pwn 0.4.545 → 0.4.547

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/bin/pwn_www_uri_buster +79 -66
  4. data/lib/pwn/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a482ad2be090b5fc318d1048fd48f6936906ec7f50ec3e5732c7fbda412f17e0
4
- data.tar.gz: 8a5d6ad28f6e45bbcbffe34e29a3f558f142b054c46360a0ebabf3dd8b66b7c0
3
+ metadata.gz: fef99bd6838c353c0358a91fc680fcacac4a9ac9e41c645d9c824036d23d0a57
4
+ data.tar.gz: 3045963c444c7fc8a97d55d3584ecbd58f16ba58cbca5ec2180d9e92a3200f70
5
5
  SHA512:
6
- metadata.gz: 3557a95e19c60f023ef6099c58351cee88c3e98f675de6c8e3806e360a7c0eeb4a26fcd0b44a6d306829d8460ba604e6b303e1593a6d26c923ea89e60cc1be69
7
- data.tar.gz: 1a58439197b28adecbfd79a67922bd39a655df2f6cc1d2a83508c7c47a58bdb77251619ba3bb702f6827c4bd146246d8e2ff9f949b970851748a112f36982660
6
+ metadata.gz: e8a104f76060b559de8a1f6493d858f49de6ff28ab9d01280d73933b95be4026fae9ebe4dd4522fbc2195c9016c41828f74cd6f09596756944a0127c2c2e52cd
7
+ data.tar.gz: bb55cf59f5fb57aeaa7635e46ee0ea7e7dcfbe605eb568b028061fe809d8632675e40ca000586a9bf1ef5607cc8daf14c94c9d2a486f6c78dc917cb0ffb239b7
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.545]:001 >>> PWN.help
40
+ pwn[v0.4.547]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.545]:001 >>> PWN.help
55
+ pwn[v0.4.547]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_www_uri_buster CHANGED
@@ -51,6 +51,77 @@ if opts.empty?
51
51
  exit 1
52
52
  end
53
53
 
54
+ def request_path(opts = {})
55
+ target_url = opts[:target_url]
56
+ http_request_headers = opts[:http_request_headers]
57
+ proxy = opts[:proxy]
58
+ wordlist_line = opts[:wordlist_line]
59
+
60
+ http_methods = %i[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
61
+ http_methods.each do |http_method|
62
+ begin
63
+ print '.'
64
+ http_uri = "#{target_url}/#{wordlist_line}"
65
+ rest_client_resp_hash = {}
66
+ if proxy
67
+ rest_client = PWN::Plugins::TransparentBrowser.open(
68
+ browser_type: :rest,
69
+ proxy: proxy
70
+ )::Request
71
+ else
72
+ rest_client = PWN::Plugins::TransparentBrowser.open(
73
+ browser_type: :rest
74
+ )::Request
75
+ end
76
+
77
+ headers = nil
78
+ if http_request_headers
79
+ headers = JSON.parse(
80
+ http_request_headers,
81
+ symbolize_names: true
82
+ )
83
+ end
84
+
85
+ response = rest_client.execute(
86
+ method: http_method,
87
+ url: http_uri,
88
+ headers: headers,
89
+ verify_ssl: false
90
+ )
91
+
92
+ rest_client_resp_hash = {
93
+ request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
94
+ http_uri: http_uri,
95
+ http_method: http_method,
96
+ http_resp_code: response.code,
97
+ http_resp_length: response.body.length,
98
+ http_resp: "#{response.body[0..300]}..."
99
+ }
100
+ rescue RestClient::ExceptionWithResponse,
101
+ RestClient::ServerBrokeConnection => e
102
+ rest_client_resp_hash = {
103
+ request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
104
+ http_uri: http_uri,
105
+ http_method: http_method,
106
+ http_resp_code: e.response.code,
107
+ http_resp_length: e.response.body.length,
108
+ http_resp: "#{e.response.body[0..300]}..."
109
+ }
110
+ next
111
+ rescue URI::InvalidURIError
112
+ url_encoded_wordlist_arr = []
113
+ wordlist_line.split('/').each do |path|
114
+ url_encoded_wordlist_arr.push(CGI.escape(path))
115
+ end
116
+ wordlist_line = url_encoded_wordlist_arr.join('/')
117
+
118
+ retry
119
+ rescue RestClient::TooManyRequests
120
+ sleep 60
121
+ end
122
+ end
123
+ end
124
+
54
125
  begin
55
126
  pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.fetch('PWN_PROVIDER')
56
127
  $stdout.sync = true
@@ -94,73 +165,15 @@ begin
94
165
 
95
166
  next if wordlist_line.match?(/^#/)
96
167
 
97
- # http_methods = %i[CONNECT DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
98
- http_methods = %i[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
99
- http_methods.each do |http_method|
100
- begin
101
- print '.'
102
- http_uri = "#{target_url}/#{wordlist_line}"
103
- rest_client_resp_hash = {}
104
- if proxy
105
- rest_client = PWN::Plugins::TransparentBrowser.open(
106
- browser_type: :rest,
107
- proxy: proxy
108
- )::Request
109
- else
110
- rest_client = PWN::Plugins::TransparentBrowser.open(
111
- browser_type: :rest
112
- )::Request
113
- end
114
-
115
- headers = nil
116
- if http_request_headers
117
- headers = JSON.parse(
118
- http_request_headers,
119
- symbolize_names: true
120
- )
121
- end
122
-
123
- response = rest_client.execute(
124
- method: http_method,
125
- url: http_uri,
126
- headers: headers,
127
- verify_ssl: false
128
- )
168
+ rest_client_resp_hash = request_path(
169
+ target_url: target_url,
170
+ http_request_headers: http_request_headers,
171
+ proxy: proxy,
172
+ wordlist_line: wordlist_line
173
+ )
129
174
 
130
- rest_client_resp_hash = {
131
- request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
132
- http_uri: http_uri,
133
- http_method: http_method,
134
- http_resp_code: response.code,
135
- http_resp_length: response.body.length,
136
- http_resp: "#{response.body[0..300]}..."
137
- }
138
- rescue RestClient::ExceptionWithResponse,
139
- RestClient::ServerBrokeConnection => e
140
- rest_client_resp_hash = {
141
- request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
142
- http_uri: http_uri,
143
- http_method: http_method,
144
- http_resp_code: e.response.code,
145
- http_resp_length: e.response.body.length,
146
- http_resp: "#{e.response.body[0..300]}..."
147
- }
148
- next
149
- rescue URI::InvalidURIError
150
- url_encoded_wordlist_arr = []
151
- wordlist_line.split('/').each do |path|
152
- url_encoded_wordlist_arr.push(CGI.escape(path))
153
- end
154
- wordlist_line = url_encoded_wordlist_arr.join('/')
155
-
156
- retry
157
- rescue RestClient::TooManyRequests
158
- sleep 60
159
- ensure
160
- mutex.synchronize do
161
- results_hash[:data].push(rest_client_resp_hash)
162
- end
163
- end
175
+ mutex.synchronize do
176
+ results_hash[:data].push(rest_client_resp_hash)
164
177
  end
165
178
  end
166
179
 
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.545'
4
+ VERSION = '0.4.547'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.545
4
+ version: 0.4.547
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-26 00:00:00.000000000 Z
11
+ date: 2022-09-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport