pwn 0.4.604 → 0.4.606

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9e5a29843405dc109bb1b2b1e00a1f0e2a6c4d059862f691a2785abe89c561b9
4
- data.tar.gz: cbd6a56e0e19c9311bfb59cd5032e5e0b53fec879a2861cfcecbb51a1ca23209
3
+ metadata.gz: 467f8bfe15183838882de427a8dccce2eebb4ec939b78169d3280d076b0fa764
4
+ data.tar.gz: 192da1120a211f797081731a984e97532954e12b53146f8b15b66aa225fe1967
5
5
  SHA512:
6
- metadata.gz: d61d2301d9bd8e412e8ef1a163722ae622e198ad4358ec25d3b1ad9336ee522b8b2b71d065916ef6a408a1077d8faea56ae48c433e25749d264d7eb5073b472b
7
- data.tar.gz: 94c982fbfeb4c23d22c810a8ee7f4cbd86dcabc56c280d0ecac40bddc88434cb1a662387fa3ce62a5ac2ef36185d112569dd8bd0b8acaef5fcf819e15864aa20
6
+ metadata.gz: 627618f032d8b088408a46e9fea4994ed7def61af35beeedef44a9a50b78c4dfe0b1fce87681c8a1d233306a0dd01734085d742a8e1afc1131ac874e17c061a2
7
+ data.tar.gz: 398ceaec43e0ccb285c032e08192b6a5956151c42054e56ca191051825356036c7cbe2267ae7991595aabb79e3c35ad55e4cf3fa7ac1620b3ce6709d04f124a5
data/Gemfile CHANGED
@@ -11,14 +11,14 @@ gemspec
11
11
  # In some circumstances custom flags are passed to gems in order
12
12
  # to build appropriately. Defer to ./reinstall_pwn_gemset.sh
13
13
  # to review these custom flags (e.g. pg, serialport, etc).
14
- gem 'activesupport', '7.0.4'
14
+ gem 'activesupport', '7.0.4.1'
15
15
  gem 'anemone', '0.7.2'
16
16
  gem 'authy', '3.0.1'
17
17
  gem 'aws-sdk', '3.1.0'
18
18
  gem 'bettercap', '1.6.2'
19
19
  gem 'brakeman', '5.4.0'
20
20
  gem 'bson', '4.15.0'
21
- gem 'bundler', '>=2.4.3'
21
+ gem 'bundler', '>=2.4.5'
22
22
  gem 'bundler-audit', '0.9.1'
23
23
  gem 'bunny', '2.20.2'
24
24
  gem 'colorize', '0.8.1'
@@ -26,6 +26,7 @@ gem 'credit_card_validations', '6.0.0'
26
26
  gem 'eventmachine', '1.2.7'
27
27
  gem 'executable-hooks', '1.6.1'
28
28
  gem 'faye-websocket', '0.11.1'
29
+ gem 'ffi', '1.15.5'
29
30
  gem 'fftw3', '0.3'
30
31
  gem 'gdb', '1.0.0'
31
32
  gem 'gem-wrappers', '1.4.0'
@@ -62,9 +63,9 @@ gem 'rex', '2.0.13'
62
63
  gem 'rmagick', '5.1.0'
63
64
  gem 'rspec', '3.12.0'
64
65
  gem 'rtesseract', '3.1.2'
65
- gem 'rubocop', '1.43.0'
66
+ gem 'rubocop', '1.44.0'
66
67
  gem 'rubocop-rake', '0.6.0'
67
- gem 'rubocop-rspec', '2.17.0'
68
+ gem 'rubocop-rspec', '2.18.1'
68
69
  gem 'ruby-audio', '1.6.1'
69
70
  gem 'ruby-nmap', '1.0.1'
70
71
  gem 'ruby-saml', '1.15.0'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.0@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.604]:001 >>> PWN.help
40
+ pwn[v0.4.606]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.0@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.604]:001 >>> PWN.help
55
+ pwn[v0.4.606]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_sast CHANGED
@@ -94,6 +94,7 @@ begin
94
94
  LocationHash
95
95
  Log4J
96
96
  Logger
97
+ MD5
97
98
  OuterHTML
98
99
  Password
99
100
  PHPInputMechanisms
@@ -96,7 +96,7 @@ module PWN
96
96
  # request: 'required - message to ChatGPT'
97
97
  # model: 'optional - model to use for text generation (defaults to text-davinci-003)',
98
98
  # temp: 'optional - creative response float (deafults to 0)',
99
- # max_tokens: 'optional - integer (deafults to 1024)'
99
+ # max_tokens: 'optional - integer (defaults to 3_072)'
100
100
  # )
101
101
 
102
102
  public_class_method def self.chat_gpt(opts = {})
@@ -107,7 +107,7 @@ module PWN
107
107
  temp = opts[:temp].to_f
108
108
  temp = 0 unless temp.positive?
