pwn 0.4.624 → 0.4.626
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -2
- data/README.md +2 -2
- data/lib/pwn/plugins/pwn_logger.rb +23 -5
- data/lib/pwn/version.rb +1 -1
- data/pwn.gemspec +1 -1
- data/spec/lib/pwn/plugins/ansible_vault_spec.rb +15 -0
- data/spec/lib/pwn/plugins/baresip_spec.rb +15 -0
- data/spec/lib/pwn/plugins/openai_spec.rb +15 -0
- data/spec/lib/pwn/plugins/pwn_logger_spec.rb +15 -0
- data/spec/lib/pwn/plugins/voice_spec.rb +15 -0
- data/spec/lib/pwn/sast/outer_html_spec.rb +25 -0
- metadata +13 -8
- data/lib/pwn/plugins/http_intercept_helper.rb +0 -122
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cf7fa86f1fa5d0ebb2ed85f5647c60e05dcb6d86d591666c2b3edf67a97ffbc5
|
4
|
+
data.tar.gz: e5ef0175b120e83ba6f036d322ebf25eaec6de36b609c5c3e48a03193fb56706
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 43f0f14faf88a2b1124363bce8b50e71dbc5a8ac0db23a3836fd46c5dd642d62c0c1ab062ce91516f07dba5b9df29d2d959b4fa57ac13bbc30dcb34b457356af
|
7
|
+
data.tar.gz: 5a6003272fc9d237d2777f7c74865a99aefa51538bcc91984142c5aa421544f1c2ecc482a0d3f7edd2656150daa37a27658adcc6ec268c5fc2ad6ad153af090b
|
data/Gemfile
CHANGED
@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.1.0'
|
|
18
18
|
gem 'bettercap', '1.6.2'
|
19
19
|
gem 'brakeman', '5.4.1'
|
20
20
|
gem 'bson', '4.15.0'
|
21
|
-
gem 'bundler', '>=2.4.
|
21
|
+
gem 'bundler', '>=2.4.9'
|
22
22
|
gem 'bundler-audit', '0.9.1'
|
23
23
|
gem 'bunny', '2.20.3'
|
24
24
|
gem 'colorize', '0.8.1'
|
@@ -82,7 +82,7 @@ gem 'sqlite3', '1.6.1'
|
|
82
82
|
gem 'thin', '1.8.1'
|
83
83
|
gem 'tty-prompt', '0.23.1'
|
84
84
|
gem 'watir', '7.2.2'
|
85
|
-
gem 'waveform', '0.1.
|
85
|
+
gem 'waveform', '0.1.3'
|
86
86
|
gem 'webrick', '1.8.1'
|
87
87
|
gem 'whois', '5.1.0'
|
88
88
|
gem 'whois-parser', '2.0.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-ruby-3.2.1@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.626]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-ruby-3.2.1@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.626]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -10,10 +10,26 @@ module PWN
|
|
10
10
|
# PWN::Plugins::PWNLogger.create(
|
11
11
|
# )
|
12
12
|
|
13
|
-
public_class_method def self.create
|
13
|
+
public_class_method def self.create(opts = {})
|
14
14
|
logger = Logger.new($stdout)
|
15
|
-
|
16
|
-
|
15
|
+
level = opts[:level]
|
16
|
+
|
17
|
+
case level.to_s.downcase.to_sym
|
18
|
+
when :debug
|
19
|
+
logger.level = Logger::DEBUG
|
20
|
+
when :error
|
21
|
+
logger.level = Logger::ERROR
|
22
|
+
when :fatal
|
23
|
+
logger.level = Logger::FATAL
|
24
|
+
when :unknown
|
25
|
+
logger.level = Logger::UNKNOWN
|
26
|
+
when :warn
|
27
|
+
logger.level = Logger::WARN
|
28
|
+
else
|
29
|
+
logger.level = Logger::INFO
|
30
|
+
end
|
31
|
+
|
32
|
+
logger.datetime_format = '%Y-%m-%d %H:%M:%S.%N'
|
17
33
|
|
18
34
|
logger.formatter = proc do |severity, _datetime, _progname, msg|
|
19
35
|
# TODO: Include datetime & progname vars
|
@@ -37,8 +53,10 @@ module PWN
|
|
37
53
|
|
38
54
|
public_class_method def self.help
|
39
55
|
puts "USAGE:
|
40
|
-
logger = #{self}.create(
|
41
|
-
|
56
|
+
logger = #{self}.create(
|
57
|
+
level: 'optional - logging verbosity :debug|:error|:fatal|:info|:unknown|:warn (Defaults to :info)'
|
58
|
+
)
|
59
|
+
#{self}.authors
|
42
60
|
"
|
43
61
|
end
|
44
62
|
end
|
data/lib/pwn/version.rb
CHANGED
data/pwn.gemspec
CHANGED
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
|
|
17
17
|
