pwn 0.4.382 → 0.4.385
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -5
- data/bin/pwn_autoinc_version +7 -5
- data/bin/pwn_domain_reversewhois +1 -1
- data/lib/pwn/plugins/transparent_browser.rb +70 -7
- data/lib/pwn/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 75736869902b7c6f459eba755d600c32701d7dbc7195aaf9d38219575fbf3f03
|
4
|
+
data.tar.gz: 47e399e9a118b2213dcc69273b8c21ecd9d57e2954c36cc90abb0dd9767ec1fb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c24ab122a7f3973a06b53593e3da3fe2ff230afcfd379f0fcfd07150ef1a5abe7f16b7158d1ff26b19b6f0b9ca04241740d0a052f02a08ab2d49ddb65bebc863
|
7
|
+
data.tar.gz: e33a0711c81d27e1889038d8fbde16a564bd179d6f0f49a277f8a457c0ae57d05d37afd808b93dd4a7e715a009f59e36537ee71e41d87b79a958b0ab8cff19a2
|
data/README.md
CHANGED
@@ -31,13 +31,13 @@ Leveraging various pre-built modules and the pwn prototyper, you can mix-and-mat
|
|
31
31
|
Tested on Linux, & OSX leveraging Ruby via RVM.
|
32
32
|
|
33
33
|
```
|
34
|
-
$ rvm use ruby
|
34
|
+
$ rvm use ruby-3.1.1@global
|
35
35
|
$ rvm gemset create pwn
|
36
|
-
$ rvm use ruby
|
36
|
+
$ rvm use ruby-3.1.1@pwn
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.385]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -48,11 +48,11 @@ pwn[v0.4.382]:001 >>> PWN.help
|
|
48
48
|
It's wise to update pwn often as numerous versions are released/week:
|
49
49
|
```
|
50
50
|
$ rvm list gemsets
|
51
|
-
$ rvm use ruby
|
51
|
+
$ rvm use ruby-3.1.1@pwn
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.385]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn_autoinc_version
CHANGED
@@ -38,15 +38,17 @@ File.open('./lib/pwn/version.rb', 'w') do |f|
|
|
38
38
|
end
|
39
39
|
|
40
40
|
# Update README.md
|
41
|
-
current_ruby_version = File.read(current_ruby).chomp
|
41
|
+
current_ruby_version = "ruby-#{File.read(current_ruby).chomp}"
|
42
42
|
old_readme_md = File.read(readme_md_path, encoding: 'utf-8')
|
43
|
+
pwn_regex = 'pwn\[v.+\..+\..+\]'
|
44
|
+
rb_regex = 'ruby-.+'
|
43
45
|
File.open(readme_md_path, 'w') do |file|
|
44
46
|
old_readme_md.each_line do |line|
|
45
|
-
if line.to_s.scrub.match?(/
|
46
|
-
line.to_s.scrub.match?(/
|
47
|
+
if line.to_s.scrub.match?(/#{pwn_regex}/) ||
|
48
|
+
line.to_s.scrub.match?(/#{rb_regex}/)
|
47
49
|
|
48
|
-
new_line = line.to_s.gsub(/pwn\[v#{old_rev}\]/, "pwn\[v#{new_rev}\]") if line.to_s.scrub.match?(/
|
49
|
-
new_line = line.to_s.gsub(/ruby-.+(?=(@))/, current_ruby_version) if line.to_s.scrub.match?(/
|
50
|
+
new_line = line.to_s.gsub(/pwn\[v#{old_rev}\]/, "pwn\[v#{new_rev}\]") if line.to_s.scrub.match?(/#{pwn_regex}/)
|
51
|
+
new_line = line.to_s.gsub(/ruby-.+(?=(@))/, current_ruby_version) if line.to_s.scrub.match?(/#{rb_regex}/)
|
50
52
|
|
51
53
|
file.puts new_line
|
52
54
|
else
|
data/bin/pwn_domain_reversewhois
CHANGED
@@ -66,7 +66,7 @@ begin
|
|
66
66
|
browser_obj.goto('https://domainbigdata.com')
|
67
67
|
|
68
68
|
# Type Registrant Filter in Char-by-Char to Ensure Everyone is Happy ;)
|
69
|
-
PWN::Plugins::TransparentBrowser.type_as_human(
|
69
|
+
PWN::Plugins::TransparentBrowser.type_as_human(string: registrant_filter) do |char|
|
70
70
|
browser_obj.text_field(id: 'txtSearchTopPage').wait_until(&:present?).send_keys(char)
|
71
71
|
end
|
72
72
|
browser_obj.button(id: 'btnTopSearch').wait_until(&:present?).click
|
@@ -5,6 +5,7 @@ require 'selenium/webdriver'
|
|
5
5
|
require 'selenium/devtools'
|
6
6
|
require 'rest-client'
|
7
7
|
require 'socksify'
|
8
|
+
require 'openssl'
|
8
9
|
require 'em/pure_ruby'
|
9
10
|
require 'faye/websocket'
|
10
11
|
|
@@ -260,12 +261,12 @@ module PWN
|
|
260
261
|
|
261
262
|
# Supported Method Parameters::
|
262
263
|
# PWN::Plugins::TransparentBrowser.type_as_human(
|
263
|
-
#
|
264
|
+
# string: 'required - string to type as human',
|
264
265
|
# rand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'
|
265
266
|
# )
|
266
267
|
|
267
268
|
public_class_method def self.type_as_human(opts = {})
|
268
|
-
|
269
|
+
string = opts[:string].to_s
|
269
270
|
|
270
271
|
rand_sleep_float = if opts[:rand_sleep_float]
|
271
272
|
opts[:rand_sleep_float].to_f
|
@@ -273,7 +274,7 @@ module PWN
|
|
273
274
|
0.09
|
274
275
|
end
|
275
276
|
|
276
|
-
|
277
|
+
string.each_char do |char|
|
277
278
|
yield char
|
278
279
|
sleep Random.rand(rand_sleep_float)
|
279
280
|
end
|
@@ -317,30 +318,92 @@ module PWN
|
|
317
318
|
with_devtools: 'optional - boolean (defaults to false)'
|
318
319
|
)
|
319
320
|
puts browser_obj1.public_methods
|
320
|
-
|
321
|
+
|
322
|
+
********************************************************
|
323
|
+
* DevTools Interaction Only works w/ Chrome
|
321
324
|
* All DevTools Commands can be found here:
|
322
325
|
* https://chromedevtools.github.io/devtools-protocol/
|
326
|
+
* Examples
|
323
327
|
devtools = browser_obj1.driver.devtools
|
324
328
|
puts devtools.public_methods
|
325
329
|
puts devtools.instance_variables
|
326
330
|
puts devtools.instance_variable_get('@messages')
|
331
|
+
|
332
|
+
* Tracing
|
327
333
|
devtools.send_cmd('Tracing.start')
|
328
334
|
devtools.send_cmd('Tracing.requestMemoryDump')
|
329
335
|
devtools.send_cmd('Tracing.end')
|
330
336
|
puts devtools.instance_variable_get('@messages')
|
337
|
+
|
338
|
+
* Network
|
331
339
|
devtools.send_cmd('Network.enable')
|
332
|
-
last_ws_resp = devtools.instance_variable_get('@messages').last if devtools.instance_variable_get('@messages')['method'] == 'Network.webSocketFrameReceived'
|
340
|
+
last_ws_resp = devtools.instance_variable_get('@messages').last if devtools.instance_variable_get('@messages').last['method'] == 'Network.webSocketFrameReceived'
|
333
341
|
puts last_ws_resp
|
334
342
|
devtools.send_cmd('Network.disable')
|
335
343
|
|
344
|
+
* Debugging DOM and Sending JavaScript to Console
|
345
|
+
devtools.send_cmd('Runtime.enable')
|
346
|
+
devtools.send_cmd('Console.enable')
|
347
|
+
devtools.send_cmd('DOM.enable')
|
348
|
+
devtools.send_cmd('Page.enable')
|
349
|
+
devtools.send_cmd('Network.enable')
|
350
|
+
devtools.send_cmd('Log.enable')
|
351
|
+
devtools.send_cmd('Debugger.enable')
|
352
|
+
devtools.send_cmd('Debugger.pause')
|
353
|
+
step = 1
|
354
|
+
next_step = 60
|
355
|
+
loop do
|
356
|
+
console_events = []
|
357
|
+
b.driver.on_log_event(:console) { |event| console_events.push(event) }
|
358
|
+
|
359
|
+
devtools.send_cmd('Debugger.stepInto')
|
360
|
+
puts \"Step: \#{step}\"
|
361
|
+
|
362
|
+
this_document = devtools.send_cmd('DOM.getDocument')
|
363
|
+
puts \"This #document:\\n\#{this_document}\\n\\n\\n\"
|
364
|
+
|
365
|
+
console_cmd = {
|
366
|
+
expression: 'for(var pop_var in window) { if (window.hasOwnProperty(pop_var) && window[pop_var] != null) console.log(pop_var + \" = \" + window[pop_var]); }'
|
367
|
+
}
|
368
|
+
puts devtools.send_cmd('Runtime.evaluate', **console_cmd)
|
369
|
+
|
370
|
+
print '-' * 180
|
371
|
+
print \"\\n\"
|
372
|
+
console_events.each do |event|
|
373
|
+
puts event.args
|
374
|
+
end
|
375
|
+
puts \"Console Response Length: \#{console_events.length}\"
|
376
|
+
console_events_digest = OpenSSL::Digest::SHA256.hexdigest(
|
377
|
+
console_events.inspect
|
378
|
+
)
|
379
|
+
puts \"Console Events Array SHA256 Digest: \#{console_events_digest}\"
|
380
|
+
print '-' * 180
|
381
|
+
puts \"\\n\\n\\n\"
|
382
|
+
|
383
|
+
print \"Next Step in \"
|
384
|
+
next_step.downto(1) {|n| print \"\#{n} \"; sleep 1 }
|
385
|
+
puts 'READY!'
|
386
|
+
step += 1
|
387
|
+
end
|
388
|
+
|
389
|
+
devtools.send_cmd('Debugger.disable')
|
390
|
+
devtools.send_cmd('Log.disable')
|
391
|
+
devtools.send_cmd('Network.disable')
|
392
|
+
devtools.send_cmd('Page.disable')
|
393
|
+
devtools.send_cmd('DOM.disable')
|
394
|
+
devtools.send_cmd('Console.disable')
|
395
|
+
devtools.send_cmd('Runtime.disable')
|
396
|
+
* End of DevTools Examples
|
397
|
+
********************************************************
|
398
|
+
|
336
399
|
browser_obj1 = #{self}.linkout(
|
337
400
|
browser_obj: 'required - browser_obj returned from #open method)'
|
338
401
|
)
|
339
402
|
|
340
403
|
#{self}.type_as_human(
|
341
|
-
|
404
|
+
string: 'required - string to type as human',
|
342
405
|
rand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'
|
343
|
-
) {|char| browser_obj1.text_field(name: \"
|
406
|
+
) {|char| browser_obj1.text_field(name: \"search\").send_keys(char) }
|
344
407
|
|
345
408
|
browser_obj1 = #{self}.close(
|
346
409
|
browser_obj: 'required - browser_obj returned from #open method)'
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.385
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-03-
|
11
|
+
date: 2022-03-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|