pwn 0.4.553 → 0.4.556

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop_todo.yml +18 -7
  3. data/Gemfile +4 -4
  4. data/README.md +2 -2
  5. data/lib/pwn/plugins/baresip.rb +12 -65
  6. data/lib/pwn/version.rb +1 -1
  7. metadata +11 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f6a9cf9077f04af8d1f05263ebf389014fc8d61847a2cc20d9e6f047c6c01c46
4
- data.tar.gz: a70a0943345f3a5b4b1ee18f12d4fda080e1580dbf45af8a3dde677661d9fad7
3
+ metadata.gz: 11dbd600732237336ae57156038e3dfd2a50827ac3d17c700fe4e22f454d6719
4
+ data.tar.gz: 05ae0f33ecf325c838d9001d4df3d08937a995759ebc7cc9e49e7f8358f3e245
5
5
  SHA512:
6
- metadata.gz: 2fdd15710865e4d378a779ba5800f4483723b8b5a512abfb9d98a888a4d2ccc06a1bf9bffe279b84dd6e186df83ea7eec92f1f0200f28a042eef16b63d009511
7
- data.tar.gz: b9bdf91a136054cd20b8f5aa6b12e49a8302c6812656a3bc031f157459522e5c49a395c141e4f16974472b0a45e3b9460bbba0644f7c26b45e668545a7296a28
6
+ metadata.gz: 7bc057c08e032a99ffedda3c0112645cbbb1d0e772782e67939c15aefb8aa35123bbfc620c61d071beea1084ce9766f662d47f081b196c106b88711abd2d2bf0
7
+ data.tar.gz: a2fc493cbac49a1b74b1bc8614c5b40f1f074693189165222ca04d144f778016ddeee19e0d7235d5af7079513b52372c42c98be9bebbd606780cb7a29b2f2142
data/.rubocop_todo.yml CHANGED
@@ -1,6 +1,6 @@
1
1
  # This configuration was generated by
2
2
  # `rubocop --auto-gen-config`
3
- # on 2022-09-23 22:54:28 UTC using RuboCop version 1.36.0.
3
+ # on 2022-10-23 04:53:17 UTC using RuboCop version 1.37.0.
4
4
  # The point is for the user to remove these configuration records
5
5
  # one by one as the offenses are removed from the code base.
6
6
  # Note that changes in the inspected code, or installation of new
@@ -17,16 +17,16 @@ Layout/LineContinuationSpacing:
17
17
  - 'packer/provisioners/wpscan.rb'
18
18
  - 'vagrant/provisioners/beef.rb'
19
19
 
20
- # Offense count: 265
20
+ # Offense count: 270
21
21
  Lint/UselessAssignment:
22
22
  Enabled: false
23
23
 
24
- # Offense count: 266
24
+ # Offense count: 268
25
25
  # Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, CountRepeatedAttributes.
26
26
  Metrics/AbcSize:
27
27
  Max: 328
28
28
 
29
- # Offense count: 71
29
+ # Offense count: 69
30
30
  # Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
31
31
  # AllowedMethods: refine
32
32
  Metrics/BlockLength:
@@ -37,7 +37,7 @@ Metrics/BlockLength:
37
37
  Metrics/BlockNesting:
38
38
  Max: 5
39
39
 
40
- # Offense count: 96
40
+ # Offense count: 97
41
41
  # Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
42
42
  Metrics/CyclomaticComplexity:
43
43
  Max: 231
@@ -52,7 +52,7 @@ Metrics/MethodLength:
52
52
  Metrics/ModuleLength:
53
53
  Max: 1186
54
54
 
55
- # Offense count: 88
55
+ # Offense count: 89
56
56
  # Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
57
57
  Metrics/PerceivedComplexity:
58
58
  Max: 51
@@ -93,12 +93,23 @@ Style/RedundantCondition:
93
93
  - 'bin/pwn_simple_http_server'
94
94
  - 'lib/pwn/plugins/packet.rb'
95
95
 
96
+ # Offense count: 13
97
+ # This cop supports safe autocorrection (--autocorrect).
98
+ Style/RedundantStringEscape:
99
+ Exclude:
100
+ - 'bin/pwn_autoinc_version'
101
+ - 'lib/pwn/sast/emoticon.rb'
102
+ - 'lib/pwn/sast/php_type_juggling.rb'
103
+ - 'lib/pwn/sast/port.rb'
104
+ - 'lib/pwn/sast/redos.rb'
105
+ - 'vagrant/provisioners/kali_customize.rb'
106
+
96
107
  # Offense count: 45
97
108
  # This cop supports unsafe autocorrection (--autocorrect-all).
98
109
  Style/SlicingWithRange:
99
110
  Enabled: false
100
111
 
101
- # Offense count: 577
112
+ # Offense count: 574
102
113
  # This cop supports safe autocorrection (--autocorrect).
103
114
  # Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, IgnoredPatterns.
104
115
  # URISchemes: http, https
data/Gemfile CHANGED
@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.1.0'
18
18
  gem 'bettercap', '1.6.2'
19
19
  gem 'brakeman', '5.3.1'
20
20
  gem 'bson', '4.15.0'
21
- gem 'bundler', '>=2.3.23'
21
+ gem 'bundler', '>=2.3.24'
22
22
  gem 'bundler-audit', '0.9.1'
23
23
  gem 'bunny', '2.19.0'
24
24
  gem 'colorize', '0.8.1'
@@ -43,7 +43,7 @@ gem 'net-ldap', '0.17.1'
43
43
  gem 'net-openvpn', '0.8.7'
44
44
  gem 'net-smtp', '0.3.2'
45
45
  gem 'nexpose', '7.3.0'
46
- gem 'nokogiri', '1.13.8'
46
+ gem 'nokogiri', '1.13.9'
47
47
  gem 'oily_png', '1.2.1'
48
48
  gem 'os', '1.1.4'
49
49
  gem 'packetfu', '1.1.13'
@@ -60,7 +60,7 @@ gem 'rex', '2.0.13'
60
60
  gem 'rmagick', '5.0.0'
61
61
  gem 'rspec', '3.11.0'
62
62
  gem 'rtesseract', '3.1.2'
63
- gem 'rubocop', '1.36.0'
63
+ gem 'rubocop', '1.37.0'
64
64
  gem 'rubocop-rake', '0.6.0'
65
65
  gem 'rubocop-rspec', '2.13.2'
66
66
  gem 'ruby-audio', '1.6.1'
@@ -71,7 +71,7 @@ gem 'savon', '2.13.1'
71
71
  gem 'selenium-devtools', '0.106.0'
72
72
  gem 'serialport', '1.3.2'
73
73
  gem 'sinatra', '3.0.2'
74
- gem 'slack-ruby-client', '1.1.0'
74
+ gem 'slack-ruby-client', '2.0.0'
75
75
  gem 'socksify', '1.7.1'
76
76
  gem 'spreadsheet', '1.3.0'
77
77
  gem 'sqlite3', '1.5.3'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.553]:001 >>> PWN.help
40
+ pwn[v0.4.556]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.553]:001 >>> PWN.help
55
+ pwn[v0.4.556]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/lib/pwn/plugins/baresip.rb CHANGED
@@ -143,10 +143,6 @@ module PWN
143
143
  '-v'
144
144
  )
145
145
 
146
- baresip_obj[:session_thread] = init_session_thread(
147
- baresip_obj: baresip_obj
148
- )
149
-
150
146
  ok = 'registered successfully'
151
147
  gone = 'account: No SIP accounts found'
152
148
  forb = '403 Forbidden'
@@ -154,7 +150,13 @@ module PWN
154
150
  # TODO: Make this faster.
155
151
  print 'Starting baresip...'
156
152
  loop do
157
- break if @session_data.select { |s| s.include?(ok) }.length.positive?
153
+ next unless File.exist?(screenlog_path)
154
+
155
+ dump_session_data = File.readlines(screenlog_path)
156
+ dump_session_data.delete_if do |line|
157
+ line.include?('ua: using best effort AF: af=AF_INET')
158
+ end
159
+ break if dump_session_data.select { |s| s.include?(ok) }.length.positive?
158
160
 
159
161
  next unless dump_session_data.select { |s| s.include?(gone) }.length.positive?
160
162
  next unless dump_session_data.select { |s| s.include?(forb) }.length.positive?
@@ -170,53 +172,6 @@ module PWN
170
172
  raise e
171
173
  end
172
174
 
173
- # Supported Method Parameters::
174
- # session_thread = init_session_thread(
175
- # serial_conn: 'required - SerialPort.new object'
176
- # )
177
-
178
- private_class_method def self.init_session_thread(opts = {})
179
- baresip_obj = opts[:baresip_obj]
180
-
181
- session_root = baresip_obj[:session_root]
182
- screenlog_path = baresip_obj[:screenlog_path]
183
-
184
- # Spin up a baresip_obj session_thread
185
- Thread.new do
186
- loop do
187
- next unless File.exist?(screenlog_path)
188
-
189
- # Continuously consume contents of screenlog_path
190
- @session_data = File.readlines(screenlog_path)
191
- @session_data.delete_if do |line|
192
- line.include?('ua: using best effort AF: af=AF_INET')
193
- end
194
- end
195
- end
196
- rescue StandardError => e
197
- session_thread&.terminate
198
-
199
- raise e
200
- end
201
-
202
- # Supported Method Parameters::
203
- # session_data = PWN::Plugins::BareSIP.dump_session_data
204
-
205
- public_class_method def self.dump_session_data
206
- @session_data
207
- rescue StandardError => e
208
- raise e
209
- end
210
-
211
- # Supported Method Parameters::
212
- # session_data = PWN::Plugins::BareSIP.flush_session_data
213
-
214
- public_class_method def self.flush_session_data
215
- @session_data.clear
216
- rescue StandardError => e
217
- raise e
218
- end
219
-
220
175
  # Supported Method Parameters::
221
176
  # cmd_resp = PWN::Plugins::BareSIP.baresip_exec(
222
177
  # baresip_obj: 'Required - baresip obj returned from #start method',
@@ -244,13 +199,8 @@ module PWN
244
199
 