109
109
  max_tokens = opts[:max_tokens].to_i
110
- max_tokens = 1024 unless max_tokens.positive?
110
+ max_tokens = 3_072 unless max_tokens.positive?
111
111
 
112
112
  rest_call = 'completions'
113
113
 
@@ -183,7 +183,7 @@ module PWN
183
183
  request: 'required - message to ChatGPT',
184
184
  model: 'optional - model to use for text generation (defaults to text-davinci-003)',
185
185
  temp: 'optional - creative response float (deafults to 0)',
186
- max_tokens: 'optional - integer (deafults to 1024)'
186
+ max_tokens: 'optional - integer (deafults to 3_072)'
187
187
  )
188
188
 
189
189
  response = #{self}.img_gen(
@@ -0,0 +1,143 @@
1
+ # frozen_string_literal: false
2
+
3
+ require 'socket'
4
+
5
+ module PWN
6
+ module SAST
7
+ # SAST Module used to identify MD5 hash related objects, methods, classes, etc.
8
+ # to determine if deprecated hashing is still supported.
9
+ module MD5
10
+ @@logger = PWN::Plugins::PWNLogger.create
11
+
12
+ # Supported Method Parameters::
13
+ # PWN::SAST::MD5.scan(
14
+ # dir_path: 'optional path to dir defaults to .'
15
+ # git_repo_root_uri: 'optional http uri of git repo scanned'
16
+ # )
17
+
18
+ public_class_method def self.scan(opts = {})
19
+ dir_path = opts[:dir_path]
20
+ git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
21
+ result_arr = []
22
+ logger_results = ''
23
+
24
+ PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
25
+ if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
26
+ line_no_and_contents_arr = []
27
+ entry_beautified = false
28
+
29
+ if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
30
+ js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub
31
+ entry = "#{entry}.JS-BEAUTIFIED"
32
+ entry_beautified = true
33
+ end
34
+
35
+ test_case_filter = "
36
+ grep -n \
37
+ -ei 'md5' #{entry}
38
+ "
39
+
40
+ str = `#{test_case_filter}`.to_s.scrub
41
+
42
+ if str.to_s.empty?
43
+ # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
44
+ logger_results = "#{logger_results}~" # Catching bugs is good :)
45
+ else
46
+ str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
47
+
48
+ hash_line = {
49
+ timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
50
+ security_references: security_references,
51
+ filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
52
+ line_no_and_contents: '',
53
+ raw_content: str,
54
+ test_case_filter: test_case_filter
55
+ }
56
+
57
+ # COMMMENT: Must be a better way to implement this (regex is kinda funky)
58
+ line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
59
+ line_no_count = line_contents_split.length # This should always be an even number
60
+ current_count = 0
61
+ while line_no_count > current_count
62
+ line_no = line_contents_split[current_count]
63
+ contents = line_contents_split[current_count + 1]
64
+ if Dir.exist?("#{dir_path}/.git") ||
65
+ Dir.exist?('.git')
66
+
67
+ repo_root = dir_path
68
+ repo_root = '.' if Dir.exist?('.git')
69
+
70
+ author = PWN::Plugins::Git.get_author(
71
+ repo_root: repo_root,
72
+ from_line: line_no,
73
+ to_line: line_no,
74
+ target_file: entry,
75
+ entry_beautified: entry_beautified
76
+ )
77
+ else
78
+ author = 'N/A'
79
+ end
80
+ hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
81
+ line_no: line_no,
82
+ contents: contents,
83
+ author: author
84
+ )
85
+
86
+ current_count += 2
87
+ end
88
+ result_arr.push(hash_line)
89
+ logger_results = "#{logger_results}x" # Seeing progress is good :)
90
+ end
91
+ end
92
+ end
93
+ logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
94
+ if logger_results.empty?
