pwn 0.4.519 → 0.4.520

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fe3ddbaf62f25dd464ff0f20bc246bf64de86e8da5dd99ee9e4bb1e96809ed0e
-  data.tar.gz: c412d6c18bdd5050f593315fb246d7269bac6af1de1cfa5dc604fdf1f5dc959c
+  metadata.gz: 9055d4138a29af0aaf29d6671972de3fb0bd903d76ee9bcfd6807e13202ad73d
+  data.tar.gz: 190e35d2c9c8ebc1dcc5bfb34fdfc60f313d5a815a13dcf8ccf1bc46b355cbfd
 SHA512:
-  metadata.gz: e13ccc9856631374e168cd58877891784b45ea653eeed58e1c4cd2cc59737078f71aa5891e93c6afa0c0fb1f81f9ca7074cbcad48b411f33981bd495ba0eacca
-  data.tar.gz: 5c341c124a7c4df33d0f63f272eb00b63e0f6f8a2bddbadade06bc1792fda1a57eddafe79cf70d4c4da28e1bc1538df473b33a892d05bdc06296531e482008ec
+  metadata.gz: 987a56505f9a8460198181f32328c8603d4c49de5fb0712540dd468ac485cc24ed70c3ac68e1287dbd10cc50597e01e32fd417046fbe06ed99a8cc33359e3d59
+  data.tar.gz: 29e0abf86279e6ca2af1fa6037dd431f812d2c73278c4195a11649e22ba7125070fed6253c6dcc5a100aa1e8564470b1e1e38f515897def9bc5af91e453e84f2

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2022-07-28 21:42:33 UTC using RuboCop version 1.31.2.
+# on 2022-08-29 16:58:30 UTC using RuboCop version 1.35.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -17,24 +17,18 @@ Layout/LineContinuationSpacing:
     - 'packer/provisioners/wpscan.rb'
     - 'vagrant/provisioners/beef.rb'
 
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Lint/NonAtomicFileOperation:
-  Exclude:
-    - 'lib/pwn/plugins/baresip.rb'
-
 # Offense count: 264
 Lint/UselessAssignment:
   Enabled: false
 
-# Offense count: 263
-# Configuration parameters: IgnoredMethods, CountRepeatedAttributes.
+# Offense count: 264
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, CountRepeatedAttributes.
 Metrics/AbcSize:
   Max: 328
 
-# Offense count: 66
-# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
-# IgnoredMethods: refine
+# Offense count: 68
+# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# AllowedMethods: refine
 Metrics/BlockLength:
   Max: 196
 
@@ -44,22 +38,22 @@ Metrics/BlockNesting:
   Max: 5
 
 # Offense count: 94
-# Configuration parameters: IgnoredMethods.
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
 Metrics/CyclomaticComplexity:
   Max: 231
 
-# Offense count: 481
-# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
+# Offense count: 482
+# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
 Metrics/MethodLength:
   Max: 466
 
-# Offense count: 44
+# Offense count: 47
 # Configuration parameters: CountComments, CountAsOne.
 Metrics/ModuleLength:
   Max: 1186
 
 # Offense count: 86
-# Configuration parameters: IgnoredMethods.
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
 Metrics/PerceivedComplexity:
   Max: 51
 
@@ -67,7 +61,7 @@ Metrics/PerceivedComplexity:
 Style/ClassVars:
   Enabled: false
 
-# Offense count: 283
+# Offense count: 284
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
 # SupportedStyles: assign_to_condition, assign_inside_condition
@@ -80,6 +74,12 @@ Style/ExplicitBlockArgument:
   Exclude:
     - 'lib/pwn/plugins/nmap_it.rb'
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantBegin:
+  Exclude:
+    - 'bin/pwn_www_uri_buster'
+
 # Offense count: 95
 # This cop supports safe autocorrection (--autocorrect).
 Style/RedundantCondition:
@@ -92,7 +92,7 @@ Style/RedundantCondition:
 Style/SlicingWithRange:
   Enabled: false
 
