pwn 0.4.432 → 0.4.435
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +2 -2
- data/bin/pwn_nessus_cloud_create_scan +75 -61
- data/etc/userland/aws/nessus/vagrant.yaml.EXAMPLE +13 -0
- data/etc/userland/docker/nessus/vagrant.yaml.EXAMPLE +13 -0
- data/etc/userland/qemu/nessus/vagrant.yaml.EXAMPLE +13 -0
- data/etc/userland/ruby-gem/nessus/vagrant.yaml.EXAMPLE +13 -0
- data/etc/userland/virtualbox/nessus/vagrant.yaml.EXAMPLE +13 -0
- data/etc/userland/vmware/nessus/vagrant.yaml.EXAMPLE +13 -0
- data/lib/pwn/plugins/nessus_cloud.rb +19 -6
- data/lib/pwn/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 209ccf03fc65f77a45d9e9f03d3966688a0591f617f07155b40de41dfe5b0063
|
4
|
+
data.tar.gz: 763afb4b83c8d881d3427a1f875c07972f0589c14e3dd5a213cbec9e3d708ca8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 883e63a3b58c95c3beb9600f2c22406e20329f8c9ea314a2eb54d7e64af502a90e3da9dc0ddffcb7998a945e8b8d21536aa28af75d502bd0064d40c24fdbbb17
|
7
|
+
data.tar.gz: 308d5c412f29b76b33911c605a3e01fa66fdf199ddf5d0cc5eb037b3d2bbabe7dff27ad748dc1f8fa268cdb7b75676195af82fc7bfcf27bff63e35fa796e9969
|
data/Gemfile
CHANGED
@@ -19,7 +19,7 @@ gem 'bettercap', '1.6.2'
|
|
19
19
|
gem 'brakeman', '5.2.3'
|
20
20
|
gem 'bson', '4.15.0'
|
21
21
|
gem 'bundler', '>=2.3.14'
|
22
|
-
gem 'bundler-audit', '0.9.
|
22
|
+
gem 'bundler-audit', '0.9.1'
|
23
23
|
gem 'bunny', '2.19.0'
|
24
24
|
gem 'colorize', '0.8.1'
|
25
25
|
gem 'credit_card_validations', '5.0.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.435]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.435]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -11,7 +11,7 @@ OptionParser.new do |options|
|
|
11
11
|
#{$PROGRAM_NAME} [opts]
|
12
12
|
"
|
13
13
|
|
14
|
-
options.on('-cYPATH', '--yaml-config=YPATH', '<Required - YAML Config Containing Access & Secret Keys for Authentication>') do |c|
|
14
|
+
options.on('-cYPATH', '--yaml-config=YPATH', '<Required - YAML Config Containing Access & Secret Keys for Authentication, Including Credential Information for Scan Creation (https://developer.tenable.com/docs/determine-settings-for-credential-type)>') do |c|
|
15
15
|
opts[:yaml_config] = c
|
16
16
|
end
|
17
17
|
|
@@ -23,6 +23,10 @@ OptionParser.new do |options|
|
|
23
23
|
opts[:text_targets] = t
|
24
24
|
end
|
25
25
|
|
26
|
+
options.on('-dDESC', '--scan-description=DESC', '<Optional - Scan Description (Defaults to nil)>') do |d|
|
27
|
+
opts[:scan_desc] = d
|
28
|
+
end
|
29
|
+
|
26
30
|
options.on('-tVALUE', '--scan-template=VALUE', '<Optional - Canned Scan Template to Use for Scan Creation (Defaults to "Basic Network Scan">') do |t|
|
27
31
|
opts[:scan_template] = t
|
28
32
|
end
|
@@ -51,7 +55,7 @@ OptionParser.new do |options|
|
|
51
55
|
opts[:launch] = l
|
52
56
|
end
|
53
57
|
|
54
|
-
options.on('-
|
58
|
+
options.on('-wTIMEWINDOW', '--scan-time-window=TIMEWINDOW', '<Optional - Scan Time Window in Minutes - (Defaults to 0)>') do |t|
|
55
59
|
opts[:scan_time_window] = t
|
56
60
|
end
|
57
61
|
|
@@ -88,6 +92,7 @@ begin
|
|
88
92
|
secret_key = yaml[:secret_key]
|
89
93
|
|
90
94
|
scan_name = opts[:scan_name]
|
95
|
+
scan_desc = opts[:scan_desc]
|
91
96
|
|
92
97
|
scan_template = opts[:scan_template]
|
93
98
|
scan_template ||= 'Basic Network Scan'
|
@@ -113,18 +118,14 @@ begin
|
|
113
118
|
launch = opts[:launch]
|
114
119
|
launch ||= 'ON_DEMAND'
|
115
120
|
|
116
|
-
scan_time_window = opts[:scan_time_window]
|
121
|
+
scan_time_window = opts[:scan_time_window].to_i
|
122
|
+
scan_time_window ||= 0
|
117
123
|
|
118
124
|
starttime = opts[:starttime]
|
119
125
|
starttime ||= Time.now.strftime('%Y%m%dT%H%M%S')
|
120
126
|
|
121
127
|
rrules = opts[:rrules]
|
122
128
|
rrules ||= 'FREQ=ONETIME;INTERVAL=0;BYDAY=null'