spec.license = 'MIT'
|
18
18
|
spec.metadata['rubygems_mfa_required'] = 'true'
|
19
19
|
|
20
|
-
spec.files = `git ls-files -z`.split("\
|
20
|
+
spec.files = `git ls-files -z`.split("\x00")
|
21
21
|
spec.executables = spec.files.grep(%r{^bin/}) do |f|
|
22
22
|
File.basename(f)
|
23
23
|
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::Plugins::AnsibleVault do
|
6
|
+
it 'should display information for authors' do
|
7
|
+
authors_response = PWN::Plugins::AnsibleVault
|
8
|
+
expect(authors_response).to respond_to :authors
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for existing help method' do
|
12
|
+
help_response = PWN::Plugins::AnsibleVault
|
13
|
+
expect(help_response).to respond_to :help
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::Plugins::BareSIP do
|
6
|
+
it 'should display information for authors' do
|
7
|
+
authors_response = PWN::Plugins::BareSIP
|
8
|
+
expect(authors_response).to respond_to :authors
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for existing help method' do
|
12
|
+
help_response = PWN::Plugins::BareSIP
|
13
|
+
expect(help_response).to respond_to :help
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::Plugins::OpenAI do
|
6
|
+
it 'should display information for authors' do
|
7
|
+
authors_response = PWN::Plugins::OpenAI
|
8
|
+
expect(authors_response).to respond_to :authors
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for existing help method' do
|
12
|
+
help_response = PWN::Plugins::OpenAI
|
13
|
+
expect(help_response).to respond_to :help
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::Plugins::PWNLogger do
|
6
|
+
it 'should display information for authors' do
|
7
|
+
authors_response = PWN::Plugins::PWNLogger
|
8
|
+
expect(authors_response).to respond_to :authors
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for existing help method' do
|
12
|
+
help_response = PWN::Plugins::PWNLogger
|
13
|
+
expect(help_response).to respond_to :help
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::Plugins::Voice do
|
6
|
+
it 'should display information for authors' do
|
7
|
+
authors_response = PWN::Plugins::Voice
|
8
|
+
expect(authors_response).to respond_to :authors
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for existing help method' do
|
12
|
+
help_response = PWN::Plugins::Voice
|
13
|
+
expect(help_response).to respond_to :help
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::SAST::OuterHTML do
|
6
|
+
it 'scan method should exist' do
|
7
|
+
scan_response = PWN::SAST::OuterHTML
|
8
|
+
expect(scan_response).to respond_to :scan
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for security_references' do
|
12
|
+
security_references_response = PWN::SAST::OuterHTML
|
13
|
+
expect(security_references_response).to respond_to :security_references
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'should display information for authors' do
|
17
|
+
authors_response = PWN::SAST::OuterHTML
|
18
|
+
expect(authors_response).to respond_to :authors
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'should display information for existing help method' do
|
22
|
+
help_response = PWN::SAST::OuterHTML
|
23
|
+
expect(help_response).to respond_to :help
|
24
|
+
end
|
25
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.626
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-03-
|
11
|
+
date: 2023-03-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - ">="
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 2.4.
|
117
|
+
version: 2.4.9
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - ">="
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 2.4.
|
124
|
+
version: 2.4.9
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: bundler-audit
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1010,14 +1010,14 @@ dependencies:
|
|
1010
1010
|
requirements:
|
1011
1011
|
- - '='
|
1012
1012
|
- !ruby/object:Gem::Version
|
1013
|
-
version: 0.1.
|
1013
|
+
version: 0.1.3
|
1014
1014
|
type: :runtime
|
1015
1015
|
prerelease: false
|
1016
1016
|
version_requirements: !ruby/object:Gem::Requirement
|
1017
1017
|
requirements:
|
1018
1018
|
- - '='
|
1019
1019
|
- !ruby/object:Gem::Version
|
1020
|
-
version: 0.1.
|
1020
|
+
version: 0.1.3
|
1021
1021
|
- !ruby/object:Gem::Dependency
|
1022
1022
|
name: webrick
|
1023
1023
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1638,7 +1638,6 @@ files:
|
|
1638
1638
|
- lib/pwn/plugins/git.rb
|
1639
1639
|
- lib/pwn/plugins/github.rb
|
1640
1640
|
- lib/pwn/plugins/hacker_one.rb
|
1641
|
-
- lib/pwn/plugins/http_intercept_helper.rb
|
1642
1641
|
- lib/pwn/plugins/ibm_appscan.rb
|
1643
1642
|
- lib/pwn/plugins/ip_info.rb
|
1644
1643
|
- lib/pwn/plugins/jenkins.rb
|
@@ -1924,7 +1923,9 @@ files:
|
|
1924
1923
|
- spec/lib/pwn/banner_spec.rb
|
1925
1924
|
- spec/lib/pwn/ffi_spec.rb
|
1926
1925
|
- spec/lib/pwn/plugins/android_spec.rb
|
1926
|
+
- spec/lib/pwn/plugins/ansible_vault_spec.rb
|
1927
1927
|
- spec/lib/pwn/plugins/authentication_helper_spec.rb
|
1928
|
+
- spec/lib/pwn/plugins/baresip_spec.rb
|
1928
1929
|
- spec/lib/pwn/plugins/basic_auth_spec.rb
|
1929
1930
|
- spec/lib/pwn/plugins/beef_spec.rb
|
1930
1931
|
- spec/lib/pwn/plugins/burp_suite_spec.rb
|
@@ -1955,11 +1956,13 @@ files:
|
|
1955
1956
|
- spec/lib/pwn/plugins/nmap_it_spec.rb
|
1956
1957
|
- spec/lib/pwn/plugins/oauth2_spec.rb
|
1957
1958
|
- spec/lib/pwn/plugins/ocr_spec.rb
|
1959
|
+
- spec/lib/pwn/plugins/openai_spec.rb
|
1958
1960
|
- spec/lib/pwn/plugins/openvas_spec.rb
|
1959
1961
|
- spec/lib/pwn/plugins/owasp_zap_spec.rb
|
1960
1962
|
- spec/lib/pwn/plugins/packet_spec.rb
|
1961
1963
|
- spec/lib/pwn/plugins/pdf_parse_spec.rb
|
1962
1964
|
- spec/lib/pwn/plugins/pony_spec.rb
|
1965
|
+
- spec/lib/pwn/plugins/pwn_logger_spec.rb
|
1963
1966
|
- spec/lib/pwn/plugins/rabbit_mq_spec.rb
|
1964
1967
|
- spec/lib/pwn/plugins/rfidler_spec.rb
|
1965
1968
|
- spec/lib/pwn/plugins/serial_spec.rb
|
@@ -1973,6 +1976,7 @@ files:
|
|
1973
1976
|
- spec/lib/pwn/plugins/transparent_browser_spec.rb
|
1974
1977
|
- spec/lib/pwn/plugins/twitter_api_spec.rb
|
1975
1978
|
