pwn 0.4.528 → 0.4.531

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/bin/pwn_www_uri_buster +31 -2
  4. data/lib/pwn/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e3b3d9625576af8e844c75f43f991b8b17788d3fa2c48aff80a8a608ff930a54
4
- data.tar.gz: 8d1fe905013f9b931e17b6c5607d79bb31dcaf8c578b284728974dec1dc298e9
3
+ metadata.gz: 6394ac8b510c9c427d2fc3b33ee841f1704fa48396b2b7c36f363cbb5b7b49cc
4
+ data.tar.gz: 8881fadfee9f8a141a2d88ff6cb7b3dc634248aa30286237d8df90556c38d32f
5
5
  SHA512:
6
- metadata.gz: 814531a1423fc4a8c99cd8bb9717302e322360d7d4842558705c8cb586ef014dcbe34a45167cac1eb7be15c7a768385a8fc266ffc6e08d4646b1b2e8b366723c
7
- data.tar.gz: 13b2c9c457f13760738cb46f24168e6947dbb35447750d731518bd31b7bb8269fb145e41ee4a66fca3f8563ab457059425c59cd6af0c5cf78976509d4d68385c
6
+ metadata.gz: 0d6a8a9d848e2a0997f1c66c79a8ff5384105ca366ee52870bad930926135307da9aa0668a579a63c407fa2c65fa375545a20cdd7abf659eb1ce3f5c65283cc4
7
+ data.tar.gz: ec79695ebc8ad252ca484658683bb522f70d621c5354ac88971369bd395044d7d336670b26aea4b8a30678bdcdd43f04afcee1e498bd94213856bc04276972e3
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.528]:001 >>> PWN.help
40
+ pwn[v0.4.531]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.528]:001 >>> PWN.help
55
+ pwn[v0.4.531]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_www_uri_buster CHANGED
@@ -21,6 +21,10 @@ OptionParser.new do |options|
21
21
  opts[:wordlist] = w
22
22
  end
23
23
 
24
+ options.on('-rHEADERS', '--request-headers=HEADERS', '<Optional - HTTP Request Headers in JSON Format)>') do |h|
25
+ opts[:http_request_headers] = h
26
+ end
27
+
24
28
  options.on('-tTHREADS', '--max-threads=THREADS', '<Optional # HTTP Requests to Run Simultaneously (Default 100)>') do |t|
25
29
  opts[:max_threads] = t
26
30
  end
@@ -44,12 +48,17 @@ if opts.empty?
44
48
  end
45
49
 
46
50
  begin
51
+ pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.fetch('PWN_PROVIDER')
52
+ $stdout.sync = true
53
+
47
54
  target_url = opts[:target_url]
48
55
  parsed_target_url = URI.parse(target_url)
49
56
 
50
57
  wordlist = opts[:wordlist]
51
58
  raise "ERROR: #{wordlist} Does Not Exist." unless File.exist?(wordlist)
52
59
 
60
+ http_request_headers = opts[:http_request_headers]
61
+
53
62
  max_threads = opts[:max_threads]
54
63
  max_threads ||= 100
55
64
 
@@ -79,17 +88,26 @@ begin
79
88
 
80
89
  next if wordlist_line.match?(/^#/)
81
90
 
82
- http_uri = "#{target_url}/#{CGI.escape(wordlist_line)}"
83
-
84
91
  http_methods = %i[GET HEAD POST PUT DELETE OPTIONS TRACE]
85
92
  http_methods.each do |http_method|
86
93
  begin
87
94
  print '.'
95
+ http_uri = "#{target_url}/#{wordlist_line}"
88
96
  rest_client_resp_hash = {}
89
97
  rest_client = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)::Request
98
+
99
+ headers = nil
100
+ if http_request_headers
101
+ headers = JSON.parse(
102
+ http_request_headers,
103
+ symbolize_names: true
104
+ )
105
+ end
106
+
90
107
  response = rest_client.execute(
91
108
  method: http_method,
92
109
  url: http_uri,
110
+ headers: headers,
93
111
  verify_ssl: false
94
112
  )
95
113
 
@@ -102,6 +120,7 @@ begin
102
120
  }
103
121
  rescue RestClient::Forbidden,
104
122
  RestClient::BadRequest,
123
+ RestClient::MethodNotAllowed,
105
124
  RestClient::NotFound => e
106
125
 
107
126
  rest_client_resp_hash = {
@@ -112,6 +131,16 @@ begin
112
131
  http_resp: e.response.body[0..300]
113
132
  }
114
133
  next
134
+ rescue URI::InvalidURIError
135
+ url_encoded_wordlist_arr = []
136
+ wordlist_line.split('/').each do |path|
137
+ url_encoded_wordlist_arr.push(CGI.escape(path))
138
+ end
139
+ wordlist_line = url_encoded_wordlist_arr.join('/')
140
+
141
+ retry
142
+ rescue RestClient::TooManyRequests
143
+ sleep 60
115
144
  ensure
116
145
  mutex.synchronize do
117
146
  results_hash[:data].push(rest_client_resp_hash)
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.528'
4
+ VERSION = '0.4.531'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.528
4
+ version: 0.4.531
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.