pwn 0.4.333

Sign up to get free protection for your applications and to get access to all the features.
Files changed (904) hide show
  1. checksums.yaml +7 -0
  2. data/.github/FUNDING.yml +1 -0
  3. data/.github/ISSUE_TEMPLATE/bug_report.md +38 -0
  4. data/.gitignore +62 -0
  5. data/.rubocop.yml +12 -0
  6. data/.rubocop_todo.yml +76 -0
  7. data/.ruby-gemset +1 -0
  8. data/.ruby-version +1 -0
  9. data/.travis.yml +24 -0
  10. data/CODE_OF_CONDUCT.md +46 -0
  11. data/CONTRIBUTING.md +10 -0
  12. data/Gemfile +75 -0
  13. data/LICENSE.txt +22 -0
  14. data/README.md +125 -0
  15. data/Rakefile +20 -0
  16. data/Vagrantfile +250 -0
  17. data/bin/pwn +74 -0
  18. data/bin/pwn_android_war_dialer +137 -0
  19. data/bin/pwn_arachni +132 -0
  20. data/bin/pwn_arachni_rest +174 -0
  21. data/bin/pwn_autoinc_version +50 -0
  22. data/bin/pwn_aws_describe_resources +728 -0
  23. data/bin/pwn_burp_suite_pro_active_scan +113 -0
  24. data/bin/pwn_char_base64_encoding +24 -0
  25. data/bin/pwn_char_dec_encoding +23 -0
  26. data/bin/pwn_char_hex_escaped_encoding +26 -0
  27. data/bin/pwn_char_html_entity_encoding +24 -0
  28. data/bin/pwn_char_unicode_escaped_encoding +23 -0
  29. data/bin/pwn_char_url_encoding +24 -0
  30. data/bin/pwn_defectdojo_engagement_create +158 -0
  31. data/bin/pwn_defectdojo_importscan +104 -0
  32. data/bin/pwn_defectdojo_reimportscan +104 -0
  33. data/bin/pwn_domain_reversewhois +89 -0
  34. data/bin/pwn_fuzz_net_app_proto +149 -0
  35. data/bin/pwn_ibm_appscan_enterprise +112 -0
  36. data/bin/pwn_jenkins_create_job +68 -0
  37. data/bin/pwn_jenkins_create_view +68 -0
  38. data/bin/pwn_jenkins_install_plugin +91 -0
  39. data/bin/pwn_jenkins_thinBackup_aws_s3 +123 -0
  40. data/bin/pwn_jenkins_update_plugins +87 -0
  41. data/bin/pwn_jenkins_useradd +86 -0
  42. data/bin/pwn_mail_agent +127 -0
  43. data/bin/pwn_msf_postgres_login +28 -0
  44. data/bin/pwn_nessus_cloud_vulnscan +103 -0
  45. data/bin/pwn_nexpose +52 -0
  46. data/bin/pwn_openvas_vulnscan +102 -0
  47. data/bin/pwn_owasp_zap_active_scan +134 -0
  48. data/bin/pwn_pastebin_sample_filter +61 -0
  49. data/bin/pwn_perimeter_recon +318 -0
  50. data/bin/pwn_sast +161 -0
  51. data/bin/pwn_serial_check_voicemail +66 -0
  52. data/bin/pwn_serial_qualcomm_commands +16 -0
  53. data/bin/pwn_simple_http_server +46 -0
  54. data/bin/pwn_web_cache_deception +233 -0
  55. data/bin/pwn_www_checkip +62 -0
  56. data/bin/pwn_xss_dom_vectors +169 -0
  57. data/build_pwn_gem.sh +33 -0
  58. data/documentation/CSI_Contributors_and_Users.png +0 -0
  59. data/documentation/CSI_Driver_Arch.png +0 -0
  60. data/documentation/fax-spectrogram.png +0 -0
  61. data/documentation/fax-waveform.png +0 -0
  62. data/documentation/pwn_android_war_dialer_session.png +0 -0
  63. data/documentation/pwn_wallpaper.jpg +0 -0
  64. data/documentation/ringing-spectrogram.png +0 -0
  65. data/documentation/ringing-waveform.png +0 -0
  66. data/etc/systemd/msfrpcd.service +12 -0
  67. data/etc/systemd/openvas.service +14 -0
  68. data/etc/userland/aws/apache2/jenkins_443.conf +90 -0
  69. data/etc/userland/aws/apache2/jenkins_80.conf +7 -0
  70. data/etc/userland/aws/apache2/openvas_443.conf +87 -0
  71. data/etc/userland/aws/apache2/openvas_80.conf +7 -0
  72. data/etc/userland/aws/apache2/sast_443.conf +87 -0
  73. data/etc/userland/aws/apache2/sast_80.conf +9 -0
  74. data/etc/userland/aws/apache2/vagrant.yaml.EXAMPLE +9 -0
  75. data/etc/userland/aws/arachni/navigation-REST.instruct.EXAMPLE +29 -0
  76. data/etc/userland/aws/arachni/navigation.instruct.EXAMPLE +3 -0
  77. data/etc/userland/aws/burpsuite/navigation.instruct.EXAMPLE +3 -0
  78. data/etc/userland/aws/burpsuite/vagrant.yaml.EXAMPLE +2 -0
  79. data/etc/userland/aws/defectdojo/vagrant.yaml.EXAMPLE +3 -0
  80. data/etc/userland/aws/jenkins/inject_build_envs.sh +15 -0
  81. data/etc/userland/aws/jenkins/jenkins +81 -0
  82. data/etc/userland/aws/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
  83. data/etc/userland/aws/jenkins/jobs/pipeline-selfupdate.xml +462 -0
  84. data/etc/userland/aws/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
  85. data/etc/userland/aws/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
  86. data/etc/userland/aws/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
  87. data/etc/userland/aws/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
  88. data/etc/userland/aws/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
  89. data/etc/userland/aws/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
  90. data/etc/userland/aws/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
  91. data/etc/userland/aws/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
  92. data/etc/userland/aws/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
  93. data/etc/userland/aws/jenkins/jobs/selfupdate-gem.xml +42 -0
  94. data/etc/userland/aws/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
  95. data/etc/userland/aws/jenkins/jobs/selfupdate-metasploit.xml +42 -0
  96. data/etc/userland/aws/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
  97. data/etc/userland/aws/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
  98. data/etc/userland/aws/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
  99. data/etc/userland/aws/jenkins/jobs/selfupdate-os.xml +42 -0
  100. data/etc/userland/aws/jenkins/jobs/selfupdate-pwn.xml +42 -0
  101. data/etc/userland/aws/jenkins/jobs/selfupdate-rvm.xml +42 -0
  102. data/etc/userland/aws/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
  103. data/etc/userland/aws/jenkins/jobs/selfupdate-wpscan.xml +42 -0
  104. data/etc/userland/aws/jenkins/jobs_userland/.gitkeep +0 -0
  105. data/etc/userland/aws/jenkins/log_parser_rules/arachni.rules +5 -0
  106. data/etc/userland/aws/jenkins/log_parser_rules/sast.rules +2 -0
  107. data/etc/userland/aws/jenkins/log_parser_rules/self_update.rules +14 -0
  108. data/etc/userland/aws/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
  109. data/etc/userland/aws/jenkins/log_parser_rules/system_maintenance.rules +9 -0
  110. data/etc/userland/aws/jenkins/log_parser_rules/wpscan.rules +2 -0
  111. data/etc/userland/aws/jenkins/vagrant.yaml.EXAMPLE +8 -0
  112. data/etc/userland/aws/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
  113. data/etc/userland/aws/metasploit/vagrant.yaml.EXAMPLE +4 -0
  114. data/etc/userland/aws/nessus/vagrant.yaml.EXAMPLE +2 -0
  115. data/etc/userland/aws/openvas/vagrant.yaml.EXAMPLE +2 -0
  116. data/etc/userland/aws/owasp_zap/navigation.instruct.EXAMPLE +3 -0
  117. data/etc/userland/aws/postgres/vagrant.yaml.EXAMPLE +2 -0
  118. data/etc/userland/aws/recon-ng/vagrant.yaml.EXAMPLE +52 -0
  119. data/etc/userland/aws/vagrant.yaml.EXAMPLE +35 -0
  120. data/etc/userland/docker/apache2/jenkins_443.conf +90 -0
  121. data/etc/userland/docker/apache2/jenkins_80.conf +7 -0
  122. data/etc/userland/docker/apache2/openvas_443.conf +87 -0
  123. data/etc/userland/docker/apache2/openvas_80.conf +7 -0
  124. data/etc/userland/docker/apache2/sast_443.conf +87 -0
  125. data/etc/userland/docker/apache2/sast_80.conf +9 -0
  126. data/etc/userland/docker/apache2/vagrant.yaml.EXAMPLE +9 -0
  127. data/etc/userland/docker/arachni/navigation-REST.instruct.EXAMPLE +29 -0
  128. data/etc/userland/docker/arachni/navigation.instruct.EXAMPLE +3 -0
  129. data/etc/userland/docker/burpsuite/navigation.instruct.EXAMPLE +3 -0
  130. data/etc/userland/docker/burpsuite/vagrant.yaml.EXAMPLE +2 -0
  131. data/etc/userland/docker/defectdojo/vagrant.yaml.EXAMPLE +3 -0
  132. data/etc/userland/docker/jenkins/inject_build_envs.sh +15 -0
  133. data/etc/userland/docker/jenkins/jenkins +81 -0
  134. data/etc/userland/docker/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
  135. data/etc/userland/docker/jenkins/jobs/pipeline-selfupdate.xml +462 -0
  136. data/etc/userland/docker/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
  137. data/etc/userland/docker/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
  138. data/etc/userland/docker/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
  139. data/etc/userland/docker/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
  140. data/etc/userland/docker/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
  141. data/etc/userland/docker/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
  142. data/etc/userland/docker/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
  143. data/etc/userland/docker/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
  144. data/etc/userland/docker/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
  145. data/etc/userland/docker/jenkins/jobs/selfupdate-gem.xml +42 -0
  146. data/etc/userland/docker/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
  147. data/etc/userland/docker/jenkins/jobs/selfupdate-metasploit.xml +42 -0
  148. data/etc/userland/docker/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
  149. data/etc/userland/docker/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
  150. data/etc/userland/docker/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
  151. data/etc/userland/docker/jenkins/jobs/selfupdate-os.xml +42 -0
  152. data/etc/userland/docker/jenkins/jobs/selfupdate-pwn.xml +42 -0
  153. data/etc/userland/docker/jenkins/jobs/selfupdate-rvm.xml +42 -0
  154. data/etc/userland/docker/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
  155. data/etc/userland/docker/jenkins/jobs/selfupdate-wpscan.xml +42 -0
  156. data/etc/userland/docker/jenkins/jobs_userland/.gitkeep +0 -0
  157. data/etc/userland/docker/jenkins/log_parser_rules/arachni.rules +5 -0
  158. data/etc/userland/docker/jenkins/log_parser_rules/sast.rules +2 -0
  159. data/etc/userland/docker/jenkins/log_parser_rules/self_update.rules +14 -0
  160. data/etc/userland/docker/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
  161. data/etc/userland/docker/jenkins/log_parser_rules/system_maintenance.rules +9 -0
  162. data/etc/userland/docker/jenkins/log_parser_rules/wpscan.rules +2 -0
  163. data/etc/userland/docker/jenkins/vagrant.yaml.EXAMPLE +8 -0
  164. data/etc/userland/docker/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
  165. data/etc/userland/docker/metasploit/vagrant.yaml.EXAMPLE +4 -0
  166. data/etc/userland/docker/nessus/vagrant.yaml.EXAMPLE +2 -0
  167. data/etc/userland/docker/openvas/vagrant.yaml.EXAMPLE +2 -0
  168. data/etc/userland/docker/owasp_zap/navigation.instruct.EXAMPLE +3 -0
  169. data/etc/userland/docker/postgres/vagrant.yaml.EXAMPLE +2 -0
  170. data/etc/userland/docker/recon-ng/vagrant.yaml.EXAMPLE +52 -0
  171. data/etc/userland/qemu/apache2/jenkins_443.conf +90 -0
  172. data/etc/userland/qemu/apache2/jenkins_80.conf +7 -0
  173. data/etc/userland/qemu/apache2/openvas_443.conf +87 -0
  174. data/etc/userland/qemu/apache2/openvas_80.conf +7 -0
  175. data/etc/userland/qemu/apache2/sast_443.conf +87 -0
  176. data/etc/userland/qemu/apache2/sast_80.conf +9 -0
  177. data/etc/userland/qemu/apache2/vagrant.yaml.EXAMPLE +9 -0
  178. data/etc/userland/qemu/arachni/navigation-REST.instruct.EXAMPLE +29 -0
  179. data/etc/userland/qemu/arachni/navigation.instruct.EXAMPLE +3 -0
  180. data/etc/userland/qemu/burpsuite/navigation.instruct.EXAMPLE +3 -0
  181. data/etc/userland/qemu/burpsuite/vagrant.yaml.EXAMPLE +2 -0
  182. data/etc/userland/qemu/defectdojo/vagrant.yaml.EXAMPLE +3 -0
  183. data/etc/userland/qemu/jenkins/inject_build_envs.sh +15 -0
  184. data/etc/userland/qemu/jenkins/jenkins +81 -0
  185. data/etc/userland/qemu/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
  186. data/etc/userland/qemu/jenkins/jobs/pipeline-selfupdate.xml +462 -0
  187. data/etc/userland/qemu/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
  188. data/etc/userland/qemu/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
  189. data/etc/userland/qemu/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
  190. data/etc/userland/qemu/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
  191. data/etc/userland/qemu/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
  192. data/etc/userland/qemu/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
  193. data/etc/userland/qemu/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
  194. data/etc/userland/qemu/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
  195. data/etc/userland/qemu/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
  196. data/etc/userland/qemu/jenkins/jobs/selfupdate-gem.xml +42 -0
  197. data/etc/userland/qemu/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
  198. data/etc/userland/qemu/jenkins/jobs/selfupdate-metasploit.xml +42 -0
  199. data/etc/userland/qemu/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
  200. data/etc/userland/qemu/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
  201. data/etc/userland/qemu/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
  202. data/etc/userland/qemu/jenkins/jobs/selfupdate-os.xml +42 -0
  203. data/etc/userland/qemu/jenkins/jobs/selfupdate-pwn.xml +42 -0
  204. data/etc/userland/qemu/jenkins/jobs/selfupdate-rvm.xml +42 -0
  205. data/etc/userland/qemu/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
  206. data/etc/userland/qemu/jenkins/jobs/selfupdate-wpscan.xml +42 -0
  207. data/etc/userland/qemu/jenkins/jobs_userland/.gitkeep +0 -0
  208. data/etc/userland/qemu/jenkins/log_parser_rules/arachni.rules +5 -0
  209. data/etc/userland/qemu/jenkins/log_parser_rules/sast.rules +2 -0
  210. data/etc/userland/qemu/jenkins/log_parser_rules/self_update.rules +14 -0
  211. data/etc/userland/qemu/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
  212. data/etc/userland/qemu/jenkins/log_parser_rules/system_maintenance.rules +9 -0
  213. data/etc/userland/qemu/jenkins/log_parser_rules/wpscan.rules +2 -0
  214. data/etc/userland/qemu/jenkins/vagrant.yaml.EXAMPLE +8 -0
  215. data/etc/userland/qemu/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
  216. data/etc/userland/qemu/metasploit/vagrant.yaml.EXAMPLE +4 -0
  217. data/etc/userland/qemu/nessus/vagrant.yaml.EXAMPLE +2 -0
  218. data/etc/userland/qemu/openvas/vagrant.yaml.EXAMPLE +2 -0
  219. data/etc/userland/qemu/owasp_zap/navigation.instruct.EXAMPLE +3 -0
  220. data/etc/userland/qemu/postgres/vagrant.yaml.EXAMPLE +2 -0
  221. data/etc/userland/qemu/recon-ng/vagrant.yaml.EXAMPLE +52 -0
  222. data/etc/userland/ruby-gem/apache2/jenkins_443.conf +90 -0
  223. data/etc/userland/ruby-gem/apache2/jenkins_80.conf +7 -0
  224. data/etc/userland/ruby-gem/apache2/openvas_443.conf +87 -0
  225. data/etc/userland/ruby-gem/apache2/openvas_80.conf +7 -0
  226. data/etc/userland/ruby-gem/apache2/sast_443.conf +87 -0
  227. data/etc/userland/ruby-gem/apache2/sast_80.conf +9 -0
  228. data/etc/userland/ruby-gem/apache2/vagrant.yaml.EXAMPLE +9 -0
  229. data/etc/userland/ruby-gem/arachni/navigation-REST.instruct.EXAMPLE +29 -0
  230. data/etc/userland/ruby-gem/arachni/navigation.instruct.EXAMPLE +3 -0
  231. data/etc/userland/ruby-gem/burpsuite/navigation.instruct.EXAMPLE +3 -0
  232. data/etc/userland/ruby-gem/burpsuite/vagrant.yaml.EXAMPLE +2 -0
  233. data/etc/userland/ruby-gem/defectdojo/vagrant.yaml.EXAMPLE +3 -0
  234. data/etc/userland/ruby-gem/jenkins/inject_build_envs.sh +15 -0
  235. data/etc/userland/ruby-gem/jenkins/jenkins +81 -0
  236. data/etc/userland/ruby-gem/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
  237. data/etc/userland/ruby-gem/jenkins/jobs/pipeline-selfupdate.xml +462 -0
  238. data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
  239. data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
  240. data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
  241. data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
  242. data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
  243. data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
  244. data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
  245. data/etc/userland/ruby-gem/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
  246. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
  247. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-gem.xml +42 -0
  248. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
  249. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-metasploit.xml +42 -0
  250. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
  251. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
  252. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
  253. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-os.xml +42 -0
  254. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-pwn.xml +42 -0
  255. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-rvm.xml +42 -0
  256. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
  257. data/etc/userland/ruby-gem/jenkins/jobs/selfupdate-wpscan.xml +42 -0
  258. data/etc/userland/ruby-gem/jenkins/jobs_userland/.gitkeep +0 -0
  259. data/etc/userland/ruby-gem/jenkins/log_parser_rules/arachni.rules +5 -0
  260. data/etc/userland/ruby-gem/jenkins/log_parser_rules/sast.rules +2 -0
  261. data/etc/userland/ruby-gem/jenkins/log_parser_rules/self_update.rules +14 -0
  262. data/etc/userland/ruby-gem/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
  263. data/etc/userland/ruby-gem/jenkins/log_parser_rules/system_maintenance.rules +9 -0
  264. data/etc/userland/ruby-gem/jenkins/log_parser_rules/wpscan.rules +2 -0
  265. data/etc/userland/ruby-gem/jenkins/vagrant.yaml.EXAMPLE +8 -0
  266. data/etc/userland/ruby-gem/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
  267. data/etc/userland/ruby-gem/metasploit/vagrant.yaml.EXAMPLE +4 -0
  268. data/etc/userland/ruby-gem/nessus/vagrant.yaml.EXAMPLE +2 -0
  269. data/etc/userland/ruby-gem/openvas/vagrant.yaml.EXAMPLE +2 -0
  270. data/etc/userland/ruby-gem/owasp_zap/navigation.instruct.EXAMPLE +3 -0
  271. data/etc/userland/ruby-gem/postgres/vagrant.yaml.EXAMPLE +2 -0
  272. data/etc/userland/ruby-gem/recon-ng/vagrant.yaml.EXAMPLE +52 -0
  273. data/etc/userland/virtualbox/apache2/jenkins_443.conf +90 -0
  274. data/etc/userland/virtualbox/apache2/jenkins_80.conf +7 -0
  275. data/etc/userland/virtualbox/apache2/openvas_443.conf +87 -0
  276. data/etc/userland/virtualbox/apache2/openvas_80.conf +7 -0
  277. data/etc/userland/virtualbox/apache2/sast_443.conf +87 -0
  278. data/etc/userland/virtualbox/apache2/sast_80.conf +9 -0
  279. data/etc/userland/virtualbox/apache2/vagrant.yaml.EXAMPLE +9 -0
  280. data/etc/userland/virtualbox/arachni/navigation-REST.instruct.EXAMPLE +29 -0
  281. data/etc/userland/virtualbox/arachni/navigation.instruct.EXAMPLE +3 -0
  282. data/etc/userland/virtualbox/burpsuite/navigation.instruct.EXAMPLE +3 -0
  283. data/etc/userland/virtualbox/burpsuite/vagrant.yaml.EXAMPLE +2 -0
  284. data/etc/userland/virtualbox/defectdojo/vagrant.yaml.EXAMPLE +3 -0
  285. data/etc/userland/virtualbox/jenkins/inject_build_envs.sh +15 -0
  286. data/etc/userland/virtualbox/jenkins/jenkins +81 -0
  287. data/etc/userland/virtualbox/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
  288. data/etc/userland/virtualbox/jenkins/jobs/pipeline-selfupdate.xml +462 -0
  289. data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
  290. data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
  291. data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
  292. data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
  293. data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
  294. data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
  295. data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
  296. data/etc/userland/virtualbox/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
  297. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
  298. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-gem.xml +42 -0
  299. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
  300. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-metasploit.xml +42 -0
  301. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
  302. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
  303. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
  304. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-os.xml +42 -0
  305. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-pwn.xml +42 -0
  306. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-rvm.xml +42 -0
  307. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
  308. data/etc/userland/virtualbox/jenkins/jobs/selfupdate-wpscan.xml +42 -0
  309. data/etc/userland/virtualbox/jenkins/jobs_userland/.gitkeep +0 -0
  310. data/etc/userland/virtualbox/jenkins/log_parser_rules/arachni.rules +5 -0
  311. data/etc/userland/virtualbox/jenkins/log_parser_rules/sast.rules +2 -0
  312. data/etc/userland/virtualbox/jenkins/log_parser_rules/self_update.rules +14 -0
  313. data/etc/userland/virtualbox/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
  314. data/etc/userland/virtualbox/jenkins/log_parser_rules/system_maintenance.rules +9 -0
  315. data/etc/userland/virtualbox/jenkins/log_parser_rules/wpscan.rules +2 -0
  316. data/etc/userland/virtualbox/jenkins/vagrant.yaml.EXAMPLE +8 -0
  317. data/etc/userland/virtualbox/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
  318. data/etc/userland/virtualbox/metasploit/vagrant.yaml.EXAMPLE +4 -0
  319. data/etc/userland/virtualbox/nessus/vagrant.yaml.EXAMPLE +2 -0
  320. data/etc/userland/virtualbox/openvas/vagrant.yaml.EXAMPLE +2 -0
  321. data/etc/userland/virtualbox/owasp_zap/navigation.instruct.EXAMPLE +3 -0
  322. data/etc/userland/virtualbox/postgres/vagrant.yaml.EXAMPLE +2 -0
  323. data/etc/userland/virtualbox/recon-ng/vagrant.yaml.EXAMPLE +52 -0
  324. data/etc/userland/virtualbox/vagrant.yaml.EXAMPLE +4 -0
  325. data/etc/userland/vmware/apache2/jenkins_443.conf +90 -0
  326. data/etc/userland/vmware/apache2/jenkins_80.conf +7 -0
  327. data/etc/userland/vmware/apache2/openvas_443.conf +87 -0
  328. data/etc/userland/vmware/apache2/openvas_80.conf +7 -0
  329. data/etc/userland/vmware/apache2/sast_443.conf +87 -0
  330. data/etc/userland/vmware/apache2/sast_80.conf +9 -0
  331. data/etc/userland/vmware/apache2/vagrant.yaml.EXAMPLE +9 -0
  332. data/etc/userland/vmware/arachni/navigation-REST.instruct.EXAMPLE +29 -0
  333. data/etc/userland/vmware/arachni/navigation.instruct.EXAMPLE +3 -0
  334. data/etc/userland/vmware/burpsuite/navigation.instruct.EXAMPLE +3 -0
  335. data/etc/userland/vmware/burpsuite/vagrant.yaml.EXAMPLE +2 -0
  336. data/etc/userland/vmware/defectdojo/vagrant.yaml.EXAMPLE +3 -0
  337. data/etc/userland/vmware/jenkins/inject_build_envs.sh +15 -0
  338. data/etc/userland/vmware/jenkins/jenkins +81 -0
  339. data/etc/userland/vmware/jenkins/jobs/pipeline-pwntemplate.xml +298 -0
  340. data/etc/userland/vmware/jenkins/jobs/pipeline-selfupdate.xml +462 -0
  341. data/etc/userland/vmware/jenkins/jobs/pwntemplate-DOMAIN-arachni.xml +35 -0
  342. data/etc/userland/vmware/jenkins/jobs/pwntemplate-DOMAIN-burpsuite.xml +44 -0
  343. data/etc/userland/vmware/jenkins/jobs/pwntemplate-DOMAIN-owasp_zap.xml +35 -0
  344. data/etc/userland/vmware/jenkins/jobs/pwntemplate-DOMAIN-ssllabs-scan.xml +45 -0
  345. data/etc/userland/vmware/jenkins/jobs/pwntemplate-GITREPO_BRANCH-sast.xml +71 -0
  346. data/etc/userland/vmware/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_discovery_scan_tcp_udp_65k.xml +56 -0
  347. data/etc/userland/vmware/jenkins/jobs/pwntemplate-NETWORKRANGE-nmap_xml_results_searchsploit.xml +59 -0
  348. data/etc/userland/vmware/jenkins/jobs/pwntemplate-NETWORKRANGE-openvas.xml +45 -0
  349. data/etc/userland/vmware/jenkins/jobs/selfupdate-exploit-db.xml +43 -0
  350. data/etc/userland/vmware/jenkins/jobs/selfupdate-gem.xml +42 -0
  351. data/etc/userland/vmware/jenkins/jobs/selfupdate-jenkins_plugins.xml +42 -0
  352. data/etc/userland/vmware/jenkins/jobs/selfupdate-metasploit.xml +42 -0
  353. data/etc/userland/vmware/jenkins/jobs/selfupdate-nmap_all_live_hosts.xml +42 -0
  354. data/etc/userland/vmware/jenkins/jobs/selfupdate-openvas_sync.xml +42 -0
  355. data/etc/userland/vmware/jenkins/jobs/selfupdate-openvas_wrappers.xml +42 -0
  356. data/etc/userland/vmware/jenkins/jobs/selfupdate-os.xml +42 -0
  357. data/etc/userland/vmware/jenkins/jobs/selfupdate-pwn.xml +42 -0
  358. data/etc/userland/vmware/jenkins/jobs/selfupdate-rvm.xml +42 -0
  359. data/etc/userland/vmware/jenkins/jobs/selfupdate-ssllabs-scan.xml +42 -0
  360. data/etc/userland/vmware/jenkins/jobs/selfupdate-wpscan.xml +42 -0
  361. data/etc/userland/vmware/jenkins/jobs_userland/.gitkeep +0 -0
  362. data/etc/userland/vmware/jenkins/log_parser_rules/arachni.rules +5 -0
  363. data/etc/userland/vmware/jenkins/log_parser_rules/sast.rules +2 -0
  364. data/etc/userland/vmware/jenkins/log_parser_rules/self_update.rules +14 -0
  365. data/etc/userland/vmware/jenkins/log_parser_rules/ssllabs-scan.rules +8 -0
  366. data/etc/userland/vmware/jenkins/log_parser_rules/system_maintenance.rules +9 -0
  367. data/etc/userland/vmware/jenkins/log_parser_rules/wpscan.rules +2 -0
  368. data/etc/userland/vmware/jenkins/vagrant.yaml.EXAMPLE +8 -0
  369. data/etc/userland/vmware/letsencrypt/vagrant.yaml.EXAMPLE +5 -0
  370. data/etc/userland/vmware/metasploit/vagrant.yaml.EXAMPLE +4 -0
  371. data/etc/userland/vmware/nessus/vagrant.yaml.EXAMPLE +2 -0
  372. data/etc/userland/vmware/openvas/vagrant.yaml.EXAMPLE +2 -0
  373. data/etc/userland/vmware/owasp_zap/navigation.instruct.EXAMPLE +3 -0
  374. data/etc/userland/vmware/postgres/vagrant.yaml.EXAMPLE +2 -0
  375. data/etc/userland/vmware/recon-ng/vagrant.yaml.EXAMPLE +52 -0
  376. data/etc/userland/vmware/vagrant.yaml.EXAMPLE +5 -0
  377. data/find_latest_gem_versions_per_Gemfile.sh +11 -0
  378. data/git_commit_test_reinit_gem.sh +22 -0
  379. data/install.sh +180 -0
  380. data/lib/pwn/aws/acm.rb +92 -0
  381. data/lib/pwn/aws/api_gateway.rb +92 -0
  382. data/lib/pwn/aws/app_stream.rb +92 -0
  383. data/lib/pwn/aws/application_auto_scaling.rb +92 -0
  384. data/lib/pwn/aws/application_discovery_service.rb +92 -0
  385. data/lib/pwn/aws/auto_scaling.rb +92 -0
  386. data/lib/pwn/aws/batch.rb +92 -0
  387. data/lib/pwn/aws/budgets.rb +92 -0
  388. data/lib/pwn/aws/cloud_formation.rb +92 -0
  389. data/lib/pwn/aws/cloud_front.rb +92 -0
  390. data/lib/pwn/aws/cloud_hsm.rb +92 -0
  391. data/lib/pwn/aws/cloud_search.rb +92 -0
  392. data/lib/pwn/aws/cloud_search_domain.rb +92 -0
  393. data/lib/pwn/aws/cloud_trail.rb +92 -0
  394. data/lib/pwn/aws/cloud_watch.rb +92 -0
  395. data/lib/pwn/aws/cloud_watch_events.rb +92 -0
  396. data/lib/pwn/aws/cloud_watch_logs.rb +92 -0
  397. data/lib/pwn/aws/code_build.rb +92 -0
  398. data/lib/pwn/aws/code_commit.rb +92 -0
  399. data/lib/pwn/aws/code_deploy.rb +92 -0
  400. data/lib/pwn/aws/code_pipeline.rb +92 -0
  401. data/lib/pwn/aws/cognito_identity.rb +92 -0
  402. data/lib/pwn/aws/cognito_identity_provider.rb +92 -0
  403. data/lib/pwn/aws/cognito_sync.rb +92 -0
  404. data/lib/pwn/aws/config_service.rb +92 -0
  405. data/lib/pwn/aws/data_pipleline.rb +92 -0
  406. data/lib/pwn/aws/database_migration_service.rb +92 -0
  407. data/lib/pwn/aws/device_farm.rb +92 -0
  408. data/lib/pwn/aws/direct_connect.rb +92 -0
  409. data/lib/pwn/aws/directory_service.rb +92 -0
  410. data/lib/pwn/aws/dynamo_db.rb +92 -0
  411. data/lib/pwn/aws/dynamo_db_streams.rb +92 -0
  412. data/lib/pwn/aws/ec2.rb +92 -0
  413. data/lib/pwn/aws/ecr.rb +92 -0
  414. data/lib/pwn/aws/ecs.rb +92 -0
  415. data/lib/pwn/aws/efs.rb +92 -0
  416. data/lib/pwn/aws/elasti_cache.rb +92 -0
  417. data/lib/pwn/aws/elastic_beanstalk.rb +89 -0
  418. data/lib/pwn/aws/elastic_load_balancing.rb +92 -0
  419. data/lib/pwn/aws/elastic_load_balancing_v2.rb +92 -0
  420. data/lib/pwn/aws/elastic_transcoder.rb +92 -0
  421. data/lib/pwn/aws/elasticsearch_service.rb +92 -0
  422. data/lib/pwn/aws/emr.rb +92 -0
  423. data/lib/pwn/aws/firehose.rb +92 -0
  424. data/lib/pwn/aws/game_lift.rb +92 -0
  425. data/lib/pwn/aws/glacier.rb +92 -0
  426. data/lib/pwn/aws/health.rb +92 -0
  427. data/lib/pwn/aws/iam.rb +92 -0
  428. data/lib/pwn/aws/import_export.rb +92 -0
  429. data/lib/pwn/aws/inspector.rb +92 -0
  430. data/lib/pwn/aws/iot.rb +92 -0
  431. data/lib/pwn/aws/iot_data_plane.rb +92 -0
  432. data/lib/pwn/aws/kinesis.rb +92 -0
  433. data/lib/pwn/aws/kinesis_analytics.rb +92 -0
  434. data/lib/pwn/aws/kms.rb +92 -0
  435. data/lib/pwn/aws/lambda.rb +92 -0
  436. data/lib/pwn/aws/lambda_preview.rb +92 -0
  437. data/lib/pwn/aws/lex.rb +92 -0
  438. data/lib/pwn/aws/lightsail.rb +92 -0
  439. data/lib/pwn/aws/machine_learning.rb +92 -0
  440. data/lib/pwn/aws/marketplace_commerce_analytics.rb +92 -0
  441. data/lib/pwn/aws/marketplace_metering.rb +92 -0
  442. data/lib/pwn/aws/ops_works.rb +92 -0
  443. data/lib/pwn/aws/ops_works_cm.rb +92 -0
  444. data/lib/pwn/aws/pinpoint.rb +92 -0
  445. data/lib/pwn/aws/polly.rb +92 -0
  446. data/lib/pwn/aws/rds.rb +92 -0
  447. data/lib/pwn/aws/redshift.rb +92 -0
  448. data/lib/pwn/aws/rekognition.rb +92 -0
  449. data/lib/pwn/aws/route53.rb +92 -0
  450. data/lib/pwn/aws/route53_domains.rb +92 -0
  451. data/lib/pwn/aws/s3.rb +92 -0
  452. data/lib/pwn/aws/service_catalog.rb +92 -0
  453. data/lib/pwn/aws/ses.rb +92 -0
  454. data/lib/pwn/aws/shield.rb +92 -0
  455. data/lib/pwn/aws/simple_db.rb +92 -0
  456. data/lib/pwn/aws/sms.rb +92 -0
  457. data/lib/pwn/aws/snowball.rb +92 -0
  458. data/lib/pwn/aws/sns.rb +92 -0
  459. data/lib/pwn/aws/sqs.rb +92 -0
  460. data/lib/pwn/aws/ssm.rb +92 -0
  461. data/lib/pwn/aws/states.rb +92 -0
  462. data/lib/pwn/aws/storage_gateway.rb +92 -0
  463. data/lib/pwn/aws/sts.rb +63 -0
  464. data/lib/pwn/aws/support.rb +92 -0
  465. data/lib/pwn/aws/swf.rb +92 -0
  466. data/lib/pwn/aws/waf.rb +92 -0
  467. data/lib/pwn/aws/waf_regional.rb +92 -0
  468. data/lib/pwn/aws/workspaces.rb +92 -0
  469. data/lib/pwn/aws/x_ray.rb +92 -0
  470. data/lib/pwn/aws.rb +105 -0
  471. data/lib/pwn/ffi.rb +16 -0
  472. data/lib/pwn/plugins/android.rb +1616 -0
  473. data/lib/pwn/plugins/ansible_vault.rb +75 -0
  474. data/lib/pwn/plugins/authentication_helper.rb +79 -0
  475. data/lib/pwn/plugins/basic_auth.rb +63 -0
  476. data/lib/pwn/plugins/beef.rb +309 -0
  477. data/lib/pwn/plugins/burp_suite.rb +340 -0
  478. data/lib/pwn/plugins/bus_pirate.rb +150 -0
  479. data/lib/pwn/plugins/char.rb +459 -0
  480. data/lib/pwn/plugins/credit_card.rb +53 -0
  481. data/lib/pwn/plugins/dao_ldap.rb +131 -0
  482. data/lib/pwn/plugins/dao_mongo.rb +96 -0
  483. data/lib/pwn/plugins/dao_postgres.rb +224 -0
  484. data/lib/pwn/plugins/dao_sqlite3.rb +125 -0
  485. data/lib/pwn/plugins/defect_dojo.rb +759 -0
  486. data/lib/pwn/plugins/detect_os.rb +40 -0
  487. data/lib/pwn/plugins/ein.rb +141 -0
  488. data/lib/pwn/plugins/file_fu.rb +73 -0
  489. data/lib/pwn/plugins/fuzz.rb +206 -0
  490. data/lib/pwn/plugins/git.rb +166 -0
  491. data/lib/pwn/plugins/hacker_one.rb +152 -0
  492. data/lib/pwn/plugins/http_intercept_helper.rb +122 -0
  493. data/lib/pwn/plugins/ibm_appscan.rb +927 -0
  494. data/lib/pwn/plugins/ip_info.rb +100 -0
  495. data/lib/pwn/plugins/jenkins.rb +545 -0
  496. data/lib/pwn/plugins/json_pathify.rb +46 -0
  497. data/lib/pwn/plugins/mail_agent.rb +344 -0
  498. data/lib/pwn/plugins/metasploit.rb +151 -0
  499. data/lib/pwn/plugins/nessus_cloud.rb +325 -0
  500. data/lib/pwn/plugins/nexpose_vuln_scan.rb +356 -0
  501. data/lib/pwn/plugins/nmap_it.rb +99 -0
  502. data/lib/pwn/plugins/oauth2.rb +67 -0
  503. data/lib/pwn/plugins/ocr.rb +43 -0
  504. data/lib/pwn/plugins/openvas.rb +308 -0
  505. data/lib/pwn/plugins/owasp_zap.rb +550 -0
  506. data/lib/pwn/plugins/packet.rb +1271 -0
  507. data/lib/pwn/plugins/pdf_parse.rb +53 -0
  508. data/lib/pwn/plugins/pony.rb +282 -0
  509. data/lib/pwn/plugins/pwn_logger.rb +46 -0
  510. data/lib/pwn/plugins/rabbit_mq_hole.rb +66 -0
  511. data/lib/pwn/plugins/rfidler.rb +58 -0
  512. data/lib/pwn/plugins/serial.rb +268 -0
  513. data/lib/pwn/plugins/shodan.rb +566 -0
  514. data/lib/pwn/plugins/slack_client.rb +104 -0
  515. data/lib/pwn/plugins/sock.rb +156 -0
  516. data/lib/pwn/plugins/son_micro_rfid.rb +432 -0
  517. data/lib/pwn/plugins/spider.rb +80 -0
  518. data/lib/pwn/plugins/ssn.rb +52 -0
  519. data/lib/pwn/plugins/thread_pool.rb +71 -0
  520. data/lib/pwn/plugins/transparent_browser.rb +337 -0
  521. data/lib/pwn/plugins/twitter_api.rb +148 -0
  522. data/lib/pwn/plugins/uri_scheme.rb +328 -0
  523. data/lib/pwn/plugins/vsphere.rb +82 -0
  524. data/lib/pwn/plugins.rb +66 -0
  525. data/lib/pwn/reports/fuzz.rb +270 -0
  526. data/lib/pwn/reports/sast.rb +306 -0
  527. data/lib/pwn/reports.rb +21 -0
  528. data/lib/pwn/sast/amqp_connect_as_guest.rb +140 -0
  529. data/lib/pwn/sast/apache_file_system_util_api.rb +137 -0
  530. data/lib/pwn/sast/aws.rb +142 -0
  531. data/lib/pwn/sast/banned_function_calls_c.rb +265 -0
  532. data/lib/pwn/sast/base64.rb +143 -0
  533. data/lib/pwn/sast/beef_hook.rb +137 -0
  534. data/lib/pwn/sast/cmd_execution_java.rb +142 -0
  535. data/lib/pwn/sast/cmd_execution_python.rb +144 -0
  536. data/lib/pwn/sast/cmd_execution_ruby.rb +152 -0
  537. data/lib/pwn/sast/cmd_execution_scala.rb +142 -0
  538. data/lib/pwn/sast/csrf.rb +136 -0
  539. data/lib/pwn/sast/deserial_java.rb +135 -0
  540. data/lib/pwn/sast/emoticon.rb +145 -0
  541. data/lib/pwn/sast/eval.rb +140 -0
  542. data/lib/pwn/sast/factory.rb +135 -0
  543. data/lib/pwn/sast/file_permission.rb +142 -0
  544. data/lib/pwn/sast/inner_html.rb +140 -0
  545. data/lib/pwn/sast/keystore.rb +137 -0
  546. data/lib/pwn/sast/location_hash.rb +140 -0
  547. data/lib/pwn/sast/log4j.rb +140 -0
  548. data/lib/pwn/sast/logger.rb +155 -0
  549. data/lib/pwn/sast/outer_html.rb +140 -0
  550. data/lib/pwn/sast/password.rb +140 -0
  551. data/lib/pwn/sast/pom_version.rb +144 -0
  552. data/lib/pwn/sast/port.rb +147 -0
  553. data/lib/pwn/sast/private_key.rb +140 -0
  554. data/lib/pwn/sast/redirect.rb +142 -0
  555. data/lib/pwn/sast/redos.rb +147 -0
  556. data/lib/pwn/sast/shell.rb +148 -0
  557. data/lib/pwn/sast/sql.rb +144 -0
  558. data/lib/pwn/sast/ssl.rb +137 -0
  559. data/lib/pwn/sast/sudo.rb +140 -0
  560. data/lib/pwn/sast/task_tag.rb +154 -0
  561. data/lib/pwn/sast/throw_errors.rb +139 -0
  562. data/lib/pwn/sast/token.rb +137 -0
  563. data/lib/pwn/sast/version.rb +137 -0
  564. data/lib/pwn/sast/window_location_hash.rb +139 -0
  565. data/lib/pwn/sast.rb +53 -0
  566. data/lib/pwn/version.rb +5 -0
  567. data/lib/pwn/www/app_cobalt_io.rb +168 -0
  568. data/lib/pwn/www/bing.rb +119 -0
  569. data/lib/pwn/www/bug_crowd.rb +165 -0
  570. data/lib/pwn/www/checkip.rb +101 -0
  571. data/lib/pwn/www/duckduckgo.rb +141 -0
  572. data/lib/pwn/www/facebook.rb +153 -0
  573. data/lib/pwn/www/google.rb +145 -0
  574. data/lib/pwn/www/hacker_one.rb +153 -0
  575. data/lib/pwn/www/linkedin.rb +153 -0
  576. data/lib/pwn/www/pandora.rb +153 -0
  577. data/lib/pwn/www/pastebin.rb +114 -0
  578. data/lib/pwn/www/paypal.rb +235 -0
  579. data/lib/pwn/www/synack.rb +165 -0
  580. data/lib/pwn/www/torch.rb +138 -0
  581. data/lib/pwn/www/twitter.rb +165 -0
  582. data/lib/pwn/www/uber.rb +153 -0
  583. data/lib/pwn/www/upwork.rb +153 -0
  584. data/lib/pwn/www/youtube.rb +119 -0
  585. data/lib/pwn/www.rb +33 -0
  586. data/lib/pwn.rb +24 -0
  587. data/packer/daemons/msfrpcd.rb +64 -0
  588. data/packer/daemons/openvas.rb +51 -0
  589. data/packer/deploy_docker_containers.sh +9 -0
  590. data/packer/deploy_packer_box.sh +87 -0
  591. data/packer/docker/kali_rolling_docker_pwn_fuzz_net_app_proto.json +44 -0
  592. data/packer/docker/kali_rolling_docker_pwn_prototyper.json +48 -0
  593. data/packer/docker/kali_rolling_docker_pwn_sast.json +44 -0
  594. data/packer/docker/kali_rolling_docker_pwn_transparent_browser.json +46 -0
  595. data/packer/docker/kali_rolling_docker_pwn_www_checkip.json +34 -0
  596. data/packer/http/kali_rolling_preseed.cfg +81 -0
  597. data/packer/kali_rolling_aws_ami.json +135 -0
  598. data/packer/kali_rolling_qemu_kvm.json +155 -0
  599. data/packer/kali_rolling_virtualbox.json +182 -0
  600. data/packer/kali_rolling_vmware.json +163 -0
  601. data/packer/packer_secrets.json.EXAMPLE +9 -0
  602. data/packer/provisioners/PayloadsAllTheThings.sh +5 -0
  603. data/packer/provisioners/SecLists.sh +5 -0
  604. data/packer/provisioners/afl.sh +28 -0
  605. data/packer/provisioners/aliases.rb +18 -0
  606. data/packer/provisioners/amass.sh +5 -0
  607. data/packer/provisioners/android.sh +18 -0
  608. data/packer/provisioners/ansible.sh +5 -0
  609. data/packer/provisioners/apache2.sh +24 -0
  610. data/packer/provisioners/arachni.sh +28 -0
  611. data/packer/provisioners/awscli.sh +5 -0
  612. data/packer/provisioners/bashrc.sh +13 -0
  613. data/packer/provisioners/beef.rb +23 -0
  614. data/packer/provisioners/burpsuite.sh +23 -0
