pwn 0.4.545 → 0.4.547

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a482ad2be090b5fc318d1048fd48f6936906ec7f50ec3e5732c7fbda412f17e0
-  data.tar.gz: 8a5d6ad28f6e45bbcbffe34e29a3f558f142b054c46360a0ebabf3dd8b66b7c0
+  metadata.gz: fef99bd6838c353c0358a91fc680fcacac4a9ac9e41c645d9c824036d23d0a57
+  data.tar.gz: 3045963c444c7fc8a97d55d3584ecbd58f16ba58cbca5ec2180d9e92a3200f70
 SHA512:
-  metadata.gz: 3557a95e19c60f023ef6099c58351cee88c3e98f675de6c8e3806e360a7c0eeb4a26fcd0b44a6d306829d8460ba604e6b303e1593a6d26c923ea89e60cc1be69
-  data.tar.gz: 1a58439197b28adecbfd79a67922bd39a655df2f6cc1d2a83508c7c47a58bdb77251619ba3bb702f6827c4bd146246d8e2ff9f949b970851748a112f36982660
+  metadata.gz: e8a104f76060b559de8a1f6493d858f49de6ff28ab9d01280d73933b95be4026fae9ebe4dd4522fbc2195c9016c41828f74cd6f09596756944a0127c2c2e52cd
+  data.tar.gz: bb55cf59f5fb57aeaa7635e46ee0ea7e7dcfbe605eb568b028061fe809d8632675e40ca000586a9bf1ef5607cc8daf14c94c9d2a486f6c78dc917cb0ffb239b7

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.545]:001 >>> PWN.help
+pwn[v0.4.547]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.545]:001 >>> PWN.help
+pwn[v0.4.547]:001 >>> PWN.help
 ```
 
 

data/bin/pwn_www_uri_buster

@@ -51,6 +51,77 @@ if opts.empty?
   exit 1
 end
 
+def request_path(opts = {})
+  target_url = opts[:target_url]
+  http_request_headers = opts[:http_request_headers]
+  proxy = opts[:proxy]
+  wordlist_line = opts[:wordlist_line]
+
+  http_methods = %i[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
+  http_methods.each do |http_method|
+    begin
+      print '.'
+      http_uri = "#{target_url}/#{wordlist_line}"
+      rest_client_resp_hash = {}
+      if proxy
+        rest_client = PWN::Plugins::TransparentBrowser.open(
+          browser_type: :rest,
+          proxy: proxy
+        )::Request
+      else
+        rest_client = PWN::Plugins::TransparentBrowser.open(
+          browser_type: :rest
+        )::Request
+      end
+
+      headers = nil
+      if http_request_headers
+        headers = JSON.parse(
+          http_request_headers,
+          symbolize_names: true
+        )
+      end
+
+      response = rest_client.execute(
+        method: http_method,
+        url: http_uri,
+        headers: headers,
+        verify_ssl: false
+      )
+
+      rest_client_resp_hash = {
+        request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
+        http_uri: http_uri,
+        http_method: http_method,
+        http_resp_code: response.code,
+        http_resp_length: response.body.length,
+        http_resp: "#{response.body[0..300]}..."
+      }
+    rescue RestClient::ExceptionWithResponse,
+           RestClient::ServerBrokeConnection => e
+      rest_client_resp_hash = {
+        request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
+        http_uri: http_uri,
+        http_method: http_method,
+        http_resp_code: e.response.code,
+        http_resp_length: e.response.body.length,
+        http_resp: "#{e.response.body[0..300]}..."
+      }
+      next
+    rescue URI::InvalidURIError
+      url_encoded_wordlist_arr = []
+      wordlist_line.split('/').each do |path|
+        url_encoded_wordlist_arr.push(CGI.escape(path))
+      end
+      wordlist_line = url_encoded_wordlist_arr.join('/')
+
+      retry
+    rescue RestClient::TooManyRequests
+      sleep 60
+    end
+  end
+end
+
 begin
   pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.fetch('PWN_PROVIDER')
   $stdout.sync = true
@@ -94,73 +165,15 @@ begin
 
     next if wordlist_line.match?(/^#/)
 
-    # http_methods = %i[CONNECT DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
-    http_methods = %i[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
-    http_methods.each do |http_method|
-      begin
-        print '.'
-        http_uri = "#{target_url}/#{wordlist_line}"
-        rest_client_resp_hash = {}
-        if proxy
-          rest_client = PWN::Plugins::TransparentBrowser.open(
-            browser_type: :rest,
-            proxy: proxy
-          )::Request
-        else
-          rest_client = PWN::Plugins::TransparentBrowser.open(
-            browser_type: :rest
-          )::Request
-        end
-
-        headers = nil
-        if http_request_headers
-          headers = JSON.parse(
-            http_request_headers,
-            symbolize_names: true
-          )
-        end
-
-        response = rest_client.execute(
-          method: http_method,
-          url: http_uri,
-          headers: headers,
-          verify_ssl: false
-        )
+    rest_client_resp_hash = request_path(
+      target_url: target_url,
+      http_request_headers: http_request_headers,
+      proxy: proxy,
+      wordlist_line: wordlist_line
+    )
 
-        rest_client_resp_hash = {
-          request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
-          http_uri: http_uri,
-          http_method: http_method,
-          http_resp_code: response.code,
-          http_resp_length: response.body.length,
-          http_resp: "#{response.body[0..300]}..."
-        }
-      rescue RestClient::ExceptionWithResponse,
-             RestClient::ServerBrokeConnection => e
-        rest_client_resp_hash = {
-          request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
-          http_uri: http_uri,
-          http_method: http_method,
-          http_resp_code: e.response.code,
-          http_resp_length: e.response.body.length,
-          http_resp: "#{e.response.body[0..300]}..."
-        }
-        next
-      rescue URI::InvalidURIError
-        url_encoded_wordlist_arr = []
-        wordlist_line.split('/').each do |path|
-          url_encoded_wordlist_arr.push(CGI.escape(path))
-        end
-        wordlist_line = url_encoded_wordlist_arr.join('/')
-
-        retry
-      rescue RestClient::TooManyRequests
-        sleep 60
-      ensure
-        mutex.synchronize do
-          results_hash[:data].push(rest_client_resp_hash)
-        end
-      end
+    mutex.synchronize do
+      results_hash[:data].push(rest_client_resp_hash)
     end
   end
 

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.545'
+  VERSION = '0.4.547'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.545
+  version: 0.4.547
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-09-26 00:00:00.000000000 Z
+date: 2022-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport