
53
|
+
# Some scan reports are huge and require long timeouts...defaulting to 9 mins.
|
|
54
|
+
request_timeout = 540
|
|
55
|
+
|
|
56
|
+
dd_obj = opts[:dd_obj]
|
|
57
|
+
rest_call = opts[:rest_call].to_s.scrub
|
|
58
|
+
|
|
59
|
+
opts[:http_method] ? (http_method = opts[:http_method].to_s.scrub.to_sym) : (http_method = :get)
|
|
60
|
+
|
|
61
|
+
params = opts[:params]
|
|
62
|
+
http_body = opts[:http_body]
|
|
63
|
+
|
|
64
|
+
content_type = 'application/json; charset=UTF-8'
|
|
65
|
+
|
|
66
|
+
url = dd_obj[:url]
|
|
67
|
+
api_version = dd_obj[:api_version]
|
|
68
|
+
base_dd_api_uri = "#{url}/api/#{api_version}".to_s.scrub
|
|
69
|
+
|
|
70
|
+
rest_client = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)::Request
|
|
71
|
+
|
|
72
|
+
if dd_obj[:proxy]
|
|
73
|
+
rest_client = PWN::Plugins::TransparentBrowser.open(
|
|
74
|
+
browser_type: :rest,
|
|
75
|
+
proxy: dd_obj[:proxy]
|
|
76
|
+
)::Request
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
case http_method
|
|
80
|
+
when :get
|
|
81
|
+
response = rest_client.execute(
|
|
82
|
+
method: :get,
|
|
83
|
+
url: "#{base_dd_api_uri}/#{rest_call}",
|
|
84
|
+
headers: {
|
|
85
|
+
content_type: content_type,
|
|
86
|
+
authorization: dd_obj[:authz_header],
|
|
87
|
+
params: params
|
|
88
|
+
},
|
|
89
|
+
verify_ssl: false,
|
|
90
|
+
timeout: request_timeout,
|
|
91
|
+
open_timeout: request_timeout
|
|
92
|
+
)
|
|
93
|
+
|
|
94
|
+
when :post
|
|
95
|
+
if http_body.key?(:multipart)
|
|
96
|
+
response = rest_client.execute(
|
|
97
|
+
method: :post,
|
|
98
|
+
url: "#{base_dd_api_uri}/#{rest_call}",
|
|
99
|
+
headers: {
|
|
100
|
+
authorization: dd_obj[:authz_header]
|
|
101
|
+
},
|
|
102
|
+
payload: http_body,
|
|
103
|
+
verify_ssl: false,
|
|
104
|
+
timeout: request_timeout,
|
|
105
|
+
open_timeout: request_timeout
|
|
106
|
+
)
|
|
107
|
+
else
|
|
108
|
+
response = rest_client.execute(
|
|
109
|
+
method: :post,
|
|
110
|
+
url: "#{base_dd_api_uri}/#{rest_call}",
|
|
111
|
+
headers: {
|
|
112
|
+
content_type: content_type,
|
|
113
|
+
authorization: dd_obj[:authz_header]
|
|
114
|
+
},
|
|
115
|
+
payload: http_body.to_json,
|
|
116
|
+
verify_ssl: false,
|
|
117
|
+
timeout: request_timeout,
|
|
118
|
+
open_timeout: request_timeout
|
|
119
|
+
)
|
|
120
|
+
end
|
|
121
|
+
else
|
|
122
|
+
raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
sleep 3
|
|
126
|
+
|
|
127
|
+
response
|
|
128
|
+
rescue RestClient::ExceptionWithResponse => e
|
|
129
|
+
puts Time.now.strftime('%Y-%m-%d %H:%M:%S.%N %z')
|
|
130
|
+
puts "Module: #{self}"
|
|
131
|
+
puts "URL: #{base_dd_api_uri}/#{rest_call}"
|
|
132
|
+
puts "PARAMS: #{params.inspect}"
|
|
133
|
+
puts "HTTP POST BODY: #{http_body.inspect}" if http_body
|
|
134
|
+
puts "#{e}\n#{e.response}\n\n\n"
|
|
135
|
+
rescue StandardError, SystemExit, Interrupt => e
|
|
136
|
+
dd_obj = logout(dd_obj) unless dd_obj.nil?
|
|
137
|
+
raise e
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
# Supported Method Parameters::
|
|
141
|
+
# tool_configuration_resource_uri_by_name(
|
|
142
|
+
# dd_obj: 'required dd_obj returned from #login method',
|
|
143
|
+
# tool_config_name: 'required tool configuration name'
|
|
144
|
+
# )
|
|
145
|
+
|
|
146
|
+
private_class_method def self.tool_configuration_resource_uri_by_name(opts = {})
|
|
147
|
+
dd_obj = opts[:dd_obj]
|
|
148
|
+
api_version = dd_obj[:api_version]
|
|
149
|
+
tool_config_name = opts[:tool_config_name].to_s.scrub
|
|
150
|
+
|
|
151
|
+
tool_configuration_list = self.tool_configuration_list(dd_obj: dd_obj)
|
|
152
|
+
if api_version == 'v1'
|
|
153
|
+
tool_configuration_by_name_object = tool_configuration_list[:objects].select do |tool_configuration|
|
|
154
|
+
tool_configuration[:name] == tool_config_name
|
|
155
|
+
end
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
if api_version == 'v2'
|
|
159
|
+
tool_configuration_by_name_object = tool_configuration_list[:results].select do |tool_configuration|
|
|
160
|
+
tool_configuration[:name] == tool_config_name
|
|
161
|
+
end
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
tool_configuration_by_name_object.first[:resource_uri] if api_version == 'v1'
|
|
165
|
+
tool_configuration_by_name_object.first[:id] if api_version == 'v2'
|
|
166
|
+
rescue StandardError, SystemExit, Interrupt => e
|
|
167
|
+
dd_obj = logout(dd_obj) unless dd_obj.nil?
