pwn 0.4.529 → 0.4.532
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_www_uri_buster +30 -5
- data/lib/pwn/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 366367f2b50f47f6cc4edae81d06dd3d6dbc484cbbfec463797d39069a987229
|
4
|
+
data.tar.gz: 77bc84d887ac27f4e9bbe7afa5215a95abd36125f6cf9863af2a64f14768a3df
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: afa9131945f78ab16cfdd7ebf5b11d861945d1399ac2c3ec7838b564cb9ffd7d343e8059c619a781c0d49f8d7753e74a145141891d5bac28ff7624ea61bc0583
|
7
|
+
data.tar.gz: 64723cf3d5b0488c0f860925869c63bd864e9841b94df5fe71cbf3673b66b71edf18eb990ecc36e8231df8bec77f55e4792d773c4fa46cb2b1af2c929c17b2f2
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.532]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.532]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn_www_uri_buster
CHANGED
@@ -21,6 +21,10 @@ OptionParser.new do |options|
|
|
21
21
|
opts[:wordlist] = w
|
22
22
|
end
|
23
23
|
|
24
|
+
options.on('-rHEADERS', '--request-headers=HEADERS', '<Optional - HTTP Request Headers in JSON Format)>') do |h|
|
25
|
+
opts[:http_request_headers] = h
|
26
|
+
end
|
27
|
+
|
24
28
|
options.on('-tTHREADS', '--max-threads=THREADS', '<Optional # HTTP Requests to Run Simultaneously (Default 100)>') do |t|
|
25
29
|
opts[:max_threads] = t
|
26
30
|
end
|
@@ -53,6 +57,8 @@ begin
|
|
53
57
|
wordlist = opts[:wordlist]
|
54
58
|
raise "ERROR: #{wordlist} Does Not Exist." unless File.exist?(wordlist)
|
55
59
|
|
60
|
+
http_request_headers = opts[:http_request_headers]
|
61
|
+
|
56
62
|
max_threads = opts[:max_threads]
|
57
63
|
max_threads ||= 100
|
58
64
|
|
@@ -82,17 +88,27 @@ begin
|
|
82
88
|
|
83
89
|
next if wordlist_line.match?(/^#/)
|
84
90
|
|
85
|
-
|
86
|
-
|
91
|
+
# http_methods = %i[CONNECT DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
|
87
92
|
http_methods = %i[GET HEAD POST PUT DELETE OPTIONS TRACE]
|
88
93
|
http_methods.each do |http_method|
|
89
94
|
begin
|
90
95
|
print '.'
|
96
|
+
http_uri = "#{target_url}/#{wordlist_line}"
|
91
97
|
rest_client_resp_hash = {}
|
92
98
|
rest_client = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)::Request
|
99
|
+
|
100
|
+
headers = nil
|
101
|
+
if http_request_headers
|
102
|
+
headers = JSON.parse(
|
103
|
+
http_request_headers,
|
104
|
+
symbolize_names: true
|
105
|
+
)
|
106
|
+
end
|
107
|
+
|
93
108
|
response = rest_client.execute(
|
94
109
|
method: http_method,
|
95
110
|
url: http_uri,
|
111
|
+
headers: headers,
|
96
112
|
verify_ssl: false
|
97
113
|
)
|
98
114
|
|
@@ -103,10 +119,11 @@ begin
|
|
103
119
|
http_resp_code: response.code,
|
104
120
|
http_resp: response.body[0..300]
|
105
121
|
}
|
106
|
-
rescue RestClient::
|
107
|
-
RestClient::
|
122
|
+
rescue RestClient::BadRequest,
|
123
|
+
RestClient::Forbidden,
|
108
124
|
RestClient::MethodNotAllowed,
|
109
|
-
RestClient::NotFound
|
125
|
+
RestClient::NotFound,
|
126
|
+
RestClient::ServiceUnavailable => e
|
110
127
|
|
111
128
|
rest_client_resp_hash = {
|
112
129
|
request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
|
@@ -116,6 +133,14 @@ begin
|
|
116
133
|
http_resp: e.response.body[0..300]
|
117
134
|
}
|
118
135
|
next
|
136
|
+
rescue URI::InvalidURIError
|
137
|
+
url_encoded_wordlist_arr = []
|
138
|
+
wordlist_line.split('/').each do |path|
|
139
|
+
url_encoded_wordlist_arr.push(CGI.escape(path))
|
140
|
+
end
|
141
|
+
wordlist_line = url_encoded_wordlist_arr.join('/')
|
142
|
+
|
143
|
+
retry
|
119
144
|
rescue RestClient::TooManyRequests
|
120
145
|
sleep 60
|
121
146
|
ensure
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.532
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-08-
|
11
|
+
date: 2022-08-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|