RubyGems - pwn - Versions diffs - 0.4.384 → 0.4.387 - Mend

pwn 0.4.384 → 0.4.387

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/Gemfile +4 -3
data/README.md +2 -2
data/bin/pwn +1 -0
data/bin/pwn_domain_reversewhois +1 -1
data/lib/pwn/plugins/transparent_browser.rb +47 -17
data/lib/pwn/version.rb +1 -1
data/lib/pwn/www/coinbase_pro.rb +134 -0
data/lib/pwn/www.rb +1 -0
data/spec/lib/pwn/www/coinbase_pro_spec.rb +15 -0
metadata +25 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01e5e3df0ac88dc250a1802ee64b5cc2f86b5914a629b73962248d834edac063
-  data.tar.gz: 3addee02b1cb5672ad73d9fcb37034e728411fa61285f5d489c58fe2d56cd505
+  metadata.gz: 69e0d57c1556e5adb3cfd5afe9c38f43dcf4158ec0dea58b76b05dade6124818
+  data.tar.gz: 28d847dcf1306254508beb5bed47486762d5051d0251586738619ee443d1fe8b
 SHA512:
-  metadata.gz: 75b5d00ca3d50dc0047f57cea1fcf192fae4fdf25c25ba3432118e93f0346437bd64eb7d6dc78f7b5b10fb6b057914a8cd630f586a6d58c9e4d56b899b546234
-  data.tar.gz: 74f07a6e5fce1dfa28a1e2bf67f59d71f007bfad73e2c3098a9b0931a9ff7fdaa0b06b559a9305c9378eff33361893af238e2e3e83562b6b7ed6f410afaa2222
+  metadata.gz: a581d275147b239b3b022fdcfb2b436acb3e2bd70489bb59fffc03522645539440d07218c3a8d4502b8015a23e70a3329670ad62d298d57cdc485e0cf1cc4c4c
+  data.tar.gz: 1575cebddfe1b9d9667afc53f1de79c26e633721c0688c6638dc53eac856e1636f2ea16ebede288a714c5d0c93eb2982ca67d65befbb106458ed6eb6c2807df6

data/Gemfile CHANGED Viewed

@@ -34,7 +34,7 @@ gem 'jsonpath', '1.1.0'
 gem 'jwt', '2.3.0'
 gem 'luhn', '1.0.2'
 gem 'mail', '2.7.1'
-gem 'mongo', '2.17.0'
+gem 'mongo', '2.17.1'
 gem 'msfrpc-client', '1.1.2'
 gem 'net-ldap', '0.17.0'
 gem 'net-openvpn', '0.8.7'
@@ -45,8 +45,9 @@ gem 'oily_png', '1.2.1'
 gem 'os', '1.1.4'
 gem 'packetfu', '1.1.13'
 gem 'pdf-reader', '2.9.2'
-gem 'pg', '1.3.4'
+gem 'pg', '1.3.5'
 gem 'pry', '0.14.1'
+gem 'pry-bond', '0.0.1'
 gem 'pry-doc', '1.3.0'
 gem 'rake', '13.0.6'
 gem 'rb-readline', '0.5.5'
@@ -65,7 +66,7 @@ gem 'ruby-nmap', '0.10.0'
 gem 'ruby-saml', '1.14.0'
 gem 'rvm', '1.11.3.9'
 gem 'savon', '2.12.1'
-gem 'selenium-devtools', '0.99.1'
+gem 'selenium-devtools', '0.100.0'
 gem 'serialport', '1.3.2'
 gem 'sinatra', '2.2.0'
 gem 'slack-ruby-client', '1.0.0'

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.1@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.384]:001 >>> PWN.help
+pwn[v0.4.387]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.384]:001 >>> PWN.help
+pwn[v0.4.387]:001 >>> PWN.help
 ```

data/bin/pwn CHANGED Viewed

@@ -3,6 +3,7 @@
 require 'pwn'
 require 'pry'
+require 'pry_bond'
 require 'tty-prompt'
 require 'tty-reader'

data/bin/pwn_domain_reversewhois CHANGED Viewed

@@ -66,7 +66,7 @@ begin
   browser_obj.goto('https://domainbigdata.com')
   # Type Registrant Filter in Char-by-Char to Ensure Everyone is Happy ;)
-  PWN::Plugins::TransparentBrowser.type_as_human(q: registrant_filter) do |char|
+  PWN::Plugins::TransparentBrowser.type_as_human(string: registrant_filter) do |char|
     browser_obj.text_field(id: 'txtSearchTopPage').wait_until(&:present?).send_keys(char)
   end
   browser_obj.button(id: 'btnTopSearch').wait_until(&:present?).click

data/lib/pwn/plugins/transparent_browser.rb CHANGED Viewed

@@ -5,6 +5,7 @@ require 'selenium/webdriver'
 require 'selenium/devtools'
 require 'rest-client'
 require 'socksify'
+require 'openssl'
 require 'em/pure_ruby'
 require 'faye/websocket'
@@ -104,6 +105,9 @@ module PWN
           this_profile['download.default_directory'] = '~/Downloads'
           switches = []
+          switches.push('--start-maximized')
+          switches.push('--disable-notifications')
           if proxy
             switches.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{URI(proxy).host}'") if with_tor