|
|
168
|
+
raise e
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
# Supported Method Parameters::
|
|
172
|
+
# product_list = PWN::Plugins::DefectDojo.product_list(
|
|
173
|
+
# dd_obj: 'required dd_obj returned from #login method',
|
|
174
|
+
# id: 'optional - retrieve single product by id, otherwise return all'
|
|
175
|
+
# )
|
|
176
|
+
|
|
177
|
+
public_class_method def self.product_list(opts = {})
|
|
178
|
+
dd_obj = opts[:dd_obj]
|
|
179
|
+
opts[:id] ? (rest_call = "products/#{opts[:id].to_i}") : (rest_call = 'products')
|
|
180
|
+
|
|
181
|
+
response = rest_call(
|
|
182
|
+
dd_obj: dd_obj,
|
|
183
|
+
rest_call: rest_call
|
|
184
|
+
)
|
|
185
|
+
|
|
186
|
+
# Return array containing the post-authenticated DefectDojo REST API token
|
|
187
|
+
JSON.parse(response, symbolize_names: true)
|
|
188
|
+
rescue StandardError => e
|
|
189
|
+
raise e
|
|
190
|
+
end
|
|
191
|
+
|
|
192
|
+
# Supported Method Parameters::
|
|
193
|
+
# engagement_list = PWN::Plugins::DefectDojo.engagement_list(
|
|
194
|
+
# dd_obj: 'required dd_obj returned from #login method',
|
|
195
|
+
# id: 'optional - retrieve single engagement by id, otherwise return all'
|
|
196
|
+
# )
|
|
197
|
+
|
|
198
|
+
public_class_method def self.engagement_list(opts = {})
|
|
199
|
+
dd_obj = opts[:dd_obj]
|
|
200
|
+
opts[:id] ? (rest_call = "engagements/#{opts[:id].to_i}") : (rest_call = 'engagements')
|
|
201
|
+
|
|
202
|
+
response = rest_call(
|
|
203
|
+
dd_obj: dd_obj,
|
|
204
|
+
rest_call: rest_call
|
|
205
|
+
)
|
|
206
|
+
|
|
207
|
+
# Return array containing the post-authenticated DefectDojo REST API token
|
|
208
|
+
JSON.parse(response, symbolize_names: true)
|
|
209
|
+
rescue StandardError => e
|
|
210
|
+
raise e
|
|
211
|
+
end
|
|
212
|
+
|
|
213
|
+
# Supported Method Parameters::
|
|
214
|
+
# engagement_create_response = PWN::Plugins::DefectDojo.engagement_create(
|
|
215
|
+
# dd_obj: 'required - dd_obj returned from #login method',
|
|
216
|
+
# name: 'required - name of the engagement',
|
|
217
|
+
# description: 'optional - description of engagement',
|
|
218
|
+
# engagement_type: 'optional - type of engagement Interactive||CI/CD (defaults to CI/CD)',
|
|
219
|
+
# status: 'optional - status of the engagement In Progress || On Hold (defaults to In Progress)',
|
|
220
|
+
# lead_username: 'required - username of lead to tie to engagement',
|
|
221
|
+
# product_name: 'required - product name in which to create engagement',
|
|
222
|
+
# test_strategy: 'required - URL of test strategy documentation (e.g. OWASP ASVS URL)',
|
|
223
|
+
# orchestration_engine: 'optional - name of orchestration engine tied to CI/CD engagement',
|
|
224
|
+
# build_server: 'optional - name of build server tied to CI/CD engagement',
|
|
225
|
+
# scm_server: 'optional - name of SCM server tied to CI/CD engagement',
|
|
226
|
+
# api_test: 'optional - boolean to set an engagement as an api assessment (defaults to false)',
|
|
227
|
+
# pen_test: 'optional - boolean to set an engagement as a manual penetration test (defaults to false)',
|
|
228
|
+
# threat_model: 'optional - boolean to set an engagement as a threat model (defaults to false)',
|
|
229
|
+
# check_list: 'optional - boolean to set an engagement as a checkbox assessment (defaults to false)',
|
|
230
|
+
# first_contacted: 'optional - date of engagement request e.g. 2018-06-18 (Defaults to current day)',
|
|
231
|
+
# target_start: 'optional - date to start enagement e.g. 2018-06-19 (Defaults to current day)',
|
|
232
|
+
# target_end: 'optional - date of engagement completion e.g. 2018-06-20 (Defaults to current day)'
|
|
233
|
+
# )
|
|
234
|
+
|
|
235
|
+
public_class_method def self.engagement_create(opts = {})
|
|
236
|
+
http_body = {}
|
|
237
|
+
|
|
238
|
+
dd_obj = opts[:dd_obj]
|
|
239
|
+
api_version = dd_obj[:api_version]
|
|
240
|
+
|
|
241
|
+
# HTTP POST body options w/ optional params set to default values
|
|
242
|
+
# Defaults to true
|
|
243
|
+
http_body[:active] = true
|
|
244
|
+
|
|
245
|
+
http_body[:name] = opts[:name]
|
|
246
|
+
|
|
247
|
+
http_body[:description] = opts[:description]