-# Offense count: 564
+# Offense count: 570
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, IgnoredPatterns.
 # URISchemes: http, https

data/Gemfile

@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.1.0'
 gem 'bettercap', '1.6.2'
 gem 'brakeman', '5.3.1'
 gem 'bson', '4.15.0'
-gem 'bundler', '>=2.3.20'
+gem 'bundler', '>=2.3.21'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.19.0'
 gem 'colorize', '0.8.1'
@@ -34,7 +34,7 @@ gem 'ipaddress', '0.8.3'
 gem 'js-beautify', '0.1.8'
 gem 'json', '2.6.2'
 gem 'jsonpath', '1.1.2'
-gem 'jwt', '2.4.1'
+gem 'jwt', '2.5.0'
 gem 'luhn', '1.0.2'
 gem 'mail', '2.7.1'
 gem 'mongo', '2.18.1'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.519]:001 >>> PWN.help
+pwn[v0.4.520]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.519]:001 >>> PWN.help
+pwn[v0.4.520]:001 >>> PWN.help
 ```
 
 

data/bin/pwn_sast

@@ -11,12 +11,14 @@ OptionParser.new do |options|
     #{$PROGRAM_NAME} [opts]
   "
 
-  options.on('-dDIR', '--dir-path=DIR', '<Required - Report Output Directory>') { |d| opts[:dir_path] = d }
-
   options.on('-uGITURI', '--uri-source-root=GITURI', '<Required - HTTP URI of Git Repo Scanned e.g. https://github.com/0dayInc/pwn/tree/master>') do |u|
     opts[:uri_source_root] = u
   end
 
+  options.on('-dDIR', '--dir-path=DIR', '<Optional - Report Output Directory (Defaults to ".")>') do |d|
+    opts[:dir_path] = d
+  end
+
   options.on('-tTHREADS', '--max-threads=THREADS', '<Optional # Test Cases to Run Simultaneously (Default 25)>') do |t|
     opts[:max_threads] = t
   end
@@ -53,12 +55,15 @@ begin
   dir_path ||= '.'
 
   uri_source_root = opts[:uri_source_root].to_s.scrub
+
   max_threads = opts[:max_threads]
+  max_threads ||= 25
+
   chosen_test_cases = opts[:chosen_test_cases]
   list_test_cases = opts[:list_test_cases]
 
-  report_name = File.basename(Dir.pwd)
-  report_name = opts[:report_name] unless opts[:report_name].nil?
+  report_name = opts[:report_name]
+  report_name ||= File.basename(Dir.pwd)
 
   start_reporting_server = opts[:start_reporting_server]
 

data/bin/pwn_www_uri_buster

@@ -0,0 +1,156 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+require 'pwn'
+require 'optparse'
+require 'uri'
+require 'htmlentities'
+
+opts = {}
+OptionParser.new do |options|
+  options.banner = "USAGE:
+    #{$PROGRAM_NAME} [opts]
+  "
+
+  options.on('-tURL', '--target-url=URL', '<Required - Target URL)>') do |t|
+    opts[:target_url] = t
+  end
+
+  options.on('-wFILE', '--word-list=FILE', '<Required - Wordlist File to Use>') do |w|
+    opts[:wordlist] = w
+  end
+
+  options.on('-tTHREADS', '--max-threads=THREADS', '<Optional # HTTP Requests to Run Simultaneously (Default 100)>') do |t|
+    opts[:max_threads] = t
+  end
+
+  options.on('-dDIR', '--dir-path=DIR', '<Optional - Report Output Directory (Defaults to ".")>') do |w|
+    opts[:wordlist] = w
+  end
+
+  options.on('-nREPORTNAME', '--report-name=REPORTNAME', '<Optional Report Name (Defaults to, "<TARGET_URL_HOST>-<format("%Y-%m-%d_%H-%M-%S", Time.now)>")>') do |n|
+    opts[:report_name] = n
+  end
+
+  options.on('-s', '--[no-]start-reporting-server', '<Optional - Start Simple HTTP Server for Reporting>') do |s|
+    opts[:start_reporting_server] = s
+  end
+end.parse!
+
+if opts.empty?
+  puts `#{$PROGRAM_NAME} --help`
+  exit 1
+end
+
+begin
+  target_url = opts[:target_url]
+  raise "ERROR: Invalid URL #{target_url}\nBe sure to include URL scheme (e.g. http://)" if target_url =~ URI::DEFAULT_PARSER.make_regexp.nil?
+
+  parsed_target_url = URI.parse(target_url)
+
+  wordlist = opts[:wordlist]
+  raise "ERROR: #{wordlist} Does Not Exist." unless File.exist?(wordlist)
+
+  max_threads = opts[:max_threads]
+  max_threads ||= 100
+
+  dir_path = opts[:dir_path]
+  dir_path ||= '.'
+
+  report_name = opts[:report_name]
+  report_name ||= "#{parsed_target_url.host}-#{format('%Y-%m-%d_%H-%M-%S', Time.now)}"
+
+  start_reporting_server = opts[:start_reporting_server]
+
+  mutex = Mutex.new
+
+  results_hash = {
+    report_name: HTMLEntities.new.encode(
+      report_name.to_s.scrub.strip.chomp
+    ),
+    data: []
+  }
+
+  wordlist_arr = File.readlines(wordlist)
+  PWN::Plugins::ThreadPool.fill(
+    enumerable_array: wordlist_arr,
+    max_threads: max_threads
+  ) do |this_wl_line|
+    wordlist_line = this_wl_line.to_s.scrub.strip.chomp
+
+    next if wordlist_line.match?(/^#/)
+
+    http_methods = %i[GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE]
+
+    http_methods.each do |http_method|
+      begin
+        print '.'
+        rest_client_resp_hash = {}
+        http_uri = "#{target_url}/#{wordlist_line}"
+        rest_client = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)::Request
+        response = rest_client_request.execute(
+          method: http_method,
+          url: http_uri,
+          verify_ssl: false
+        )
+
+        rest_client_resp_hash = {
+          request_timestamp: format('%Y-%m-%d_%H-%M-%S', Time.now),
+          http_uri: http_uri,
+          http_method: http_method,
+          http_resp_code: response.code,
+          http_resp: response.body
+        }
+      rescue RestClient::Forbidden,
+             RestClient::BadRequest,
+             RestClient::NotFound => e
+
+        rest_client_resp_hash = {
+          request_timestamp: format('%Y-%m-%d_%H-%M-%S', Time.now),
+          http_uri: http_uri,
+          http_method: http_method,
+          http_resp_code: e.response.code,
+          http_resp: e.response.body
+        }
+        next
+      ensure
+        mutex.synchronize do
+          results_hash[:data].push(rest_client_resp_hash)
+        end
+      end
+    end
+  end
+
+  # Generate HTML Report
+  print "#{$PROGRAM_NAME} Generating Report..."
+  PWN::Reports::URIBuster.generate(
+    dir_path: dir_path,
+    results_hash: results_hash
+  )
+  puts 'complete.'
+
+  # Start Simple HTTP Server (If Requested)
+  if start_reporting_server
+    listen_port = Random.rand(1_025..65_535).to_s
+
+    if pwn_provider == 'docker'
+      listen_ip = '0.0.0.0'
+    else
+      listen_ip = '127.0.0.1'
+    end
+
+    puts "For Scan Results Navigate to: http://127.0.0.1:#{listen_port}/pwn_www_uri_buster.html"
+    Dir.chdir(dir_path)
+    system(
+      'pwn_simple_http_server',
+      '-i',
+      listen_ip,
+      '-p',
+      listen_port
+    )
+  end
+rescue SystemExit, Interrupt
+  puts "\nGoodbye."
+rescue StandardError => e
+  raise e
+end

data/lib/pwn/reports/uri_buster.rb

@@ -0,0 +1,240 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module PWN
+  module Reports
+    # This plugin generates the War Dialing results produced by pwn_www_uri_buster.
+    module URIBuster
+      # Supported Method Parameters::
+      # PWN::Reports::URIBuster.generate(
+      #   dir_path: dir_path,
+      #   results_hash: results_hash
+      # )
+
+      public_class_method def self.generate(opts = {})
+        dir_path = opts[:dir_path].to_s if File.directory?(opts[:dir_path].to_s)
+        raise "PWN Error: Invalid Directory #{dir_path}" if dir_path.nil?
+
+        results_hash = opts[:results_hash]
+
+        File.write(
+          "#{dir_path}/pwn_www_uri_buster.json",
+          JSON.pretty_generate(results_hash)
+        )
+
+        html_report = %q{<!DOCTYPE HTML>
+        <html>
+          <head>
+            <!-- favicon.ico from https://0dayinc.com -->
+            <link rel="icon" href="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAABIXAAASFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkAAACJAgAAiSYAAIlbAACJcAAAiX0AAIlmAACJLQAAiQQAAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkAAACJAAAAiS0AAIluAACJdwAAiXgAAIl+AACJeAAAiXQAAIk5AACJAQAAiQAAAAAAAAAAAAAAAAAAAAAAAACJAAAAiRgAAIlvAACJbQAAiXcAAIl7AACJcwAAiXEAAIl1AACJZwAAiR4AAIkAAACJAAAAAAAAAAAAAACJAAAAiQAAAIlEAACJfAAAiXIAAIlyAACJewAAiX4AAIl5AACJdQAAiXcAAIlIAACJAAAAiQAAAAAAAAAAAAAAiQAAAIkJAACJWQAAiXUAAIl9AACJdAAAiYYAAImLAACJdAAAiXkAAImNAACJfQAAiQwAAIkAAAAAAAAAAAAAAIkAAACJFQAAiWsAAIl2AACJfAAAiYIAAImCAACJfwAAiXYAAIl5AACJiQAAiYYAAIkWAACJAAAAAAAAAAAAAACJAAAAiSAAAIl2AACJeQAAiXkAAIl1AACJfwAAiYEAAIl8AACJbwAAiXoAAImBAACJFgAAiQAAAAAAAAAAAAAAiQAAAIkpAACJeAAAiXMAAIl3AACJeQAAiXUAAImAAACJfwAAiWYAAIl4AACJfwAAiR4AAIkAAAAAAAAAAAAAAIkAAACJKAAAiXkAAIlyAACJdQAAiXQAAIluAACJfAAAiXwAAIl3AACJewAAiXwAAIkvAACJAAAAAAAAAAAAAACJAAAAiSMAAIl4AACJdgAAiXsAAIl1AACJcQAAiXcAAIl6AACJeQAAiXoAAIl0AACJKQAAiQAAAAAAAAAAAAAAiQAAAIkXAACJaAAAiXgAAIl3AACJfAAAiXkAAIl3AACJZwAAiXcAAIl0AACJagAAiSgAAIkAAAAAAAAAAAAAAIkAAACJDgAAiV4AAIl5AACJbwAAiW4AAIl9AACJewAAiXcAAIl6AACJfQAAiW8AAIkWAACJAAAAAAAAAAAAAACJAAAAiQ0AAIllAACJewAAiXYAAIl4AACJdQAAiXUAAIl4AACJbQAAiXkAAIlNAACJAwAAiQAAAAAAAAAAAAAAiQAAAIkCAACJPQAAiXMAAIl2AACJeAAAiWgAAIlsAACJfQAAiXsAAIlwAACJGQAAiQAAAIkAAAAAAAAAAAAAAAAAAACJAAAAiQcAAIk4AACJXAAAiXoAAIl7AACJfAAAiYAAAIlsAACJJwAAiQMAAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkAAACJAQAAiSsAAIluAACJewAAiXwAAIluAACJKgAAiQAAAIkAAAAAAAAAAAAAAAAA8A8AAPAHAADgBwAA4AcAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAHAADgBwAA8B8AAA==" type="image/x-icon" />
+            <style>
+              body {
+                font-family: Verdana, Geneva, sans-serif;
+                font-size: 11px;
+                background-color: #FFFFFF;
+                color: #084B8A !important;
+              }
+
+              a:link {
+                color: #0174DF;
+                text-decoration: none;
+              }
+
+              a:visited {
+                color: #B40404;
+                text-decoration: none;
+              }
+
+              a:hover {
+                color: #01A9DB;
+                text-decoration: underline;
+              }
+
+              a:active {
+                color: #610B5E;
+                text-decoration: underline;
+              }
+
+              table {
+                width: 100%;
+                border-spacing:0px;
+              }
+
+              table.squish {
+                table-layout: fixed;
+              }
+
+              td {
+                vertical-align: top;
+                word-wrap: break-word !important;
+              }
+
+              .highlighted {
+                background-color: #F2F5A9 !important;
+              }
+            </style>
+
+            <!-- jQuery, DataTables, & FancyApps -->
+            <script type="text/javascript" src="//code.jquery.com/jquery-3.6.0.min.js"></script>
+
+            <link rel="stylesheet" type="text/css" href="//cdn.datatables.net/v/dt/dt-1.11.4/b-2.2.2/b-colvis-2.2.2/b-html5-2.2.2/b-print-2.2.2/cr-1.5.5/fc-4.0.1/fh-3.2.1/kt-2.6.4/r-2.2.9/rg-1.1.4/rr-1.2.8/sc-2.0.5/sp-1.4.0/sl-1.3.4/datatables.min.css"/>
+
+            <script type="text/javascript" src="//cdn.datatables.net/v/dt/dt-1.11.4/b-2.2.2/b-colvis-2.2.2/b-html5-2.2.2/b-print-2.2.2/cr-1.5.5/fc-4.0.1/fh-3.2.1/kt-2.6.4/r-2.2.9/rg-1.1.4/rr-1.2.8/sc-2.0.5/sp-1.4.0/sl-1.3.4/datatables.min.js"></script>
+
+          </head>
+
+          <body id="pwn_body">
+
+            <h1 style="display:inline">
+              <a href="https://github.com/0dayinc/pwn/tree/master">~ pwn www uri buster</a>
+            </h1><br /><br />
+            <h2 id="report_name"></h2><br />
+
+            <div><button type="button" id="button">Rows Selected</button></div><br />
