pwn 0.4.384 → 0.4.387

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01e5e3df0ac88dc250a1802ee64b5cc2f86b5914a629b73962248d834edac063
-  data.tar.gz: 3addee02b1cb5672ad73d9fcb37034e728411fa61285f5d489c58fe2d56cd505
+  metadata.gz: 69e0d57c1556e5adb3cfd5afe9c38f43dcf4158ec0dea58b76b05dade6124818
+  data.tar.gz: 28d847dcf1306254508beb5bed47486762d5051d0251586738619ee443d1fe8b
 SHA512:
-  metadata.gz: 75b5d00ca3d50dc0047f57cea1fcf192fae4fdf25c25ba3432118e93f0346437bd64eb7d6dc78f7b5b10fb6b057914a8cd630f586a6d58c9e4d56b899b546234
-  data.tar.gz: 74f07a6e5fce1dfa28a1e2bf67f59d71f007bfad73e2c3098a9b0931a9ff7fdaa0b06b559a9305c9378eff33361893af238e2e3e83562b6b7ed6f410afaa2222
+  metadata.gz: a581d275147b239b3b022fdcfb2b436acb3e2bd70489bb59fffc03522645539440d07218c3a8d4502b8015a23e70a3329670ad62d298d57cdc485e0cf1cc4c4c
+  data.tar.gz: 1575cebddfe1b9d9667afc53f1de79c26e633721c0688c6638dc53eac856e1636f2ea16ebede288a714c5d0c93eb2982ca67d65befbb106458ed6eb6c2807df6

data/Gemfile

@@ -34,7 +34,7 @@ gem 'jsonpath', '1.1.0'
 gem 'jwt', '2.3.0'
 gem 'luhn', '1.0.2'
 gem 'mail', '2.7.1'
-gem 'mongo', '2.17.0'
+gem 'mongo', '2.17.1'
 gem 'msfrpc-client', '1.1.2'
 gem 'net-ldap', '0.17.0'
 gem 'net-openvpn', '0.8.7'
@@ -45,8 +45,9 @@ gem 'oily_png', '1.2.1'
 gem 'os', '1.1.4'
 gem 'packetfu', '1.1.13'
 gem 'pdf-reader', '2.9.2'
-gem 'pg', '1.3.4'
+gem 'pg', '1.3.5'
 gem 'pry', '0.14.1'
+gem 'pry-bond', '0.0.1'
 gem 'pry-doc', '1.3.0'
 gem 'rake', '13.0.6'
 gem 'rb-readline', '0.5.5'
@@ -65,7 +66,7 @@ gem 'ruby-nmap', '0.10.0'
 gem 'ruby-saml', '1.14.0'
 gem 'rvm', '1.11.3.9'
 gem 'savon', '2.12.1'
-gem 'selenium-devtools', '0.99.1'
+gem 'selenium-devtools', '0.100.0'
 gem 'serialport', '1.3.2'
 gem 'sinatra', '2.2.0'
 gem 'slack-ruby-client', '1.0.0'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.1@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.384]:001 >>> PWN.help
+pwn[v0.4.387]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.384]:001 >>> PWN.help
+pwn[v0.4.387]:001 >>> PWN.help
 ```
 
 

data/bin/pwn

@@ -3,6 +3,7 @@
 
 require 'pwn'
 require 'pry'
+require 'pry_bond'
 require 'tty-prompt'
 require 'tty-reader'
 

data/bin/pwn_domain_reversewhois

@@ -66,7 +66,7 @@ begin
   browser_obj.goto('https://domainbigdata.com')
 
   # Type Registrant Filter in Char-by-Char to Ensure Everyone is Happy ;)
-  PWN::Plugins::TransparentBrowser.type_as_human(q: registrant_filter) do |char|
+  PWN::Plugins::TransparentBrowser.type_as_human(string: registrant_filter) do |char|
     browser_obj.text_field(id: 'txtSearchTopPage').wait_until(&:present?).send_keys(char)
   end
   browser_obj.button(id: 'btnTopSearch').wait_until(&:present?).click

data/lib/pwn/plugins/transparent_browser.rb

@@ -5,6 +5,7 @@ require 'selenium/webdriver'
 require 'selenium/devtools'
 require 'rest-client'
 require 'socksify'
+require 'openssl'
 require 'em/pure_ruby'
 require 'faye/websocket'
 
@@ -104,6 +105,9 @@ module PWN
           this_profile['download.default_directory'] = '~/Downloads'
 
           switches = []
+          switches.push('--start-maximized')
+          switches.push('--disable-notifications')
+
           if proxy
             switches.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{URI(proxy).host}'") if with_tor
             switches.push("--proxy-server=#{proxy}")
@@ -186,7 +190,10 @@ module PWN
           this_profile['download.default_directory'] = '~/Downloads'
 
           switches = []
-          switches.push('-headless')
+          switches.push('--headless')
+          switches.push('--start-maximized')
+          switches.push('--disable-notifications')
+
           if proxy
             switches.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{URI(proxy).host}'") if with_tor
             switches.push("--proxy-server=#{proxy}")
@@ -260,12 +267,12 @@ module PWN
 
       # Supported Method Parameters::
       # PWN::Plugins::TransparentBrowser.type_as_human(
-      #   q: 'required - query string to randomize',
+      #   string: 'required - string to type as human',
       #   rand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'
       # )
 
       public_class_method def self.type_as_human(opts = {})
-        query_string = opts[:q].to_s
+        string = opts[:string].to_s
 
         rand_sleep_float = if opts[:rand_sleep_float]
                              opts[:rand_sleep_float].to_f
@@ -273,7 +280,7 @@ module PWN
                              0.09
                            end
 
-        query_string.each_char do |char|
+        string.each_char do |char|
           yield char
           sleep Random.rand(rand_sleep_float)
         end
@@ -342,32 +349,55 @@ module PWN
 
           * Debugging DOM and Sending JavaScript to Console
           devtools.send_cmd('Runtime.enable')
+          devtools.send_cmd('Console.enable')
           devtools.send_cmd('DOM.enable')
+          devtools.send_cmd('Page.enable')
           devtools.send_cmd('Log.enable')
           devtools.send_cmd('Debugger.enable')
           devtools.send_cmd('Debugger.pause')
-          console_cmd = {
-            expression: 'console.log(global);'
-          }
           step = 1
+          next_step = 60
           loop do
+            devtools.send_cmd('Console.clearMessages')
+            devtools.send_cmd('Log.clear')
+            console_events = []
+            b.driver.on_log_event(:console) { |event| console_events.push(event) }
+
             devtools.send_cmd('Debugger.stepInto')
             puts \"Step: \#{step}\"
-            this_call = devtools.instance_variable_get('@messages').last['params']['callFrames'].last if devtools.instance_variable_get('@messages').last['method'] == 'Debugger.paused'
-            puts \"Function Name: \#{this_call['functionName']}\"
+
             this_document = devtools.send_cmd('DOM.getDocument')
             puts \"This #document:\\n\#{this_document}\\n\\n\\n\"
 
-            this_global = devtools.send_cmd(
-              'Runtime.evaluate',
-              **console_cmd
-            )
-            puts \"This #global:\\n\#{this_global}\\n\\n\\n\"
+            console_cmd = {
+              expression: 'for(var pop_var in window) { if (window.hasOwnProperty(pop_var) && window[pop_var] != null) console.log(pop_var + \" = \" + window[pop_var]); }'
+            }
+            puts devtools.send_cmd('Runtime.evaluate', **console_cmd)
 
-            sleep 9
+            print '-' * 180
+            print \"\\n\"
+            console_events.each do |event|
+              puts event.args
+            end
+            puts \"Console Response Length: \#{console_events.length}\"
+            console_events_digest = OpenSSL::Digest::SHA256.hexdigest(
+              console_events.inspect
+            )
+            puts \"Console Events Array SHA256 Digest: \#{console_events_digest}\"
+            print '-' * 180
+            puts \"\\n\\n\\n\"
+
+            print \"Next Step in \"
+            next_step.downto(1) {|n| print \"\#{n} \"; sleep 1 }
+            puts 'READY!'
+            step += 1
           end
+
           devtools.send_cmd('Debugger.disable')
+          devtools.send_cmd('Log.disable')
+          devtools.send_cmd('Page.disable')
           devtools.send_cmd('DOM.disable')
+          devtools.send_cmd('Console.disable')
           devtools.send_cmd('Runtime.disable')
           * End of DevTools Examples
           ********************************************************
@@ -377,9 +407,9 @@ module PWN
           )
 
           #{self}.type_as_human(
-            q: 'required - query string to randomize',
+            string: 'required - string to type as human',
             rand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'
-          ) {|char| browser_obj1.text_field(name: \"q\").send_keys(char) }
+          ) {|char| browser_obj1.text_field(name: \"search\").send_keys(char) }
 
           browser_obj1 = #{self}.close(
             browser_obj: 'required - browser_obj returned from #open method)'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.384'
+  VERSION = '0.4.387'
 end

data/lib/pwn/www/coinbase_pro.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+require 'yaml'
+
+module PWN
+  module WWW
+    # This plugin supports tradingview.com actions.
+    module CoinbasePro
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.open(
+      #   browser_type: 'optional - :firefox|:chrome|:ie|:headless (Defaults to :firefox)',
+      #   proxy: 'optional - scheme://proxy_host:port',
+      #   with_tor: 'optional - boolean (defaults to false)'
+      # )
+
+      public_class_method def self.open(opts = {})
+        browser_obj = PWN::Plugins::TransparentBrowser.open(opts)
+
+        browser_obj.goto('https://pro.coinbase.com')
+
+        browser_obj
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.login(
+      #   browser_obj: 'required - browser_obj returned from #open method',
+      #   username: 'required - username',
+      #   password: 'optional - passwd (will prompt if blank)',
+      #   mfa: 'optional - if true prompt for mfa token (defaults to false)'
+      # )
+
+      public_class_method def self.login(opts = {})
+        browser_obj = opts[:browser_obj]
+        username = opts[:username].to_s.scrub.strip.chomp
+        password = opts[:password]
+
+        if password.nil?
+          password = PWN::Plugins::AuthenticationHelper.mask_password
+        else
+          password = opts[:password].to_s.scrub.strip.chomp
+        end
+        mfa = opts[:mfa]
+
+        browser_obj.goto('https://pro.coinbase.com')
+
+        browser_obj.span(text: 'Sign in').wait_until(&:present?).click
+        browser_obj.text_field(name: 'email').wait_until(&:present?).set(username)
+        browser_obj.text_field(name: 'password').wait_until(&:present?).set(password)
+        browser_obj.button(text: 'Sign In').click!
+
+        if mfa
+          until browser_obj.url.include?('https://pro.coinbase.com')
+            browser_obj.text_field(name: 'token').wait_until(&:present?).set(PWN::Plugins::AuthenticationHelper.mfa(prompt: 'enter mfa token'))
+            browser_obj.button(text: 'Verify').click!
+            sleep 3
+          end
+          print "\n"
+        end
+
+        browser_obj
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.logout(
+      #   browser_obj: 'required - browser_obj returned from #open method'
+      # )
+
+      public_class_method def self.logout(opts = {})
+        browser_obj = opts[:browser_obj]
+        browser_obj.goto('https://pro.coinbase.com/signout')
+
+        browser_obj
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.close(
+      #   browser_obj: 'required - browser_obj returned from #open method'
+      # )
+
+      public_class_method def self.close(opts = {})
+        browser_obj = opts[:browser_obj]
+        PWN::Plugins::TransparentBrowser.close(
+          browser_obj: browser_obj
+        )
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          browser_obj = #{self}.open(
+            browser_type: 'optional - :firefox|:chrome|:ie|:headless (Defaults to :firefox)',
+            proxy: 'optional - scheme://proxy_host:port',
+            with_tor: 'optional - boolean (defaults to false)'
+          )
+          puts browser_obj.public_methods
+
+          browser_obj = #{self}.login(
+            browser_obj: 'required - browser_obj returned from #open method',
+            username: 'required - username',
+            password: 'optional - passwd (will prompt if blank),
+            mfa: 'optional - if true prompt for mfa token (defaults to false)'
+          )
+
+          browser_obj = #{self}.logout(
+            browser_obj: 'required - browser_obj returned from #open method'
+          )
+
+          #{self}.close(
+            browser_obj: 'required - browser_obj returned from #open method'
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/www.rb

@@ -9,6 +9,7 @@ module PWN
     autoload :Bing, 'pwn/www/bing'
     autoload :BugCrowd, 'pwn/www/bug_crowd'
     autoload :Checkip, 'pwn/www/checkip.rb'
+    autoload :CoinbasePro, 'pwn/www/coinbase_pro.rb'
     autoload :Duckduckgo, 'pwn/www/duckduckgo'
     autoload :Facebook, 'pwn/www/facebook'
     autoload :Google, 'pwn/www/google'

data/spec/lib/pwn/www/coinbase_pro_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::WWW::CoinbasePro do
+  it 'should display information for authors' do
+    authors_response = PWN::WWW::CoinbasePro
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::WWW::CoinbasePro
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.384
+  version: 0.4.387
 platform: ruby
 authors:
 - 0day Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-29 00:00:00.000000000 Z
+date: 2022-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -310,14 +310,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.17.0
+        version: 2.17.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.17.0
+        version: 2.17.1
 - !ruby/object:Gem::Dependency
   name: msfrpc-client
   requirement: !ruby/object:Gem::Requirement
@@ -464,14 +464,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -486,6 +486,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.14.1
+- !ruby/object:Gem::Dependency
+  name: pry-bond
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.1
 - !ruby/object:Gem::Dependency
   name: pry-doc
   requirement: !ruby/object:Gem::Requirement
@@ -744,14 +758,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.99.1
+        version: 0.100.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.99.1
+        version: 0.100.0
 - !ruby/object:Gem::Dependency
   name: serialport
   requirement: !ruby/object:Gem::Requirement
@@ -1539,6 +1553,7 @@ files:
 - lib/pwn/www/bing.rb
 - lib/pwn/www/bug_crowd.rb
 - lib/pwn/www/checkip.rb
+- lib/pwn/www/coinbase_pro.rb
 - lib/pwn/www/duckduckgo.rb
 - lib/pwn/www/facebook.rb
 - lib/pwn/www/google.rb
@@ -1823,6 +1838,7 @@ files:
 - spec/lib/pwn/www/bing_spec.rb
 - spec/lib/pwn/www/bug_crowd.rb
 - spec/lib/pwn/www/checkip_spec.rb
+- spec/lib/pwn/www/coinbase_pro_spec.rb
 - spec/lib/pwn/www/duckduckgo_spec.rb
 - spec/lib/pwn/www/facebook_spec.rb
 - spec/lib/pwn/www/google_spec.rb
@@ -2083,6 +2099,7 @@ test_files:
 - spec/lib/pwn/www/bing_spec.rb
 - spec/lib/pwn/www/bug_crowd.rb
 - spec/lib/pwn/www/checkip_spec.rb
+- spec/lib/pwn/www/coinbase_pro_spec.rb
 - spec/lib/pwn/www/duckduckgo_spec.rb
 - spec/lib/pwn/www/facebook_spec.rb
 - spec/lib/pwn/www/google_spec.rb