|
|
248
|
+
|
|
249
|
+
opts[:engagment_type] ? (http_body[:engagement_type] = opts[:engagement_type]) : (http_body[:engagement_type] = 'CI/CD')
|
|
250
|
+
|
|
251
|
+
status = opts[:status].to_s.strip.chomp.scrub
|
|
252
|
+
|
|
253
|
+
case status
|
|
254
|
+
when 'In Progress', 'On Hold', ''
|
|
255
|
+
# Defaults to 'In Progress'
|
|
256
|
+
status == '' ? (http_body[:status] = 'In Progress') : (http_body[:status] = status)
|
|
257
|
+
when 'Completed'
|
|
258
|
+
raise 'Completed status not implemented for #engagement_create - use #engagement_update instead'
|
|
259
|
+
else
|
|
260
|
+
raise "Unknown engagement status: #{opts[:status]}. Options for this method are 'In Progress' || 'On Hold'"
|
|
261
|
+
end
|
|
262
|
+
|
|
263
|
+
# Ok lets determine the resource_uri for the lead username
|
|
264
|
+
lead_username = opts[:lead_username].to_s.strip.chomp.scrub
|
|
265
|
+
user_list = self.user_list(dd_obj: dd_obj)
|
|
266
|
+
if api_version == 'v1'
|
|
267
|
+
user_by_username_object = user_list[:objects].select do |user|
|
|
268
|
+
user[:username] == lead_username
|
|
269
|
+
end
|
|
270
|
+
http_body[:lead] = user_by_username_object.first[:resource_uri]
|
|
271
|
+
end
|
|
272
|
+
|
|
273
|
+
if api_version == 'v2'
|
|
274
|
+
user_by_username_object = user_list[:results].select do |user|
|
|
275
|
+
user[:username] == lead_username
|
|
276
|
+
end
|
|
277
|
+
# Should only ever return 1 result so we should be good here
|
|
278
|
+
http_body[:lead] = user_by_username_object.first[:id]
|
|
279
|
+
end
|
|
280
|
+
|
|
281
|
+
# Ok lets determine the resource_uri for the product name
|
|
282
|
+
product_name = opts[:product_name].to_s.strip.chomp.scrub
|
|
283
|
+
product_list = self.product_list(dd_obj: dd_obj)
|
|
284
|
+
|
|
285
|
+
if api_version == 'v1'
|
|
286
|
+
product_by_name_object = product_list[:objects].select do |prod|
|
|
287
|
+
prod[:name] == product_name
|
|
288
|
+
end
|
|
289
|
+
# Should only ever return 1 result so we should be good here
|
|
290
|
+
http_body[:product] = product_by_name_object.first[:resource_uri]
|
|
291
|
+
end
|
|
292
|
+
|
|
293
|
+
if api_version == 'v2'
|
|
294
|
+
product_by_name_object = product_list[:results].select do |prod|
|
|
295
|
+
prod[:name] == product_name
|
|
296
|
+
end
|
|
297
|
+
# Should only ever return 1 result so we should be good here
|
|
298
|
+
http_body[:product] = product_by_name_object.first[:id]
|
|
299
|
+
end
|
|
300
|
+
|
|
301
|
+
http_body[:test_strategy] = opts[:test_strategy]
|
|
302
|
+
|
|
303
|
+
# Ok lets determine the resource_uri orchestration, build_server, and scm_server
|
|
304
|
+
orchestration_engine = opts[:orchestration_engine].to_s.strip.chomp.scrub
|
|
305
|
+
http_body[:orchestration_engine] = tool_configuration_resource_uri_by_name(
|
|
306
|
+
dd_obj: dd_obj,
|
|
307
|
+
tool_config_name: orchestration_engine
|
|
308
|
+
)
|
|
309
|
+
|
|
310
|
+
build_server = opts[:build_server].to_s.strip.chomp.scrub
|
|
311
|
+
http_body[:build_server] = tool_configuration_resource_uri_by_name(
|
|
312
|
+
dd_obj: dd_obj,
|
|
313
|
+
tool_config_name: build_server
|
|
314
|
+
)
|
|
315
|
+
|
|
316
|
+
scm_server = opts[:scm_server].to_s.strip.chomp.scrub
|
|
317
|
+
http_body[:source_code_management_server] = tool_configuration_resource_uri_by_name(
|
|
318
|
+
dd_obj: dd_obj,
|
|
319
|
+
tool_config_name: scm_server
|
|
320
|
+
)
|
|
321
|
+
|
|
322
|
+
# Defaults to false
|
|
323
|
+
opts[:api_test] ? (http_body[:api_test] = true) : (http_body[:api_test] = false)
|
|
324
|
+
|
|
325
|
+
# Defaults to false
|
|
326
|
+
opts[:pen_test] ? (http_body[:pen_test] = true) : (http_body[:pen_test] = false)
|
|
327
|
+
|
|
328
|
+
# Defaults to false
|
|
329
|
+
opts[:threat_model] ? (http_body[:threat_model] = true) : (http_body[:threat_model] = false)
|
|
330
|
+
|
|
331
|
+
# Defaults to false
|
|
332
|
+
opts[:check_list] ? (http_body[:check_list] = true) : (http_body[:check_list] = false)
|
|
333
|
+
|
|
334
|
+
# Defaults to Time.now.strftime('%Y-%m-%d')
|
|
335
|
+
opts[:first_contacted] ? (http_body[:first_contacted] = opts[:first_contacted]) : (http_body[:first_contacted] = Time.now.strftime('%Y-%m-%d'))
|
|
336
|
+
|
|
337
|
+
# Defaults to Time.now.strftime('%Y-%m-%d')
|
|
338
|
+
opts[:target_start] ? (http_body[:target_start] = opts[:target_start]) : (http_body[:target_start] = Time.now.strftime('%Y-%m-%d'))
|
|
339
|
+
|
|
340
|
+
# Defaults to Time.now.strftime('%Y-%m-%d')
|
|
341
|
+
opts[:target_end] ? (http_body[:target_end] = opts[:target_end]) : (http_body[:target_end] = Time.now.strftime('%Y-%m-%d'))
|
|
342
|
+
|
|
343
|
+
# Defaults to false
|
|
344
|
+
http_body[:done_testing] = false
|
|
345
|
+
|
|
346
|
+
rest_call(
|
|
347
|
+
dd_obj: dd_obj,
|
|
348
|
+
rest_call: 'engagements/',
|
|
349
|
+
http_method: :post,
|
|
350
|
+
http_body: http_body
|
|
351
|
+
)
|
|
352
|
+
rescue StandardError => e
|
|
353
|
+
raise e
|
|
354
|
+
end
|
|
355
|
+
|
|
356
|
+
# Supported Method Parameters::
|
|
357
|
+
# test_list = PWN::Plugins::DefectDojo.test_list(
|
|
358
|
+
# dd_obj: 'required dd_obj returned from #login method',
|
|
359
|
+
# id: 'optional - retrieve single test by id, otherwise return all'
|
|
360
|
+
# )
|
|
361
|
+
|
|
362
|
+
public_class_method def self.test_list(opts = {})
|
|
363
|
+
dd_obj = opts[:dd_obj]
|
|
364
|
+
opts[:id] ? (rest_call = "tests/#{opts[:id].to_i}") : (rest_call = 'tests')
|
|
365
|
+
|
|
366
|
+
response = rest_call(
|
|
367
|
+
dd_obj: dd_obj,
|
|
368
|
+
rest_call: rest_call
|
|
369
|
+
)
|
|
370
|
+
|
|
371
|
+
# Return array containing the post-authenticated DefectDojo REST API token
|
|
372
|
+
JSON.parse(response, symbolize_names: true)
|
|
373
|
+
rescue StandardError => e
|
|
374
|
+
raise e
|
|
375
|
+
end
|
|
376
|
+
|
|
377
|
+
# Supported Method Parameters::
|
|
378
|
+
# importscan_response = PWN::Plugins::DefectDojo.importscan(
|
|
379
|
+
# dd_obj: 'required - dd_obj returned from #login method',
|
|
380
|
+
# engagement_name: 'required - name of engagement to associate w/ scan',
|
|
381
|
+
# scan_type: 'required - type of scan importing (see <DEFECTDOJO_URL>/admin/dojo/test_type/ for listing)',
|
|
382
|
+
# file: 'required - path of scan results file',
|
|
383
|
+
# lead_username: 'required - username of lead to tie to scan',
|
|
384
|
+
# tags: 'optional - comma-delimited list of tag names to tie to scan',
|
|
385
|
+
# minimum_severity: 'optional - minimum finding severity Info||Low||Medium||High||Critical (Defaults to Info)',
|
|
386
|
+
# scan_date: 'optional - date in which scan was kicked off (defaults to now)',
|
|
387
|
+
# verified: 'optional - flag finding as verified by a tester (defaults to false)'
|
|
388
|
+
# )
|
|
389
|
+
|
|
390
|
+
public_class_method def self.importscan(opts = {})
|
|
391
|
+
http_body = {}
|
|
392
|
+
|
|
393
|
+
dd_obj = opts[:dd_obj]
|
|
394
|
+
api_version = dd_obj[:api_version]
|
|
395
|
+
|
|
396
|
+
# HTTP POST body options w/ optional params set to default values
|
|
397
|
+
# Defaults to true
|
|
398
|
+
http_body[:active] = true
|
|
399
|
+
|
|
400
|
+
# Ok lets determine the resource_uri for the engagement name
|
|
401
|
+
engagement_name = opts[:engagement_name].to_s.strip.chomp.scrub
|
|
402
|
+
engagement_list = self.engagement_list(dd_obj: dd_obj)
|
|
403
|
+
|
|
404
|
+
if api_version == 'v1'
|
|
405
|
+
engagement_by_name_object = engagement_list[:objects].select do |engagement|
|
|
406
|
+
engagement[:name] == engagement_name
|
|
407
|
+
end
|
|
408
|
+
# Should only ever return 1 result so we should be good here
|
|
409
|
+
http_body[:engagement] = engagement_by_name_object.first[:resource_uri]
|
|
410
|
+
end
|
|
411
|
+
|
|
412
|
+
if api_version == 'v2'
|
|
413
|
+
engagement_by_name_object = engagement_list[:results].select do |engagement|
|
|
414
|
+
engagement[:name] == engagement_name
|
|
415
|
+
end
|
|
416
|
+
# Should only ever return 1 result so we should be good here
|
|
417
|
+
http_body[:engagement] = engagement_by_name_object.first[:id]
|
|
418
|
+
end
|
|
419
|
+
|
|
420
|
+
http_body[:scan_type] = opts[:scan_type].to_s.strip.chomp.scrub
|
|
421
|
+
|
|
422
|
+
# Necessary to upload file to remote host
|
|
423
|
+
http_body[:multipart] = true
|
|
424
|
+
http_body[:file] = File.new(opts[:file].to_s.strip.chomp.scrub, 'rb') if File.exist?(opts[:file].to_s.strip.chomp.scrub)
|
|
425
|
+
|
|
426
|
+
# Ok lets determine the resource_uri for the lead username
|
|
427
|
+
lead_username = opts[:lead_username].to_s.strip.chomp.scrub
|
|
428
|
+
user_list = self.user_list(dd_obj: dd_obj)
|
|
429
|
+
|
|
430
|
+
if api_version == 'v1'
|
|
431
|
+
user_by_username_object = user_list[:objects].select do |user|
|
|
432
|
+
user[:username] == lead_username
|
|
433
|
+
end
|
|
434
|
+
# Should only ever return 1 result so we should be good here
|
|
435
|
+
http_body[:lead] = user_by_username_object.first[:resource_uri]
|
|
436
|
+
end
|
|
437
|
+
|
|
438
|
+
if api_version == 'v2'
|
|
439
|
+
user_by_username_object = user_list[:results].select do |user|
|
|
440
|
+
user[:username] == lead_username
|
|
441
|
+
end
|
|
442
|
+
# Should only ever return 1 result so we should be good here
|
|
443
|
+
http_body[:lead] = user_by_username_object.first[:id]
|
|
444
|
+
end
|
|
445
|
+
|
|
446
|
+
http_body[:tags] = opts[:tags].to_s.strip.chomp.scrub
|
|
447
|
+
|
|
448
|
+
minimum_severity = opts[:minimum_severity].to_s.strip.chomp.scrub.downcase.capitalize
|
|
449
|
+
case minimum_severity
|
|
450
|
+
when '', 'Info', 'Low', 'Medium', 'High', 'Critical'
|
|
451
|
+
# Defaults to 'Info'
|
|
452
|
+
minimum_severity == '' ? (http_body[:minimum_severity] = 'Info') : (http_body[:minimum_severity] = minimum_severity)
|
|
453
|
+
else
|
|
454
|
+
raise "Unknown minimum severity: #{opts[:minimum_severity]}. Options are Info||Low||Medium||High||Critical'"
|
|
455
|
+
end
|
|
456
|
+
|
|
457
|
+
# Defaults to Time.now.strftime('%Y-%m-%d')
|
|
458
|
+
opts[:scan_date] ? (http_body[:scan_date] = opts[:scan_date]) : (http_body[:scan_date] = Time.now.strftime('%Y-%m-%d'))
|
|
459
|
+
|
|
460
|
+
# Defaults to false
|
|
461
|
+
opts[:verified] ? (http_body[:verified] = true) : (http_body[:verified] = false)
|
|
462
|
+
|
|
463
|
+
api_path = 'import-scan/'
|
|
464
|
+
api_path = 'importscan/' if api_version == 'v1'
|
|
465
|
+
|
|
466
|
+
rest_call(
|
|
467
|
+
dd_obj: dd_obj,
|
|
468
|
+
rest_call: api_path,
|
|
469
|
+
http_method: :post,
|
|
470
|
+
http_body: http_body
|
|
471
|
+
)
|
|
472
|
+
rescue StandardError => e
|
|
473
|
+
raise e
|
|
474
|
+
end
|
|
475
|
+
|
|
476
|
+
# Supported Method Parameters::
|
|
477
|
+
# reimportscan_response = PWN::Plugins::DefectDojo.reimportscan(
|
|
478
|
+
# dd_obj: 'required - dd_obj returned from #login method',
|
|
479
|
+
# engagement_name: 'required - name of engagement to associate w/ scan',
|
|
480
|
+
# scan_type: 'required - type of scan importing (see <DEFECTDOJO_URL>/admin/dojo/test_type/ for listing)',
|
|
481
|
+
# file: 'required - path of scan results file',
|
|
482
|
+
# tags: 'optional - comma-delimited list of tag names to tie to scan for unique test resource_uri retrival',
|
|
483
|
+
# test_resource_uri: 'optional - alternative to tag names to know which test to reimport',
|
|
484
|
+
# minimum_severity: 'optional - minimum finding severity Info||Low||Medium||High||Critical (Defaults to Info)',
|
|
485
|
+
# scan_date: 'optional - date in which scan was kicked off (defaults to now)',
|
|
486
|
+
# verified: 'optional - flag finding as verified by a tester (defaults to false)'
|
|
487
|
+
# )
|
|
488
|
+
|
|
489
|
+
public_class_method def self.reimportscan(opts = {})
|
|
490
|
+
http_body = {}
|
|
491
|
+
|
|
492
|
+
dd_obj = opts[:dd_obj]
|
|
493
|
+
api_version = dd_obj[:api_version]
|
|
494
|
+
|
|
495
|
+
# HTTP POST body options w/ optional params set to default values
|
|
496
|
+
# Defaults to true
|
|
497
|
+
http_body[:active] = true
|
|
498
|
+
|
|
499
|
+
# Ok lets determine the resource_uri for the engagement name
|
|
500
|
+
engagement_name = opts[:engagement_name].to_s.strip.chomp.scrub
|
|
501
|
+
engagement_list = self.engagement_list(dd_obj: dd_obj)
|
|
502
|
+
if api_version == 'v1'
|
|
503
|
+
engagement_by_name_object = engagement_list[:objects].select do |engagement|
|
|
504
|
+
engagement[:name] == engagement_name
|
|
505
|
+
end
|
|
506
|
+
# Should only ever return 1 result so we should be good here
|
|
507
|
+
engagement_resource_uri = engagement_by_name_object.first[:resource_uri]
|
|
508
|
+
end
|
|
509
|
+
|
|
510
|
+
if api_version == 'v2'
|
|
511
|
+
engagement_by_name_object = engagement_list[:results].select do |engagement|
|
|
512
|
+
engagement[:name] == engagement_name
|
|
513
|
+
end
|
|
514
|
+
# Should only ever return 1 result so we should be good here
|
|
515
|
+
engagement_resource_uri = engagement_by_name_object.first[:id]
|
|
516
|
+
end
|
|
517
|
+
|
|
518
|
+
# TODO: lookup scan_type for test resource_uri since the scan_type should never change
|
|
519
|
+
http_body[:scan_type] = opts[:scan_type].to_s.strip.chomp.scrub
|
|
520
|
+
|
|
521
|
+
# Necessary to upload file to remote host
|
|
522
|
+
http_body[:multipart] = true
|
|
523
|
+
http_body[:file] = File.new(opts[:file].to_s.strip.chomp.scrub, 'rb') if File.exist?(opts[:file].to_s.strip.chomp.scrub)
|
|
524
|
+
|
|
525
|
+
# Ok lets determine the resource_uri for the test we're looking to remimport
|
|
526
|
+
test_list = self.test_list(dd_obj: dd_obj)
|
|
527
|
+
|
|
528
|
+
if api_version == 'v1'
|
|
529
|
+
tests_by_engagement_object = test_list[:objects].select do |test|
|
|
530
|
+
test[:engagement] == engagement_resource_uri
|
|
531
|
+
end
|
|
532
|
+
end
|
|
533
|
+
|
|
534
|
+
if api_version == 'v2'
|
|
535
|
+
tests_by_engagement_object = test_list[:results].select do |test|
|
|
536
|
+
test[:engagement] == engagement_resource_uri
|
|
537
|
+
end
|
|
538
|
+
end
|
|
539
|
+
|
|
540
|
+
tags = opts[:tags].to_s.strip.chomp.scrub
|
|
541
|
+
# TODO: wait for solution to:
|
|
542
|
+
# https://github.com/DefectDojo/django-DefectDojo/issues/457
|
|
543
|
+
# in order to obtain the unique test resource_uri
|
|
544
|
+
# by searching tags for unique identifier (would be better to have a unique test names)
|
|
545
|
+
|
|
546
|
+
http_body[:tags] = tags
|
|
547
|
+
|
|
548
|
+
http_body[:test] = opts[:test_resource_uri] if opts[:test_resource_uri]
|
|
549
|
+
|
|
550
|
+
minimum_severity = opts[:minimum_severity].to_s.strip.chomp.scrub.downcase.capitalize
|
|
551
|
+
case minimum_severity
|
|
552
|
+
when '', 'Info', 'Low', 'Medium', 'High', 'Critical'
|
|
553
|
+
# Defaults to 'Info'
|
|
554
|
+
minimum_severity == '' ? (http_body[:minimum_severity] = 'Info') : (http_body[:minimum_severity] = minimum_severity)
|
|
555
|
+
else
|
|
556
|
+
raise "Unknown minimum severity: #{opts[:minimum_severity]}. Options are Info||Low||Medium||High||Critical'"
|
|
557
|
+
end
|
|
558
|
+
|
|
559
|
+
# Defaults to Time.now.strftime('%Y-%m-%d')
|
|
560
|
+
opts[:scan_date] ? (http_body[:scan_date] = opts[:scan_date]) : (http_body[:scan_date] = Time.now.strftime('%Y/%m/%d'))
|
|
561
|
+
|
|
562
|
+
# Defaults to false
|
|
563
|
+
opts[:verified] ? (http_body[:verified] = true) : (http_body[:verified] = false)
|
|
564
|
+
|
|
565
|
+
api_path = 'reimport-scan/'
|
|
566
|
+
api_path = 'reimportscan/' if api_version == 'v1'
|
|
567
|
+
|
|
568
|
+
rest_call(
|
|
569
|
+
dd_obj: dd_obj,
|
|
570
|
+
rest_call: api_path,
|
|
571
|
+
http_method: :post,
|
|
572
|
+
http_body: http_body
|
|
573
|
+
)
|
|
574
|
+
rescue StandardError => e
|
|
575
|
+
raise e
|
|
576
|
+
end
|
|
577
|
+
|
|
578
|
+
# Supported Method Parameters::
|
|
579
|
+
# finding_list = PWN::Plugins::DefectDojo.finding_list(
|
|
580
|
+
# dd_obj: 'required dd_obj returned from #login method',
|
|
581
|
+
# id: 'optional - retrieve single finding by id, otherwise return all'
|
|
582
|
+
# )
|
|
583
|
+
|
|
584
|
+
public_class_method def self.finding_list(opts = {})
|
|
585
|
+
dd_obj = opts[:dd_obj]
|
|
586
|
+
opts[:id] ? (rest_call = "findings/#{opts[:id].to_i}") : (rest_call = 'findings')
|
|
587
|
+
|
|
588
|
+
response = rest_call(
|
|
589
|
+
dd_obj: dd_obj,
|
|
590
|
+
rest_call: rest_call
|
|
591
|
+
)
|
|
592
|
+
|
|
593
|
+
# Return array containing the post-authenticated DefectDojo REST API token
|
|
594
|
+
JSON.parse(response, symbolize_names: true)
|
|
595
|
+
rescue StandardError => e
|
|
596
|
+
raise e
|
|
597
