pwn 0.4.383 → 0.4.386

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e108fb65ae9052eeb2d7adec80706eebddd3493cd2766dd00b3210cee62aa9c4
-  data.tar.gz: 6259072fa3b503007c058b8150848c73b74d2d85d72c88c821e612ee83d2a4cb
+  metadata.gz: d9b485665b5ab58c1b6a395b6a3612ad1d9d0674d4f20a1243c7b76eb1995595
+  data.tar.gz: 5ff53b97446a9c0face611d86bf3e328cb424a832b9136e6d2ecb64c821a3bac
 SHA512:
-  metadata.gz: 7b44e2ed665b2e524b9afe56cfdc75fe17dfd52b28dafdac938714a2ea64cc51ce7c673a5549d8f5e308ef3e650471aee89d922fd3de8c98ff352303fa79b2ef
-  data.tar.gz: 7ebfbd4af956e56a361cab6f19478568edb2cbc5254e5bb592e129fff2847ef58f0c6700d7e1daa7161d9c65ddd287890c65e643f5464443ed94b1dfca754f9b
+  metadata.gz: 2c8aed63d10f28f5f80326e94df77d21192db771bc8f326006c496a2968d079be1d0a445a1a8dd7f9a38fe35fe70746edbb8538e0acd74d71124aa775fe1cac0
+  data.tar.gz: 8d3fa53f9340dedbfc147e2a0d61520180f382b69ab41b42363b51fea34500e67f4afdf8ce6ff63162b8d2a5e1cc898a96ef845ab89fba243d5462e0a9a1c1d2

data/Gemfile

@@ -34,7 +34,7 @@ gem 'jsonpath', '1.1.0'
 gem 'jwt', '2.3.0'
 gem 'luhn', '1.0.2'
 gem 'mail', '2.7.1'
-gem 'mongo', '2.17.0'
+gem 'mongo', '2.17.1'
 gem 'msfrpc-client', '1.1.2'
 gem 'net-ldap', '0.17.0'
 gem 'net-openvpn', '0.8.7'
@@ -45,7 +45,7 @@ gem 'oily_png', '1.2.1'
 gem 'os', '1.1.4'
 gem 'packetfu', '1.1.13'
 gem 'pdf-reader', '2.9.2'
-gem 'pg', '1.3.4'
+gem 'pg', '1.3.5'
 gem 'pry', '0.14.1'
 gem 'pry-doc', '1.3.0'
 gem 'rake', '13.0.6'
@@ -65,7 +65,7 @@ gem 'ruby-nmap', '0.10.0'
 gem 'ruby-saml', '1.14.0'
 gem 'rvm', '1.11.3.9'
 gem 'savon', '2.12.1'
-gem 'selenium-devtools', '0.99.1'
+gem 'selenium-devtools', '0.100.0'
 gem 'serialport', '1.3.2'
 gem 'sinatra', '2.2.0'
 gem 'slack-ruby-client', '1.0.0'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.1@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.383]:001 >>> PWN.help
+pwn[v0.4.386]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.383]:001 >>> PWN.help
+pwn[v0.4.386]:001 >>> PWN.help
 ```
 
 

data/bin/pwn_domain_reversewhois

@@ -66,7 +66,7 @@ begin
   browser_obj.goto('https://domainbigdata.com')
 
   # Type Registrant Filter in Char-by-Char to Ensure Everyone is Happy ;)
-  PWN::Plugins::TransparentBrowser.type_as_human(q: registrant_filter) do |char|
+  PWN::Plugins::TransparentBrowser.type_as_human(string: registrant_filter) do |char|
     browser_obj.text_field(id: 'txtSearchTopPage').wait_until(&:present?).send_keys(char)
   end
   browser_obj.button(id: 'btnTopSearch').wait_until(&:present?).click

data/lib/pwn/plugins/transparent_browser.rb

@@ -5,6 +5,7 @@ require 'selenium/webdriver'
 require 'selenium/devtools'
 require 'rest-client'
 require 'socksify'
+require 'openssl'
 require 'em/pure_ruby'
 require 'faye/websocket'
 
@@ -260,12 +261,12 @@ module PWN
 
       # Supported Method Parameters::
       # PWN::Plugins::TransparentBrowser.type_as_human(
-      #   q: 'required - query string to randomize',
+      #   string: 'required - string to type as human',
       #   rand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'
       # )
 
       public_class_method def self.type_as_human(opts = {})
-        query_string = opts[:q].to_s
+        string = opts[:string].to_s
 
         rand_sleep_float = if opts[:rand_sleep_float]
                              opts[:rand_sleep_float].to_f
@@ -273,7 +274,7 @@ module PWN
                              0.09
                            end
 
-        query_string.each_char do |char|
+        string.each_char do |char|
           yield char
           sleep Random.rand(rand_sleep_float)
         end
@@ -317,30 +318,92 @@ module PWN
             with_devtools: 'optional - boolean (defaults to false)'
           )
           puts browser_obj1.public_methods
-          * Only works w/ Chrome
+
+          ********************************************************
+          * DevTools Interaction Only works w/ Chrome
           * All DevTools Commands can be found here:
           * https://chromedevtools.github.io/devtools-protocol/
+          * Examples
           devtools = browser_obj1.driver.devtools
           puts devtools.public_methods
           puts devtools.instance_variables
           puts devtools.instance_variable_get('@messages')
+
+          * Tracing
           devtools.send_cmd('Tracing.start')
           devtools.send_cmd('Tracing.requestMemoryDump')
           devtools.send_cmd('Tracing.end')
           puts devtools.instance_variable_get('@messages')
+
+          * Network
           devtools.send_cmd('Network.enable')
