pwn 0.4.529 → 0.4.532
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_www_uri_buster +30 -5
- data/lib/pwn/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 366367f2b50f47f6cc4edae81d06dd3d6dbc484cbbfec463797d39069a987229
|
|
4
|
+
data.tar.gz: 77bc84d887ac27f4e9bbe7afa5215a95abd36125f6cf9863af2a64f14768a3df
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: afa9131945f78ab16cfdd7ebf5b11d861945d1399ac2c3ec7838b564cb9ffd7d343e8059c619a781c0d49f8d7753e74a145141891d5bac28ff7624ea61bc0583
|
|
7
|
+
data.tar.gz: 64723cf3d5b0488c0f860925869c63bd864e9841b94df5fe71cbf3673b66b71edf18eb990ecc36e8231df8bec77f55e4792d773c4fa46cb2b1af2c929c17b2f2
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
|
37
37
|
$ rvm list gemsets
|
|
38
38
|
$ gem install --verbose pwn
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.4.
|
|
40
|
+
pwn[v0.4.532]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.4.
|
|
55
|
+
pwn[v0.4.532]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
|
data/bin/pwn_www_uri_buster
CHANGED
|
@@ -21,6 +21,10 @@ OptionParser.new do |options|
|
|
|
21
21
|
opts[:wordlist] = w
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
+
options.on('-rHEADERS', '--request-headers=HEADERS', '<Optional - HTTP Request Headers in JSON Format)>') do |h|
|
|
25
|
+
opts[:http_request_headers] = h
|
|
26
|
+
end
|
|
27
|
+
|
|
24
28
|
options.on('-tTHREADS', '--max-threads=THREADS', '<Optional # HTTP Requests to Run Simultaneously (Default 100)>') do |t|
|
|
25
29
|
opts[:max_threads] = t
|
|
26
30
|
end
|
|
@@ -53,6 +57,8 @@ begin
|
|
|
53
57
|
wordlist = opts[:wordlist]
|
|
54
58
|
raise "ERROR: #{wordlist} Does Not Exist." unless File.exist?(wordlist)
|
|
55
59
|
|
|
60
|
+
http_request_headers = opts[:http_request_headers]
|
|
61
|
+
|
|
56
62
|
max_threads = opts[:max_threads]
|
|
57
63
|
max_threads ||= 100
|
|
58
64
|
|
|
@@ -82,17 +88,27 @@ begin
|
|
|
82
88
|
|
|
83
89
|
next if wordlist_line.match?(/^#/)
|
|
84
90
|
|
|
85
|
-
|
|
86
|
-
|
|
91
|
+
# http_methods = %i[CONNECT DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
|
|
87
92
|
http_methods = %i[GET HEAD POST PUT DELETE OPTIONS TRACE]
|
|
88
93
|
http_methods.each do |http_method|
|
|
89
94
|
begin
|
|
90
95
|
print '.'
|
|
96
|
+
http_uri = "#{target_url}/#{wordlist_line}"
|
|
91
97
|
rest_client_resp_hash = {}
|
|
92
98
|
rest_client = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)::Request
|
|
99
|
+
|
|
100
|
+
headers = nil
|
|
101
|
+
if http_request_headers
|
|
102
|
+
headers = JSON.parse(
|
|
103
|
+
http_request_headers,
|
|
104
|
+
symbolize_names: true
|
|
105
|
+
)
|
|
106
|
+
end
|
|
107
|
+
|
|
93
108
|
response = rest_client.execute(
|
|
94
109
|
method: http_method,
|
|
95
110
|
url: http_uri,
|
|
111
|
+
headers: headers,
|
|
96
112
|
verify_ssl: false
|
|
97
113
|
)
|
|
98
114
|
|
|
@@ -103,10 +119,11 @@ begin
|
|
|
103
119
|
http_resp_code: response.code,
|
|
104
120
|
http_resp: response.body[0..300]
|
|
105
121
|
}
|
|
106
|
-
rescue RestClient::
|
|
107
|
-
RestClient::
|
|
122
|
+
rescue RestClient::BadRequest,
|
|
123
|
+
RestClient::Forbidden,
|
|
108
124
|
RestClient::MethodNotAllowed,
|
|
109
|
-
RestClient::NotFound
|
|
125
|
+
RestClient::NotFound,
|
|
126
|
+
RestClient::ServiceUnavailable => e
|
|
110
127
|
|
|
111
128
|
rest_client_resp_hash = {
|
|
112
129
|
request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
|
|
@@ -116,6 +133,14 @@ begin
|
|
|
116
133
|
http_resp: e.response.body[0..300]
|
|
117
134
|
}
|
|
118
135
|
next
|
|
136
|
+
rescue URI::InvalidURIError
|
|
137
|
+
url_encoded_wordlist_arr = []
|
|
138
|
+
wordlist_line.split('/').each do |path|
|
|
139
|
+
url_encoded_wordlist_arr.push(CGI.escape(path))
|
|
140
|
+
end
|
|
141
|
+
wordlist_line = url_encoded_wordlist_arr.join('/')
|
|
142
|
+
|
|
143
|
+
retry
|
|
119
144
|
rescue RestClient::TooManyRequests
|
|
120
145
|
sleep 60
|
|
121
146
|
ensure
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.532
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-08-
|
|
11
|
+
date: 2022-08-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|