|
+
end
|
|
598
|
+
|
|
599
|
+
# Supported Method Parameters::
|
|
600
|
+
# user_list = PWN::Plugins::DefectDojo.user_list(
|
|
601
|
+
# dd_obj: 'required dd_obj returned from #login method',
|
|
602
|
+
# id: 'optional - retrieve single user by id, otherwise return all'
|
|
603
|
+
# )
|
|
604
|
+
|
|
605
|
+
public_class_method def self.user_list(opts = {})
|
|
606
|
+
dd_obj = opts[:dd_obj]
|
|
607
|
+
opts[:id] ? (rest_call = "users/#{opts[:id].to_i}") : (rest_call = 'users')
|
|
608
|
+
|
|
609
|
+
response = rest_call(
|
|
610
|
+
dd_obj: dd_obj,
|
|
611
|
+
rest_call: rest_call
|
|
612
|
+
)
|
|
613
|
+
|
|
614
|
+
# Return array containing the post-authenticated DefectDojo REST API token
|
|
615
|
+
JSON.parse(response, symbolize_names: true)
|
|
616
|
+
rescue StandardError => e
|
|
617
|
+
raise e
|
|
618
|
+
end
|
|
619
|
+
|
|
620
|
+
# Supported Method Parameters::
|
|
621
|
+
# tool_configuration_list = PWN::Plugins::DefectDojo.tool_configuration_list(
|
|
622
|
+
# dd_obj: 'required dd_obj returned from #login method',
|
|
623
|
+
# id: 'optional - retrieve single test by id, otherwise return all'
|
|
624
|
+
# )
|
|
625
|
+
|
|
626
|
+
public_class_method def self.tool_configuration_list(opts = {})
|
|
627
|
+
dd_obj = opts[:dd_obj]
|
|
628
|
+
opts[:id] ? (rest_call = "tool_configurations/#{opts[:id].to_i}") : (rest_call = 'tool_configurations')
|
|
629
|
+
|
|
630
|
+
response = rest_call(
|
|
631
|
+
dd_obj: dd_obj,
|
|
632
|
+
rest_call: rest_call
|
|
633
|
+
)
|
|
634
|
+
|
|
635
|
+
# Return array containing the post-authenticated DefectDojo REST API token
|
|
636
|
+
JSON.parse(response, symbolize_names: true)
|
|
637
|
+
rescue StandardError => e
|
|
638
|
+
raise e
|
|
639
|
+
end
|
|
640
|
+
|
|
641
|
+
# Supported Method Parameters::
|
|
642
|
+
# PWN::Plugins::DefectDojo.logout(
|
|
643
|
+
# dd_obj: 'required dd_obj returned from #login method'
|
|
644
|
+
# )
|
|
645
|
+
|
|
646
|
+
public_class_method def self.logout(opts = {})
|
|
647
|
+
dd_obj = opts[:dd_obj]
|
|
648
|
+
@@logger.info('Logging out...')
|
|
649
|
+
# TODO: Terminate Session if Possible via API Call
|
|
650
|
+
dd_obj = nil
|
|
651
|
+
rescue StandardError => e
|
|
652
|
+
raise e
|
|
653
|
+
end
|
|
654
|
+
|
|
655
|
+
# Author(s):: Jacob Hoopes <jake.hoopes@gmail.com>
|
|
656
|
+
|
|
657
|
+
public_class_method def self.authors
|
|
658
|
+
"AUTHOR(S):
|
|
659
|
+
Jacob Hoopes <jake.hoopes@gmail.com>
|
|
660
|
+
"
|
|
661
|
+
end
|
|
662
|
+
|
|
663
|
+
# Display Usage for this Module
|
|
664
|
+
|
|
665
|
+
public_class_method def self.help
|
|
666
|
+
puts "USAGE:
|
|
667
|
+
dd_obj = #{self}.login(
|
|
668
|
+
url: 'required - url of DefectDojo Server',
|
|
669
|
+
api_version: 'required - api version to use v1 || v2',
|
|
670
|
+
username: 'required - username to AuthN w/ api v1)',
|
|
671
|
+
api_key: 'optional - defect dojo api key (will prompt if nil)',
|
|
672
|
+
proxy: 'optional - proxy all traffic through MITM proxy (defaults to nil)'
|
|
673
|
+
)
|
|
674
|
+
|
|
675
|
+
product_list = #{self}.product_list(
|
|
676
|
+
dd_obj: 'required dd_obj returned from #login_v1 method',
|
|
677
|
+
id: 'optional - retrieve single product by id, otherwise return all'
|
|
678
|
+
)
|
|
679
|
+
|
|
680
|
+
engagement_list = #{self}.engagement_list(
|
|
681
|
+
dd_obj: 'required dd_obj returned from #login_v1 method',
|
|
682
|
+
id: 'optional - retrieve single engagement by id, otherwise return all'
|
|
683
|
+
)
|
|
684
|
+
|
|
685
|
+
engagement_create_response = #{self}.engagement_create(
|
|
686
|
+
dd_obj: 'required - dd_obj returned from #login_v1 method',
|
|
687
|
+
name: 'required - name of the engagement',
|
|
688
|
+
description: 'optional - description of engagement',
|
|
689
|
+
engagement_type: 'optional - type of engagement Interactive||CI/CD (defaults to CI/CD)',
|
|
690
|
+
status: 'optional - status of the engagement In Progress || On Hold (defaults to In Progress)',
|
|
691
|
+
lead_username: 'required - username of lead to tie to engagement',
|
|
692
|
+
product_name: 'required - product name in which to create engagement',
|
|
693
|
+
test_strategy: 'required - URL of test strategy documentation (e.g. OWASP ASVS URL)',
|
|
694
|
+
orchestration_engine: 'optional - name of orchestration engine tied to CI/CD engagement',
|
|
695
|
+
build_server: 'optional - name of build server tied to CI/CD engagement',
|
|
696
|
+
scm_server: 'optional - name of SCM server tied to CI/CD engagement',
|
|
697
|
+
api_test: 'optional - boolean to set an engagement as an api assessment (defaults to false)',
|
|
698
|
+
pen_test: 'optional - boolean to set an engagement as a manual penetration test (defaults to false)',
|
|
699
|
+
threat_model: 'optional - boolean to set an engagement as a threat model (defaults to false)',
|
|
700
|
+
check_list: 'optional - boolean to set an engagement as a checkbox assessment (defaults to false)',
|
|
701
|
+
first_contacted: 'optional - date of engagement request e.g. 2018-06-18 (Defaults to current day)',
|
|
702
|
+
target_start: 'optional - date to start enagement e.g. 2018-06-19 (Defaults to current day)',
|
|
703
|
+
target_end: 'optional - date of engagement completion e.g. 2018-06-20 (Defaults to current day)'
|
|
704
|
+
)
|
|
705
|
+
|
|
706
|
+
test_list = #{self}.test_list(
|
|
707
|
+
dd_obj: 'required dd_obj returned from #login_v1 method',
|
|
708
|
+
id: 'optional - retrieve single test by id, otherwise return all'
|
|
709
|
+
)
|
|
710
|
+
|
|
711
|
+
importscan_response = #{self}.importscan(
|
|
712
|
+
dd_obj: 'required - dd_obj returned from #login_v1 method',
|
|
713
|
+
engagement_name: 'required - name of engagement to associate w/ scan',
|
|
714
|
+
scan_type: 'required - type of scan importing (see <DEFECTDOJO_URL>/admin/dojo/test_type/ for listing)',
|
|
715
|
+
file: 'required - path of scan results file',
|
|
716
|
+
lead_username: 'required - username of lead to tie to scan',
|
|
717
|
+
tags: 'optional - comma-delimited list of tag names to tie to scan',
|
|
718
|
+
minimum_severity: 'optional - minimum finding severity Info||Low||Medium||High||Critical (Defaults to Info)',
|
|
719
|
+
scan_date: 'optional - date in which scan was kicked off (defaults to now)',
|
|
720
|
+
verified: 'optional - flag finding as verified by a tester (defaults to false)'
|
|
721
|
+
)
|
|
722
|
+
|
|
723
|
+
reimportscan_response = #{self}.reimportscan(
|
|
724
|
+
dd_obj: 'required - dd_obj returned from #login_v1 method',
|
|
725
|
+
engagement_name: 'required - name of engagement to associate w/ scan',
|
|
726
|
+
scan_type: 'required - type of scan importing (see <DEFECTDOJO_URL>/admin/dojo/test_type/ for listing)',
|
|
727
|
+
file: 'required - path of scan results file',
|
|
728
|
+
tags: 'optional - comma-delimited list of tag names to tie to scan for unique test resource_uri retrival',
|
|
729
|
+
test_resource_uri: 'optional - alternative to tag names to know which test to reimport',
|
|
730
|
+
minimum_severity: 'optional - minimum finding severity Info||Low||Medium||High||Critical (Defaults to Info)',
|
|
731
|
+
scan_date: 'optional - date in which scan was kicked off (defaults to now)',
|
|
732
|
+
verified: 'optional - flag finding as verified by a tester (defaults to false)'
|
|
733
|
+
)
|
|
734
|
+
|
|
735
|
+
finding_list = #{self}.finding_list(
|
|
736
|
+
dd_obj: 'required dd_obj returned from #login_v1 method',
|
|
737
|
+
id: 'optional - retrieve single finding by id, otherwise return all'
|
|
738
|
+
)
|
|
739
|
+
|
|
740
|
+
user_list = #{self}.user_list(
|
|
741
|
+
dd_obj: 'required dd_obj returned from #login_v1 method',
|
|
742
|
+
id: 'optional - retrieve single user by id, otherwise return all'
|
|
743
|
+
)
|
|
744
|
+
|
|
745
|
+
tool_configuration_list = #{self}.tool_configuration_list(
|
|
746
|
+
dd_obj: 'required dd_obj returned from #login_v1 method',
|
|
747
|
+
id: 'optional - retrieve single test by id, otherwise return all'
|
|
748
|
+
)
|
|
749
|
+
|
|
750
|
+
#{self}.logout(
|
|
751
|
+
dd_obj: 'required dd_obj returned from #login_v1 or #login_v2 method'
|
|
752
|
+
)
|
|
753
|
+
|
|
754
|
+
#{self}.authors
|
|
755
|
+
"
|
|
756
|
+
end
|
|
757
|
+
end
|
|
758
|
+
end
|
|
759
|
+
end
|