-          last_ws_resp = devtools.instance_variable_get('@messages').last if devtools.instance_variable_get('@messages')['method'] == 'Network.webSocketFrameReceived'
+          last_ws_resp = devtools.instance_variable_get('@messages').last if devtools.instance_variable_get('@messages').last['method'] == 'Network.webSocketFrameReceived'
           puts last_ws_resp
           devtools.send_cmd('Network.disable')
 
+          * Debugging DOM and Sending JavaScript to Console
+          devtools.send_cmd('Runtime.enable')
+          devtools.send_cmd('Console.enable')
+          devtools.send_cmd('DOM.enable')
+          devtools.send_cmd('Page.enable')
+          devtools.send_cmd('Log.enable')
+          devtools.send_cmd('Debugger.enable')
+          devtools.send_cmd('Debugger.pause')
+          step = 1
+          next_step = 60
+          loop do
+            devtools.send_cmd('Console.clearMessages')
+            devtools.send_cmd('Log.clear')
+            console_events = []
+            b.driver.on_log_event(:console) { |event| console_events.push(event) }
+
+            devtools.send_cmd('Debugger.stepInto')
+            puts \"Step: \#{step}\"
+
+            this_document = devtools.send_cmd('DOM.getDocument')
+            puts \"This #document:\\n\#{this_document}\\n\\n\\n\"
+
+            console_cmd = {
+              expression: 'for(var pop_var in window) { if (window.hasOwnProperty(pop_var) && window[pop_var] != null) console.log(pop_var + \" = \" + window[pop_var]); }'
+            }
+            puts devtools.send_cmd('Runtime.evaluate', **console_cmd)
+
+            print '-' * 180
+            print \"\\n\"
+            console_events.each do |event|
+              puts event.args
+            end
+            puts \"Console Response Length: \#{console_events.length}\"
+            console_events_digest = OpenSSL::Digest::SHA256.hexdigest(
+              console_events.inspect
+            )
+            puts \"Console Events Array SHA256 Digest: \#{console_events_digest}\"
+            print '-' * 180
+            puts \"\\n\\n\\n\"
+
+            print \"Next Step in \"
+            next_step.downto(1) {|n| print \"\#{n} \"; sleep 1 }
+            puts 'READY!'
+            step += 1
+          end
+
+          devtools.send_cmd('Debugger.disable')
+          devtools.send_cmd('Log.disable')
+          devtools.send_cmd('Page.disable')
+          devtools.send_cmd('DOM.disable')
+          devtools.send_cmd('Console.disable')
+          devtools.send_cmd('Runtime.disable')
+          * End of DevTools Examples
+          ********************************************************
+
           browser_obj1 = #{self}.linkout(
             browser_obj: 'required - browser_obj returned from #open method)'
           )
 
           #{self}.type_as_human(
-            q: 'required - query string to randomize',
+            string: 'required - string to type as human',
             rand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'
-          ) {|char| browser_obj1.text_field(name: \"q\").send_keys(char) }
+          ) {|char| browser_obj1.text_field(name: \"search\").send_keys(char) }
 
           browser_obj1 = #{self}.close(
             browser_obj: 'required - browser_obj returned from #open method)'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.383'
+  VERSION = '0.4.386'
 end

data/lib/pwn/www/coinbase_pro.rb

@@ -0,0 +1,135 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+module PWN
+  module WWW
+    # This plugin supports tradingview.com actions.
+    module CoinbasePro
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.open(
+      #   browser_type: 'optional - :firefox|:chrome|:ie|:headless (Defaults to :firefox)',
+      #   proxy: 'optional - scheme://proxy_host:port',
+      #   with_tor: 'optional - boolean (defaults to false)'
+      # )
+
+      public_class_method def self.open(opts = {})
+        browser_obj = PWN::Plugins::TransparentBrowser.open(opts)
+
+        browser_obj.goto('https://pro.coinbase.com')
+
+        browser_obj
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.login(
+      #   browser_obj: 'required - browser_obj returned from #open method',
+      #   username: 'required - username',
+      #   password: 'optional - passwd (will prompt if blank)'
+      # )
+
+      public_class_method def self.login(opts = {})
+        browser_obj = opts[:browser_obj]
+        username = opts[:username].to_s.scrub.strip.chomp
+        password = opts[:password]
+
+        if password.nil?