             switches.push("--proxy-server=#{proxy}")
@@ -186,7 +190,10 @@ module PWN
           this_profile['download.default_directory'] = '~/Downloads'
           switches = []
-          switches.push('-headless')
+          switches.push('--headless')
+          switches.push('--start-maximized')
+          switches.push('--disable-notifications')
           if proxy
             switches.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{URI(proxy).host}'") if with_tor
             switches.push("--proxy-server=#{proxy}")
@@ -260,12 +267,12 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::TransparentBrowser.type_as_human(
-      #   q: 'required - query string to randomize',
+      #   string: 'required - string to type as human',
       #   rand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'
       # )
       public_class_method def self.type_as_human(opts = {})
-        query_string = opts[:q].to_s
+        string = opts[:string].to_s
         rand_sleep_float = if opts[:rand_sleep_float]
                              opts[:rand_sleep_float].to_f
@@ -273,7 +280,7 @@ module PWN
                              0.09
                            end
-        query_string.each_char do |char|
+        string.each_char do |char|
           yield char
           sleep Random.rand(rand_sleep_float)
         end
@@ -342,32 +349,55 @@ module PWN
           * Debugging DOM and Sending JavaScript to Console
           devtools.send_cmd('Runtime.enable')
+          devtools.send_cmd('Console.enable')
           devtools.send_cmd('DOM.enable')
+          devtools.send_cmd('Page.enable')
           devtools.send_cmd('Log.enable')
           devtools.send_cmd('Debugger.enable')
           devtools.send_cmd('Debugger.pause')
-          console_cmd = {
-            expression: 'console.log(global);'
-          }
           step = 1
+          next_step = 60
           loop do
+            devtools.send_cmd('Console.clearMessages')
+            devtools.send_cmd('Log.clear')
+            console_events = []
+            b.driver.on_log_event(:console) { |event| console_events.push(event) }
             devtools.send_cmd('Debugger.stepInto')
             puts \"Step: \#{step}\"
-            this_call = devtools.instance_variable_get('@messages').last['params']['callFrames'].last if devtools.instance_variable_get('@messages').last['method'] == 'Debugger.paused'
-            puts \"Function Name: \#{this_call['functionName']}\"
             this_document = devtools.send_cmd('DOM.getDocument')
             puts \"This #document:\\n\#{this_document}\\n\\n\\n\"
-            this_global = devtools.send_cmd(
-              'Runtime.evaluate',
-              **console_cmd
-            )
-            puts \"This #global:\\n\#{this_global}\\n\\n\\n\"
+            console_cmd = {
+              expression: 'for(var pop_var in window) { if (window.hasOwnProperty(pop_var) && window[pop_var] != null) console.log(pop_var + \" = \" + window[pop_var]); }'
+            }
+            puts devtools.send_cmd('Runtime.evaluate', **console_cmd)
-            sleep 9
+            print '-' * 180
+            print \"\\n\"
+            console_events.each do |event|
+              puts event.args
+            end
+            puts \"Console Response Length: \#{console_events.length}\"
+            console_events_digest = OpenSSL::Digest::SHA256.hexdigest(
+              console_events.inspect
+            )
+            puts \"Console Events Array SHA256 Digest: \#{console_events_digest}\"
+            print '-' * 180
+            puts \"\\n\\n\\n\"
+            print \"Next Step in \"
+            next_step.downto(1) {|n| print \"\#{n} \"; sleep 1 }
+            puts 'READY!'
