pwn 0.4.529 → 0.4.532

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/bin/pwn_www_uri_buster +30 -5
  4. data/lib/pwn/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e8edebfc80a2f2a49bb42640d91d3ccb1980a3e54ab4b199a67af322f44f5007
4
- data.tar.gz: dc73dbe5239f0eed921a39175e2f9d075cb88b569ca6fdc1eb443c58d2f5abc7
3
+ metadata.gz: 366367f2b50f47f6cc4edae81d06dd3d6dbc484cbbfec463797d39069a987229
4
+ data.tar.gz: 77bc84d887ac27f4e9bbe7afa5215a95abd36125f6cf9863af2a64f14768a3df
5
5
  SHA512:
6
- metadata.gz: a82d0cb3201138e6124a84156a8401529fbf9a73fc52bc40a52075da41a1d73aff0bc355e9ae302640d673815751d4eb1987ef923751b1a3106c49151760e07d
7
- data.tar.gz: 983a1e1654687297cf5d31ee0995aa2bb77490a7820db234f714f8eaaae12c62046e9d4b424c9bada329c9c0c78b918ef92fa2fba5c1398ef9f405f60222365b
6
+ metadata.gz: afa9131945f78ab16cfdd7ebf5b11d861945d1399ac2c3ec7838b564cb9ffd7d343e8059c619a781c0d49f8d7753e74a145141891d5bac28ff7624ea61bc0583
7
+ data.tar.gz: 64723cf3d5b0488c0f860925869c63bd864e9841b94df5fe71cbf3673b66b71edf18eb990ecc36e8231df8bec77f55e4792d773c4fa46cb2b1af2c929c17b2f2
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.529]:001 >>> PWN.help
40
+ pwn[v0.4.532]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.529]:001 >>> PWN.help
55
+ pwn[v0.4.532]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_www_uri_buster CHANGED
@@ -21,6 +21,10 @@ OptionParser.new do |options|
21
21
  opts[:wordlist] = w
22
22
  end
23
23
 
24
+ options.on('-rHEADERS', '--request-headers=HEADERS', '<Optional - HTTP Request Headers in JSON Format)>') do |h|
25
+ opts[:http_request_headers] = h
26
+ end
27
+
24
28
  options.on('-tTHREADS', '--max-threads=THREADS', '<Optional # HTTP Requests to Run Simultaneously (Default 100)>') do |t|
25
29
  opts[:max_threads] = t
26
30
  end
@@ -53,6 +57,8 @@ begin
53
57
  wordlist = opts[:wordlist]
54
58
  raise "ERROR: #{wordlist} Does Not Exist." unless File.exist?(wordlist)
55
59
 
60
+ http_request_headers = opts[:http_request_headers]
61
+
56
62
  max_threads = opts[:max_threads]
57
63
  max_threads ||= 100
58
64
 
@@ -82,17 +88,27 @@ begin
82
88
 
83
89
  next if wordlist_line.match?(/^#/)
84
90
 
85
- http_uri = "#{target_url}/#{CGI.escape(wordlist_line)}"
86
-
91
+ # http_methods = %i[CONNECT DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
87
92
  http_methods = %i[GET HEAD POST PUT DELETE OPTIONS TRACE]
88
93
  http_methods.each do |http_method|
89
94
  begin
90
95
  print '.'
96
+ http_uri = "#{target_url}/#{wordlist_line}"
91
97
  rest_client_resp_hash = {}
92
98
  rest_client = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)::Request
99
+
100
+ headers = nil
101
+ if http_request_headers
102
+ headers = JSON.parse(
103
+ http_request_headers,
104
+ symbolize_names: true
105
+ )
106
+ end
107
+
93
108
  response = rest_client.execute(
94
109
  method: http_method,
95
110
  url: http_uri,
111
+ headers: headers,
96
112
  verify_ssl: false
97
113
  )
98
114
 
@@ -103,10 +119,11 @@ begin
103
119
  http_resp_code: response.code,
104
120
  http_resp: response.body[0..300]
105
121
  }
106
- rescue RestClient::Forbidden,
107
- RestClient::BadRequest,
122
+ rescue RestClient::BadRequest,
123
+ RestClient::Forbidden,
108
124
  RestClient::MethodNotAllowed,
109
- RestClient::NotFound => e
125
+ RestClient::NotFound,
126
+ RestClient::ServiceUnavailable => e
110
127
 
111
128
  rest_client_resp_hash = {
112
129
  request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
@@ -116,6 +133,14 @@ begin
116
133
  http_resp: e.response.body[0..300]
117
134
  }
118
135
  next
136
+ rescue URI::InvalidURIError
137
+ url_encoded_wordlist_arr = []
138
+ wordlist_line.split('/').each do |path|
139
+ url_encoded_wordlist_arr.push(CGI.escape(path))
140
+ end
141
+ wordlist_line = url_encoded_wordlist_arr.join('/')
142
+
143
+ retry
119
144
  rescue RestClient::TooManyRequests
120
145
  sleep 60
121
146
  ensure
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.529'
4
+ VERSION = '0.4.532'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.529
4
+ version: 0.4.532
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-29 00:00:00.000000000 Z
11
+ date: 2022-08-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport