pwn 0.4.553 → 0.4.556
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop_todo.yml +18 -7
- data/Gemfile +4 -4
- data/README.md +2 -2
- data/lib/pwn/plugins/baresip.rb +12 -65
- data/lib/pwn/version.rb +1 -1
- metadata +11 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 11dbd600732237336ae57156038e3dfd2a50827ac3d17c700fe4e22f454d6719
|
4
|
+
data.tar.gz: 05ae0f33ecf325c838d9001d4df3d08937a995759ebc7cc9e49e7f8358f3e245
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7bc057c08e032a99ffedda3c0112645cbbb1d0e772782e67939c15aefb8aa35123bbfc620c61d071beea1084ce9766f662d47f081b196c106b88711abd2d2bf0
|
7
|
+
data.tar.gz: a2fc493cbac49a1b74b1bc8614c5b40f1f074693189165222ca04d144f778016ddeee19e0d7235d5af7079513b52372c42c98be9bebbd606780cb7a29b2f2142
|
data/.rubocop_todo.yml
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# This configuration was generated by
|
2
2
|
# `rubocop --auto-gen-config`
|
3
|
-
# on 2022-
|
3
|
+
# on 2022-10-23 04:53:17 UTC using RuboCop version 1.37.0.
|
4
4
|
# The point is for the user to remove these configuration records
|
5
5
|
# one by one as the offenses are removed from the code base.
|
6
6
|
# Note that changes in the inspected code, or installation of new
|
@@ -17,16 +17,16 @@ Layout/LineContinuationSpacing:
|
|
17
17
|
- 'packer/provisioners/wpscan.rb'
|
18
18
|
- 'vagrant/provisioners/beef.rb'
|
19
19
|
|
20
|
-
# Offense count:
|
20
|
+
# Offense count: 270
|
21
21
|
Lint/UselessAssignment:
|
22
22
|
Enabled: false
|
23
23
|
|
24
|
-
# Offense count:
|
24
|
+
# Offense count: 268
|
25
25
|
# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, CountRepeatedAttributes.
|
26
26
|
Metrics/AbcSize:
|
27
27
|
Max: 328
|
28
28
|
|
29
|
-
# Offense count:
|
29
|
+
# Offense count: 69
|
30
30
|
# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
|
31
31
|
# AllowedMethods: refine
|
32
32
|
Metrics/BlockLength:
|
@@ -37,7 +37,7 @@ Metrics/BlockLength:
|
|
37
37
|
Metrics/BlockNesting:
|
38
38
|
Max: 5
|
39
39
|
|
40
|
-
# Offense count:
|
40
|
+
# Offense count: 97
|
41
41
|
# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
|
42
42
|
Metrics/CyclomaticComplexity:
|
43
43
|
Max: 231
|
@@ -52,7 +52,7 @@ Metrics/MethodLength:
|
|
52
52
|
Metrics/ModuleLength:
|
53
53
|
Max: 1186
|
54
54
|
|
55
|
-
# Offense count:
|
55
|
+
# Offense count: 89
|
56
56
|
# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
|
57
57
|
Metrics/PerceivedComplexity:
|
58
58
|
Max: 51
|
@@ -93,12 +93,23 @@ Style/RedundantCondition:
|
|
93
93
|
- 'bin/pwn_simple_http_server'
|
94
94
|
- 'lib/pwn/plugins/packet.rb'
|
95
95
|
|
96
|
+
# Offense count: 13
|
97
|
+
# This cop supports safe autocorrection (--autocorrect).
|
98
|
+
Style/RedundantStringEscape:
|
99
|
+
Exclude:
|
100
|
+
- 'bin/pwn_autoinc_version'
|
101
|
+
- 'lib/pwn/sast/emoticon.rb'
|
102
|
+
- 'lib/pwn/sast/php_type_juggling.rb'
|
103
|
+
- 'lib/pwn/sast/port.rb'
|
104
|
+
- 'lib/pwn/sast/redos.rb'
|
105
|
+
- 'vagrant/provisioners/kali_customize.rb'
|
106
|
+
|
96
107
|
# Offense count: 45
|
97
108
|
# This cop supports unsafe autocorrection (--autocorrect-all).
|
98
109
|
Style/SlicingWithRange:
|
99
110
|
Enabled: false
|
100
111
|
|
101
|
-
# Offense count:
|
112
|
+
# Offense count: 574
|
102
113
|
# This cop supports safe autocorrection (--autocorrect).
|
103
114
|
# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, IgnoredPatterns.
|
104
115
|
# URISchemes: http, https
|
data/Gemfile
CHANGED
@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.1.0'
|
|
18
18
|
gem 'bettercap', '1.6.2'
|
19
19
|
gem 'brakeman', '5.3.1'
|
20
20
|
gem 'bson', '4.15.0'
|
21
|
-
gem 'bundler', '>=2.3.
|
21
|
+
gem 'bundler', '>=2.3.24'
|
22
22
|
gem 'bundler-audit', '0.9.1'
|
23
23
|
gem 'bunny', '2.19.0'
|
24
24
|
gem 'colorize', '0.8.1'
|
@@ -43,7 +43,7 @@ gem 'net-ldap', '0.17.1'
|
|
43
43
|
gem 'net-openvpn', '0.8.7'
|
44
44
|
gem 'net-smtp', '0.3.2'
|
45
45
|
gem 'nexpose', '7.3.0'
|
46
|
-
gem 'nokogiri', '1.13.
|
46
|
+
gem 'nokogiri', '1.13.9'
|
47
47
|
gem 'oily_png', '1.2.1'
|
48
48
|
gem 'os', '1.1.4'
|
49
49
|
gem 'packetfu', '1.1.13'
|
@@ -60,7 +60,7 @@ gem 'rex', '2.0.13'
|
|
60
60
|
gem 'rmagick', '5.0.0'
|
61
61
|
gem 'rspec', '3.11.0'
|
62
62
|
gem 'rtesseract', '3.1.2'
|
63
|
-
gem 'rubocop', '1.
|
63
|
+
gem 'rubocop', '1.37.0'
|
64
64
|
gem 'rubocop-rake', '0.6.0'
|
65
65
|
gem 'rubocop-rspec', '2.13.2'
|
66
66
|
gem 'ruby-audio', '1.6.1'
|
@@ -71,7 +71,7 @@ gem 'savon', '2.13.1'
|
|
71
71
|
gem 'selenium-devtools', '0.106.0'
|
72
72
|
gem 'serialport', '1.3.2'
|
73
73
|
gem 'sinatra', '3.0.2'
|
74
|
-
gem 'slack-ruby-client', '
|
74
|
+
gem 'slack-ruby-client', '2.0.0'
|
75
75
|
gem 'socksify', '1.7.1'
|
76
76
|
gem 'spreadsheet', '1.3.0'
|
77
77
|
gem 'sqlite3', '1.5.3'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.556]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.556]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/lib/pwn/plugins/baresip.rb
CHANGED
@@ -143,10 +143,6 @@ module PWN
|
|
143
143
|
'-v'
|
144
144
|
)
|
145
145
|
|
146
|
-
baresip_obj[:session_thread] = init_session_thread(
|
147
|
-
baresip_obj: baresip_obj
|
148
|
-
)
|
149
|
-
|
150
146
|
ok = 'registered successfully'
|
151
147
|
gone = 'account: No SIP accounts found'
|
152
148
|
forb = '403 Forbidden'
|
@@ -154,7 +150,13 @@ module PWN
|
|
154
150
|
# TODO: Make this faster.
|
155
151
|
print 'Starting baresip...'
|
156
152
|
loop do
|
157
|
-
|
153
|
+
next unless File.exist?(screenlog_path)
|
154
|
+
|
155
|
+
dump_session_data = File.readlines(screenlog_path)
|
156
|
+
dump_session_data.delete_if do |line|
|
157
|
+
line.include?('ua: using best effort AF: af=AF_INET')
|
158
|
+
end
|
159
|
+
break if dump_session_data.select { |s| s.include?(ok) }.length.positive?
|
158
160
|
|
159
161
|
next unless dump_session_data.select { |s| s.include?(gone) }.length.positive?
|
160
162
|
next unless dump_session_data.select { |s| s.include?(forb) }.length.positive?
|
@@ -170,53 +172,6 @@ module PWN
|
|
170
172
|
raise e
|
171
173
|
end
|
172
174
|
|
173
|
-
# Supported Method Parameters::
|
174
|
-
# session_thread = init_session_thread(
|
175
|
-
# serial_conn: 'required - SerialPort.new object'
|
176
|
-
# )
|
177
|
-
|
178
|
-
private_class_method def self.init_session_thread(opts = {})
|
179
|
-
baresip_obj = opts[:baresip_obj]
|
180
|
-
|
181
|
-
session_root = baresip_obj[:session_root]
|
182
|
-
screenlog_path = baresip_obj[:screenlog_path]
|
183
|
-
|
184
|
-
# Spin up a baresip_obj session_thread
|
185
|
-
Thread.new do
|
186
|
-
loop do
|
187
|
-
next unless File.exist?(screenlog_path)
|
188
|
-
|
189
|
-
# Continuously consume contents of screenlog_path
|
190
|
-
@session_data = File.readlines(screenlog_path)
|
191
|
-
@session_data.delete_if do |line|
|
192
|
-
line.include?('ua: using best effort AF: af=AF_INET')
|
193
|
-
end
|
194
|
-
end
|
195
|
-
end
|
196
|
-
rescue StandardError => e
|
197
|
-
session_thread&.terminate
|
198
|
-
|
199
|
-
raise e
|
200
|
-
end
|
201
|
-
|
202
|
-
# Supported Method Parameters::
|
203
|
-
# session_data = PWN::Plugins::BareSIP.dump_session_data
|
204
|
-
|
205
|
-
public_class_method def self.dump_session_data
|
206
|
-
@session_data
|
207
|
-
rescue StandardError => e
|
208
|
-
raise e
|
209
|
-
end
|
210
|
-
|
211
|
-
# Supported Method Parameters::
|
212
|
-
# session_data = PWN::Plugins::BareSIP.flush_session_data
|
213
|
-
|
214
|
-
public_class_method def self.flush_session_data
|
215
|
-
@session_data.clear
|
216
|
-
rescue StandardError => e
|
217
|
-
raise e
|
218
|
-
end
|
219
|
-
|
220
175
|
# Supported Method Parameters::
|
221
176
|
# cmd_resp = PWN::Plugins::BareSIP.baresip_exec(
|
222
177
|
# baresip_obj: 'Required - baresip obj returned from #start method',
|
@@ -244,13 +199,8 @@ module PWN
|
|
244
199
|
|
245
200
|
public_class_method def self.stop(opts = {})
|
246
201
|
baresip_obj = opts[:baresip_obj]
|
247
|
-
session_thread = baresip_obj[:session_thread]
|
248
202
|
screen_session = baresip_obj[:screen_session]
|
249
203
|
|
250
|
-
flush_session_data
|
251
|
-
|
252
|
-
session_thread.terminate
|
253
|
-
|
254
204
|
puts "STOPPING #{baresip_obj[:screen_session]}"
|
255
205
|
cmd_resp = baresip_exec(
|
256
206
|
baresip_obj: baresip_obj,
|
@@ -509,24 +459,23 @@ module PWN
|
|
509
459
|
print "#{seconds_to_record}s to record - remaining: #{format('%-9.9s', countdown)}"
|
510
460
|
print "\r"
|
511
461
|
|
512
|
-
|
513
|
-
|
514
|
-
|
462
|
+
dump_session_data = File.readlines(screenlog_path)
|
463
|
+
dump_session_data.delete_if do |line|
|
464
|
+
line.include?('ua: using best effort AF: af=AF_INET')
|
465
|
+
end
|
466
|
+
|
515
467
|
if dump_session_data.select { |s| s.include?(terminated) }.length.positive?
|
516
468
|
reason = 'call terminated by other party'
|
517
|
-
flush_session_data
|
518
469
|
break
|
519
470
|
end
|
520
471
|
|
521
472
|
if dump_session_data.select { |s| s.include?(unavail) }.length.positive?