  615. data/packer/provisioners/chrome.sh +11 -0
  616. data/packer/provisioners/coreutils.sh +6 -0
  617. data/packer/provisioners/curl.sh +6 -0
  618. data/packer/provisioners/docker.sh +43 -0
  619. data/packer/provisioners/docker_bashrc.sh +2 -0
  620. data/packer/provisioners/docker_rvm.sh +22 -0
  621. data/packer/provisioners/eyewitness.sh +5 -0
  622. data/packer/provisioners/ffmpeg.sh +6 -0
  623. data/packer/provisioners/firefox.sh +7 -0
  624. data/packer/provisioners/fuzzdb.sh +5 -0
  625. data/packer/provisioners/gdb.sh +5 -0
  626. data/packer/provisioners/geckodriver.sh +9 -0
  627. data/packer/provisioners/ghidra.sh +5 -0
  628. data/packer/provisioners/git.sh +6 -0
  629. data/packer/provisioners/init_image.sh +103 -0
  630. data/packer/provisioners/install_vagrant_ssh_key.sh +15 -0
  631. data/packer/provisioners/jenkins.sh +62 -0
  632. data/packer/provisioners/metasploit.rb +59 -0
  633. data/packer/provisioners/nmap_all_live_hosts.sh +8 -0
  634. data/packer/provisioners/openvas.sh +23 -0
  635. data/packer/provisioners/openvas_wrappers.sh +4 -0
  636. data/packer/provisioners/openvpn.sh +7 -0
  637. data/packer/provisioners/peda.sh +4 -0
  638. data/packer/provisioners/phantomjs.rb +28 -0
  639. data/packer/provisioners/phantomjs_wrapper.sh +22 -0
  640. data/packer/provisioners/post_install.sh +41 -0
  641. data/packer/provisioners/postgresql.sh +49 -0
  642. data/packer/provisioners/preeny.sh +8 -0
  643. data/packer/provisioners/pwn.sh +89 -0
  644. data/packer/provisioners/pwntools.sh +13 -0
  645. data/packer/provisioners/radamsa.sh +7 -0
  646. data/packer/provisioners/rc.local.sh +16 -0
  647. data/packer/provisioners/reboot_os.sh +7 -0
  648. data/packer/provisioners/ruby.sh +36 -0
  649. data/packer/provisioners/rvm.sh +30 -0
  650. data/packer/provisioners/scapy.sh +5 -0
  651. data/packer/provisioners/scout2.sh +5 -0
  652. data/packer/provisioners/sox.sh +5 -0
  653. data/packer/provisioners/ssllabs-scan.sh +9 -0
  654. data/packer/provisioners/strace.sh +5 -0
  655. data/packer/provisioners/sublist3r.sh +5 -0
  656. data/packer/provisioners/terminator.sh +5 -0
  657. data/packer/provisioners/toggle_tor.sh +2 -0
  658. data/packer/provisioners/tor.sh +5 -0
  659. data/packer/provisioners/twinkle.sh +6 -0
  660. data/packer/provisioners/update_os.sh +108 -0
  661. data/packer/provisioners/upload_globals.sh +55 -0
  662. data/packer/provisioners/vim.sh +19 -0
  663. data/packer/provisioners/virtualbox_guest_additions.sh +20 -0
  664. data/packer/provisioners/vmware_tools.sh +8 -0
  665. data/packer/provisioners/wpscan.rb +23 -0
  666. data/packer/provisioners/xrdp.sh +22 -0
  667. data/packer/provisioners/zzuf.sh +5 -0
  668. data/pwn.gemspec +34 -0
  669. data/reinstall_pwn_gemset.sh +31 -0
  670. data/spec/lib/pwn/aws/acm_spec.rb +15 -0
  671. data/spec/lib/pwn/aws/api_gateway_spec.rb +15 -0
  672. data/spec/lib/pwn/aws/app_stream_spec.rb +15 -0
  673. data/spec/lib/pwn/aws/application_auto_scaling_spec.rb +15 -0
  674. data/spec/lib/pwn/aws/application_discovery_service_spec.rb +15 -0
  675. data/spec/lib/pwn/aws/auto_scaling_spec.rb +15 -0
  676. data/spec/lib/pwn/aws/batch_spec.rb +15 -0
  677. data/spec/lib/pwn/aws/budgets_spec.rb +15 -0
  678. data/spec/lib/pwn/aws/cloud_formation_spec.rb +15 -0
  679. data/spec/lib/pwn/aws/cloud_front_spec.rb +15 -0
  680. data/spec/lib/pwn/aws/cloud_hsm_spec.rb +15 -0
  681. data/spec/lib/pwn/aws/cloud_search_domain_spec.rb +15 -0
  682. data/spec/lib/pwn/aws/cloud_search_spec.rb +15 -0
  683. data/spec/lib/pwn/aws/cloud_trail_spec.rb +15 -0
  684. data/spec/lib/pwn/aws/cloud_watch_events_spec.rb +15 -0
  685. data/spec/lib/pwn/aws/cloud_watch_logs_spec.rb +15 -0
  686. data/spec/lib/pwn/aws/cloud_watch_spec.rb +15 -0
  687. data/spec/lib/pwn/aws/code_build_spec.rb +15 -0
  688. data/spec/lib/pwn/aws/code_commit_spec.rb +15 -0
  689. data/spec/lib/pwn/aws/code_deploy_spec.rb +15 -0
  690. data/spec/lib/pwn/aws/code_pipeline_spec.rb +15 -0
  691. data/spec/lib/pwn/aws/cognito_identity_provider_spec.rb +15 -0
  692. data/spec/lib/pwn/aws/cognito_identity_spec.rb +15 -0
  693. data/spec/lib/pwn/aws/cognito_sync_spec.rb +15 -0
  694. data/spec/lib/pwn/aws/config_service_spec.rb +15 -0
  695. data/spec/lib/pwn/aws/data_pipleline_spec.rb +15 -0
  696. data/spec/lib/pwn/aws/database_migration_service_spec.rb +15 -0
  697. data/spec/lib/pwn/aws/device_farm_spec.rb +15 -0
  698. data/spec/lib/pwn/aws/direct_connect_spec.rb +15 -0
  699. data/spec/lib/pwn/aws/directory_service_spec.rb +15 -0
  700. data/spec/lib/pwn/aws/dynamo_db_spec.rb +15 -0
  701. data/spec/lib/pwn/aws/dynamo_db_streams_spec.rb +15 -0
  702. data/spec/lib/pwn/aws/ec2_spec.rb +15 -0
  703. data/spec/lib/pwn/aws/ecr_spec.rb +15 -0
  704. data/spec/lib/pwn/aws/ecs_spec.rb +15 -0
  705. data/spec/lib/pwn/aws/efs_spec.rb +15 -0
  706. data/spec/lib/pwn/aws/elasti_cache_spec.rb +15 -0
  707. data/spec/lib/pwn/aws/elastic_beanstalk_spec.rb +15 -0
  708. data/spec/lib/pwn/aws/elastic_load_balancing_spec.rb +15 -0
  709. data/spec/lib/pwn/aws/elastic_load_balancing_v2_spec.rb +15 -0
  710. data/spec/lib/pwn/aws/elastic_transcoder_spec.rb +15 -0
  711. data/spec/lib/pwn/aws/elasticsearch_service_spec.rb +15 -0
  712. data/spec/lib/pwn/aws/emr_spec.rb +15 -0
  713. data/spec/lib/pwn/aws/firehose_spec.rb +15 -0
  714. data/spec/lib/pwn/aws/game_lift_spec.rb +15 -0
  715. data/spec/lib/pwn/aws/glacier_spec.rb +15 -0
  716. data/spec/lib/pwn/aws/health_spec.rb +15 -0
  717. data/spec/lib/pwn/aws/iam_spec.rb +15 -0
  718. data/spec/lib/pwn/aws/import_export_spec.rb +15 -0
  719. data/spec/lib/pwn/aws/inspector_spec.rb +15 -0
  720. data/spec/lib/pwn/aws/iot_data_plane_spec.rb +15 -0
  721. data/spec/lib/pwn/aws/iot_spec.rb +15 -0
  722. data/spec/lib/pwn/aws/kinesis_analytics_spec.rb +15 -0
  723. data/spec/lib/pwn/aws/kinesis_spec.rb +15 -0
  724. data/spec/lib/pwn/aws/kms_spec.rb +15 -0
  725. data/spec/lib/pwn/aws/lambda_preview_spec.rb +15 -0
  726. data/spec/lib/pwn/aws/lambda_spec.rb +15 -0
  727. data/spec/lib/pwn/aws/lex_spec.rb +15 -0
  728. data/spec/lib/pwn/aws/lightsail_spec.rb +15 -0
  729. data/spec/lib/pwn/aws/machine_learning_spec.rb +15 -0
  730. data/spec/lib/pwn/aws/marketplace_commerce_analytics_spec.rb +15 -0
  731. data/spec/lib/pwn/aws/marketplace_metering_spec.rb +15 -0
  732. data/spec/lib/pwn/aws/ops_works_cm_spec.rb +15 -0
  733. data/spec/lib/pwn/aws/ops_works_spec.rb +15 -0
  734. data/spec/lib/pwn/aws/pinpoint_spec.rb +15 -0
  735. data/spec/lib/pwn/aws/polly_spec.rb +15 -0
  736. data/spec/lib/pwn/aws/rds_spec.rb +15 -0
  737. data/spec/lib/pwn/aws/redshift_spec.rb +15 -0
  738. data/spec/lib/pwn/aws/rekognition_spec.rb +15 -0
  739. data/spec/lib/pwn/aws/route53_domains_spec.rb +15 -0
  740. data/spec/lib/pwn/aws/route53_spec.rb +15 -0
  741. data/spec/lib/pwn/aws/s3_spec.rb +15 -0
  742. data/spec/lib/pwn/aws/service_catalog_spec.rb +15 -0
  743. data/spec/lib/pwn/aws/ses_spec.rb +15 -0
  744. data/spec/lib/pwn/aws/shield_spec.rb +15 -0
  745. data/spec/lib/pwn/aws/simple_db_spec.rb +15 -0
  746. data/spec/lib/pwn/aws/sms_spec.rb +15 -0
  747. data/spec/lib/pwn/aws/snowball_spec.rb +15 -0
  748. data/spec/lib/pwn/aws/sns_spec.rb +15 -0
  749. data/spec/lib/pwn/aws/sqs_spec.rb +15 -0
  750. data/spec/lib/pwn/aws/ssm_spec.rb +15 -0
  751. data/spec/lib/pwn/aws/states_spec.rb +15 -0
  752. data/spec/lib/pwn/aws/storage_gateway_spec.rb +15 -0
  753. data/spec/lib/pwn/aws/sts_spec.rb +15 -0
  754. data/spec/lib/pwn/aws/support_spec.rb +15 -0
  755. data/spec/lib/pwn/aws/swf_spec.rb +15 -0
  756. data/spec/lib/pwn/aws/waf_regional_spec.rb +15 -0
  757. data/spec/lib/pwn/aws/waf_spec.rb +15 -0
  758. data/spec/lib/pwn/aws/workspaces_spec.rb +15 -0
  759. data/spec/lib/pwn/aws/x_ray_spec.rb +15 -0
  760. data/spec/lib/pwn/aws_spec.rb +10 -0
  761. data/spec/lib/pwn/ffi_spec.rb +10 -0
  762. data/spec/lib/pwn/plugins/android_spec.rb +15 -0
  763. data/spec/lib/pwn/plugins/authentication_helper_spec.rb +15 -0
  764. data/spec/lib/pwn/plugins/basic_auth_spec.rb +15 -0
  765. data/spec/lib/pwn/plugins/beef_spec.rb +15 -0
  766. data/spec/lib/pwn/plugins/burp_suite_spec.rb +15 -0
  767. data/spec/lib/pwn/plugins/bus_pirate_spec.rb +15 -0
  768. data/spec/lib/pwn/plugins/char_spec.rb +15 -0
  769. data/spec/lib/pwn/plugins/credit_card_spec.rb +15 -0
  770. data/spec/lib/pwn/plugins/dao_ldap_spec.rb +15 -0
  771. data/spec/lib/pwn/plugins/dao_mongo_spec.rb +15 -0
  772. data/spec/lib/pwn/plugins/dao_postgres_spec.rb +15 -0
  773. data/spec/lib/pwn/plugins/dao_sqlite3_spec.rb +15 -0
  774. data/spec/lib/pwn/plugins/defect_dojo_spec.rb +15 -0
  775. data/spec/lib/pwn/plugins/detect_os_spec.rb +15 -0
  776. data/spec/lib/pwn/plugins/ein_spec.rb +15 -0
  777. data/spec/lib/pwn/plugins/file_fu_spec.rb +15 -0
  778. data/spec/lib/pwn/plugins/fuzz_spec.rb +15 -0
  779. data/spec/lib/pwn/plugins/git_spec.rb +15 -0
  780. data/spec/lib/pwn/plugins/hacker_one_spec.rb +15 -0
  781. data/spec/lib/pwn/plugins/ibm_appscan_spec.rb +15 -0
  782. data/spec/lib/pwn/plugins/ip_info_spec.rb +15 -0
  783. data/spec/lib/pwn/plugins/jenkins_spec.rb +15 -0
  784. data/spec/lib/pwn/plugins/json_pathify_spec.rb +15 -0
  785. data/spec/lib/pwn/plugins/mail_agent_spec.rb +15 -0
  786. data/spec/lib/pwn/plugins/metasploit_spec.rb +15 -0
  787. data/spec/lib/pwn/plugins/nessus_cloud_spec.rb +15 -0
  788. data/spec/lib/pwn/plugins/nexpose_vuln_scan_spec.rb +15 -0
  789. data/spec/lib/pwn/plugins/nmap_it_spec.rb +15 -0
  790. data/spec/lib/pwn/plugins/oauth2_spec.rb +15 -0
  791. data/spec/lib/pwn/plugins/ocr_spec.rb +15 -0
  792. data/spec/lib/pwn/plugins/openvas_spec.rb +15 -0
  793. data/spec/lib/pwn/plugins/owasp_zap_spec.rb +15 -0
  794. data/spec/lib/pwn/plugins/packet_spec.rb +15 -0
  795. data/spec/lib/pwn/plugins/pdf_parse_spec.rb +15 -0
  796. data/spec/lib/pwn/plugins/pony_spec.rb +15 -0
  797. data/spec/lib/pwn/plugins/rabbit_mq_hole_spec.rb +15 -0
  798. data/spec/lib/pwn/plugins/rfidler_spec.rb +15 -0
  799. data/spec/lib/pwn/plugins/serial_spec.rb +15 -0
  800. data/spec/lib/pwn/plugins/shodan_spec.rb +15 -0
  801. data/spec/lib/pwn/plugins/slack_client_spec.rb +15 -0
  802. data/spec/lib/pwn/plugins/sock_spec.rb +15 -0
  803. data/spec/lib/pwn/plugins/son_micro_rfid_spec.rb +15 -0
  804. data/spec/lib/pwn/plugins/spider_spec.rb +15 -0
  805. data/spec/lib/pwn/plugins/ssn_spec.rb +15 -0
  806. data/spec/lib/pwn/plugins/thread_pool_spec.rb +15 -0
  807. data/spec/lib/pwn/plugins/transparent_browser_spec.rb +15 -0
  808. data/spec/lib/pwn/plugins/twitter_api_spec.rb +15 -0
  809. data/spec/lib/pwn/plugins/uri_scheme_spec.rb +15 -0
  810. data/spec/lib/pwn/plugins/vsphere_spec.rb +15 -0
  811. data/spec/lib/pwn/plugins_spec.rb +10 -0
  812. data/spec/lib/pwn/reports/fuzz_spec.rb +15 -0
  813. data/spec/lib/pwn/reports/sast_spec.rb +15 -0
  814. data/spec/lib/pwn/reports_spec.rb +10 -0
  815. data/spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb +25 -0
  816. data/spec/lib/pwn/sast/apache_file_system_util_api_spec.rb +25 -0
  817. data/spec/lib/pwn/sast/aws_spec.rb +25 -0
  818. data/spec/lib/pwn/sast/banned_function_calls_c_spec.rb +25 -0
  819. data/spec/lib/pwn/sast/base64_spec.rb +25 -0
  820. data/spec/lib/pwn/sast/beef_hook_spec.rb +25 -0
  821. data/spec/lib/pwn/sast/cmd_execution_java_spec.rb +25 -0
  822. data/spec/lib/pwn/sast/cmd_execution_python_spec.rb +25 -0
  823. data/spec/lib/pwn/sast/cmd_execution_ruby_spec.rb +25 -0
  824. data/spec/lib/pwn/sast/cmd_execution_scala_spec.rb +25 -0
  825. data/spec/lib/pwn/sast/csrf_spec.rb +25 -0
  826. data/spec/lib/pwn/sast/deserial_java_spec.rb +25 -0
  827. data/spec/lib/pwn/sast/emoticon_spec.rb +25 -0
  828. data/spec/lib/pwn/sast/eval_spec.rb +25 -0
  829. data/spec/lib/pwn/sast/factory_spec.rb +25 -0
  830. data/spec/lib/pwn/sast/file_permission_spec.rb +25 -0
  831. data/spec/lib/pwn/sast/inner_html_spec.rb +25 -0
  832. data/spec/lib/pwn/sast/keystore_spec.rb +25 -0
  833. data/spec/lib/pwn/sast/location_hash_spec.rb +25 -0
  834. data/spec/lib/pwn/sast/log4j_spec.rb +25 -0
  835. data/spec/lib/pwn/sast/logger_spec.rb +25 -0
  836. data/spec/lib/pwn/sast/password_spec.rb +25 -0
  837. data/spec/lib/pwn/sast/pom_version_spec.rb +25 -0
  838. data/spec/lib/pwn/sast/port_spec.rb +25 -0
  839. data/spec/lib/pwn/sast/private_key_spec.rb +25 -0
  840. data/spec/lib/pwn/sast/redirect_spec.rb +25 -0
  841. data/spec/lib/pwn/sast/redos_spec.rb +25 -0
  842. data/spec/lib/pwn/sast/shell_spec.rb +25 -0
  843. data/spec/lib/pwn/sast/sql_spec.rb +25 -0
  844. data/spec/lib/pwn/sast/ssl_spec.rb +25 -0
  845. data/spec/lib/pwn/sast/sudo_spec.rb +25 -0
  846. data/spec/lib/pwn/sast/task_tag_spec.rb +25 -0
  847. data/spec/lib/pwn/sast/throw_errors_spec.rb +25 -0
  848. data/spec/lib/pwn/sast/token_spec.rb +25 -0
  849. data/spec/lib/pwn/sast/version_spec.rb +25 -0
  850. data/spec/lib/pwn/sast/window_location_hash_spec.rb +25 -0
  851. data/spec/lib/pwn/sast_spec.rb +10 -0
  852. data/spec/lib/pwn/www/app_cobalt_io_spec.rb +15 -0
  853. data/spec/lib/pwn/www/bing_spec.rb +15 -0
  854. data/spec/lib/pwn/www/bug_crowd.rb +15 -0
  855. data/spec/lib/pwn/www/checkip_spec.rb +15 -0
  856. data/spec/lib/pwn/www/duckduckgo_spec.rb +15 -0
  857. data/spec/lib/pwn/www/facebook_spec.rb +15 -0
  858. data/spec/lib/pwn/www/google_spec.rb +15 -0
  859. data/spec/lib/pwn/www/hacker_one_spec.rb +15 -0
  860. data/spec/lib/pwn/www/linkedin_spec.rb +15 -0
  861. data/spec/lib/pwn/www/pandora_spec.rb +15 -0
  862. data/spec/lib/pwn/www/pastebin_spec.rb +15 -0
  863. data/spec/lib/pwn/www/paypal_spec.rb +15 -0
  864. data/spec/lib/pwn/www/synack_spec.rb +15 -0
  865. data/spec/lib/pwn/www/torch_spec.rb +15 -0
  866. data/spec/lib/pwn/www/twitter_spec.rb +15 -0
  867. data/spec/lib/pwn/www/uber_spec.rb +15 -0
  868. data/spec/lib/pwn/www/upwork_spec.rb +15 -0
  869. data/spec/lib/pwn/www/youtube_spec.rb +15 -0
  870. data/spec/lib/pwn/www_spec.rb +10 -0
  871. data/spec/lib/pwn_spec.rb +10 -0
  872. data/spec/spec_helper.rb +3 -0
  873. data/third_party/.gitkeep +0 -0
  874. data/update_pwn.sh +15 -0
  875. data/upgrade_ruby.sh +46 -0
  876. data/vagrant/provisioners/apache2.sh +76 -0
  877. data/vagrant/provisioners/beef.rb +30 -0
  878. data/vagrant/provisioners/burpsuite_pro.rb +37 -0
  879. data/vagrant/provisioners/exploit-db.sh +2 -0
  880. data/vagrant/provisioners/gem.sh +4 -0
  881. data/vagrant/provisioners/init_env.sh +22 -0
  882. data/vagrant/provisioners/jenkins.sh +87 -0
  883. data/vagrant/provisioners/jenkins_ssh-keygen.rb +86 -0
  884. data/vagrant/provisioners/kali_customize.rb +130 -0
  885. data/vagrant/provisioners/letsencrypt.rb +35 -0
  886. data/vagrant/provisioners/metasploit.rb +25 -0
  887. data/vagrant/provisioners/nmap_all_live_hosts.sh +2 -0
  888. data/vagrant/provisioners/openvas.sh +23 -0
  889. data/vagrant/provisioners/openvas_wrappers.sh +2 -0
  890. data/vagrant/provisioners/post_install.sh +14 -0
  891. data/vagrant/provisioners/postgres.sh +22 -0
  892. data/vagrant/provisioners/pwn.sh +15 -0
  893. data/vagrant/provisioners/rvm.sh +18 -0
  894. data/vagrant/provisioners/ssllabs-scan.sh +10 -0
  895. data/vagrant/provisioners/toggle_tor.sh +2 -0
  896. data/vagrant/provisioners/update_jenkins_plugins.rb +30 -0
  897. data/vagrant/provisioners/update_os.sh +108 -0
  898. data/vagrant/provisioners/upload_globals.sh +55 -0
  899. data/vagrant/provisioners/userland_fdisk.sh +22 -0
  900. data/vagrant/provisioners/userland_lvm.sh +5 -0
  901. data/vagrant/provisioners/wpscan.rb +25 -0
  902. data/vagrant_rsync_third_party.lst +1 -0
  903. data/vagrant_rsync_userland_template.lst +8 -0
  904. metadata +1245 -0
data/lib/pwn/plugins/nessus_cloud.rb ADDED
@@ -0,0 +1,325 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'json'
4
+
5
+ module PWN
6
+ module Plugins
7
+ # This plugin is used for interacting w/ the Tenable.io REST API (i.e. Nessus Cloud)
8
+ module NessusCloud
9
+ @@logger = PWN::Plugins::PWNLogger.create
10
+
11
+ # Supported Method Parameters::
12
+ # nessus_cloud_rest_call(
13
+ # nessus_obj: 'required nessus_obj returned from #start method',
14
+ # rest_call: 'required rest call to make per the schema',
15
+ # http_method: 'optional HTTP method (defaults to GET)
16
+ # http_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'
17
+ # )
18
+
19
+ private_class_method def self.nessus_cloud_rest_call(opts = {})
20
+ nessus_obj = opts[:nessus_obj]
21
+ rest_call = opts[:rest_call].to_s.scrub
22
+ http_method = if opts[:http_method].nil?
23
+ :get
24
+ else
25
+ opts[:http_method].to_s.scrub.to_sym
26
+ end
27
+ params = opts[:params]
28
+ http_body = opts[:http_body].to_s.scrub
29
+ access_key = nessus_obj[:access_key]
30
+ secret_key = nessus_obj[:secret_key]
31
+ base_nessus_cloud_api_uri = 'https://cloud.tenable.com'
32
+
33
+ rest_client = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)::Request
34
+
35
+ case http_method
36
+ when :get
37
+ response = rest_client.execute(
38
+ method: :get,
39
+ url: "#{base_nessus_cloud_api_uri}/#{rest_call}",
40
+ headers: {
41
+ x_apikeys: "accessKey=#{access_key}; secretKey=#{secret_key}",
42
+ accept: 'application/json',
43
+ content_type: 'application/json; charset=UTF-8',
44
+ params: params
45
+ },
46
+ verify_ssl: false
47
+ )
48
+
49
+ when :post
50
+ response = rest_client.execute(
51
+ method: :post,
52
+ url: "#{base_nessus_cloud_api_uri}/#{rest_call}",
53
+ headers: {
54
+ x_apikeys: "accessKey=#{access_key}; secretKey=#{secret_key}",
55
+ accept: 'application/json',
56
+ content_type: 'application/json; charset=UTF-8'
57
+ },
58
+ payload: http_body,
59
+ verify_ssl: false
60
+ )
61
+
62
+ else
63
+ raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
64
+ end
65
+
66
+ sleep 3
67
+
68
+ response
69
+ rescue StandardError, SystemExit, Interrupt => e
70
+ raise e
71
+ end
72
+
73
+ # Supported Method Parameters::
74
+ # PWN::Plugins::NessusCloud.login(
75
+ # access_key: 'required - API access key (will prompt if blank)',
76
+ # secret_key: 'required - API secret key (will prompt if blank)'
77
+ # )
78
+
79
+ public_class_method def self.login(opts = {})
80
+ access_key = opts[:access_key]
81
+ access_key = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'Access Key') if opts[:access_key].nil?
82
+
83
+ secret_key = opts[:secret_key]
84
+ secret_key = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'Secret Key') if opts[:secret_key].nil?
85
+
86
+ nessus_obj = {}
87
+ nessus_obj[:access_key] = access_key
88
+ nessus_obj[:secret_key] = secret_key
89
+
90
+ nessus_obj
91
+ rescue StandardError, SystemExit, Interrupt => e
92
+ raise e
93
+ end
94
+
95
+ # Supported Method Parameters::
96
+ # PWN::Plugins::NessusCloud.list_scans(
97
+ # nessus_obj: 'required - nessus_obj returned from #login method'
98
+ # )
99
+
100
+ public_class_method def self.list_scans(opts = {})
101
+ nessus_obj = opts[:nessus_obj]
102
+
103
+ scans_resp = nessus_cloud_rest_call(
104
+ nessus_obj: nessus_obj,
105
+ rest_call: 'scans'
106
+ ).body
107
+
108
+ JSON.parse(scans_resp, symbolize_names: true)
109
+ rescue StandardError, SystemExit, Interrupt => e
110
+ raise e
111
+ end
112
+
113
+ # Supported Method Parameters::
114
+ # PWN::Plugins::NessusCloud.launch_scan(
115
+ # nessus_obj: 'required - nessus_obj returned from #login method',
116
+ # scan_id: 'required - scan id to launch'
117
+ # )
118
+
119
+ public_class_method def self.launch_scan(opts = {})
120
+ nessus_obj = opts[:nessus_obj]
121
+ scan_id = opts[:scan_id]
122
+
123
+ launch_scan_resp = nessus_cloud_rest_call(
124
+ http_method: :post,
125
+ nessus_obj: nessus_obj,
126
+ rest_call: "scans/#{scan_id}/launch"
127
+ ).body
128
+
129
+ JSON.parse(launch_scan_resp, symbolize_names: true)
130
+ rescue StandardError, SystemExit, Interrupt => e
131
+ raise e
132
+ end
133
+
134
+ # Supported Method Parameters::
135
+ # PWN::Plugins::NessusCloud.get_scan_status(
136
+ # nessus_obj: 'required - nessus_obj returned from #login method',
137
+ # scan_id: 'required - scan id to retrieve status'
138
+ # )
139
+
140
+ public_class_method def self.get_scan_status(opts = {})
141
+ nessus_obj = opts[:nessus_obj]
142
+ scan_id = opts[:scan_id]
143
+
144
+ scan_status_resp = nessus_cloud_rest_call(
145
+ nessus_obj: nessus_obj,
146
+ rest_call: "scans/#{scan_id}/latest-status"
147
+ ).body
148
+
149
+ JSON.parse(scan_status_resp, symbolize_names: true)
150
+ rescue StandardError, SystemExit, Interrupt => e
151
+ raise e
152
+ end
153
+
154
+ # Supported Method Parameters::
155
+ # PWN::Plugins::NessusCloud.tag(
156
+ # nessus_obj: 'required - nessus_obj returned from #login method',
157
+ # category: 'required - category name to create or use',
158
+ # value: 'required - value name to create or use',
159
+ # desc: 'optional - _value_ description'
160
+ # )
161
+
162
+ public_class_method def self.tag(opts = {})
163
+ nessus_obj = opts[:nessus_obj]
164
+ category = opts[:category]
165
+ value = opts[:value]
166
+ desc = opts[:desc]
167
+
168
+ http_body = {
169
+ category_name: category,
170
+ value: value
171
+ }.to_json
172
+
173
+ tag_resp = nessus_cloud_rest_call(
174
+ http_method: :post,
175
+ nessus_obj: nessus_obj,
176
+ rest_call: 'tags/values',
177
+ http_body: http_body
178
+ ).body
179
+
180
+ JSON.parse(tag_resp, symbolize_names: true)
181
+ rescue StandardError, SystemExit, Interrupt => e
182
+ raise e
183
+ end
184
+
185
+ # Supported Method Parameters::
186
+ # PWN::Plugins::NessusCloud.get_scan_history(
187
+ # nessus_obj: 'required - nessus_obj returned from #login method'
188
+ # scan_id: 'required - scan id to launch'
189
+ # )
190
+
191
+ public_class_method def self.get_scan_history(opts = {})
192
+ nessus_obj = opts[:nessus_obj]
193
+ scan_id = opts[:scan_id]
194
+
195
+ scan_hist_resp = nessus_cloud_rest_call(
196
+ nessus_obj: nessus_obj,
197
+ rest_call: "scans/#{scan_id}/history"
198
+ ).body
199
+
200
+ JSON.parse(scan_hist_resp, symbolize_names: true)
201
+ rescue StandardError, SystemExit, Interrupt => e
202
+ raise e
203
+ end
204
+
205
+ # Supported Method Parameters::
206
+ # PWN::Plugins::NessusCloud.export_scan_results(
207
+ # nessus_obj: 'required - nessus_obj returned from #login method',
208
+ # scan_id: 'required - scan id to export',
209
+ # path_to_export: 'required - filename to export results',
210
+ # history_id: 'optional - defaults to last scan',
211
+ # format: 'optional - :csv|:db|:html|:nessus|:pdf (defaults to :csv')
212
+ # )
213
+
214
+ public_class_method def self.export_scan_results(opts = {})
215
+ nessus_obj = opts[:nessus_obj]
216
+ scan_id = opts[:scan_id]
217
+ path_to_export = opts[:path_to_export]
218
+ if opts[:history_id]
219
+ history_id = opts[:history_id]
220
+ else
221
+ scan_history_resp = get_scan_history(
222
+ nessus_obj: nessus_obj,
223
+ scan_id: scan_id
224
+ )
225
+
226
+ if scan_history_resp[:history].empty?
227
+ puts 'No scan history found.'
228
+ raise 'Has at least one scan completed?'
229
+ else
230
+ history_id = scan_history_resp[:history].last[:id]
231
+ end
232
+ end
233
+
234
+ format = :csv
235
+ format = opts[:format].to_s.to_sym if opts[:format]
236
+
237
+ http_body = {
238
+ scan_id: scan_id,
239
+ history_id: history_id,
240
+ format: format
241
+ }.to_json
242
+
243
+ export_scan_resp = nessus_cloud_rest_call(
244
+ http_method: :post,
245
+ nessus_obj: nessus_obj,
246
+ rest_call: "scans/#{scan_id}/export",
247
+ http_body: http_body
248
+ ).body
249
+
250
+ file_id = JSON.parse(
251
+ export_scan_resp,
252
+ symbolize_names: true
253
+ )[:file]
254
+
255
+ download_export_resp = nessus_cloud_rest_call(
256
+ nessus_obj: nessus_obj,
257
+ rest_call: "scans/#{scan_id}/export/#{file_id}/download"
258
+ ).body
259
+
260
+ File.open(path_to_export, 'wb') do |f|
261
+ f.puts download_export_resp
262
+ end
263
+
264
+ path_to_export
265
+ rescue StandardError, SystemExit, Interrupt => e
266
+ raise e
267
+ end
268
+
269
+ # Author(s):: Jacob Hoopes <jake.hoopes@gmail.com>
270
+
271
+ public_class_method def self.authors
272
+ "AUTHOR(S):
273
+ Jacob Hoopes <jake.hoopes@gmail.com>
274
+ "
275
+ end
276
+
277
+ # Display Usage for this Module
278
+
279
+ public_class_method def self.help
280
+ puts "USAGE:
281
+ nessus_obj = #{self}.login(
282
+ access_key: 'required - API access key (will prompt if blank)',
283
+ secret_key: 'required - API secret key (will prompt if blank)'
284
+ )
285
+
286
+ #{self}.list_scans(
287
+ nessus_obj: 'required - nessus_obj returned from #login method'
288
+ )
289
+
290
+ #{self}.launch_scan(
291
+ nessus_obj: 'required - nessus_obj returned from #login method',
292
+ scan_id: 'required - scan id to launch'
293
+ )
294
+
295
+ #{self}.get_scan_status(
296
+ nessus_obj: 'required - nessus_obj returned from #login method',
297
+ scan_id: 'required - scan id to retrieve status'
298
+ )
299
+
300
+ #{self}.tag(
301
+ nessus_obj: 'required - nessus_obj returned from #login method',
302
+ category: 'required - category name to create or use',
303
+ value: 'required - value name to create or use',
304
+ desc: 'optional - _value_ description'
305
+ )
306
+
307
+ #{self}.get_scan_history(
308
+ nessus_obj: 'required - nessus_obj returned from #login method'
309
+ scan_id: 'required - scan id to launch'
310
+ )
311
+
312
+ #{self}.export_scan_results(
313
+ nessus_obj: 'required - nessus_obj returned from #login method',
314
+ scan_id: 'required - scan id to export',
315
+ path_to_export: 'required - filename to export results',
316
+ history_id: 'optional - defaults to last scan',
317
+ format: 'optional - :csv|:db|:html|:nessus|:pdf (defaults to :csv')
318
+ )
319
+
320
+ #{self}.authors
321
+ "
322
+ end
323
+ end
324
+ end
325
+ end
data/lib/pwn/plugins/nexpose_vuln_scan.rb ADDED
@@ -0,0 +1,356 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'nexpose'
4
+ require 'ipaddr'
5
+
6
+ module PWN
7
+ module Plugins
8
+ # This plugin is used for interacting w/ Nexpose using the Nexpose API.
9
+ module NexposeVulnScan
10
+ @@logger = PWN::Plugins::PWNLogger.create
11
+
12
+ # Supported Method Parameters::
13
+ # PWN::Plugins::NexposeVulnScan.login(
14
+ # console_ip: 'required host/ip of Nexpose Console (server)',
15
+ # username: 'required username',
16
+ # password: 'optional password (will prompt if nil)'
17
+ # )
18
+
19
+ public_class_method def self.login(opts = {})
20
+ console_ip = opts[:console_ip]
21
+ username = opts[:username].to_s
22
+
23
+ password = if opts[:password].nil?
24
+ PWN::Plugins::AuthenticationHelper.mask_password
25
+ else
26
+ opts[:password].to_s
27
+ end
28
+
29
+ nsc_obj = Nexpose::Connection.new(console_ip, username, password)
30
+ nsc_obj.login
31
+ config = Nexpose::Console.load(nsc_obj)
32
+ config.session_timeout = 21_600
33
+ # config.save(nsc_obj) # This will change the global sesion timeout config in the console
34
+ nsc_obj
35
+ rescue StandardError => e
36
+ raise e
37
+ end
38
+
39
+ # Supported Method Parameters::
40
+ # PWN::Plugins::NexposeVulnScan.list_all_individual_site_assets(
41
+ # nsc_obj: 'required nsc_obj returned from login method',
42
+ # site_name: 'required Nexpose site name to update (case-sensitive)'
43
+ # )
44
+
45
+ public_class_method def self.list_all_individual_site_assets(opts = {})
46
+ nsc_obj = opts[:nsc_obj]
47
+ site_name = opts[:site_name]
48
+
49
+ site_id = -1
50
+ nsc_obj.list_sites.each do |site|
51
+ site_id = site.id if site.name == site_name
52
+ end
53
+
54
+ all_individual_site_assets_arr = []
55
+ if site_id > -1
56
+ @@logger.info("Listing All Assets from #{site_name} (site id: #{site_id}):")
57
+ nsc_obj.filter(Nexpose::Search::Field::SITE_ID, Nexpose::Search::Operator::IN, site_id).each do |asset|
58
+ @@logger.info("#{asset.id}|#{asset.ip}|#{asset.last_scan}")
59
+ all_individual_site_assets_arr.push(asset.ip)
60
+ end
61
+ else
62
+ @@logger.error("Site: #{site_name} Not Found. Please check the spelling and try again.")
63
+ end
64
+
65
+ all_individual_site_assets_arr
66
+ rescue StandardError => e
67
+ raise e
68
+ end
69
+
70
+ # Supported Method Parameters::
71
+ # PWN::Plugins::NexposeVulnScan.update_site_assets(
72
+ # nsc_obj: 'required nsc_obj returned from login method',
73
+ # site_name: 'required Nexpose site name to update (case-sensitive),
74
+ # assets: 'required array of hashes containing called :ip => values being IP address (All IPs not included in the :assets parameter will be removed from Nexpose)'
75
+ # )
76
+
77
+ public_class_method def self.update_site_assets(opts = {})
78
+ nsc_obj = opts[:nsc_obj]
79
+ site_name = opts[:site_name]
80
+ assets = opts[:assets]
81
+
82
+ nsc_obj.list_sites.each do |site|
83
+ next unless site.name == site_name
84
+
85
+ # Load Site
86
+ site_id = site.id
87
+ refresh_site = Nexpose::Site.load(nsc_obj, site_id)
88
+
89
+ # Obtain Current List of Assets for Given Site & Remove Old List of Assets from Given Site (if applicable)
90
+ @@logger.info('Removing the Following Assets:')
91
+ current_site_assets = nsc_obj.filter(Nexpose::Search::Field::SITE_ID, Nexpose::Search::Operator::IN, site_id)
92
+ new_site_assets = []
93
+ assets.each { |ip_host_hash| new_site_assets.push(ip_host_hash[:ip].to_s.scrub.strip.chomp) }
94
+ current_site_assets.each do |current_site_asset|
95
+ next if new_site_assets.include?(current_site_asset.ip)
96
+
97
+ @@logger.info("Removing #{current_site_asset.ip}")
98
+ # refresh_site.remove_included_asset(current_asset) # This should work and be less invasive but no worky :(
99
+ nsc_obj.delete_asset(current_site_asset.id) # So we completely remove the asset from Nexpose altogether :/
100
+ end
101
+ @@logger.info('Complete.')
102
+
103
+ # Add New List of Assets to Given Site
104
+ @@logger.info("Adding the Following Assets to #{site.name} (site id: #{site_id}):")
105
+ assets.each do |ip_host_hash|
106
+ current_ip = IPAddr.new(ip_host_hash[:ip].to_s.scrub.strip.chomp)
107
+ unless current_ip.to_s.match?('255') # || current_ip =~ /^[224-239]/ # Multicast?
108
+ # TODO: try to reverse DNS word to see if an IP s available as well
109
+ @@logger.info("Adding #{current_ip}")
110
+ refresh_site.include_asset(current_ip)
111
+ end
112
+ rescue StandardError
113
+ next
114
+ end
115
+ refresh_site.save(nsc_obj)
116
+ @@logger.info('Complete.')
117
+ end
118
+
119
+ nsc_obj
120
+ rescue StandardError => e
121
+ raise e
122
+ end
123
+
124
+ # Supported Method Parameters::
125
+ # PWN::Plugins::NexposeVulnScan.delete_site_assets_older_than(
126
+ # nsc_obj: 'required nsc_obj returned from login method',
127
+ # site_name: 'required Nexpose site name to update (case-sensitive),
128
+ # days: 'required assets to remove older than number of days in this parameter'
129
+ # )
130
+
131
+ public_class_method def self.delete_site_assets_older_than(opts = {})
132
+ nsc_obj = opts[:nsc_obj]
133
+ site_name = opts[:site_name]
134
+ days = opts[:days].to_i
135
+
136
+ site_id = -1
137
+ nsc_obj.list_sites.each do |site|
138
+ site_id = site.id if site.name == site_name
139
+ end
140
+
141
+ if site_id > -1
142
+ @@logger.info("Removing the Following Assets from #{site.name} (site id: #{site_id}) Older than #{days} Days:")
143
+ nsc_obj.filter(Nexpose::Search::Field::SCAN_DATE, Nexpose::Search::Operator::EARLIER_THAN, days).each do |asset|
144
+ if asset.site_id == site_id
145
+ @@logger.info("#{asset.id}|#{asset.ip}|#{asset.last_scan}")
146
+ nsc_obj.delete_asset(asset.id)
147
+ end
148
+ end
149
+ else
150
+ @@logger.error("Site: #{site_name} Not Found. Please check the spelling and try again.")
151
+ end
152
+
153
+ nsc_obj
154
+ rescue StandardError => e
155
+ raise e
156
+ end
157
+
158
+ # Supported Method Parameters::
159
+ # PWN::Plugins::NexposeVulnScan.scan_site_by_name(
160
+ # nsc_obj: 'required nsc_obj returned from login method',
161
+ # site_name: 'required Nexpose site name to scan (case-sensitive),
162
+ # poll_interval: 'optional poll interval to check the completion status of the scan (defaults to 3 minutes)
163
+ # )
164
+
165
+ public_class_method def self.scan_site_by_name(opts = {})
166
+ nsc_obj = opts[:nsc_obj]
167
+ site_name = opts[:site_name].to_s
168
+ site_id = nil
169
+
170
+ poll_interval = if opts[:poll_interval].nil?
171
+ 60
172
+ else
173
+ opts[:poll_interval].to_i
174
+ end
175
+
176
+ # Find the site and kick off the scan
177
+ nsc_obj.list_sites.each do |site|
178
+ next unless site.name == site_name
179
+
180
+ nsc_obj.scan_site(site.id)
181
+ @@logger.info("Scan Started for #{site_name} @ #{Time.now.strftime('%Y-%m-%d %H:%M:%S')}")
182
+ site_id = site.id
183
+ end
184
+
185
+ # Periodically check the status of the scan
186
+ raise @logger.error("Site name: #{site_name} does not exist as a site in Nexpose. Please check your spelling and try again.") if site_id == ''
187
+
188
+ @@logger.info("Info: Checking status for an interval of #{poll_interval} seconds until completion.")
189
+ loop do
190
+ scan_status = nil
191
+ nsc_obj.scan_activity.each { |scan| scan_status = scan.status if scan.site_id == site_id }
192
+ if scan_status == 'running'
193
+ print '~' # Seeing progress is good :)
194
+ sleep poll_interval # Sleep and check the status again...
195
+ else
196
+ @@logger.info("Scan Completed for #{site_name} @ #{Time.now.strftime('%Y-%m-%d %H:%M:%S')}")
197
+ break
198
+ end
199
+ end
200
+
201
+ nsc_obj
202
+ rescue StandardError => e
203
+ raise e
204
+ end
205
+
206
+ # Supported Method Parameters::
207
+ # PWN::Plugins::NexposeVulnScan.generate_report_via_existing_config(
208
+ # nsc_obj: 'required nsc_obj returned from login method',
209
+ # config_id: 'relevant r.config_id returned when invoking the block nsc_obj.reports.each {|r| puts "#{r.name} => #{r.config_id}"}',
210
+ # )
211
+
212
+ public_class_method def self.generate_report_via_existing_config(opts = {})
213
+ nsc_obj = opts[:nsc_obj]
214
+ config_id = opts[:config_id].to_i
215
+
216
+ existing_report_config = Nexpose::ReportConfig.load(nsc_obj, config_id)
217
+ existing_report_config.generate(nsc_obj)
218
+
219
+ nsc_obj
220
+ rescue StandardError => e
221
+ raise e
222
+ end
223
+
224
+ # Supported Method Parameters::
225
+ # PWN::Plugins::NexposeVulnScan.download_recurring_report(
226
+ # nsc_obj: 'required nsc_obj returned from login method',
227
+ # report_names: 'required array of report name/types to generate e.g. ["report.html", "report.pdf", "report.xml"]',
228
+ # poll_interval: 'optional poll interval to check the completion status of report generation (defaults to 60 seconds)
229
+ # )
230
+
231
+ public_class_method def self.download_recurring_report(opts = {})
232
+ nsc_obj = opts[:nsc_obj]
233
+ report_names = opts[:report_names].to_s.scrub.split(',')
234
+ @@logger.info("Generating #{report_names.count} Report(s): #{report_names.inspect}...")
235
+
236
+ poll_interval = if opts[:poll_interval].nil?
237
+ 60
238
+ else
239
+ opts[:poll_interval].to_i
240
+ end
241
+
242
+ report_arr = []
243
+ report_status_arr = []
244
+ until report_status_arr.count == report_names.count
245
+ nsc_obj.reports.each do |report|
246
+ report_names.each do |requested_report|
247
+ this_report_name = requested_report.to_s.strip.chomp.delete('"')
248
+ next unless report.name == this_report_name
249
+
250
+ @@logger.info("Generating Recurring Report: #{report.name} @ #{Time.now.strftime('%Y-%m-%d %H:%M:%S')}..Current Report Status: #{report.status}")
251
+ if report.status == 'Failed'
252
+ @@logger.info("Report Generation for #{report.name} failed...re-generating now...")
253
+ # Re-generate report from pre-existing config.
254
+ nsc_obj = generate_report_via_existing_config(nsc_obj: nsc_obj, config_id: report.config_id)
255
+ end
256
+
257
+ report_hash = {}
258
+ report_hash[:report_name] = report.name
259
+ report_hash[:report_status] = report.status
260
+ report_hash[:report_uri] = report.uri
261
+ report_arr.push(report_hash)
262
+ report_status_arr = report_arr.uniq.select { |this_report| this_report[:report_status] == 'Generated' }
263
+ end
264
+ end
265
+ # TODO: Ensure report_names are available within nsc_obj.reports (thus making it worthwhile to loop vs saying report !found).
266
+ @@logger.info("Total Reports Generated So Far: #{report_status_arr.count}...")
267
+ sleep poll_interval # Sleep and check the status again...
268
+ end
269
+
270
+ # @@logger.info(report_arr.inspect)
271
+ # @@logger.info(report_status_arr.inspect)
272
+ report_status_arr.each do |report_hash|
273
+ this_file_extention = File.extname(report_hash[:report_uri])
274
+ @@logger.info("\nDownloading #{report_hash[:report_name]}#{this_file_extention} from #{report_hash[:report_uri]}...")
275
+ nsc_obj.download(report_hash[:report_uri], "#{report_hash[:report_name]}#{this_file_extention}")
276
+ end
277
+ @@logger.info('complete.')
278
+
279
+ nsc_obj
280
+ rescue StandardError => e
281
+ raise e
282
+ end
283
+
284
+ # Supported Method Parameters::
285
+ # PWN::Plugins::NexposeVulnScan.logout(
286
+ # nsc_obj: 'required nsc_obj returned from login method'
287
+ # )
288
+
289
+ public_class_method def self.logout(opts = {})
290
+ nsc_obj = opts[:nsc_obj]
291
+
292
+ # config = Nexpose::Console.load(nsc_obj)
293
+ # config.session_timeout = 600 # This is the default session timeout in the console
294
+ # config.save(nsc_obj) # This will change the global sesion timeout config in the console
295
+ nsc_obj.logout
296
+ 'logged out'
297
+ rescue StandardError => e
298
+ raise e
299
+ end
300
+
301
+ # Author(s):: Jacob Hoopes <jake.hoopes@gmail.com>
302
+
303
+ public_class_method def self.authors
304
+ "AUTHOR(S):
305
+ Jacob Hoopes <jake.hoopes@gmail.com>
306
+ "
307
+ end
308
+
309
+ # Display Usage for this Module
310
+
311
+ public_class_method def self.help
312
+ puts "USAGE:
313
+ nsc_obj = #{self}.login(
314
+ console_ip: 'required host/ip of Nexpose Console (server)',
315
+ username: 'required username',
316
+ password: 'optional password (will prompt if nil)'
317
+ )
318
+ puts nsc_obj.public_methods
319
+
320
+ all_individual_site_assets_arr = #{self}.list_all_individual_site_assets(
321
+ nsc_obj: 'required nsc_obj returned from login method',
322
+ site_name: 'required Nexpose site name to update (case-sensitive)'
323
+ )
324
+
325
+ nsc_obj = #{self}.update_site_assets(
326
+ nsc_obj: 'required nsc_obj returned from login method',
327
+ site_name: 'required Nexpose site name to update (case-sensitive),
328
+ assets: 'required array of hashes containing called :ip => values being IP address (All IPs not included in the :assets parameter will be removed from Nexpose)'
329
+ )
330
+
331
+ nsc_obj = #{self}.delete_site_assets_older_than(
332
+ nsc_obj: 'required nsc_obj returned from login method',
333
+ site_name: 'required Nexpose site name to update (case-sensitive),
334
+ days: 'required assets to remove older than number of days in this parameter'
335
+ )
336
+
337
+ nsc_obj = #{self}.scan_site_by_name(
338
+ nsc_obj: 'required nsc_obj returned from login method',
339
+ site_name: 'required Nexpose site name to scan (case-sensitive),
340
+ poll_interval: 'optional poll interval to check the completion status of the scan (defaults to 60 seconds)
341
+ )
342
+
343
+ #{self}.download_recurring_report(
344
+ nsc_obj: 'required nsc_obj returned from login method',
345
+ report_names: 'required array of report name/types to generate e.g. ['report.html', 'report.pdf', 'report.xml']',
346
+ poll_interval: 'optional poll interval to check the completion status of report generation (defaults to 60 seconds)
347
+ )
348
+
349
+ #{self}.logout(nsc_obj: 'required nsc_obj returned from login method')
350
+
351
+ #{self}.authors
352
+ "
353
+ end
354
+ end
355
+ end
356
+ end