pwn 0.4.558 → 0.4.560

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/bin/pwn_fuzz_net_app_proto +1 -1
  4. data/bin/pwn_phone +1 -1
  5. data/bin/pwn_sast +1 -1
  6. data/bin/pwn_www_uri_buster +71 -67
  7. data/build_pwn_gem.sh +0 -6
  8. data/git_commit_test_reinit_gem.sh +7 -0
  9. data/lib/pwn/version.rb +1 -1
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9d5be653b5456b1ef5e858e7e93c3141267572b9f63d09ee5ddc804e05b4b287
4
- data.tar.gz: 10f59a7fa3da847402b3bb3fae55e527663380e50c86be645b9e8155581b7c02
3
+ metadata.gz: 141967853c518920147525e9669739c9884959ee8d519f72a1dd7c2dbe15667d
4
+ data.tar.gz: 05d71ffd4948692045a5bf6d4b89f35b0648e7e3563683a7fee6fc21aec79986
5
5
  SHA512:
6
- metadata.gz: ba4f7f66d1cc74ba597fe8b94ee5a35a3b54089396e262488a2798fb7dabe04225652420822b5a10ce609ebe3a3a93070c2917fc6bc9b475e8d95d1c6ecdd433
7
- data.tar.gz: aee5c3440a05577dca65d55f6b3048a07c225e2ff754a76d80b1e02088b1c6f003ee12beff768d75467139102aaf749b96b086bbfb0120db1fd9ce6397103e50
6
+ metadata.gz: 60ea533b90a1bf27a3a65dc8494febed956ed42f07cb2583b9e71480a3b517c2f54cd3a4f46b215714f028b98d60e9451aecaae2557e01e5bc82099852c58a4f
7
+ data.tar.gz: ff8488b74b31867a28859f36e967f2df9342594efef304eb76abb960422a0a985567b23da801c81651b1c1edf634dcf1b62dbb3913365e541b1b435bb322390b
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.558]:001 >>> PWN.help
40
+ pwn[v0.4.560]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.558]:001 >>> PWN.help
55
+ pwn[v0.4.560]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_fuzz_net_app_proto CHANGED
@@ -77,8 +77,8 @@ if opts.empty?
77
77
  exit 1
78
78
  end
79
79
 
80
+ pwn_provider = 'ruby-gem'
80
81
  pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.fetch('PWN_PROVIDER')
81
- pwn_provider ||= 'ruby-gem'
82
82
 
83
83
  dir_path = opts[:dir_path].to_s.scrub
84
84
  target = opts[:target]
data/bin/pwn_phone CHANGED
@@ -61,8 +61,8 @@ if opts.empty?
61
61
  end
62
62
 
63
63
  begin
64
+ pwn_provider = 'ruby-gem'
64
65
  pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.fetch('PWN_PROVIDER')
65
- pwn_provider ||= 'ruby-gem'
66
66
  $stdout.sync = true
67
67
 
68
68
  # Required Flag Variables
data/bin/pwn_sast CHANGED
@@ -46,8 +46,8 @@ if opts.empty?
46
46
  end
47
47
 
48
48
  begin
49
+ pwn_provider = 'ruby-gem'
49
50
  pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.fetch('PWN_PROVIDER')
50
- pwn_provider ||= 'ruby-gem'
51
51
 
52
52
  green = "\e[32m"
53
53
  end_of_color = "\e[0m"
data/bin/pwn_www_uri_buster CHANGED
@@ -56,75 +56,75 @@ def request_path(opts = {})
56
56
  http_request_headers = opts[:http_request_headers]
57
57
  proxy = opts[:proxy]
58
58
  wordlist_line = opts[:wordlist_line]
59
+ http_method = opts[:http_method]
60
+
61
+ rest_client_resp_hash = {}
62
+ begin
63
+ print '.'
64
+ http_uri = "#{target_url}/#{wordlist_line}"
65
+ if proxy
66
+ rest_client = PWN::Plugins::TransparentBrowser.open(
67
+ browser_type: :rest,
68
+ proxy: proxy
69
+ )::Request
70
+ else
71
+ rest_client = PWN::Plugins::TransparentBrowser.open(
72
+ browser_type: :rest
73
+ )::Request
74
+ end
59
75
 
60
- http_methods = %i[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
61
- http_methods.each do |http_method|
62
- begin
63
- print '.'
64
- http_uri = "#{target_url}/#{wordlist_line}"
65
- rest_client_resp_hash = {}
66
- if proxy
67
- rest_client = PWN::Plugins::TransparentBrowser.open(
68
- browser_type: :rest,
69
- proxy: proxy
70
- )::Request
71
- else
72
- rest_client = PWN::Plugins::TransparentBrowser.open(
73
- browser_type: :rest
74
- )::Request
75
- end
76
-
77
- headers = nil
78
- if http_request_headers
79
- headers = JSON.parse(
80
- http_request_headers,
81
- symbolize_names: true
82
- )
83
- end
84
-
85
- response = rest_client.execute(
86
- method: http_method,
87
- url: http_uri,
88
- headers: headers,
89
- verify_ssl: false
76
+ headers = nil
77
+ if http_request_headers
78
+ headers = JSON.parse(
79
+ http_request_headers,
80
+ symbolize_names: true
90
81
  )
82
+ end
91
83
 