+          password = PWN::Plugins::AuthenticationHelper.mask_password
+        else
+          password = opts[:password].to_s.scrub.strip.chomp
+        end
+        mfa = opts[:mfa]
+
+        browser_obj.goto('https://pro.coinbase.com')
+
+        # In case window is really small,
+        # click on hamburger menu
+        browser_obj.div(index: 9).click if browser_obj.div(index: 9).visible?
+        browser_obj.span(text: 'Sign in').wait_until(&:present?).click
+        browser_obj.text_field(name: 'email').wait_until(&:present?).set(username)
+        browser_obj.text_field(name: 'password').wait_until(&:present?).set(password)
+        browser_obj.button(text: 'Sign In').click!
+
+        if mfa
+          until browser_obj.url.include?('https://pro.coinbase.com')
+            browser_obj.text_field(name: 'token').wait_until(&:present?).set(PWN::Plugins::AuthenticationHelper.mfa(prompt: 'enter mfa token'))
+            browser_obj.button(text: 'Verify').click!
+            sleep 3
+          end
+          print "\n"
+        end
+
+        browser_obj
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.logout(
+      #   browser_obj: 'required - browser_obj returned from #open method'
+      # )
+
+      public_class_method def self.logout(opts = {})
+        browser_obj = opts[:browser_obj]
+        browser_obj.goto('https://pro.coinbase.com/signout')
+
+        browser_obj
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.close(
+      #   browser_obj: 'required - browser_obj returned from #open method'
+      # )
+
+      public_class_method def self.close(opts = {})
+        browser_obj = opts[:browser_obj]
+        PWN::Plugins::TransparentBrowser.close(
+          browser_obj: browser_obj
+        )
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          browser_obj = #{self}.open(
+            browser_type: 'optional - :firefox|:chrome|:ie|:headless (Defaults to :firefox)',
+            proxy: 'optional - scheme://proxy_host:port',
+            with_tor: 'optional - boolean (defaults to false)'
+          )
+          puts browser_obj.public_methods
+
+          browser_obj = #{self}.login(
+            browser_obj: 'required - browser_obj returned from #open method',
+            username: 'required - username',
+            password: 'optional - passwd (will prompt if blank),
+          )
+
+          browser_obj = #{self}.logout(
+            browser_obj: 'required - browser_obj returned from #open method'
+          )
+
+          #{self}.close(
+            browser_obj: 'required - browser_obj returned from #open method'
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/www.rb

@@ -9,6 +9,7 @@ module PWN
     autoload :Bing, 'pwn/www/bing'
     autoload :BugCrowd, 'pwn/www/bug_crowd'
     autoload :Checkip, 'pwn/www/checkip.rb'
+    autoload :CoinbasePro, 'pwn/www/coinbase_pro.rb'
     autoload :Duckduckgo, 'pwn/www/duckduckgo'
     autoload :Facebook, 'pwn/www/facebook'
     autoload :Google, 'pwn/www/google'

data/spec/lib/pwn/www/coinbase_pro_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::WWW::CoinbasePro do
+  it 'should display information for authors' do
+    authors_response = PWN::WWW::CoinbasePro
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::WWW::CoinbasePro
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.383
+  version: 0.4.386
 platform: ruby
 authors:
 - 0day Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-29 00:00:00.000000000 Z
+date: 2022-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -310,14 +310,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.17.0
+        version: 2.17.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.17.0
+        version: 2.17.1
 - !ruby/object:Gem::Dependency
   name: msfrpc-client
   requirement: !ruby/object:Gem::Requirement
@@ -464,14 +464,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -744,14 +744,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.99.1
+        version: 0.100.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.99.1
+        version: 0.100.0
 - !ruby/object:Gem::Dependency
   name: serialport
   requirement: !ruby/object:Gem::Requirement
@@ -1539,6 +1539,7 @@ files:
 - lib/pwn/www/bing.rb
 - lib/pwn/www/bug_crowd.rb
 - lib/pwn/www/checkip.rb
+- lib/pwn/www/coinbase_pro.rb
 - lib/pwn/www/duckduckgo.rb
 - lib/pwn/www/facebook.rb
 - lib/pwn/www/google.rb
@@ -1823,6 +1824,7 @@ files:
 - spec/lib/pwn/www/bing_spec.rb
 - spec/lib/pwn/www/bug_crowd.rb
 - spec/lib/pwn/www/checkip_spec.rb
+- spec/lib/pwn/www/coinbase_pro_spec.rb
 - spec/lib/pwn/www/duckduckgo_spec.rb
 - spec/lib/pwn/www/facebook_spec.rb
 - spec/lib/pwn/www/google_spec.rb
@@ -2083,6 +2085,7 @@ test_files:
 - spec/lib/pwn/www/bing_spec.rb
 - spec/lib/pwn/www/bug_crowd.rb
 - spec/lib/pwn/www/checkip_spec.rb
+- spec/lib/pwn/www/coinbase_pro_spec.rb
 - spec/lib/pwn/www/duckduckgo_spec.rb
 - spec/lib/pwn/www/facebook_spec.rb
 - spec/lib/pwn/www/google_spec.rb