pwn 0.4.432 → 0.4.433

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b53a054a6de64ad97760f3d1fe8e6dedbac6fd173d66600dcf08301635d88990
4
- data.tar.gz: 459e0d3b96d8e297f0f48827202912f49e9e275c6f88bf242095c6bfbf3b33c7
3
+ metadata.gz: 0a46e9457e6865983d6c0c7fe5c80bdef0daf3a89145cf5c4d8209eff0b36ad0
4
+ data.tar.gz: 27dc83bbbad652c62eca8b27dddda5696c995bc4f129fcbf7678e50b4aeae6b8
5
5
  SHA512:
6
- metadata.gz: 2094fcfe3d226dd7cea5dd8a9be4593ba853b968be90c657cfae828b74aebde36f3fe654aaf693782320a882fcfc2e18cf937998aff1dcf11cc04c4c655a79ec
7
- data.tar.gz: 3b6dcdb9d2fc4fc65028485aa87418e5a1f0858c4475ab120d4f8e53b183f9c8d62d73ed3134a2648547a8e21fd41271b1a58e4f2785e13258b19a00406b9789
6
+ metadata.gz: 8d7e7119ff10f046fbd3963135e26536385edc6cefc8d83b2c92b0bb11f5c2845df0dc2891e73eb8b5ec55c2af9cb94cd3ad4ae4fc3b45bd6fb06d9f95ab93a6
7
+ data.tar.gz: 668308f6e0c04786f522a28feea4a9758f1e423aaea1610011665d9e1329d093547f40dbf508d8b70d3544a2f76f50711926ed23fc04086cefc816fc2feb298d
data/Gemfile CHANGED
@@ -19,7 +19,7 @@ gem 'bettercap', '1.6.2'
19
19
  gem 'brakeman', '5.2.3'
20
20
  gem 'bson', '4.15.0'
21
21
  gem 'bundler', '>=2.3.14'
22
- gem 'bundler-audit', '0.9.0.1'
22
+ gem 'bundler-audit', '0.9.1'
23
23
  gem 'bunny', '2.19.0'
24
24
  gem 'colorize', '0.8.1'
25
25
  gem 'credit_card_validations', '5.0.0'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.432]:001 >>> PWN.help
40
+ pwn[v0.4.433]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.432]:001 >>> PWN.help
55
+ pwn[v0.4.433]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
@@ -11,7 +11,7 @@ OptionParser.new do |options|
11
11
  #{$PROGRAM_NAME} [opts]
12
12
  "
13
13
 
14
- options.on('-cYPATH', '--yaml-config=YPATH', '<Required - YAML Config Containing Access & Secret Keys for Authentication>') do |c|
14
+ options.on('-cYPATH', '--yaml-config=YPATH', '<Required - YAML Config Containing Access & Secret Keys for Authentication, Including Credential Information for Scan Creation (https://developer.tenable.com/docs/determine-settings-for-credential-type)>') do |c|
15
15
  opts[:yaml_config] = c
16
16
  end
17
17
 
@@ -23,6 +23,10 @@ OptionParser.new do |options|
23
23
  opts[:text_targets] = t
24
24
  end
25
25
 
26
+ options.on('-dDESC', '--scan-description=DESC', '<Optional - Scan Description (Defaults to nil)>') do |d|
27
+ opts[:scan_desc] = d
28
+ end
29
+
26
30
  options.on('-tVALUE', '--scan-template=VALUE', '<Optional - Canned Scan Template to Use for Scan Creation (Defaults to "Basic Network Scan">') do |t|
27
31
  opts[:scan_template] = t
28
32
  end
@@ -51,7 +55,7 @@ OptionParser.new do |options|
51
55
  opts[:launch] = l
52
56
  end
53
57
 
54
- options.on('-wTIME', '--scan-time-window=TIME', '<Optional - Scan Time Window in Minutes - (Defaults to 0 if nessus scanner scan || 180 if nessus agent scan)>') do |t|
58
+ options.on('-wTIMEWINDOW', '--scan-time-window=TIMEWINDOW', '<Optional - Scan Time Window in Minutes - (Defaults to 0)>') do |t|
55
59
  opts[:scan_time_window] = t
56
60
  end
57
61
 
@@ -87,7 +91,10 @@ begin
87
91
  access_key = yaml[:access_key]
88
92
  secret_key = yaml[:secret_key]
89
93
 
94
+ credentials = yaml[:create_scan][:credentials]
95
+
90
96
  scan_name = opts[:scan_name]
97
+ scan_desc = opts[:scan_desc]
91
98
 
92
99
  scan_template = opts[:scan_template]
93
100
  scan_template ||= 'Basic Network Scan'
@@ -113,18 +120,14 @@ begin
113
120
  launch = opts[:launch]
114
121
  launch ||= 'ON_DEMAND'
115
122
 
116
- scan_time_window = opts[:scan_time_window]
123
+ scan_time_window = opts[:scan_time_window].to_i
124
+ scan_time_window ||= 0
117
125
 
118
126
  starttime = opts[:starttime]
119
127
  starttime ||= Time.now.strftime('%Y%m%dT%H%M%S')
120
128
 
121
129
  rrules = opts[:rrules]
122
130
  rrules ||= 'FREQ=ONETIME;INTERVAL=0;BYDAY=null'
123
- # if opts[:rrules].nil?
124
- # # SU, MO, TU, WE, TH, FR, SA
125
- # byday_today = Time.now.strftime('%A').upcase[0..1]
126
- # rrules = "FREQ=ONETIME;INTERVAL=0;BYDAY=#{byday_today}"
127
- # end
128
131
 
129
132
  timezone = opts[:timezone]
130
133
  timezone ||= 'UTC'
@@ -132,23 +135,23 @@ begin
132
135
  text_targets = opts[:text_targets]
133
136
  raise 'ERROR: --text-targets (i.e. List of targets to scan) is required.' unless text_targets
134
137
 
135
- text_targets_arr = text_targets.split(',')
136
-
137
138
  target_groups = opts[:target_groups]
138
139
 
139
140
  file_targets = opts[:file_targets]
140
141
 
141
142
  tag_targets = opts[:tag_targets]
143
+ tag_targets_arr = tag_targets.split(',')
142
144
 
143
145
  agent_group_name = opts[:agent_group_name]
144
- agent_group_id = ''
146
+ agent_group_id_arr = []
145
147
 
146
148
  agent_scan_launch_type = opts[:agent_scan_launch_type]
147
149
  agent_scan_launch_type ||= 'triggered'
148
150
 
151
+ triggers_arr = []
149
152
  triggers = {}
150
- triggers[:trigger_type] = agent_scan_launch_type
151
- triggers[:trigger_type] ||= 'periodic'
153
+ triggers[:type] = agent_scan_launch_type
154
+ triggers[:type] ||= 'periodic'
152
155
 
153
156
  triggers[:options] = {}
154
157
  case agent_scan_launch_type
@@ -159,6 +162,8 @@ begin
159
162
  triggers[:options][:filename] = opts[:filename]
160
163
  end
161
164
 
165
+ triggers_arr.push(triggers)
166
+
162
167
  emails = opts[:emails]
163
168
 
164
169
  acls = {}
@@ -169,6 +174,9 @@ begin
169
174
  acls[:id] = opts[:acl_id]
170
175
  acls[:type] = opts[:acl_type]
171
176
 
177
+ credential_category = opts[:credential_category]
178
+ credential_type = opts[:credential_type]
179
+
172
180
  # Begin Here
173
181
  nessus_obj = PWN::Plugins::NessusCloud.login(
174
182
  access_key: access_key,
@@ -177,9 +185,9 @@ begin
177
185
 
178
186
  # Requirements to create a scan:
179
187
  # Part 1: Populate uuid
180
- # Part 2: Populate settings object
181
- # Part 3: Populate credentials object
182
- # Part 4: Populate plugins object (optional)
188
+ # Part 2: Populate settings object from options passed to driver
189
+ # Part 3: Populate credentials object from YAML config (optional)
190
+ # Part 4: Populate plugins object from YAML config (optional)
183
191
 
184
192
  # Part 1: Populate uuid
185
193
  # TODO: add --list-canned-scan-templates option
@@ -190,73 +198,80 @@ begin
190
198
  scan_template_uuid = scan_template[:uuid]
191
199
  puts scan_template_uuid
192
200
 
193
- # Part 2: Populate settings object
201
+ # Part 2: Populate settings object from options passed to driver
194
202
  settings = {}
203
+ settings[:name] = scan_name
204
+ settings[:description] = scan_desc
205
+
195
206
  policy = PWN::Plugins::NessusCloud.get_policies(
196
207
  nessus_obj: nessus_obj,
197
208
  name: policy_name
198
209
  )
199
- policy_id = policy[:id]
200
- puts policy_id
210
+ settings[:policy_id] = policy[:id]
201
211
 
202
212
  folder = PWN::Plugins::NessusCloud.get_folders(
203
213
  nessus_obj: nessus_obj,
204
214
  name: folder_name
205
215
  )
206
- folder_id = folder[:id]
207
- puts folder_id
216
+ settings[:folder_id] = folder[:id]
208
217
 
209
218
  scanner = PWN::Plugins::NessusCloud.get_scanners(
210
219
  nessus_obj: nessus_obj,
211
220
  name: scanner_name
212
221
  )
213
- scanner_id = scanner[:id]
214
- puts scanner_id
222
+ settings[:scanner_id] = scanner[:id]
215
223
 
216
224
  target_network = PWN::Plugins::NessusCloud.get_target_networks(
217
225
  nessus_obj: nessus_obj,
218
226
  name: target_network_name
219
227
  )
220
- target_network_id = target_network[:uuid]
221
- puts target_network_id
228
+ settings[:target_network_uuid] = target_network[:uuid]
229
+
230
+ settings[:enabled] = enabled
231
+
232
+ settings[:launch] = launch
233
+
234
+ settings[:scan_time_window] = scan_time_window
235
+
236
+ settings[:starttime] = starttime
237
+
238
+ settings[:rrules] = rrules
239
+
240
+ settings[:timezone] = timezone
222
241
 
223
- # Part 3: Populate credentials object
224
- credentials = {}
225
- credential_types = PWN::Plugins::NessusCloud.get_credential_types(
226
- nessus_obj: nessus_obj
242
+ settings[:text_targets] = text_targets
243
+
244
+ settings[:target_groups] = target_groups
245
+
246
+ settings[:file_targets] = file_targets
247
+
248
+ settings[:tag_targets] = tag_targets_arr
249
+
250
+ settings[:agent_group_id] = agent_group_id_arr
251
+
252
+ settings[:agent_scan_launch_type] = agent_scan_launch_type
253
+
254
+ settings[:triggers] = triggers_arr
255
+
256
+ settings[:emails] = emails
257
+
258
+ settings[:acls] = acls
259
+
260
+ # Part 3: Populate credentials object from YAML config (optional)
261
+ credentials = yaml[:credentials]
262
+
263
+ # Part 4: Populate plugins object from YAML config (optional)
264
+ plugins = yaml[:plugins]
265
+
266
+ create_scan_resp = PWN::Plugins::NessusCloud.create_scan(
267
+ nessus_obj: nessus_obj,
268
+ scan_template_uuid: scan_template_uuid,
269
+ settings: settings,
270
+ credentials: credentials,
271
+ plugins: plugins
227
272
  )
228
- puts credential_types.inspect
229
- # TODO: add --list-credential-types option
230
- # credentials[:add] = {}
231
-
232
- # case opts[:credential_type]
233
- # when 'host/ssh'
234
- # credential_type_parent = opts[:credential_type].split('/').first.to_sym
235
- # credential_type = opts[:credential_type].split('/').last.to_sym
236
- # credentials[:add][credential_type_parent] = {}
237
- # credentials[:add][credential_type_parent][credential_type] = []
238
- # when 'host/windows'
239
- # credential_type_parent = opts[:credential_type].split('/').first.to_sym
240
- # credential_type = opts[:credential_type].split('/').last.to_sym
241
- # credentials[:add][credential_type_parent] = {}
242
- # credentials[:add][credential_type_parent][credential_type] = []
243
- # else
244
- # raise "ERROR: #{opts[:credential_type]} Not Supported."
245
- # end
246
-
247
- # Part 4: Populate plugins object (optional)
248
- # TODO: Implment Plugins During Scan Creation
249
- plugins = {}
250
-
251
- # create_scan_resp = PWN::Plugins::NessusCloud.create_scan(
252
- # nessus_obj: nessus_obj,
253
- # scan_template_uuid: scan_template_uuid,
254
- # settings: settings,
255
- # credentials: credentials,
256
- # plugins: plugins
257
- # )
258
-
259
- # puts create_scan_resp.inspect
273
+
274
+ puts create_scan_resp.inspect
260
275
  rescue Interrupt
261
276
  puts 'CTRL+C detected...goodbye.'
262
277
  rescue StandardError => e
@@ -1,2 +1,15 @@
1
1
  access_key: 'ACCESS_KEY'
2
2
  secret_key: 'SECRET_KEY'
3
+ credentials:
4
+ add:
5
+ Host:
6
+ Windows:
7
+ - domain: 'dc.local'
8
+ username: 'USERNAME'
9
+ auth_method: 'Password'
10
+ password: 'PASSWORD'
11
+ plugins:
12
+ Web Servers:
13
+ individual:
14
+ '11213': enabled
15
+ '18261': enabled
@@ -1,2 +1,15 @@
1
1
  access_key: 'ACCESS_KEY'
2
2
  secret_key: 'SECRET_KEY'
3
+ credentials:
4
+ add:
5
+ Host:
6
+ Windows:
7
+ - domain: 'dc.local'
8
+ username: 'USERNAME'
9
+ auth_method: 'Password'
10
+ password: 'PASSWORD'
11
+ plugins:
12
+ Web Servers:
13
+ individual:
14
+ '11213': enabled
15
+ '18261': enabled
@@ -1,2 +1,15 @@
1
1
  access_key: 'ACCESS_KEY'
2
2
  secret_key: 'SECRET_KEY'
3
+ credentials:
4
+ add:
5
+ Host:
6
+ Windows:
7
+ - domain: 'dc.local'
8
+ username: 'USERNAME'
9
+ auth_method: 'Password'
10
+ password: 'PASSWORD'
11
+ plugins:
12
+ Web Servers:
13
+ individual:
14
+ '11213': enabled
15
+ '18261': enabled
@@ -1,2 +1,15 @@
1
1
  access_key: 'ACCESS_KEY'
2
2
  secret_key: 'SECRET_KEY'
3
+ credentials:
4
+ add:
5
+ Host:
6
+ Windows:
7
+ - domain: 'dc.local'
8
+ username: 'USERNAME'
9
+ auth_method: 'Password'
10
+ password: 'PASSWORD'
11
+ plugins:
12
+ Web Servers:
13
+ individual:
14
+ '11213': enabled
15
+ '18261': enabled
@@ -1,2 +1,15 @@
1
1
  access_key: 'ACCESS_KEY'
2
2
  secret_key: 'SECRET_KEY'
3
+ credentials:
4
+ add:
5
+ Host:
6
+ Windows:
7
+ - domain: 'dc.local'
8
+ username: 'USERNAME'
9
+ auth_method: 'Password'
10
+ password: 'PASSWORD'
11
+ plugins:
12
+ Web Servers:
13
+ individual:
14
+ '11213': enabled
15
+ '18261': enabled
@@ -1,2 +1,15 @@
1
1
  access_key: 'ACCESS_KEY'
2
2
  secret_key: 'SECRET_KEY'
3
+ credentials:
4
+ add:
5
+ Host:
6
+ Windows:
7
+ - domain: 'dc.local'
8
+ username: 'USERNAME'
9
+ auth_method: 'Password'
10
+ password: 'PASSWORD'
11
+ plugins:
12
+ Web Servers:
13
+ individual:
14
+ '11213': enabled
15
+ '18261': enabled
@@ -306,13 +306,17 @@ module PWN
306
306
  # Supported Method Parameters::
307
307
  # PWN::Plugins::NessusCloud.get_credential_types(
308
308
  # nessus_obj: 'required - nessus_obj returned from #login method',
309
- # name: 'optional - name of credential type (e.g. SSH, Windows, HTTP, etc.)'
309
+ # category: 'optional - category of credential type (Defaults to "Host")',
310
+ # name: 'optional - name of credential type (Defaults to "SSH")'
310
311
  # )
311
312
  # )
312
313
 
