pwn 0.4.400 → 0.4.403

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78763f9e6b9981ecd1e3dcdf76ee3a792a613398ac6aa895b0455daec76efe06
-  data.tar.gz: 8b8ef42ca58081dd11d918a25039d4c31bd46a2ae1e0200a554812f429789178
+  metadata.gz: 691830c4fb3f20b44d9273da128eb7a9964c0bebfe7e64494ee5d678dd6dbc96
+  data.tar.gz: 53e5dd6aeb79f20a300acfb24a8c7cb0d0f09eda28200d57b45ef705cff12c80
 SHA512:
-  metadata.gz: c830d6c105b0d3dabe12e01cb2456778cf088925af00ecf36d4c57aef9e0880d87b189bdabcae5cc5742104d120e260d73afc04172536b08f1a0acd779b34f4d
-  data.tar.gz: 651a2199d0d29d29f6752d2a8945620a3efe25b42a4ea191dba121b1e078da26675797e1fddd60dadd838a0438283ef798427d89a6773158776ffad056d644bc
+  metadata.gz: eed1d674dcd714aa9d916012ecf691c5aa0118e2ae2fb9b02ab433a020dab9dd86487e311560b0d718da98e9d103e5be7d5674979f1e4df39a60df4b3a89be42
+  data.tar.gz: 70fa790a244ac1642a05ddb10de4060ff8769dfb3dbc16ffd25a34c48113370c6559b467eb84a3d230681031ab8468fec2d9d27ed93ac893686c8751cf18b5c5

data/Gemfile

@@ -16,9 +16,9 @@ gem 'anemone', '0.7.2'
 gem 'authy', '3.0.0'
 gem 'aws-sdk', '3.1.0'
 gem 'bettercap', '1.6.2'
-gem 'brakeman', '5.2.1'
+gem 'brakeman', '5.2.2'
 gem 'bson', '4.14.1'
-gem 'bundler', '>=2.3.10'
+gem 'bundler', '>=2.3.11'
 gem 'bundler-audit', '0.9.0.1'
 gem 'bunny', '2.19.0'
 gem 'colorize', '0.8.1'
@@ -41,7 +41,7 @@ gem 'net-ldap', '0.17.0'
 gem 'net-openvpn', '0.8.7'
 gem 'net-smtp', '0.3.1'
 gem 'nexpose', '7.3.0'
-gem 'nokogiri', '1.13.3'
+gem 'nokogiri', '1.13.4'
 gem 'oily_png', '1.2.1'
 gem 'os', '1.1.4'
 gem 'packetfu', '1.1.13'
@@ -55,10 +55,10 @@ gem 'rbvmomi', '3.0.0'
 gem 'rdoc', '6.4.0'
 gem 'rest-client', '2.1.0'
 gem 'rex', '2.0.13'
-gem 'rmagick', '4.2.4'
+gem 'rmagick', '4.2.5'
 gem 'rspec', '3.11.0'
 gem 'rtesseract', '3.1.2'
-gem 'rubocop', '1.26.1'
+gem 'rubocop', '1.27.0'
 gem 'rubocop-rake', '0.6.0'
 gem 'rubocop-rspec', '2.9.0'
 gem 'ruby-audio', '1.6.1'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.1@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.400]:001 >>> PWN.help
+pwn[v0.4.403]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.400]:001 >>> PWN.help
+pwn[v0.4.403]:001 >>> PWN.help
 ```
 
 

data/bin/pwn

@@ -11,10 +11,14 @@ begin
   def gen_ps1_proc(opts = {})
     delim = opts[:delim]
 
-    title = 'pwn'.red.bold
-    version = PWN::VERSION.cyan
-    dchars = '>>>'.green
-    dchars = '***'.yellow if delim == :splat
+    # title = 'pwn'.red.bold
+    title = "\001\e[1m\002\001\e[31m\002pwn\001\e[0m\002"
+    # version = PWN::VERSION.cyan
+    version = "\001\e[36m\002v#{PWN::VERSION}\001\e[0m\002"
+    # dchars = '>>>'.green
+    dchars = "\001\e[32m\002>>>\001\e[0m\002"
+    # dchars = '***'.yellow if delim == :splat
+    dchars = "\001\e[33m\002***\001\e[0m\002" if delim == :splat
 
     proc do |_target_self, _nest_level, pry|
       pry.config.pwn_repl_line += 1

data/bin/pwn_sast

@@ -76,12 +76,13 @@ begin
       CmdExecutionRuby
       CmdExecutionScala
       CSRF
-      Emoticon
       DeserialJava
+      Emoticon
       Eval
-      InnerHTML
-      FilePermission
       Factory
+      FilePermission
+      HTTPAuthorizationHeader
+      InnerHTML
       LocationHash
       Log4J
       Logger

data/lib/pwn/plugins/{rabbit_mq_hole.rb → rabbit_mq.rb}

@@ -5,27 +5,30 @@ require 'bunny'
 module PWN
   module Plugins
     # This plugin is used to interact w/ RabbitMQ via ruby.
-    module RabbitMQHole
+    module RabbitMQ
       # Supported Method Parameters::
-      # PWN::Plugins::RabbitMQHole.open(
+      # PWN::Plugins::RabbitMQ.open(
       #   hostname: 'required',
+      #   port: 'optional - defaults to 5672',
       #   username: 'optional',
       #   password: 'optional'
       # )
 
       public_class_method def self.open(opts = {})
         host = opts[:hostname].to_s
+        port = opts[:port].to_i
+        port = 5672 unless port.positive?
         user = opts[:username].to_s
         pass = opts[:password].to_s
 
-        this_amqp_obj = Bunny.new("amqp://#{user}:#{pass}@#{host}")
+        this_amqp_obj = Bunny.new("amqp://#{user}:#{pass}@#{host}:#{port}")
         this_amqp_obj.start
       rescue StandardError => e
         raise e
       end
 
       # Supported Method Parameters::
-      # PWN::Plugins::RabbitMQHole.close(
+      # PWN::Plugins::RabbitMQ.close(
       #   amqp_oject: amqp_conn1
       # )
 
@@ -50,6 +53,7 @@ module PWN
         puts %{USAGE:
           amqp_conn1 = #{self}.open(
             hostname: 'required',
+            port: 'optional - defaults to 5672',
             username: 'optional',
             password: 'optional'
           )

data/lib/pwn/plugins.rb

@@ -42,7 +42,7 @@ module PWN
     autoload :Packet, 'pwn/plugins/packet'
     autoload :PDFParse, 'pwn/plugins/pdf_parse'
     autoload :Pony, 'pwn/plugins/pony'
-    autoload :RabbitMQHole, 'pwn/plugins/rabbit_mq_hole'
+    autoload :RabbitMQ, 'pwn/plugins/rabbit_mq'
     autoload :RFIDler, 'pwn/plugins/rfidler'
     autoload :Serial, 'pwn/plugins/serial'
     autoload :Shodan, 'pwn/plugins/shodan'

data/lib/pwn/sast/deserial_java.rb

@@ -12,7 +12,7 @@ module PWN
       @@logger = PWN::Plugins::PWNLogger.create
 
       # Supported Method Parameters::
-      # PWN::SAST::Deseria.scan(
+      # PWN::SAST::DeserialJava.scan(
       #   :dir_path => 'optional path to dir defaults to .'
       #   :git_repo_root_uri => 'optional http uri of git repo scanned'
       # )

data/lib/pwn/sast/http_authorization_header.rb

@@ -0,0 +1,145 @@
+# frozen_string_literal: false
+
+require 'socket'
+
+module PWN
+  module SAST
+    # SAST Module used to identify hard-code/plain-text
+    # passwords within source code.
+    module HTTPAuthorizationHeader
+      @@logger = PWN::Plugins::PWNLogger.create
+
+      # Supported Method Parameters::
+      # PWN::SAST::HTTPAuthorizationHeader.scan(
+      #   :dir_path => 'optional path to dir defaults to .'
+      #   :git_repo_root_uri => 'optional http uri of git repo scanned'
+      # )
+
+      public_class_method def self.scan(opts = {})
+        dir_path = opts[:dir_path]
+        git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
+        result_arr = []
+        logger_results = ''
+
+        PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/
+            line_no_and_contents_arr = []
+            filename_arr = []
+            entry_beautified = false
+
+            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
+              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub
+              entry = "#{entry}.JS-BEAUTIFIED"
+              entry_beautified = true
+            end
+
+            test_case_filter = %(
+              grep -Ein \
+              -e "Authorization:(\\sBasic|Basic)" \
+              -e "Authorization:(\\sBearer|Bearer)" \
+              -e "Authorization:(\\sDigest|Digest)" \
+              -e "Authorization:(\\sHOBA|HOBA)" \
+              -e "Authorization:(\\sMutual|Mutual)" \
+              -e "Authorization:(\\sNegotiate|Negotiate)" \
+              -e "Authorization:(\\sVapid|Vapid)" \
+              -e "Authorization:(\\sSCRAM|SCRAM)" \
+              -e "Authorization:(\\sAWS|AWS)" \
+              -e "authorization(\\s=|=)" #{entry}
+            )
+
+            str = `#{test_case_filter}`.to_s.scrub
+
+            if str.to_s.empty?
+              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
+              logger_results = "#{logger_results}~" # Catching bugs is good :)
+            else
+              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
+
+              hash_line = {
+                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
+                test_case: nist_800_53_requirements,
+                filename: filename_arr.push(git_repo_root_uri: git_repo_root_uri, entry: entry),
+                line_no_and_contents: '',
+                raw_content: str,
+                test_case_filter: test_case_filter
+              }
+
+              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
+              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
+              line_no_count = line_contents_split.length # This should always be an even number
+              current_count = 0
+              while line_no_count > current_count
+                line_no = line_contents_split[current_count]
+                contents = line_contents_split[current_count + 1]
+                if Dir.exist?("#{dir_path}/.git") ||
+                   Dir.exist?('.git')
+
+                  repo_root = dir_path
+                  repo_root = '.' if Dir.exist?('.git')
+
+                  author = PWN::Plugins::Git.get_author(
+                    repo_root: repo_root,
+                    from_line: line_no,
+                    to_line: line_no,
+                    target_file: entry,
+                    entry_beautified: entry_beautified
+                  )
+                else
+                  author = 'N/A'
+                end
+                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(line_no: line_no,
+                                                                                 contents: contents,
+                                                                                 author: author)
+
+                current_count += 2
+              end
+              result_arr.push(hash_line)
+              logger_results = "#{logger_results}x" # Seeing progress is good :)
+            end
+          end
+        end
+        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
+        if logger_results.empty?
+          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
+        else
+          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
+        end
+        result_arr
+      end
+
+      # Used primarily to map NIST 800-53 Revision 4 Security Controls
+      # https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
+      # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
+      # Determine the level of Testing Coverage w/ PWN.
+
+      public_class_method def self.nist_800_53_requirements
+        {
+          sast_module: self,
+          section: 'PROTECTION OF INFORMATION AT REST',
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control/?version=5.1&number=SC-28'
+        }
+      end
+
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          sast_arr = #{self}.scan(
+            :dir_path => 'optional path to dir defaults to .',
+            :git_repo_root_uri => 'optional http uri of git repo scanned'
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/sast.rb

@@ -22,6 +22,7 @@ module PWN
     autoload :Eval, 'pwn/sast/eval'
     autoload :Factory, 'pwn/sast/factory'
     autoload :FilePermission, 'pwn/sast/file_permission'
+    autoload :HTTPAuthorizationHeader, 'pwn/sast/http_authorization_header'
     autoload :InnerHTML, 'pwn/sast/inner_html'
     autoload :Keystore, 'pwn/sast/keystore'
     autoload :LocationHash, 'pwn/sast/location_hash'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.400'
+  VERSION = '0.4.403'
 end

data/spec/lib/pwn/plugins/{rabbit_mq_hole_spec.rb → rabbit_mq_spec.rb}

@@ -2,14 +2,14 @@
 
 require 'spec_helper'
 
-describe PWN::Plugins::RabbitMQHole do
+describe PWN::Plugins::RabbitMQ do
   it 'should display information for authors' do
-    authors_response = PWN::Plugins::RabbitMQHole
+    authors_response = PWN::Plugins::RabbitMQ
     expect(authors_response).to respond_to :authors
   end
 
   it 'should display information for existing help method' do
-    help_response = PWN::Plugins::RabbitMQHole
+    help_response = PWN::Plugins::RabbitMQ
     expect(help_response).to respond_to :help
   end
 end

data/spec/lib/pwn/sast/http_authorization_header_spec.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::SAST::HTTPAuthorizationHeader do
+  it 'scan method should exist' do
+    scan_response = PWN::SAST::HTTPAuthorizationHeader
+    expect(scan_response).to respond_to :scan
+  end
+
+  it 'should display information for nist_800_53_requirements' do
+    nist_800_53_requirements_response = PWN::SAST::HTTPAuthorizationHeader
+    expect(nist_800_53_requirements_response).to respond_to :nist_800_53_requirements
+  end
+
+  it 'should display information for authors' do
+    authors_response = PWN::SAST::HTTPAuthorizationHeader
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::SAST::HTTPAuthorizationHeader
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.400
+  version: 0.4.403
 platform: ruby
 authors:
 - 0day Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-04 00:00:00.000000000 Z
+date: 2022-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.1
+        version: 5.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.1
+        version: 5.2.2
 - !ruby/object:Gem::Dependency
   name: bson
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.10
+        version: 2.3.11
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.10
+        version: 2.3.11
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -408,14 +408,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.13.3
+        version: 1.13.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.13.3
+        version: 1.13.4
 - !ruby/object:Gem::Dependency
   name: oily_png
   requirement: !ruby/object:Gem::Requirement
@@ -604,14 +604,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.2.4
+        version: 4.2.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.2.4
+        version: 4.2.5
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -646,14 +646,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.26.1
+        version: 1.27.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.26.1
+        version: 1.27.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -1498,7 +1498,7 @@ files:
 - lib/pwn/plugins/pdf_parse.rb
 - lib/pwn/plugins/pony.rb
 - lib/pwn/plugins/pwn_logger.rb
-- lib/pwn/plugins/rabbit_mq_hole.rb
+- lib/pwn/plugins/rabbit_mq.rb
 - lib/pwn/plugins/rfidler.rb
 - lib/pwn/plugins/serial.rb
 - lib/pwn/plugins/shodan.rb
@@ -1532,6 +1532,7 @@ files:
 - lib/pwn/sast/eval.rb
 - lib/pwn/sast/factory.rb
 - lib/pwn/sast/file_permission.rb
+- lib/pwn/sast/http_authorization_header.rb
 - lib/pwn/sast/inner_html.rb
 - lib/pwn/sast/keystore.rb
 - lib/pwn/sast/location_hash.rb
@@ -1791,7 +1792,7 @@ files:
 - spec/lib/pwn/plugins/packet_spec.rb
 - spec/lib/pwn/plugins/pdf_parse_spec.rb
 - spec/lib/pwn/plugins/pony_spec.rb
-- spec/lib/pwn/plugins/rabbit_mq_hole_spec.rb
+- spec/lib/pwn/plugins/rabbit_mq_spec.rb
 - spec/lib/pwn/plugins/rfidler_spec.rb
 - spec/lib/pwn/plugins/serial_spec.rb
 - spec/lib/pwn/plugins/shodan_spec.rb
@@ -1825,6 +1826,7 @@ files:
 - spec/lib/pwn/sast/eval_spec.rb
 - spec/lib/pwn/sast/factory_spec.rb
 - spec/lib/pwn/sast/file_permission_spec.rb
+- spec/lib/pwn/sast/http_authorization_header_spec.rb
 - spec/lib/pwn/sast/inner_html_spec.rb
 - spec/lib/pwn/sast/keystore_spec.rb
 - spec/lib/pwn/sast/location_hash_spec.rb
@@ -2058,7 +2060,7 @@ test_files:
 - spec/lib/pwn/plugins/packet_spec.rb
 - spec/lib/pwn/plugins/pdf_parse_spec.rb
 - spec/lib/pwn/plugins/pony_spec.rb
-- spec/lib/pwn/plugins/rabbit_mq_hole_spec.rb
+- spec/lib/pwn/plugins/rabbit_mq_spec.rb
 - spec/lib/pwn/plugins/rfidler_spec.rb
 - spec/lib/pwn/plugins/serial_spec.rb
 - spec/lib/pwn/plugins/shodan_spec.rb
@@ -2092,6 +2094,7 @@ test_files:
 - spec/lib/pwn/sast/eval_spec.rb
 - spec/lib/pwn/sast/factory_spec.rb
 - spec/lib/pwn/sast/file_permission_spec.rb
+- spec/lib/pwn/sast/http_authorization_header_spec.rb
 - spec/lib/pwn/sast/inner_html_spec.rb
 - spec/lib/pwn/sast/keystore_spec.rb
 - spec/lib/pwn/sast/location_hash_spec.rb