+            step += 1
           end
           devtools.send_cmd('Debugger.disable')
+          devtools.send_cmd('Log.disable')
+          devtools.send_cmd('Page.disable')
           devtools.send_cmd('DOM.disable')
+          devtools.send_cmd('Console.disable')
           devtools.send_cmd('Runtime.disable')
           * End of DevTools Examples
           ********************************************************
@@ -377,9 +407,9 @@ module PWN
           )
           #{self}.type_as_human(
-            q: 'required - query string to randomize',
+            string: 'required - string to type as human',
             rand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'
-          ) {|char| browser_obj1.text_field(name: \"q\").send_keys(char) }
+          ) {|char| browser_obj1.text_field(name: \"search\").send_keys(char) }
           browser_obj1 = #{self}.close(
             browser_obj: 'required - browser_obj returned from #open method)'

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.4.384'
+  VERSION = '0.4.387'
 end

data/lib/pwn/www/coinbase_pro.rb ADDED Viewed

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+require 'yaml'
+module PWN
+  module WWW
+    # This plugin supports tradingview.com actions.
+    module CoinbasePro
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.open(
+      #   browser_type: 'optional - :firefox|:chrome|:ie|:headless (Defaults to :firefox)',
+      #   proxy: 'optional - scheme://proxy_host:port',
+      #   with_tor: 'optional - boolean (defaults to false)'
+      # )
+      public_class_method def self.open(opts = {})
+        browser_obj = PWN::Plugins::TransparentBrowser.open(opts)
+        browser_obj.goto('https://pro.coinbase.com')
+        browser_obj
+      rescue StandardError => e
+        raise e
+      end
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.login(
+      #   browser_obj: 'required - browser_obj returned from #open method',
+      #   username: 'required - username',
+      #   password: 'optional - passwd (will prompt if blank)',
+      #   mfa: 'optional - if true prompt for mfa token (defaults to false)'
+      # )
+      public_class_method def self.login(opts = {})
+        browser_obj = opts[:browser_obj]
+        username = opts[:username].to_s.scrub.strip.chomp
+        password = opts[:password]
+        if password.nil?
+          password = PWN::Plugins::AuthenticationHelper.mask_password
+        else
+          password = opts[:password].to_s.scrub.strip.chomp
+        end
+        mfa = opts[:mfa]
+        browser_obj.goto('https://pro.coinbase.com')
+        browser_obj.span(text: 'Sign in').wait_until(&:present?).click
+        browser_obj.text_field(name: 'email').wait_until(&:present?).set(username)
+        browser_obj.text_field(name: 'password').wait_until(&:present?).set(password)
+        browser_obj.button(text: 'Sign In').click!
+        if mfa
+          until browser_obj.url.include?('https://pro.coinbase.com')
+            browser_obj.text_field(name: 'token').wait_until(&:present?).set(PWN::Plugins::AuthenticationHelper.mfa(prompt: 'enter mfa token'))
+            browser_obj.button(text: 'Verify').click!
+            sleep 3
+          end
+          print "\n"
+        end
+        browser_obj
+      rescue StandardError => e
+        raise e
+      end
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.logout(
+      #   browser_obj: 'required - browser_obj returned from #open method'
+      # )
+      public_class_method def self.logout(opts = {})
+        browser_obj = opts[:browser_obj]
+        browser_obj.goto('https://pro.coinbase.com/signout')
+        browser_obj
+      rescue StandardError => e
+        raise e
+      end
+      # Supported Method Parameters::
+      # browser_obj = PWN::WWW::CoinbasePro.close(
+      #   browser_obj: 'required - browser_obj returned from #open method'
+      # )
+      public_class_method def self.close(opts = {})
+        browser_obj = opts[:browser_obj]
+        PWN::Plugins::TransparentBrowser.close(
+          browser_obj: browser_obj
+        )
+      rescue StandardError => e
+        raise e
+      end
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+      # Display Usage for this Module
+      public_class_method def self.help
+        puts "USAGE:
+          browser_obj = #{self}.open(
+            browser_type: 'optional - :firefox|:chrome|:ie|:headless (Defaults to :firefox)',
+            proxy: 'optional - scheme://proxy_host:port',
+            with_tor: 'optional - boolean (defaults to false)'
+          )
+          puts browser_obj.public_methods
+          browser_obj = #{self}.login(
+            browser_obj: 'required - browser_obj returned from #open method',
+            username: 'required - username',
+            password: 'optional - passwd (will prompt if blank),
+            mfa: 'optional - if true prompt for mfa token (defaults to false)'
+          )
+          browser_obj = #{self}.logout(
+            browser_obj: 'required - browser_obj returned from #open method'
+          )
+          #{self}.close(
+            browser_obj: 'required - browser_obj returned from #open method'
+          )
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/www.rb CHANGED Viewed

@@ -9,6 +9,7 @@ module PWN
     autoload :Bing, 'pwn/www/bing'
     autoload :BugCrowd, 'pwn/www/bug_crowd'
     autoload :Checkip, 'pwn/www/checkip.rb'
+    autoload :CoinbasePro, 'pwn/www/coinbase_pro.rb'
     autoload :Duckduckgo, 'pwn/www/duckduckgo'
     autoload :Facebook, 'pwn/www/facebook'
     autoload :Google, 'pwn/www/google'

data/spec/lib/pwn/www/coinbase_pro_spec.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+require 'spec_helper'
+describe PWN::WWW::CoinbasePro do
+  it 'should display information for authors' do
+    authors_response = PWN::WWW::CoinbasePro
+    expect(authors_response).to respond_to :authors
+  end
+  it 'should display information for existing help method' do
+    help_response = PWN::WWW::CoinbasePro
+    expect(help_response).to respond_to :help
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.384
+  version: 0.4.387
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-29 00:00:00.000000000 Z
+date: 2022-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -310,14 +310,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.17.0
+        version: 2.17.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.17.0
+        version: 2.17.1
 - !ruby/object:Gem::Dependency
   name: msfrpc-client
   requirement: !ruby/object:Gem::Requirement
@@ -464,14 +464,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -486,6 +486,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.14.1
+- !ruby/object:Gem::Dependency
+  name: pry-bond
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.1
 - !ruby/object:Gem::Dependency
   name: pry-doc
   requirement: !ruby/object:Gem::Requirement
@@ -744,14 +758,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.99.1
+        version: 0.100.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.99.1
+        version: 0.100.0
 - !ruby/object:Gem::Dependency
   name: serialport
   requirement: !ruby/object:Gem::Requirement
@@ -1539,6 +1553,7 @@ files:
 - lib/pwn/www/bing.rb
 - lib/pwn/www/bug_crowd.rb
 - lib/pwn/www/checkip.rb
+- lib/pwn/www/coinbase_pro.rb
 - lib/pwn/www/duckduckgo.rb
 - lib/pwn/www/facebook.rb
 - lib/pwn/www/google.rb
@@ -1823,6 +1838,7 @@ files:
 - spec/lib/pwn/www/bing_spec.rb
 - spec/lib/pwn/www/bug_crowd.rb
 - spec/lib/pwn/www/checkip_spec.rb
+- spec/lib/pwn/www/coinbase_pro_spec.rb
 - spec/lib/pwn/www/duckduckgo_spec.rb
 - spec/lib/pwn/www/facebook_spec.rb
 - spec/lib/pwn/www/google_spec.rb
@@ -2083,6 +2099,7 @@ test_files:
 - spec/lib/pwn/www/bing_spec.rb
 - spec/lib/pwn/www/bug_crowd.rb
 - spec/lib/pwn/www/checkip_spec.rb
+- spec/lib/pwn/www/coinbase_pro_spec.rb
 - spec/lib/pwn/www/duckduckgo_spec.rb
 - spec/lib/pwn/www/facebook_spec.rb
 - spec/lib/pwn/www/google_spec.rb