313
314
  public_class_method def self.get_credential_types(opts = {})
314
315
  nessus_obj = opts[:nessus_obj]
315
- name = opts[:name]
316
+ category = opts[:category].to_s.downcase
317
+ name = opts[:name].to_s.downcase
318
+
319
+ raise 'ERROR: name parameter requires category parameter.' if category.empty? && !name.empty?
316
320
 
317
321
  credential_types_resp = nessus_cloud_rest_call(
318
322
  nessus_obj: nessus_obj,
@@ -321,12 +325,21 @@ module PWN
321
325
 
322
326
  credential_types = JSON.parse(credential_types_resp, symbolize_names: true)
323
327
 
324
- if name
325
- selected_credential_type = credential_types[:networks].select do |tz|
326
- tz[:name] == name
328
+ if category
329
+ selected_credential_category = credential_types[:credentials].select do |cc|
330
+ cc[:category].downcase == category
327
331
  end
328
- credential_types = selected_credential_type.first if selected_credential_type.any?
332
+ credential_types = selected_credential_category.first if selected_credential_category.any?
329
333
  credential_types ||= {}
334
+
335
+ if name
336
+ selected_credential_type = credential_types[:types].select do |ct|
337
+ ct[:name].downcase == name
338
+ end
339
+ credential_types = selected_credential_type.first if selected_credential_type.any?
340
+ credential_types ||= {}
341
+ end
342
+
330
343
  end
331
344
 
332
345
  credential_types
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.432'
4
+ VERSION = '0.4.433'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.432
4
+ version: 0.4.433
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-19 00:00:00.000000000 Z
11
+ date: 2022-05-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - '='
130
130
  - !ruby/object:Gem::Version
131
- version: 0.9.0.1
131
+ version: 0.9.1
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - '='
137
137
  - !ruby/object:Gem::Version
138
- version: 0.9.0.1
138
+ version: 0.9.1
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: bunny
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -1968,7 +1968,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
1968
1968
  - !ruby/object:Gem::Version
1969
1969
  version: '0'
1970
1970
  requirements: []
1971
- rubygems_version: 3.3.13
1971
+ rubygems_version: 3.3.14
1972
1972
  signing_key:
1973
1973
  specification_version: 4
1974
1974
  summary: Automated Security Testing for CI/CD Pipelines & Beyond