+            <div>
+              <b>Toggle Column(s):</b>&nbsp;
+              <a class="toggle-vis" data-column="1" href="#">Request Time</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="2" href="#">URI</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="3" href="#">HTTP Method</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="4" href="#">HTTP Response Code</a>&nbsp;|&nbsp;
+              <a class="toggle-vis" data-column="5" href="#">HTTP Response</a>&nbsp;|&nbsp;
+            </div>
+            <br /><br />
+
+            <div>
+              <table id="pwn_www_uri_buster_results" class="display" cellspacing="0">
+                <thead>
+                  <tr>
+                    <th>#</th>
+                    <th>Request Time</th>
+                    <th>URI</th>
+                    <th>HTTP Method</th>
+                    <th>HTTP Response Code</th>
+                    <th>HTTP Response</th>
+                  </tr>
+                </thead>
+                <!-- DataTables <tbody> -->
+              </table>
+            </div>
+
+            <script>
+              var htmlEntityEncode = $.fn.dataTable.render.text().display;
+              var line_entry_uri = "";
+              $(document).ready(function() {
+                var oldStart = 0;
+                var table = $('#pwn_www_uri_buster_results').DataTable( {
+                  "paging": true,
+                  "pagingType": "full_numbers",
+                  "fnDrawCallback": function ( oSettings ) {
+                    /* Need to redo the counters if filtered or sorted */
+                    if ( oSettings.bSorted || oSettings.bFiltered ) {
+                      for ( var i=0, iLen=oSettings.aiDisplay.length ; i<iLen ; i++ ) {
+                        $('td:eq(0)', oSettings.aoData[ oSettings.aiDisplay[i] ].nTr ).html( i+1 );
+                      }
+                    }
+                    // Jump to top when utilizing pagination
+                    if ( oSettings._iDisplayStart != oldStart ) {
+                      var targetOffset = $('#pwn_body').offset().top;
+                      $('html,body').animate({scrollTop: targetOffset}, 500);
+                      oldStart = oSettings._iDisplayStart;
+                    }
+                    // Select individual lines in a row
+                    $('#multi_line_select tbody').on('click', 'tr', function () {
+                      $(this).toggleClass('highlighted');
+                      if ($('#multi_line_select tr.highlighted').length > 0) {
+                        $('#multi_line_select tr td button').attr('disabled', 'disabled');
+                        // Remove multi-line bug button
+                      } else {
+                        $('#multi_line_select tr td button').removeAttr('disabled');
+                        // Add multi-line bug button
+                      }
+                    });
+                  },
+                  "ajax": "pwn_www_uri_buster.json",
+                  //"deferRender": true,
+                  "dom": "fplitfpliS",
+                  "autoWidth": false,
+                  "columns": [
+                    { "data": null },
+                    {
+                      "data": "request_timestamp",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "http_uri",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "http_method",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "http_resp_code",
+                      "render": $.fn.dataTable.render.text()
+                    },
+                    {
+                      "data": "http_resp",
+                      "render": $.fn.dataTable.render.text()
+                    }