245
200
  public_class_method def self.stop(opts = {})
246
201
  baresip_obj = opts[:baresip_obj]
247
- session_thread = baresip_obj[:session_thread]
248
202
  screen_session = baresip_obj[:screen_session]
249
203
 
250
- flush_session_data
251
-
252
- session_thread.terminate
253
-
254
204
  puts "STOPPING #{baresip_obj[:screen_session]}"
255
205
  cmd_resp = baresip_exec(
256
206
  baresip_obj: baresip_obj,
@@ -509,24 +459,23 @@ module PWN
509
459
  print "#{seconds_to_record}s to record - remaining: #{format('%-9.9s', countdown)}"
510
460
  print "\r"
511
461
 
512
- # TODO: Fix known issue - if remote terminates call early
513
- # all calls in thread pool will be stopped prematurely :-/
514
- # This likely has something to do w/ data scoping issues in dump_session_data
462
+ dump_session_data = File.readlines(screenlog_path)
463
+ dump_session_data.delete_if do |line|
464
+ line.include?('ua: using best effort AF: af=AF_INET')
465
+ end
466
+
515
467
  if dump_session_data.select { |s| s.include?(terminated) }.length.positive?
516
468
  reason = 'call terminated by other party'
517
- flush_session_data
518
469
  break
519
470
  end
520
471
 
521
472
  if dump_session_data.select { |s| s.include?(unavail) }.length.positive?
522
473
  reason = 'SIP 503 (service unavailable)'
523
- flush_session_data
524
474
  break
525
475
  end
526
476
 
527
477
  if dump_session_data.select { |s| s.include?(not_found) }.length.positive?
528
478
  reason = 'SIP 404 (not found)'
529
- flush_session_data
530
479
  break
531
480
  end
532
481
 
@@ -720,8 +669,6 @@ module PWN
720
669
  screen_session: 'Optional name of screen session (Defaults baresip)'
721
670
  )
722
671
 
723
- session_data_arr = #{self}.dump_session_data
724
-
725
672
  cmd_resp = #{self}.baresip_exec(
726
673
  baresip_obj: 'Required - baresip obj returned from #start method',
727
674
  cmd: 'Required - command to send to baresip HTTP daemon'
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.553'
4
+ VERSION = '0.4.556'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.553
4
+ version: 0.4.556
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-10-13 00:00:00.000000000 Z
11
+ date: 2022-10-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - ">="
116
116
  - !ruby/object:Gem::Version
117
- version: 2.3.23
117
+ version: 2.3.24
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - ">="
123
123
  - !ruby/object:Gem::Version
124
- version: 2.3.23
124
+ version: 2.3.24
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: bundler-audit
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -450,14 +450,14 @@ dependencies:
450
450
  requirements:
451
451
  - - '='
452
452
  - !ruby/object:Gem::Version
453
- version: 1.13.8
453
+ version: 1.13.9
454
454
  type: :runtime
455
455
  prerelease: false
456
456
  version_requirements: !ruby/object:Gem::Requirement
457
457
  requirements:
458
458
  - - '='
459
459
  - !ruby/object:Gem::Version
460
- version: 1.13.8
460
+ version: 1.13.9
461
461
  - !ruby/object:Gem::Dependency
462
462
  name: oily_png
463
463
  requirement: !ruby/object:Gem::Requirement
@@ -688,14 +688,14 @@ dependencies:
688
688
  requirements:
689
689
  - - '='
690
690
  - !ruby/object:Gem::Version
691
- version: 1.36.0
691
+ version: 1.37.0
692
692
  type: :runtime
693
693
  prerelease: false
694
694
  version_requirements: !ruby/object:Gem::Requirement
695
695
  requirements:
696
696
  - - '='
697
697
  - !ruby/object:Gem::Version
698
- version: 1.36.0
698
+ version: 1.37.0
699
699
  - !ruby/object:Gem::Dependency
700
700
  name: rubocop-rake
701
701
  requirement: !ruby/object:Gem::Requirement
@@ -842,14 +842,14 @@ dependencies:
842
842
  requirements:
843
843
  - - '='
844
844
  - !ruby/object:Gem::Version
845
- version: 1.1.0
845
+ version: 2.0.0
846
846
  type: :runtime
847
847
  prerelease: false
848
848
  version_requirements: !ruby/object:Gem::Requirement
849
849
  requirements:
850
850
  - - '='
851
851
  - !ruby/object:Gem::Version
852
- version: 1.1.0
852
+ version: 2.0.0
853
853
  - !ruby/object:Gem::Dependency
854
854
  name: socksify
855
855
  requirement: !ruby/object:Gem::Requirement
@@ -2032,7 +2032,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
2032
2032
  - !ruby/object:Gem::Version
2033
2033
  version: '0'
2034
2034
  requirements: []
2035
- rubygems_version: 3.3.23
2035
+ rubygems_version: 3.3.24
2036
2036
  signing_key:
2037
2037
  specification_version: 4
2038
2038
  summary: Automated Security Testing for CI/CD Pipelines & Beyond