pwn 0.4.385 → 0.4.388
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +4 -3
- data/README.md +2 -2
- data/bin/pwn +1 -0
- data/lib/pwn/plugins/transparent_browser.rb +9 -3
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www/coinbase_pro.rb +134 -0
- data/lib/pwn/www.rb +1 -0
- data/spec/lib/pwn/www/coinbase_pro_spec.rb +15 -0
- metadata +25 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6fff86c0915ceb8c3bda26566fa0f3c49d5c7bc29f8fad99b72936ea62f0d10f
|
4
|
+
data.tar.gz: 7fd7e3bbbc60ee0b1bc3b06664bea5efd410aa03cd4dd3ad9c88d3ade03ad709
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 665f698b87d92a38d761e58cd9e9081fcbe4303cd9b048c06ce954ae0222e9743683ddf95590283e56d738cf4d4c1088a9e6149a26176850bbfb4eeba18527e9
|
7
|
+
data.tar.gz: c954551ab4b906f75b8c575ec04b733c30cf98030aad0b7aceee001a3095d28abbad8facd5736895568a2381d87b92de314ec3d885361cf2da4410166e26aee3
|
data/Gemfile
CHANGED
@@ -34,7 +34,7 @@ gem 'jsonpath', '1.1.0'
|
|
34
34
|
gem 'jwt', '2.3.0'
|
35
35
|
gem 'luhn', '1.0.2'
|
36
36
|
gem 'mail', '2.7.1'
|
37
|
-
gem 'mongo', '2.17.
|
37
|
+
gem 'mongo', '2.17.1'
|
38
38
|
gem 'msfrpc-client', '1.1.2'
|
39
39
|
gem 'net-ldap', '0.17.0'
|
40
40
|
gem 'net-openvpn', '0.8.7'
|
@@ -45,8 +45,9 @@ gem 'oily_png', '1.2.1'
|
|
45
45
|
gem 'os', '1.1.4'
|
46
46
|
gem 'packetfu', '1.1.13'
|
47
47
|
gem 'pdf-reader', '2.9.2'
|
48
|
-
gem 'pg', '1.3.
|
48
|
+
gem 'pg', '1.3.5'
|
49
49
|
gem 'pry', '0.14.1'
|
50
|
+
gem 'pry-bond', '0.0.1'
|
50
51
|
gem 'pry-doc', '1.3.0'
|
51
52
|
gem 'rake', '13.0.6'
|
52
53
|
gem 'rb-readline', '0.5.5'
|
@@ -65,7 +66,7 @@ gem 'ruby-nmap', '0.10.0'
|
|
65
66
|
gem 'ruby-saml', '1.14.0'
|
66
67
|
gem 'rvm', '1.11.3.9'
|
67
68
|
gem 'savon', '2.12.1'
|
68
|
-
gem 'selenium-devtools', '0.
|
69
|
+
gem 'selenium-devtools', '0.100.0'
|
69
70
|
gem 'serialport', '1.3.2'
|
70
71
|
gem 'sinatra', '2.2.0'
|
71
72
|
gem 'slack-ruby-client', '1.0.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.1@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.388]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.1@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.388]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn
CHANGED
@@ -105,6 +105,9 @@ module PWN
|
|
105
105
|
this_profile['download.default_directory'] = '~/Downloads'
|
106
106
|
|
107
107
|
switches = []
|
108
|
+
switches.push('--start-maximized')
|
109
|
+
switches.push('--disable-notifications')
|
110
|
+
|
108
111
|
if proxy
|
109
112
|
switches.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{URI(proxy).host}'") if with_tor
|
110
113
|
switches.push("--proxy-server=#{proxy}")
|
@@ -187,7 +190,10 @@ module PWN
|
|
187
190
|
this_profile['download.default_directory'] = '~/Downloads'
|
188
191
|
|
189
192
|
switches = []
|
190
|
-
switches.push('
|
193
|
+
switches.push('--headless')
|
194
|
+
switches.push('--start-maximized')
|
195
|
+
switches.push('--disable-notifications')
|
196
|
+
|
191
197
|
if proxy
|
192
198
|
switches.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{URI(proxy).host}'") if with_tor
|
193
199
|
switches.push("--proxy-server=#{proxy}")
|
@@ -346,13 +352,14 @@ module PWN
|
|
346
352
|
devtools.send_cmd('Console.enable')
|
347
353
|
devtools.send_cmd('DOM.enable')
|
348
354
|
devtools.send_cmd('Page.enable')
|
349
|
-
devtools.send_cmd('Network.enable')
|
350
355
|
devtools.send_cmd('Log.enable')
|
351
356
|
devtools.send_cmd('Debugger.enable')
|
352
357
|
devtools.send_cmd('Debugger.pause')
|
353
358
|
step = 1
|
354
359
|
next_step = 60
|
355
360
|
loop do
|
361
|
+
devtools.send_cmd('Console.clearMessages')
|
362
|
+
devtools.send_cmd('Log.clear')
|
356
363
|
console_events = []
|
357
364
|
b.driver.on_log_event(:console) { |event| console_events.push(event) }
|
358
365
|
|
@@ -388,7 +395,6 @@ module PWN
|
|
388
395
|
|
389
396
|
devtools.send_cmd('Debugger.disable')
|
390
397
|
devtools.send_cmd('Log.disable')
|
391
|
-
devtools.send_cmd('Network.disable')
|
392
398
|
devtools.send_cmd('Page.disable')
|
393
399
|
devtools.send_cmd('DOM.disable')
|
394
400
|
devtools.send_cmd('Console.disable')
|
data/lib/pwn/version.rb
CHANGED
@@ -0,0 +1,134 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'yaml'