95
+ @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
96
+ else
97
+ @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
98
+ end
99
+ result_arr
100
+ rescue StandardError => e
101
+ raise e
102
+ end
103
+
104
+ # Used primarily to map NIST 800-53 Revision 4 Security Controls
105
+ # https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
106
+ # to PWN Exploit & Static Code Anti-Pattern Matching Modules to
107
+ # Determine the level of Testing Coverage w/ PWN.
108
+
109
+ public_class_method def self.security_references
110
+ {
111
+ sast_module: self,
112
+ section: 'MALICIOUS CODE PROTECTION',
113
+ nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control?version=5.1&number=SC-28',
114
+ cwe_id: '328',
115
+ cwe_uri: 'https://cwe.mitre.org/data/definitions/328.html'
116
+ }
117
+ rescue StandardError => e
118
+ raise e
119
+ end
120
+
121
+ # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
122
+
123
+ public_class_method def self.authors
124
+ "AUTHOR(S):
125
+ 0day Inc. <request.pentest@0dayinc.com>
126
+ "
127
+ end
128
+
129
+ # Display Usage for this Module
130
+
131
+ public_class_method def self.help
132
+ puts "USAGE:
133
+ sast_arr = #{self}.scan(
134
+ dir_path: 'optional path to dir defaults to .',
135
+ git_repo_root_uri: 'optional http uri of git repo scanned'
136
+ )
137
+
138
+ #{self}.authors
139
+ "
140
+ end
141
+ end
142
+ end
143
+ end
data/lib/pwn/sast.rb CHANGED
@@ -27,6 +27,7 @@ module PWN
27
27
  autoload :LocationHash, 'pwn/sast/location_hash'
28
28
  autoload :Log4J, 'pwn/sast/log4j'
29
29
  autoload :Logger, 'pwn/sast/logger'
30
+ autoload :MD5, 'pwn/sast/md5'
30
31
  autoload :OuterHTML, 'pwn/sast/outer_html'
31
32
  autoload :Password, 'pwn/sast/password'
32
33
  autoload :PHPInputMechanisms, 'pwn/sast/php_input_mechanisms'
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.604'
4
+ VERSION = '0.4.606'
5
5
  end
@@ -0,0 +1,25 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'spec_helper'
4
+
5
+ describe PWN::SAST::MD5 do
6
+ it 'scan method should exist' do
7
+ scan_response = PWN::SAST::MD5
8
+ expect(scan_response).to respond_to :scan
9
+ end
10
+
11
+ it 'should display information for security_references' do
12
+ security_references_response = PWN::SAST::MD5
13
+ expect(security_references_response).to respond_to :security_references
14
+ end
15
+
16
+ it 'should display information for authors' do
17
+ authors_response = PWN::SAST::MD5
18
+ expect(authors_response).to respond_to :authors
19
+ end
20
+
21
+ it 'should display information for existing help method' do
22
+ help_response = PWN::SAST::MD5
23
+ expect(help_response).to respond_to :help
24
+ end
25
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.604
4
+ version: 0.4.606
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-14 00:00:00.000000000 Z
11
+ date: 2023-01-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.0.4
19
+ version: 7.0.4.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.0.4
26
+ version: 7.0.4.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: anemone
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - ">="
116
116
  - !ruby/object:Gem::Version
117
- version: 2.4.3
117
+ version: 2.4.5
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - ">="
123
123
  - !ruby/object:Gem::Version
124
- version: 2.4.3
124
+ version: 2.4.5
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: bundler-audit
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -220,6 +220,20 @@ dependencies:
220
220
  - - '='
221
221
  - !ruby/object:Gem::Version
222
222
  version: 0.11.1
223
+ - !ruby/object:Gem::Dependency
224
+ name: ffi
225
+ requirement: !ruby/object:Gem::Requirement
226
+ requirements:
227
+ - - '='
228
+ - !ruby/object:Gem::Version
229
+ version: 1.15.5
230
+ type: :runtime
231
+ prerelease: false
232
+ version_requirements: !ruby/object:Gem::Requirement
233
+ requirements:
234
+ - - '='
235
+ - !ruby/object:Gem::Version
236
+ version: 1.15.5
223
237
  - !ruby/object:Gem::Dependency
224
238
  name: fftw3
225
239
  requirement: !ruby/object:Gem::Requirement
@@ -716,14 +730,14 @@ dependencies:
716
730
  requirements:
717
731
  - - '='
718
732
  - !ruby/object:Gem::Version
719
- version: 1.43.0
733
+ version: 1.44.0
720
734
  type: :runtime
721
735
  prerelease: false
722
736
  version_requirements: !ruby/object:Gem::Requirement
723
737
  requirements:
724
738
  - - '='
725
739
  - !ruby/object:Gem::Version
726
- version: 1.43.0
740
+ version: 1.44.0
727
741
  - !ruby/object:Gem::Dependency
728
742
  name: rubocop-rake
729
743
  requirement: !ruby/object:Gem::Requirement
@@ -744,14 +758,14 @@ dependencies:
744
758
  requirements:
745
759
  - - '='
746
760
  - !ruby/object:Gem::Version
747
- version: 2.17.0
761
+ version: 2.18.1
748
762
  type: :runtime
749
763
  prerelease: false
750
764
  version_requirements: !ruby/object:Gem::Requirement
751
765
  requirements:
752
766
  - - '='
753
767
  - !ruby/object:Gem::Version
754
- version: 2.17.0
768
+ version: 2.18.1
755
769
  - !ruby/object:Gem::Dependency
756
770
  name: ruby-audio
757
771
  requirement: !ruby/object:Gem::Requirement
@@ -1669,6 +1683,7 @@ files:
1669
1683
  - lib/pwn/sast/location_hash.rb
1670
1684
  - lib/pwn/sast/log4j.rb
1671
1685
  - lib/pwn/sast/logger.rb
1686
+ - lib/pwn/sast/md5.rb
1672
1687
  - lib/pwn/sast/outer_html.rb
1673
1688
  - lib/pwn/sast/password.rb
1674
1689
  - lib/pwn/sast/php_input_mechanisms.rb
@@ -1969,6 +1984,7 @@ files:
1969
1984
  - spec/lib/pwn/sast/location_hash_spec.rb
1970
1985
  - spec/lib/pwn/sast/log4j_spec.rb
1971
1986
  - spec/lib/pwn/sast/logger_spec.rb
1987
+ - spec/lib/pwn/sast/md5_spec.rb
1972
1988
  - spec/lib/pwn/sast/password_spec.rb
1973
1989
  - spec/lib/pwn/sast/php_input_mechanisms_spec.rb
1974
1990
  - spec/lib/pwn/sast/php_type_juggling_spec.rb
@@ -2062,7 +2078,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
2062
2078
  - !ruby/object:Gem::Version
2063
2079
  version: '0'
2064
2080
  requirements: []
2065
- rubygems_version: 3.4.3
2081
+ rubygems_version: 3.4.5
2066
2082
  signing_key:
2067
2083
  specification_version: 4
2068
2084
  summary: Automated Security Testing for CI/CD Pipelines & Beyond