pwn 0.4.615 → 0.4.617

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f7f860216331838f7c749b9cd6a3d4b1b7aaca61540fc33d672529e15c44c0e7
-  data.tar.gz: 52dd730de77b406d7223012623f89f8d81f94e9a75e3aab9d324025c2ed431aa
+  metadata.gz: 7ce0b8306b27187a799b6b6663fabcb1cd4b867c416821839afbdc919c30c223
+  data.tar.gz: 23bae66a8f9ab8b2aadb100ba2a8917534c2ff16810e0751f53a7fedc8c8147b
 SHA512:
-  metadata.gz: 2a94188fafdf616ec78374ca4b268083e34f4ce42126c533432800bf92fa932336b4d84443e5ccf7bd1d81b52cd15716ca10ded467ae1c9ef02aaca41ad4b659
-  data.tar.gz: 54e621285393b7ce02b40a88ec289add5f076e8a43198c2d6dd4e5c62e3f528ffc91aa820c5d15e936ef0bd7c4a85c112dad4eb96c2111a5a8b1e99f5f58cae7
+  metadata.gz: 65c3e9b98ee212b202eb1bce9f94ec8166e922f82d89db136ab3102ddf423c3a260f47e495eb5d11ed32a9a5404e5729432f450938bf294b866c71464e637675
+  data.tar.gz: 1806d7bb3c43b009d2167fc56c10a9a3b25cb9d745b2966b7c3537cb44390b9d1f36c9cf22cb3213d1a7a19cf20dd840216a0805c14bb1a88bda1424bb0d842c

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2023-01-12 23:49:41 UTC using RuboCop version 1.43.0.
+# on 2023-03-07 16:56:25 UTC using RuboCop version 1.48.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -17,37 +17,43 @@ Layout/LineContinuationSpacing:
     - 'packer/provisioners/wpscan.rb'
     - 'vagrant/provisioners/beef.rb'
 
-# Offense count: 268
+# Offense count: 270
 Lint/UselessAssignment:
   Enabled: false
 
-# Offense count: 629
+# Offense count: 631
 Lint/UselessRescue:
   Enabled: false
 
-# Offense count: 270
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, CountRepeatedAttributes.
+# Offense count: 271
+# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
   Max: 328
 
-# Offense count: 68
-# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 69
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
 # AllowedMethods: refine
 Metrics/BlockLength:
   Max: 196
 
-# Offense count: 46
+# Offense count: 47
 # Configuration parameters: CountBlocks.
 Metrics/BlockNesting:
   Max: 5
 
-# Offense count: 97
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 1
+# Configuration parameters: LengthThreshold.
+Metrics/CollectionLiteralLength:
+  Exclude:
+    - 'lib/pwn/plugins/uri_scheme.rb'
+
+# Offense count: 98
+# Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/CyclomaticComplexity:
   Max: 231
 
-# Offense count: 492
-# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 493
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
   Max: 466
 
@@ -56,12 +62,12 @@ Metrics/MethodLength:
 Metrics/ModuleLength:
   Max: 1186
 
-# Offense count: 89
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 90
+# Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/PerceivedComplexity:
   Max: 51
 
-# Offense count: 165
+# Offense count: 166
 Style/ClassVars:
   Enabled: false
 
@@ -102,14 +108,14 @@ Style/RedundantStringEscape:
     - 'lib/pwn/sast/redos.rb'
     - 'vagrant/provisioners/kali_customize.rb'
 
-# Offense count: 45
+# Offense count: 46
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
   Enabled: false
 
-# Offense count: 575
+# Offense count: 579
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, IgnoredPatterns.
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
 # URISchemes: http, https
 Layout/LineLength:
   Max: 1620

data/Gemfile

@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.1.0'
 gem 'bettercap', '1.6.2'
 gem 'brakeman', '5.4.1'
 gem 'bson', '4.15.0'
-gem 'bundler', '>=2.4.7'
+gem 'bundler', '>=2.4.8'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.20.3'
 gem 'colorize', '0.8.1'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-ruby-3.2.1@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.615]:001 >>> PWN.help
+pwn[v0.4.617]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-ruby-3.2.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.615]:001 >>> PWN.help
+pwn[v0.4.617]:001 >>> PWN.help
 ```
 
 

data/bin/pwn_diff_csv_files_w_column_exclude

@@ -0,0 +1,114 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'optparse'
+require 'csv'
+
+opts = {}
+OptionParser.new do |options|
+  options.banner = "USAGE:
+    #{$PROGRAM_NAME} [opts]
+    EXAMPLE w/ Tenable Nessus Results:
+    #{$PROGRAM_NAME} \\
+      --csv-a vuln_scan1.csv \\
+      --csv-b vuln_scan2.csv \\
+      --csv-diff vuln_scan_diff.csv \\
+      --exclude-column-names 'Synopsis,Description,Solution,See Also,Plugin Output,Asset UUID,Vulnerability State,IP Address,FQDN,NetBios,OS,MAC Address,Plugin Family,CVSS Base Score,CVSS Temporal Score,CVSS Temporal Vector,CVSS Vector,CVSS3 Base Score,CVSS3 Temporal Score,CVSS3 Temporal Vector,CVSS3 Vector,System Type,Host Start,Host End,Vulnerability Priority Rating (VPR),First Found,Last Found,Host Scan Schedule ID,Host Scan ID,Indexed At,Last Authenticated Results Date,Last Unauthenticated Results Date,Tracked,Risk Factor,Severity,Original Severity,Modification,Plugin Family ID,Plugin Type,Plugin Version,Service,Plugin Modification Date,Plugin Publication Date,Checks for Malware,Exploit Available,Exploited by Malware,Exploited by Nessus,CANVAS,D2 Elliot,Metasploit,Core Exploits,ExploitHub,Default Account,Patch Available,In The News,Unsupported By Vendor,Last Fixed'
+  "
+
+  options.on('-aCSV', '--csv-a=CSV', '<Required - First CSV to Compare)>') do |c1|
+    opts[:c1_path] = c1
+  end
+
+  options.on('-bCSV', '--csv-b=CSV', '<Required - Second CSV to Compare)>') do |c2|
+    opts[:c2_path] = c2
+  end
+
+  options.on('-dDIFF', '--csv-diff=DIFF', '<Required - Path of CSV Diff to Generate)>') do |d|
+    opts[:diff_path] = d
+  end
+
+  options.on('-eNAMES', '--exclude-column-names=NAMES', '<Optional - Comma-Delimited List of Column Names to Exclude)>') do |n|
+    opts[:column_names_to_exclude] = n
+  end
+
+  options.on('-n', '--no-headers', '<Optional - Redact CSV Headers in CSV Diff>') do |h|
+    opts[:no_headers] = h
+  end
+end.parse!
+
+if opts.empty?
+  puts `#{$PROGRAM_NAME} --help`
+  exit 1
+end
+
+def csv_diff(opts = {})
+  larger_csv = opts[:larger_csv]
+  smaller_csv = opts[:smaller_csv]
+  diff_path = opts[:diff_path]
+  include_csv_headers = opts[:include_csv_headers]
+  column_names_to_exclude = opts[:column_names_to_exclude]
+
+  columns_index_arr = []
+  column_names_to_exclude&.each do |column_name|
+    column_index = smaller_csv.first.find_index(column_name)
+    columns_index_arr.push(column_index)
+  end
+
+  if columns_index_arr.any?
+    larger_csv.each do |line_arr|
+      line_arr.delete_if.with_index do |_, index|
+        columns_index_arr.include?(index)
+      end
+    end
+
+    smaller_csv.each do |line_arr|
+      line_arr.delete_if.with_index do |_, index|
+        columns_index_arr.include?(index)
+      end
+    end
+  end
+
+  csv_headers = larger_csv.first.join(',')
+  File.open(diff_path, 'w') do |f|
+    f.puts csv_headers if include_csv_headers
+    larger_csv.each do |line_arr|
+      line = line_arr.join(',')
+      f.puts line unless smaller_csv.include?(line_arr)
+    end
+  end
+end
+
+c1_path = opts[:c1_path]
+csv1 = CSV.read(c1_path)
+
+c2_path = opts[:c2_path]
+csv2 = CSV.read(c2_path)
+
+diff_path = opts[:diff_path]
+
+column_names_to_exclude = opts[:column_names_to_exclude].to_s.split(',')
+
+include_csv_headers = false if opts[:no_headers]
+include_csv_headers ||= true
+
+# Compare which two is larger
+if csv1.length > csv2.length
+  csv_diff(
+    larger_csv: csv1,
+    smaller_csv: csv2,
+    diff_path: diff_path,
+    include_csv_headers: include_csv_headers,
+    column_names_to_exclude: column_names_to_exclude
+  )
+elsif csv1.length < csv2.length
+  csv_diff(
+    larger_csv: csv2,
+    smaller_csv: csv1,
+    diff_path: diff_path,
+    include_csv_headers: include_csv_headers,
+    column_names_to_exclude: column_names_to_exclude
+  )
+else
+  puts "#{c1_path} and #{c2_path} are the same size."
+end

data/lib/pwn/plugins/char.rb

@@ -368,7 +368,7 @@ module PWN
             end
           end
 
-          if File.read(this_file).empty?
+          if File.empty?(this_file)
             File.unlink(this_file)
           else
             print '.'
@@ -376,7 +376,7 @@ module PWN
         rescue StandardError => e
           puts "FILE GENERATION ATTEMPT OF: #{this_file} RESULTED THE FOLLOWING ERROR:"
           puts "#{e.class}: #{e.message}\n#{e.backtrace}\n\n\n"
-          File.unlink(this_file) if File.read(this_file).empty?
+          File.unlink(this_file) if File.empty?(this_file)
           next
         end
         print "\n"

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.615'
+  VERSION = '0.4.617'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.615
+  version: 0.4.617
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-07 00:00:00.000000000 Z
+date: 2023-03-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.7
+        version: 2.4.8
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.7
+        version: 2.4.8
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -1080,6 +1080,7 @@ executables:
 - pwn_defectdojo_engagement_create
 - pwn_defectdojo_importscan
 - pwn_defectdojo_reimportscan
+- pwn_diff_csv_files_w_column_exclude
 - pwn_domain_reversewhois
 - pwn_fuzz_net_app_proto
 - pwn_ibm_appscan_enterprise
@@ -1146,6 +1147,7 @@ files:
 - bin/pwn_defectdojo_engagement_create
 - bin/pwn_defectdojo_importscan
 - bin/pwn_defectdojo_reimportscan
+- bin/pwn_diff_csv_files_w_column_exclude
 - bin/pwn_domain_reversewhois
 - bin/pwn_fuzz_net_app_proto
 - bin/pwn_ibm_appscan_enterprise
@@ -2079,7 +2081,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.7
+rubygems_version: 3.4.8
 signing_key:
 specification_version: 4
 summary: Automated Security Testing for CI/CD Pipelines & Beyond