+                  ]
+                });
+                // Toggle Columns
+                $('a.toggle-vis').on('click', function (e) {
+                  e.preventDefault();
+
+                  // Get the column API object
+                  var column = table.column( $(this).attr('data-column') );
+
+                  // Toggle the visibility
+                  column.visible( ! column.visible() );
+                });
+
+                // TODO: Open bug for highlighted rows ;)
+                $('#button').click( function () {
+                  alert($('#multi_line_select tr.highlighted').length +' row(s) highlighted');
+                });
+              });
+
+              function multi_line_select() {
+                // Select all lines in a row
+                //$('#pwn_www_uri_buster_results tbody').on('click', 'tr', function () {
+                //  $(this).children('td').children('#multi_line_select').children('tbody').children('tr').toggleClass('highlighted');
+                //});
+
+              }
+            </script>
+          </body>
+        </html>
+        }
+
+        File.open("#{dir_path}/pwn_www_uri_buster.html", 'w') do |f|
+          f.print(html_report)
+        end
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          #{self}.generate(
+            dir_path: dir_path,
+            results_hash: results_hash
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/reports.rb

@@ -11,6 +11,7 @@ module PWN
     autoload :Fuzz, 'pwn/reports/fuzz'
     autoload :Phone, 'pwn/reports/phone'
     autoload :SAST, 'pwn/reports/sast'
+    autoload :URIBuster, 'pwn/reports/uri_buster'
     # autoload :XML, 'pwn/reports/xml'
 
     # Display a List of Every PWN Report

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.519'
+  VERSION = '0.4.520'
 end

data/spec/lib/pwn/reports/uri_buster_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Reports::URIBuster do
+  it 'should display information for authors' do
+    authors_response = PWN::Reports::URIBuster
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Reports::URIBuster
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.519
+  version: 0.4.520
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-23 00:00:00.000000000 Z
+date: 2022-08-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.20
+        version: 2.3.21
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.20
+        version: 2.3.21
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -324,14 +324,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.4.1
+        version: 2.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.4.1
+        version: 2.5.0
 - !ruby/object:Gem::Dependency
   name: luhn
   requirement: !ruby/object:Gem::Requirement
@@ -1066,6 +1066,7 @@ executables:
 - pwn_simple_http_server
 - pwn_web_cache_deception
 - pwn_www_checkip
+- pwn_www_uri_buster
 - pwn_xss_dom_vectors
 extensions: []
 extra_rdoc_files: []
@@ -1130,6 +1131,7 @@ files:
 - bin/pwn_simple_http_server
 - bin/pwn_web_cache_deception
 - bin/pwn_www_checkip
+- bin/pwn_www_uri_buster
 - bin/pwn_xss_dom_vectors
 - build_pwn_gem.sh
 - documentation/PWN.png
@@ -1614,6 +1616,7 @@ files:
 - lib/pwn/reports/fuzz.rb
 - lib/pwn/reports/phone.rb
 - lib/pwn/reports/sast.rb
+- lib/pwn/reports/uri_buster.rb
 - lib/pwn/sast.rb
 - lib/pwn/sast/amqp_connect_as_guest.rb
 - lib/pwn/sast/apache_file_system_util_api.rb
@@ -1911,6 +1914,7 @@ files:
 - spec/lib/pwn/reports/fuzz_spec.rb
 - spec/lib/pwn/reports/phone_spec.rb
 - spec/lib/pwn/reports/sast_spec.rb
+- spec/lib/pwn/reports/uri_buster_spec.rb
 - spec/lib/pwn/reports_spec.rb
 - spec/lib/pwn/sast/amqp_connect_as_guest_spec.rb
 - spec/lib/pwn/sast/apache_file_system_util_api_spec.rb