pwn 0.4.559 → 0.4.560
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_www_uri_buster +70 -66
- data/build_pwn_gem.sh +0 -6
- data/git_commit_test_reinit_gem.sh +7 -0
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 141967853c518920147525e9669739c9884959ee8d519f72a1dd7c2dbe15667d
|
4
|
+
data.tar.gz: 05d71ffd4948692045a5bf6d4b89f35b0648e7e3563683a7fee6fc21aec79986
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 60ea533b90a1bf27a3a65dc8494febed956ed42f07cb2583b9e71480a3b517c2f54cd3a4f46b215714f028b98d60e9451aecaae2557e01e5bc82099852c58a4f
|
7
|
+
data.tar.gz: ff8488b74b31867a28859f36e967f2df9342594efef304eb76abb960422a0a985567b23da801c81651b1c1edf634dcf1b62dbb3913365e541b1b435bb322390b
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.560]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.560]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn_www_uri_buster
CHANGED
@@ -56,70 +56,70 @@ def request_path(opts = {})
|
|
56
56
|
http_request_headers = opts[:http_request_headers]
|
57
57
|
proxy = opts[:proxy]
|
58
58
|
wordlist_line = opts[:wordlist_line]
|
59
|
+
http_method = opts[:http_method]
|
60
|
+
|
61
|
+
rest_client_resp_hash = {}
|
62
|
+
begin
|
63
|
+
print '.'
|
64
|
+
http_uri = "#{target_url}/#{wordlist_line}"
|
65
|
+
if proxy
|
66
|
+
rest_client = PWN::Plugins::TransparentBrowser.open(
|
67
|
+
browser_type: :rest,
|
68
|
+
proxy: proxy
|
69
|
+
)::Request
|
70
|
+
else
|
71
|
+
rest_client = PWN::Plugins::TransparentBrowser.open(
|
72
|
+
browser_type: :rest
|
73
|
+
)::Request
|
74
|
+
end
|
59
75
|
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
rest_client_resp_hash = {}
|
66
|
-
if proxy
|
67
|
-
rest_client = PWN::Plugins::TransparentBrowser.open(
|
68
|
-
browser_type: :rest,
|
69
|
-
proxy: proxy
|
70
|
-
)::Request
|
71
|
-
else
|
72
|
-
rest_client = PWN::Plugins::TransparentBrowser.open(
|
73
|
-
browser_type: :rest
|
74
|
-
)::Request
|
75
|
-
end
|
76
|
-
|
77
|
-
headers = nil
|
78
|
-
if http_request_headers
|
79
|
-
headers = JSON.parse(
|
80
|
-
http_request_headers,
|
81
|
-
symbolize_names: true
|
82
|
-
)
|
83
|
-
end
|
84
|
-
|
85
|
-
response = rest_client.execute(
|
86
|
-
method: http_method,
|
87
|
-
url: http_uri,
|
88
|
-
headers: headers,
|
89
|
-
verify_ssl: false
|
76
|
+
headers = nil
|
77
|
+
if http_request_headers
|
78
|
+
headers = JSON.parse(
|
79
|
+
http_request_headers,
|
80
|
+
symbolize_names: true
|
90
81
|
)
|
82
|
+
end
|
91
83
|
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
http_resp: "#{response.body[0..300]}..."
|
99
|
-
}
|
100
|
-
rescue RestClient::ExceptionWithResponse,
|
101
|
-
RestClient::ServerBrokeConnection => e
|
102
|
-
rest_client_resp_hash = {
|
103
|
-
request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
|
104
|
-
http_uri: http_uri,
|
105
|
-
http_method: http_method,
|
106
|
-
http_resp_code: e.response.code,
|
107
|
-
http_resp_length: e.response.body.length,
|
108
|
-
http_resp: "#{e.response.body[0..300]}..."
|
109
|
-
}
|
110
|
-
next
|
111
|
-
rescue URI::InvalidURIError
|
112
|
-
url_encoded_wordlist_arr = []
|
113
|
-
wordlist_line.split('/').each do |path|
|
114
|
-
url_encoded_wordlist_arr.push(CGI.escape(path))
|
115
|
-
end
|
116
|
-
wordlist_line = url_encoded_wordlist_arr.join('/')
|
84
|
+
response = rest_client.execute(
|
85
|
+
method: http_method,
|
86
|
+
url: http_uri,
|
87
|
+
headers: headers,
|
88
|
+
verify_ssl: false
|
89
|
+
)
|
117
90
|
|
118
|
-
|
119
|
-
|
120
|
-
|
91
|
+
rest_client_resp_hash = {
|
92
|
+
request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
|
93
|
+
http_uri: http_uri,
|
94
|
+
http_method: http_method,
|
95
|
+
http_resp_code: response.code,
|
96
|
+
http_resp_length: response.body.length,
|
97
|
+
http_resp: "#{response.body[0..300]}..."
|
98
|
+
}
|
99
|
+
rescue RestClient::ExceptionWithResponse,
|
100
|
+
RestClient::ServerBrokeConnection => e
|
101
|
+
rest_client_resp_hash = {
|
102
|
+
request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
|
103
|
+
http_uri: http_uri,
|
104
|
+
http_method: http_method,
|
105
|
+
http_resp_code: e.response.code,
|
106
|
+
http_resp_length: e.response.body.length,
|
107
|
+
http_resp: "#{e.response.body[0..300]}..."
|
108
|
+
}
|
109
|
+
next
|
110
|
+
rescue URI::InvalidURIError
|
111
|
+
url_encoded_wordlist_arr = []
|
112
|
+
wordlist_line.split('/').each do |path|
|
113
|
+
url_encoded_wordlist_arr.push(CGI.escape(path))
|
121
114
|
end
|
115
|
+
wordlist_line = url_encoded_wordlist_arr.join('/')
|
116
|
+
|
117
|
+
retry
|
118
|
+
rescue RestClient::TooManyRequests
|
119
|
+
sleep 60
|
122
120
|
end
|
121
|
+
|
122
|
+
rest_client_resp_hash
|
123
123
|
end
|
124
124
|
|
125
125
|
begin
|
@@ -166,15 +166,19 @@ begin
|
|
166
166
|
|
167
167
|
next if wordlist_line.match?(/^#/)
|
168
168
|
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
169
|
+
http_methods = %i[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
|
170
|
+
http_methods.each do |http_method|
|
171
|
+
rest_client_resp_hash = request_path(
|
172
|
+
target_url: target_url,
|
173
|
+
http_request_headers: http_request_headers,
|
174
|
+
proxy: proxy,
|
175
|
+
wordlist_line: wordlist_line,
|
176
|
+
http_method: http_method
|
177
|
+
)
|
175
178
|
|
176
|
-
|
177
|
-
|
179
|
+
mutex.synchronize do
|
180
|
+
results_hash[:data].push(rest_client_resp_hash)
|
181
|
+
end
|
178
182
|
end
|
179
183
|
end
|
180
184
|
|
data/build_pwn_gem.sh
CHANGED
@@ -24,12 +24,6 @@ if [[ $old_ruby_version == $new_ruby_version ]]; then
|
|
24
24
|
rvmsudo gem rdoc --rdoc --ri --overwrite -V pwn
|
25
25
|
echo "Invoking bundle-audit Gemfile Scanner..."
|
26
26
|
rvmsudo bundle-audit
|
27
|
-
|
28
|
-
latest_gem=$(ls pkg/*.gem)
|
29
|
-
if [[ $latest_gem != "" ]]; then
|
30
|
-
echo "Pushing ${latest_gem} to RubyGems.org..."
|
31
|
-
rvmsudo gem push $latest_gem --debug
|
32
|
-
fi
|
33
27
|
else
|
34
28
|
cd $pwn_root && ./upgrade_ruby.sh $new_ruby_version $old_ruby_version
|
35
29
|
fi
|
@@ -15,6 +15,13 @@ if (( $# == 3 )); then
|
|
15
15
|
pwn_autoinc_version
|
16
16
|
git commit -a -S --author="${1} <${2}>" -m "${3}"
|
17
17
|
./update_pwn.sh
|
18
|
+
|
19
|
+
latest_gem=$(ls pkg/*.gem)
|
20
|
+
if [[ $latest_gem != "" ]]; then
|
21
|
+
echo "Pushing ${latest_gem} to RubyGems.org..."
|
22
|
+
rvmsudo gem push $latest_gem --debug
|
23
|
+
fi
|
24
|
+
|
18
25
|
# Tag for every 100 commits (i.e. 0.1.100, 0.1.200, etc)
|
19
26
|
tag_this_version_bool=`ruby -r 'pwn' -e 'if PWN::VERSION.split(".")[-1].to_i % 100 == 0; then print true; else print false; end'`
|
20
27
|
if [[ $tag_this_version_bool == 'true' ]]; then
|
data/lib/pwn/version.rb
CHANGED