|
4
|
+
|
5
|
+
module PWN
|
6
|
+
module WWW
|
7
|
+
# This plugin supports tradingview.com actions.
|
8
|
+
module CoinbasePro
|
9
|
+
# Supported Method Parameters::
|
10
|
+
# browser_obj = PWN::WWW::CoinbasePro.open(
|
11
|
+
# browser_type: 'optional - :firefox|:chrome|:ie|:headless (Defaults to :firefox)',
|
12
|
+
# proxy: 'optional - scheme://proxy_host:port',
|
13
|
+
# with_tor: 'optional - boolean (defaults to false)'
|
14
|
+
# )
|
15
|
+
|
16
|
+
public_class_method def self.open(opts = {})
|
17
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(opts)
|
18
|
+
|
19
|
+
browser_obj.goto('https://pro.coinbase.com')
|
20
|
+
|
21
|
+
browser_obj
|
22
|
+
rescue StandardError => e
|
23
|
+
raise e
|
24
|
+
end
|
25
|
+
|
26
|
+
# Supported Method Parameters::
|
27
|
+
# browser_obj = PWN::WWW::CoinbasePro.login(
|
28
|
+
# browser_obj: 'required - browser_obj returned from #open method',
|
29
|
+
# username: 'required - username',
|
30
|
+
# password: 'optional - passwd (will prompt if blank)',
|
31
|
+
# mfa: 'optional - if true prompt for mfa token (defaults to false)'
|
32
|
+
# )
|
33
|
+
|
34
|
+
public_class_method def self.login(opts = {})
|
35
|
+
browser_obj = opts[:browser_obj]
|
36
|
+
username = opts[:username].to_s.scrub.strip.chomp
|
37
|
+
password = opts[:password]
|
38
|
+
|
39
|
+
if password.nil?
|
40
|
+
password = PWN::Plugins::AuthenticationHelper.mask_password
|
41
|
+
else
|
42
|
+
password = opts[:password].to_s.scrub.strip.chomp
|
43
|
+
end
|
44
|
+
mfa = opts[:mfa]
|
45
|
+
|
46
|
+
browser_obj.goto('https://pro.coinbase.com')
|
47
|
+
|
48
|
+
browser_obj.span(text: 'Sign in').wait_until(&:present?).click
|
49
|
+
browser_obj.text_field(name: 'email').wait_until(&:present?).set(username)
|
50
|
+
browser_obj.text_field(name: 'password').wait_until(&:present?).set(password)
|
51
|
+
browser_obj.button(text: 'Sign In').click!
|
52
|
+
|
53
|
+
if mfa
|
54
|
+
until browser_obj.url.include?('https://pro.coinbase.com')
|
55
|
+
browser_obj.text_field(name: 'token').wait_until(&:present?).set(PWN::Plugins::AuthenticationHelper.mfa(prompt: 'enter mfa token'))
|
56
|
+
browser_obj.button(text: 'Verify').click!