92
- rest_client_resp_hash = {
93
- request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
94
- http_uri: http_uri,
95
- http_method: http_method,
96
- http_resp_code: response.code,
97
- http_resp_length: response.body.length,
98
- http_resp: "#{response.body[0..300]}..."
99
- }
100
- rescue RestClient::ExceptionWithResponse,
101
- RestClient::ServerBrokeConnection => e
102
- rest_client_resp_hash = {
103
- request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
104
- http_uri: http_uri,
105
- http_method: http_method,
106
- http_resp_code: e.response.code,
107
- http_resp_length: e.response.body.length,
108
- http_resp: "#{e.response.body[0..300]}..."
109
- }
110
- next
111
- rescue URI::InvalidURIError
112
- url_encoded_wordlist_arr = []
113
- wordlist_line.split('/').each do |path|
114
- url_encoded_wordlist_arr.push(CGI.escape(path))
115
- end
116
- wordlist_line = url_encoded_wordlist_arr.join('/')
84
+ response = rest_client.execute(
85
+ method: http_method,
86
+ url: http_uri,
87
+ headers: headers,
88
+ verify_ssl: false
89
+ )
117
90
 
118
- retry
119
- rescue RestClient::TooManyRequests
120
- sleep 60
91
+ rest_client_resp_hash = {
92
+ request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
93
+ http_uri: http_uri,
94
+ http_method: http_method,
95
+ http_resp_code: response.code,
96
+ http_resp_length: response.body.length,
97
+ http_resp: "#{response.body[0..300]}..."
98
+ }
99
+ rescue RestClient::ExceptionWithResponse,
100
+ RestClient::ServerBrokeConnection => e
101
+ rest_client_resp_hash = {
102
+ request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
103
+ http_uri: http_uri,
104
+ http_method: http_method,
105
+ http_resp_code: e.response.code,
106
+ http_resp_length: e.response.body.length,
107
+ http_resp: "#{e.response.body[0..300]}..."
108
+ }
109
+ next
110
+ rescue URI::InvalidURIError
111
+ url_encoded_wordlist_arr = []
112
+ wordlist_line.split('/').each do |path|
113
+ url_encoded_wordlist_arr.push(CGI.escape(path))
121
114
  end
115
+ wordlist_line = url_encoded_wordlist_arr.join('/')
116
+
117
+ retry
118
+ rescue RestClient::TooManyRequests
119
+ sleep 60
122
120
  end
121
+
122
+ rest_client_resp_hash
123
123
  end
124
124
 
125
125
  begin
126
+ pwn_provider = 'ruby-gem'
126
127
  pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.fetch('PWN_PROVIDER')
127
- pwn_provider ||= 'ruby-gem'
128
128
  $stdout.sync = true
129
129
 
130
130
  target_url = opts[:target_url]
@@ -166,15 +166,19 @@ begin
166
166
 
167
167
  next if wordlist_line.match?(/^#/)
168
168
 
169
- rest_client_resp_hash = request_path(
170
- target_url: target_url,
171
- http_request_headers: http_request_headers,
172
- proxy: proxy,
173
- wordlist_line: wordlist_line
174
- )
169
+ http_methods = %i[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
170
+ http_methods.each do |http_method|
171
+ rest_client_resp_hash = request_path(
172
+ target_url: target_url,
173
+ http_request_headers: http_request_headers,
174
+ proxy: proxy,
175
+ wordlist_line: wordlist_line,
176
+ http_method: http_method
177
+ )
175
178
 
176
- mutex.synchronize do
177
- results_hash[:data].push(rest_client_resp_hash)
179
+ mutex.synchronize do
180
+ results_hash[:data].push(rest_client_resp_hash)
181
+ end
178
182
  end
179
183
  end
180
184
 
data/build_pwn_gem.sh CHANGED
@@ -24,12 +24,6 @@ if [[ $old_ruby_version == $new_ruby_version ]]; then
24
24
  rvmsudo gem rdoc --rdoc --ri --overwrite -V pwn
25
25
  echo "Invoking bundle-audit Gemfile Scanner..."
26
26
  rvmsudo bundle-audit
27
-
28
- latest_gem=$(ls pkg/*.gem)
29
- if [[ $latest_gem != "" ]]; then
30
- echo "Pushing ${latest_gem} to RubyGems.org..."
31
- rvmsudo gem push $latest_gem --debug
32
- fi
33
27
  else
34
28
  cd $pwn_root && ./upgrade_ruby.sh $new_ruby_version $old_ruby_version
35
29
  fi
data/git_commit_test_reinit_gem.sh CHANGED
@@ -15,6 +15,13 @@ if (( $# == 3 )); then
15
15
  pwn_autoinc_version
16
16
  git commit -a -S --author="${1} <${2}>" -m "${3}"
17
17
  ./update_pwn.sh
18
+
19
+ latest_gem=$(ls pkg/*.gem)
20
+ if [[ $latest_gem != "" ]]; then
21
+ echo "Pushing ${latest_gem} to RubyGems.org..."
22
+ rvmsudo gem push $latest_gem --debug
23
+ fi
24
+
18
25
  # Tag for every 100 commits (i.e. 0.1.100, 0.1.200, etc)
19
26
  tag_this_version_bool=`ruby -r 'pwn' -e 'if PWN::VERSION.split(".")[-1].to_i % 100 == 0; then print true; else print false; end'`
20
27
  if [[ $tag_this_version_bool == 'true' ]]; then
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.558'
4
+ VERSION = '0.4.560'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.558
4
+ version: 0.4.560
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
@@ -2032,7 +2032,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
2032
2032
  - !ruby/object:Gem::Version
2033
2033
  version: '0'
2034
2034
  requirements: []
2035
- rubygems_version: 3.3.24
2035
+ rubygems_version: 3.3.25
2036
2036
  signing_key:
2037
2037
  specification_version: 4
2038
2038
  summary: Automated Security Testing for CI/CD Pipelines & Beyond