|
123
|
-
# if opts[:rrules].nil?
|
124
|
-
# # SU, MO, TU, WE, TH, FR, SA
|
125
|
-
# byday_today = Time.now.strftime('%A').upcase[0..1]
|
126
|
-
# rrules = "FREQ=ONETIME;INTERVAL=0;BYDAY=#{byday_today}"
|
127
|
-
# end
|
128
129
|
|
129
130
|
timezone = opts[:timezone]
|
130
131
|
timezone ||= 'UTC'
|
@@ -132,23 +133,24 @@ begin
|
|
132
133
|
text_targets = opts[:text_targets]
|
133
134
|
raise 'ERROR: --text-targets (i.e. List of targets to scan) is required.' unless text_targets
|
134
135
|
|
135
|
-
text_targets_arr = text_targets.split(',')
|
136
|
-
|
137
136
|
target_groups = opts[:target_groups]
|
138
137
|
|
139
138
|
file_targets = opts[:file_targets]
|
140
139
|
|
141
140
|
tag_targets = opts[:tag_targets]
|
141
|
+
tag_targets_arr = []
|
142
|
+
tag_targets_arr = tag_targets.split(',') if tag_targets
|
142
143
|
|
143
144
|
agent_group_name = opts[:agent_group_name]
|
144
|
-
|
145
|
+
agent_group_id_arr = []
|
145
146
|
|
146
147
|
agent_scan_launch_type = opts[:agent_scan_launch_type]
|
147
148
|
agent_scan_launch_type ||= 'triggered'
|
148
149
|
|
150
|
+
triggers_arr = []
|
149
151
|
triggers = {}
|
150
|
-
triggers[:
|
151
|
-
triggers[:
|
152
|
+
triggers[:type] = agent_scan_launch_type
|
153
|
+
triggers[:type] ||= 'periodic'
|
152
154
|
|
153
155
|
triggers[:options] = {}
|
154
156
|
case agent_scan_launch_type
|
@@ -159,6 +161,8 @@ begin
|
|
159
161
|
triggers[:options][:filename] = opts[:filename]
|
160
162
|
end
|
161
163
|
|
164
|
+
triggers_arr.push(triggers)
|
165
|
+
|
162
166
|
emails = opts[:emails]
|
163
167
|
|
164
168
|
acls = {}
|
@@ -169,6 +173,9 @@ begin
|
|
169
173
|
acls[:id] = opts[:acl_id]
|
170
174
|
acls[:type] = opts[:acl_type]
|
171
175
|
|
176
|
+
credential_category = opts[:credential_category]
|
177
|
+
credential_type = opts[:credential_type]
|
178
|
+
|
172
179
|
# Begin Here
|
173
180
|
nessus_obj = PWN::Plugins::NessusCloud.login(
|
174
181
|
access_key: access_key,
|
@@ -177,9 +184,9 @@ begin
|
|
177
184
|
|
178
185
|
# Requirements to create a scan:
|
179
186
|
# Part 1: Populate uuid
|
180
|
-
# Part 2: Populate settings object
|
181
|
-
# Part 3: Populate credentials object
|
182
|
-
# Part 4: Populate plugins object (optional)
|
187
|
+
# Part 2: Populate settings object from options passed to driver
|
188
|
+
# Part 3: Populate credentials object from YAML config (optional)
|
189
|
+
# Part 4: Populate plugins object from YAML config (optional)
|
183
190
|
|
184
191
|
# Part 1: Populate uuid
|
185
192
|
# TODO: add --list-canned-scan-templates option
|
@@ -190,73 +197,80 @@ begin
|
|
190
197
|
scan_template_uuid = scan_template[:uuid]
|
191
198
|
puts scan_template_uuid
|
192