|
57
|
+
sleep 3
|
58
|
+
end
|
59
|
+
print "\n"
|
60
|
+
end
|
61
|
+
|
62
|
+
browser_obj
|
63
|
+
rescue StandardError => e
|
64
|
+
raise e
|
65
|
+
end
|
66
|
+
|
67
|
+
# Supported Method Parameters::
|
68
|
+
# browser_obj = PWN::WWW::CoinbasePro.logout(
|
69
|
+
# browser_obj: 'required - browser_obj returned from #open method'
|
70
|
+
# )
|
71
|
+
|
72
|
+
public_class_method def self.logout(opts = {})
|
73
|
+
browser_obj = opts[:browser_obj]
|
74
|
+
browser_obj.goto('https://pro.coinbase.com/signout')
|
75
|
+
|
76
|
+
browser_obj
|
77
|
+
rescue StandardError => e
|
78
|
+
raise e
|
79
|
+
end
|
80
|
+
|
81
|
+
# Supported Method Parameters::
|
82
|
+
# browser_obj = PWN::WWW::CoinbasePro.close(
|
83
|
+
# browser_obj: 'required - browser_obj returned from #open method'
|
84
|
+
# )
|
85
|
+
|
86
|
+
public_class_method def self.close(opts = {})
|
87
|
+
browser_obj = opts[:browser_obj]
|
88
|
+
PWN::Plugins::TransparentBrowser.close(
|
89
|
+
browser_obj: browser_obj
|
90
|
+
)
|
91
|
+
rescue StandardError => e
|
92
|
+
raise e
|
93
|
+
end
|
94
|
+
|
95
|
+
# Author(s):: 0day Inc. <request.pentest@0dayinc.com>
|
96
|
+
|
97
|
+
public_class_method def self.authors
|
98
|
+
"AUTHOR(S):
|
99
|
+
0day Inc. <request.pentest@0dayinc.com>
|
100
|
+
"
|
101
|
+
end
|
102
|
+
|
103
|
+
# Display Usage for this Module
|
104
|
+
|
105
|
+
public_class_method def self.help
|
106
|
+
puts "USAGE:
|
107
|
+
browser_obj = #{self}.open(
|
108
|
+
browser_type: 'optional - :firefox|:chrome|:ie|:headless (Defaults to :firefox)',
|
109
|
+
proxy: 'optional - scheme://proxy_host:port',
|
110
|
+
with_tor: 'optional - boolean (defaults to false)'
|
111
|
+
)
|
112
|
+
puts browser_obj.public_methods
|
113
|
+
|
114
|
+
browser_obj = #{self}.login(
|
115
|
+
browser_obj: 'required - browser_obj returned from #open method',
|
116
|
+
username: 'required - username',
|
117
|
+
password: 'optional - passwd (will prompt if blank),
|
118
|
+
mfa: 'optional - if true prompt for mfa token (defaults to false)'
|
119
|
+
)
|
120
|
+
|
121
|
+
browser_obj = #{self}.logout(
|
122
|
+
browser_obj: 'required - browser_obj returned from #open method'
|
123
|
+
)
|
124
|
+
|
125
|
+
#{self}.close(
|
126
|
+
browser_obj: 'required - browser_obj returned from #open method'
|
127
|
+
)
|
128
|
+
|
129
|
+
#{self}.authors
|
130
|
+
"
|
131
|
+
end
|
132
|
+
end
|
133
|
+
end
|
134
|
+
end
|
data/lib/pwn/www.rb
CHANGED
@@ -9,6 +9,7 @@ module PWN
|
|
9
9
|
autoload :Bing, 'pwn/www/bing'
|
10
10
|
autoload :BugCrowd, 'pwn/www/bug_crowd'
|
11
11
|
autoload :Checkip, 'pwn/www/checkip.rb'
|
12
|
+
autoload :CoinbasePro, 'pwn/www/coinbase_pro.rb'
|
12
13
|
autoload :Duckduckgo, 'pwn/www/duckduckgo'
|
13
14
|
autoload :Facebook, 'pwn/www/facebook'
|
14
15
|
autoload :Google, 'pwn/www/google'
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::WWW::CoinbasePro do
|
6
|
+
it 'should display information for authors' do
|
7
|
+
authors_response = PWN::WWW::CoinbasePro
|
8
|
+
expect(authors_response).to respond_to :authors
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for existing help method' do
|
12
|
+
help_response = PWN::WWW::CoinbasePro
|
13
|
+
expect(help_response).to respond_to :help
|
14
|
+
end
|
15
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.388
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -310,14 +310,14 @@ dependencies:
|
|
310
310
|
requirements:
|
311
311
|
- - '='
|
312
312
|
- !ruby/object:Gem::Version
|
313
|
-
version: 2.17.
|
313
|
+
version: 2.17.1
|
314
314
|
type: :runtime
|
315
315
|
prerelease: false
|
316
316
|
version_requirements: !ruby/object:Gem::Requirement
|
317
317
|
requirements:
|
318
318
|
- - '='
|
319
319
|
- !ruby/object:Gem::Version
|
320
|
-
version: 2.17.
|
320
|
+
version: 2.17.1
|
321
321
|
- !ruby/object:Gem::Dependency
|
322
322
|
name: msfrpc-client
|
323
323
|
requirement: !ruby/object:Gem::Requirement
|
@@ -464,14 +464,14 @@ dependencies:
|
|
464
464
|
requirements:
|
465
465
|
- - '='
|
466
466
|
- !ruby/object:Gem::Version
|
467
|
-
version: 1.3.
|
467
|
+
version: 1.3.5
|
468
468
|
type: :runtime
|
469
469
|
prerelease: false
|
470
470
|
version_requirements: !ruby/object:Gem::Requirement
|
471
471
|
requirements:
|
472
472
|
- - '='
|
473
473
|
- !ruby/object:Gem::Version
|
474
|
-
version: 1.3.
|
474
|
+
version: 1.3.5
|
475
475
|
- !ruby/object:Gem::Dependency
|
476
476
|
name: pry
|
477
477
|
requirement: !ruby/object:Gem::Requirement
|
@@ -486,6 +486,20 @@ dependencies:
|
|
486
486
|
- - '='
|
487
487
|
- !ruby/object:Gem::Version
|
488
488
|
version: 0.14.1
|
489
|
+
- !ruby/object:Gem::Dependency
|
490
|
+
name: pry-bond
|
491
|
+
requirement: !ruby/object:Gem::Requirement
|
492
|
+
requirements:
|
493
|
+
- - '='
|
494
|
+
- !ruby/object:Gem::Version
|
495
|
+
version: 0.0.1
|
496
|
+
type: :runtime
|
497
|
+
prerelease: false
|
498
|
+
version_requirements: !ruby/object:Gem::Requirement
|
499
|
+
requirements:
|
500
|
+
- - '='
|
501
|
+
- !ruby/object:Gem::Version
|
502
|
+
version: 0.0.1
|
489
503
|
- !ruby/object:Gem::Dependency
|
490
504
|
name: pry-doc
|
491
505
|
requirement: !ruby/object:Gem::Requirement
|
@@ -744,14 +758,14 @@ dependencies:
|
|
744
758
|
requirements:
|
745
759
|
- - '='
|
746
760
|
- !ruby/object:Gem::Version
|
747
|
-
version: 0.
|
761
|
+
version: 0.100.0
|
748
762
|
type: :runtime
|
749
763
|
prerelease: false
|
750
764
|
version_requirements: !ruby/object:Gem::Requirement
|
751
765
|
requirements:
|
752
766
|
- - '='
|
753
767
|
- !ruby/object:Gem::Version
|
754
|
-
version: 0.
|
768
|
+
version: 0.100.0
|
755
769
|
- !ruby/object:Gem::Dependency
|
756
770
|
name: serialport
|
757
771
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1539,6 +1553,7 @@ files:
|
|
1539
1553
|
- lib/pwn/www/bing.rb
|
1540
1554
|
- lib/pwn/www/bug_crowd.rb
|
1541
1555
|
- lib/pwn/www/checkip.rb
|
1556
|
+
- lib/pwn/www/coinbase_pro.rb
|
1542
1557
|
- lib/pwn/www/duckduckgo.rb
|
1543
1558
|
- lib/pwn/www/facebook.rb
|
1544
1559
|
- lib/pwn/www/google.rb
|
@@ -1823,6 +1838,7 @@ files:
|
|
1823
1838
|
- spec/lib/pwn/www/bing_spec.rb
|
1824
1839
|
- spec/lib/pwn/www/bug_crowd.rb
|
1825
1840
|
- spec/lib/pwn/www/checkip_spec.rb
|
1841
|
+
- spec/lib/pwn/www/coinbase_pro_spec.rb
|
1826
1842
|
- spec/lib/pwn/www/duckduckgo_spec.rb
|
1827
1843
|
- spec/lib/pwn/www/facebook_spec.rb
|
1828
1844
|
- spec/lib/pwn/www/google_spec.rb
|
@@ -2083,6 +2099,7 @@ test_files:
|
|
2083
2099
|
- spec/lib/pwn/www/bing_spec.rb
|
2084
2100
|
- spec/lib/pwn/www/bug_crowd.rb
|
2085
2101
|
- spec/lib/pwn/www/checkip_spec.rb
|
2102
|
+
- spec/lib/pwn/www/coinbase_pro_spec.rb
|
2086
2103
|
- spec/lib/pwn/www/duckduckgo_spec.rb
|
2087
2104
|
- spec/lib/pwn/www/facebook_spec.rb
|
2088
2105
|
- spec/lib/pwn/www/google_spec.rb
|