|
522
473
|
reason = 'SIP 503 (service unavailable)'
|
523
|
-
flush_session_data
|
524
474
|
break
|
525
475
|
end
|
526
476
|
|
527
477
|
if dump_session_data.select { |s| s.include?(not_found) }.length.positive?
|
528
478
|
reason = 'SIP 404 (not found)'
|
529
|
-
flush_session_data
|
530
479
|
break
|
531
480
|
end
|
532
481
|
|
@@ -720,8 +669,6 @@ module PWN
|
|
720
669
|
screen_session: 'Optional name of screen session (Defaults baresip)'
|
721
670
|
)
|
722
671
|
|
723
|
-
session_data_arr = #{self}.dump_session_data
|
724
|
-
|
725
672
|
cmd_resp = #{self}.baresip_exec(
|
726
673
|
baresip_obj: 'Required - baresip obj returned from #start method',
|
727
674
|
cmd: 'Required - command to send to baresip HTTP daemon'
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.556
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-10-
|
11
|
+
date: 2022-10-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - ">="
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 2.3.
|
117
|
+
version: 2.3.24
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - ">="
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 2.3.
|
124
|
+
version: 2.3.24
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: bundler-audit
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -450,14 +450,14 @@ dependencies:
|
|
450
450
|
requirements:
|
451
451
|
- - '='
|
452
452
|
- !ruby/object:Gem::Version
|
453
|
-
version: 1.13.
|
453
|
+
version: 1.13.9
|
454
454
|
type: :runtime
|
455
455
|
prerelease: false
|
456
456
|
version_requirements: !ruby/object:Gem::Requirement
|
457
457
|
requirements:
|
458
458
|
- - '='
|
459
459
|
- !ruby/object:Gem::Version
|
460
|
-
version: 1.13.
|
460
|
+
version: 1.13.9
|
461
461
|
- !ruby/object:Gem::Dependency
|
462
462
|
name: oily_png
|
463
463
|
requirement: !ruby/object:Gem::Requirement
|
@@ -688,14 +688,14 @@ dependencies:
|
|
688
688
|
requirements:
|
689
689
|
- - '='
|
690
690
|
- !ruby/object:Gem::Version
|
691
|
-
version: 1.
|
691
|
+
version: 1.37.0
|
692
692
|
type: :runtime
|
693
693
|
prerelease: false
|
694
694
|
version_requirements: !ruby/object:Gem::Requirement
|
695
695
|
requirements:
|
696
696
|
- - '='
|
697
697
|
- !ruby/object:Gem::Version
|
698
|
-
version: 1.
|
698
|
+
version: 1.37.0
|
699
699
|
- !ruby/object:Gem::Dependency
|
700
700
|
name: rubocop-rake
|
701
701
|
requirement: !ruby/object:Gem::Requirement
|
@@ -842,14 +842,14 @@ dependencies:
|
|
842
842
|
requirements:
|
843
843
|
- - '='
|
844
844
|
- !ruby/object:Gem::Version
|
845
|
-
version:
|
845
|
+
version: 2.0.0
|
846
846
|
type: :runtime
|
847
847
|
prerelease: false
|
848
848
|
version_requirements: !ruby/object:Gem::Requirement
|
849
849
|
requirements:
|
850
850
|
- - '='
|
851
851
|
- !ruby/object:Gem::Version
|
852
|
-
version:
|
852
|
+
version: 2.0.0
|
853
853
|
- !ruby/object:Gem::Dependency
|
854
854
|
name: socksify
|
855
855
|
requirement: !ruby/object:Gem::Requirement
|
@@ -2032,7 +2032,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
2032
2032
|
- !ruby/object:Gem::Version
|
2033
2033
|
version: '0'
|
2034
2034
|
requirements: []
|
2035
|
-
rubygems_version: 3.3.
|
2035
|
+
rubygems_version: 3.3.24
|
2036
2036
|
signing_key:
|
2037
2037
|
specification_version: 4
|
2038
2038
|
summary: Automated Security Testing for CI/CD Pipelines & Beyond
|