199
|
|
193
|
-
# Part 2: Populate settings object
|
200
|
+
# Part 2: Populate settings object from options passed to driver
|
194
201
|
settings = {}
|
202
|
+
settings[:name] = scan_name
|
203
|
+
settings[:description] = scan_desc
|
204
|
+
|
195
205
|
policy = PWN::Plugins::NessusCloud.get_policies(
|
196
206
|
nessus_obj: nessus_obj,
|
197
207
|
name: policy_name
|
198
208
|
)
|
199
|
-
policy_id = policy[:id]
|
200
|
-
puts policy_id
|
209
|
+
settings[:policy_id] = policy[:id]
|
201
210
|
|
202
211
|
folder = PWN::Plugins::NessusCloud.get_folders(
|
203
212
|
nessus_obj: nessus_obj,
|
204
213
|
name: folder_name
|
205
214
|
)
|
206
|
-
folder_id = folder[:id]
|
207
|
-
puts folder_id
|
215
|
+
settings[:folder_id] = folder[:id]
|
208
216
|
|
209
217
|
scanner = PWN::Plugins::NessusCloud.get_scanners(
|
210
218
|
nessus_obj: nessus_obj,
|
211
219
|
name: scanner_name
|
212
220
|
)
|
213
|
-
scanner_id = scanner[:id]
|
214
|
-
puts scanner_id
|
221
|
+
settings[:scanner_id] = scanner[:id]
|
215
222
|
|
216
223
|
target_network = PWN::Plugins::NessusCloud.get_target_networks(
|
217
224
|
nessus_obj: nessus_obj,
|
218
225
|
name: target_network_name
|
219
226
|
)
|
220
|
-
|
221
|
-
|
227
|
+
settings[:target_network_uuid] = target_network[:uuid]
|
228
|
+
|
229
|
+
settings[:enabled] = enabled
|
230
|
+
|
231
|
+
settings[:launch] = launch
|
232
|
+
|
233
|
+
settings[:scan_time_window] = scan_time_window
|
234
|
+
|
235
|
+
settings[:starttime] = starttime
|
236
|
+
|
237
|
+
settings[:rrules] = rrules
|
238
|
+
|
239
|
+
settings[:timezone] = timezone
|
240
|
+
|
241
|
+
settings[:text_targets] = text_targets
|
222
242
|
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
243
|
+
settings[:target_groups] = target_groups
|
244
|
+
|
245
|
+
settings[:file_targets] = file_targets
|
246
|
+
|
247
|
+
settings[:tag_targets] = tag_targets_arr
|
248
|
+
|
249
|
+
settings[:agent_group_id] = agent_group_id_arr
|
250
|
+
|
251
|
+
settings[:agent_scan_launch_type] = agent_scan_launch_type
|
252
|
+
|
253
|
+
settings[:triggers] = triggers_arr
|
254
|
+
|
255
|
+
settings[:emails] = emails
|
256
|
+
|
257
|
+
settings[:acls] = acls
|
258
|
+
|
259
|
+
# Part 3: Populate credentials object from YAML config (optional)
|
260
|
+
credentials = yaml[:credentials]
|
261
|
+
|
262
|
+
# Part 4: Populate plugins object from YAML config (optional)
|
263
|
+
plugins = yaml[:plugins]
|
264
|
+
|
265
|
+
create_scan_resp = PWN::Plugins::NessusCloud.create_scan(
|
266
|
+
nessus_obj: nessus_obj,
|
267
|
+
scan_template_uuid: scan_template_uuid,
|
268
|
+
settings: settings,
|
269
|
+
credentials: credentials,
|
270
|
+
plugins: plugins
|
227
271
|
)
|
228
|
-
|
229
|
-
|
230
|
-
# credentials[:add] = {}
|
231
|
-
|
232
|
-
# case opts[:credential_type]
|
233
|
-
# when 'host/ssh'
|
234
|
-
# credential_type_parent = opts[:credential_type].split('/').first.to_sym
|
235
|
-
# credential_type = opts[:credential_type].split('/').last.to_sym
|
236
|
-
# credentials[:add][credential_type_parent] = {}
|
237
|
-
# credentials[:add][credential_type_parent][credential_type] = []
|
238
|
-
# when 'host/windows'
|
239
|
-
# credential_type_parent = opts[:credential_type].split('/').first.to_sym
|
240
|
-
# credential_type = opts[:credential_type].split('/').last.to_sym
|
241
|
-
# credentials[:add][credential_type_parent] = {}
|
242
|
-
# credentials[:add][credential_type_parent][credential_type] = []
|
243
|
-
# else
|
244
|
-
# raise "ERROR: #{opts[:credential_type]} Not Supported."
|
245
|
-
# end
|
246
|
-
|
247
|
-
# Part 4: Populate plugins object (optional)
|
248
|
-
# TODO: Implment Plugins During Scan Creation
|
249
|
-
plugins = {}
|
250
|
-
|
251
|
-
# create_scan_resp = PWN::Plugins::NessusCloud.create_scan(
|
252
|
-
# nessus_obj: nessus_obj,
|
253
|
-
# scan_template_uuid: scan_template_uuid,
|
254
|
-
# settings: settings,
|
255
|
-
# credentials: credentials,
|
256
|
-
# plugins: plugins
|
257
|
-
# )
|
258
|
-
|
259
|
-
# puts create_scan_resp.inspect
|
272
|
+
|
273
|
+
puts create_scan_resp.inspect
|
260
274
|
rescue Interrupt
|
261
275
|
puts 'CTRL+C detected...goodbye.'
|
262
276
|
rescue StandardError => e
|
@@ -1,2 +1,15 @@
|
|
1
1
|
access_key: 'ACCESS_KEY'
|
2
2
|
secret_key: 'SECRET_KEY'
|
3
|
+
credentials:
|
4
|
+
add:
|
5
|
+
Host:
|
6
|
+
Windows:
|
7
|
+
- domain: 'dc.local'
|
8
|
+
username: 'USERNAME'
|
9
|
+
auth_method: 'Password'
|
10
|
+
password: 'PASSWORD'
|
11
|
+
plugins:
|
12
|
+
Web Servers:
|
13
|
+
individual:
|
14
|
+
'11213': enabled
|
15
|
+
'18261': enabled
|
@@ -1,2 +1,15 @@
|
|
1
1
|
access_key: 'ACCESS_KEY'
|
2
2
|
secret_key: 'SECRET_KEY'
|
3
|
+
credentials:
|
4
|
+
add:
|
5
|
+
Host:
|
6
|
+
Windows:
|
7
|
+
- domain: 'dc.local'
|
8
|
+
username: 'USERNAME'
|
9
|
+
auth_method: 'Password'
|
10
|
+
password: 'PASSWORD'
|
11
|
+
plugins:
|
12
|
+
Web Servers:
|
13
|
+
individual:
|
14
|
+
'11213': enabled
|
15
|
+
'18261': enabled
|
@@ -1,2 +1,15 @@
|
|
1
1
|
access_key: 'ACCESS_KEY'
|
2
2
|
secret_key: 'SECRET_KEY'
|
3
|
+
credentials:
|
4
|
+
add:
|
5
|
+
Host:
|
6
|
+
Windows:
|
7
|
+
- domain: 'dc.local'
|
8
|
+
username: 'USERNAME'
|
9
|
+
auth_method: 'Password'
|
10
|
+
password: 'PASSWORD'
|
11
|
+
plugins:
|
12
|
+
Web Servers:
|
13
|
+
individual:
|
14
|
+
'11213': enabled
|
15
|
+
'18261': enabled
|
@@ -1,2 +1,15 @@
|
|
1
1
|
access_key: 'ACCESS_KEY'
|
2
2
|
secret_key: 'SECRET_KEY'
|
3
|
+
credentials:
|
4
|
+
add:
|
5
|
+
Host:
|
6
|
+
Windows:
|
7
|
+
- domain: 'dc.local'
|
8
|
+
username: 'USERNAME'
|
9
|
+
auth_method: 'Password'
|
10
|
+
password: 'PASSWORD'
|
11
|
+
plugins:
|
12
|
+
Web Servers:
|
13
|
+
individual:
|
14
|
+
'11213': enabled
|
15
|
+
'18261': enabled
|
@@ -1,2 +1,15 @@
|
|
1
1
|
access_key: 'ACCESS_KEY'
|
2
2
|
secret_key: 'SECRET_KEY'
|
3
|
+
credentials:
|
4
|
+
add:
|
5
|
+
Host:
|
6
|
+
Windows:
|
7
|
+
- domain: 'dc.local'
|
8
|
+
username: 'USERNAME'
|
9
|
+
auth_method: 'Password'
|
10
|
+
password: 'PASSWORD'
|
11
|
+
plugins:
|
12
|
+
Web Servers:
|
13
|
+
individual:
|
14
|
+
'11213': enabled
|
15
|
+
'18261': enabled
|
@@ -1,2 +1,15 @@
|
|
1
1
|
access_key: 'ACCESS_KEY'
|
2
2
|
secret_key: 'SECRET_KEY'
|
3
|
+
credentials:
|
4
|
+
add:
|
5
|
+
Host:
|
6
|
+
Windows:
|
7
|
+
- domain: 'dc.local'
|
8
|
+
username: 'USERNAME'
|
9
|
+
auth_method: 'Password'
|
10
|
+
password: 'PASSWORD'
|
11
|
+
plugins:
|
12
|
+
Web Servers:
|
13
|
+
individual:
|
14
|
+
'11213': enabled
|
15
|
+
'18261': enabled
|
@@ -306,13 +306,17 @@ module PWN
|
|
306
306
|
# Supported Method Parameters::
|
307
307
|
# PWN::Plugins::NessusCloud.get_credential_types(
|
308
308
|
# nessus_obj: 'required - nessus_obj returned from #login method',
|
309
|
-
#
|
309
|
+
# category: 'optional - category of credential type (Defaults to "Host")',
|
310
|
+
# name: 'optional - name of credential type (Defaults to "SSH")'
|
310
311
|
# )
|
311
312
|
# )
|
312
313
|
|
313
314
|
public_class_method def self.get_credential_types(opts = {})
|
314
315
|
nessus_obj = opts[:nessus_obj]
|
315
|
-
|
316
|
+
category = opts[:category].to_s.downcase
|
317
|
+
name = opts[:name].to_s.downcase
|
318
|
+
|
319
|
+
raise 'ERROR: name parameter requires category parameter.' if category.empty? && !name.empty?
|
316
320
|
|
317
321
|
credential_types_resp = nessus_cloud_rest_call(
|
318
322
|
nessus_obj: nessus_obj,
|
@@ -321,12 +325,21 @@ module PWN
|
|
321
325
|
|
322
326
|
credential_types = JSON.parse(credential_types_resp, symbolize_names: true)
|
323
327
|
|
324
|
-
if
|
325
|
-
|
326
|
-
|
328
|
+
if category
|
329
|
+
selected_credential_category = credential_types[:credentials].select do |cc|
|
330
|
+
cc[:category].downcase == category
|
327
331
|
end
|
328
|
-
credential_types =
|
332
|
+
credential_types = selected_credential_category.first if selected_credential_category.any?
|
329
333
|
credential_types ||= {}
|
334
|
+
|
335
|
+
if name
|
336
|
+
selected_credential_type = credential_types[:types].select do |ct|
|
337
|
+
ct[:name].downcase == name
|
338
|
+
end
|
339
|
+
credential_types = selected_credential_type.first if selected_credential_type.any?
|
340
|
+
credential_types ||= {}
|
341
|
+
end
|
342
|
+
|
330
343
|
end
|
331
344
|
|
332
345
|
credential_types
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.435
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-05-
|
11
|
+
date: 2022-05-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - '='
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 0.9.
|
131
|
+
version: 0.9.1
|
132
132
|
type: :runtime
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - '='
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 0.9.
|
138
|
+
version: 0.9.1
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: bunny
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1968,7 +1968,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
1968
1968
|
- !ruby/object:Gem::Version
|
1969
1969
|
version: '0'
|
1970
1970
|
requirements: []
|
1971
|
-
rubygems_version: 3.3.
|
1971
|
+
rubygems_version: 3.3.14
|
1972
1972
|
signing_key:
|
1973
1973
|
specification_version: 4
|
1974
1974
|
summary: Automated Security Testing for CI/CD Pipelines & Beyond
|