- spec/lib/pwn/plugins/uri_scheme_spec.rb
|
1979
|
+
- spec/lib/pwn/plugins/voice_spec.rb
|
1976
1980
|
- spec/lib/pwn/plugins/vsphere_spec.rb
|
1977
1981
|
- spec/lib/pwn/plugins_spec.rb
|
1978
1982
|
- spec/lib/pwn/reports/fuzz_spec.rb
|
@@ -2002,6 +2006,7 @@ files:
|
|
2002
2006
|
- spec/lib/pwn/sast/log4j_spec.rb
|
2003
2007
|
- spec/lib/pwn/sast/logger_spec.rb
|
2004
2008
|
- spec/lib/pwn/sast/md5_spec.rb
|
2009
|
+
- spec/lib/pwn/sast/outer_html_spec.rb
|
2005
2010
|
- spec/lib/pwn/sast/password_spec.rb
|
2006
2011
|
- spec/lib/pwn/sast/php_input_mechanisms_spec.rb
|
2007
2012
|
- spec/lib/pwn/sast/php_type_juggling_spec.rb
|
@@ -2095,7 +2100,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
2095
2100
|
- !ruby/object:Gem::Version
|
2096
2101
|
version: '0'
|
2097
2102
|
requirements: []
|
2098
|
-
rubygems_version: 3.4.
|
2103
|
+
rubygems_version: 3.4.9
|
2099
2104
|
signing_key:
|
2100
2105
|
specification_version: 4
|
2101
2106
|
summary: Automated Security Testing for CI/CD Pipelines & Beyond
|
@@ -1,122 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module PWN
|
4
|
-
module Plugins
|
5
|
-
# This plugin was created to generate UTF-8 characters for fuzzing
|
6
|
-
module HTTPInterceptHelper
|
7
|
-
@@logger = PWN::Plugins::PWNLogger.create
|
8
|
-
|
9
|
-
# Supported Method Parameters::
|
10
|
-
# request_hash = PWN::Plugins::HTTPInterceptHelper.raw_to_hash(
|
11
|
-
# request_raw: 'required => raw http request string to convert to hash'
|
12
|
-
# )
|
13
|
-
|
14
|
-
public_class_method def self.raw_to_hash(opts = {})
|
15
|
-
request_raw = opts[:request_raw].to_s
|
16
|
-
request_hash = {}
|
17
|
-
|
18
|
-
# Basic Parsing Begins
|
19
|
-
raw_intercepted_request_arr = request_raw.split("\r\n")
|
20
|
-
|
21
|
-
# Parse HTTP Protocol Request Line
|
22
|
-
raw_request_line_arr = raw_intercepted_request_arr[0].split
|
23
|
-
request_hash[:http_method] = raw_request_line_arr[0].to_s.upcase.to_sym
|
24
|
-
request_hash[:http_resource_path] = URI.parse(raw_request_line_arr[1])
|
25
|
-
request_hash[:http_version] = raw_request_line_arr[-1]
|
26
|
-
|
27
|
-
# Begin Parsing HTTP Headers & Body (If Applicable)
|
28
|
-
request_hash[:http_headers] = {}
|
29
|
-
|
30
|
-
case request_hash[:http_method]
|
31
|
-
when :CONNECT,
|
32
|
-
:DELETE,
|
33
|
-
:GET,
|
34
|
-
:HEAD,
|
35
|
-
:OPTIONS,
|
36
|
-
:PATCH,
|
37
|
-
:PUT,
|
38
|
-
:TRACE
|
39
|
-
puts request_hash[:http_method]
|
40
|
-
when :POST
|
41
|
-
# Parse HTTP Headers
|
42
|
-
raw_intercepted_request_arr[1..-1].each do |val|
|
43
|
-
break if val == '' # This may cause issues
|
44
|
-
|
45
|
-
key = ''
|
46
|
-
val.each_char do |char|
|
47
|
-
break if char == ':'
|
48
|
-
|
49
|
-
key = "#{key}#{char}"
|
50
|
-
end
|
51
|
-
|
52
|
-
header_val = val.gsub(/^#{key}:/, '').strip
|
53
|
-
|
54
|
-
request_hash[:http_headers][key.to_sym] = header_val
|
55
|
-
end
|
56
|
-
|
57
|
-
# Parse HTTP Body
|
58
|
-
raw_request_body = []
|
59
|
-
raw_intercepted_request_arr[1..-1].each_with_index do |val, index|
|
60
|
-
next if val != '' # This may cause issues
|
61
|
-
|
62
|
-
break_index = index + 2
|
63
|
-
request_hash[:http_body] = raw_intercepted_request_arr[break_index..-1].join(',')
|
64
|
-
end
|
65
|
-
else
|
66
|
-
raise "HTTP Method: #{request_hash[:http_method]} Currently Unsupported>"
|
67
|
-
end
|
68
|
-
|
69
|
-
request_hash
|
70
|
-
rescue StandardError => e
|
71
|
-
raise e
|
72
|
-
end
|
73
|
-
|
74
|
-
# Supported Method Parameters::
|
75
|
-
# request_raw = PWN::Plugins::HTTPInterceptHelper.hash_to_raw(
|
76
|
-
# request_hash: 'required => request_hash object returned by #raw_to_hash method'
|
77
|
-
# )
|
78
|
-
|
79
|
-
public_class_method def self.hash_to_raw(opts = {})
|
80
|
-
request_hash = opts[:request_hash]
|
81
|
-
|
82
|
-
# Populate HTTP Request Line
|
83
|
-
request_raw = "#{request_hash[:http_method]} "
|
84
|
-
request_raw = "#{request_raw}#{request_hash[:http_resource_path]} "
|
85
|
-
request_raw = "#{request_raw}#{request_hash[:http_version]}\r\n"
|
86
|
-
|
87
|
-
# Populate HTTP Headers
|
88
|
-
request_hash[:http_headers].each do |key, header_val|
|
89
|
-
request_raw = "#{request_raw}#{key}: #{header_val}\r\n"
|
90
|
-
end
|
91
|
-
|
92
|
-
# Populate HTTP Body (If Applicable)
|
93
|
-
request_raw = "#{request_raw}\r\n"
|
94
|
-
request_raw = "#{request_raw}#{request_hash[:http_body]}" unless request_hash[:http_body] == ''
|
95
|
-
rescue StandardError => e
|
96
|
-
raise e
|
97
|
-
end
|
98
|
-
|
99
|
-
# Author(s):: 0day Inc. <request.pentest@0dayinc.com>
|
100
|
-
|
101
|
-
public_class_method def self.authors
|
102
|
-
"AUTHOR(S):
|
103
|
-
0day Inc. <request.pentest@0dayinc.com>
|
104
|
-
"
|
105
|
-
end
|
106
|
-
|
107
|
-
# Display Usage for this Module
|
108
|
-
|
109
|
-
public_class_method def self.help
|
110
|
-
puts "USAGE:
|
111
|
-
request_hash = PWN::Plugins::HTTPInterceptHelper.raw_to_hash(
|
112
|
-
request_raw: 'required => raw http request string to convert to hash'
|
113
|
-
)
|
114
|
-
|
115
|
-
request_raw = PWN::Plugins::HTTPInterceptHelper.hash_to_raw(
|
116
|
-
request_hash: 'required => request_hash object returned by #raw_to_hash method'
|
117
|
-
)
|
118
|
-
"
|
119
|
-
end
|
120
|
-
end
|
121
|
-
end
|
122
|
-
end
|