pwn 0.4.624 → 0.4.626

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a78b67861e897a121c0070966df9a0fb8cdd0345c3b7a8f1cac5eeb2e87761c2
-  data.tar.gz: 14fc2a4be2a0a4481346f3a7fee285d057269194f4c06bdd4a9066206b42b3f5
+  metadata.gz: cf7fa86f1fa5d0ebb2ed85f5647c60e05dcb6d86d591666c2b3edf67a97ffbc5
+  data.tar.gz: e5ef0175b120e83ba6f036d322ebf25eaec6de36b609c5c3e48a03193fb56706
 SHA512:
-  metadata.gz: 8b07c0e46d4bfc0e05999a631fc0e7110385a7f4c4d37e8266ecf10c73111c4e0a587d7e171c0d6be2511862ad3a7ddf895bf48e4419a7aa37c89301da01381d
-  data.tar.gz: 86637fd75827ef7618fc4daad8cf124898c3b8e53ec07a5f1e19c118f56981da48623bf73c53a320991dd38494307fbb26e145252fbfca6b7867202858b2023e
+  metadata.gz: 43f0f14faf88a2b1124363bce8b50e71dbc5a8ac0db23a3836fd46c5dd642d62c0c1ab062ce91516f07dba5b9df29d2d959b4fa57ac13bbc30dcb34b457356af
+  data.tar.gz: 5a6003272fc9d237d2777f7c74865a99aefa51538bcc91984142c5aa421544f1c2ecc482a0d3f7edd2656150daa37a27658adcc6ec268c5fc2ad6ad153af090b

data/Gemfile

@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.1.0'
 gem 'bettercap', '1.6.2'
 gem 'brakeman', '5.4.1'
 gem 'bson', '4.15.0'
-gem 'bundler', '>=2.4.8'
+gem 'bundler', '>=2.4.9'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.20.3'
 gem 'colorize', '0.8.1'
@@ -82,7 +82,7 @@ gem 'sqlite3', '1.6.1'
 gem 'thin', '1.8.1'
 gem 'tty-prompt', '0.23.1'
 gem 'watir', '7.2.2'
-gem 'waveform', '0.1.2'
+gem 'waveform', '0.1.3'
 gem 'webrick', '1.8.1'
 gem 'whois', '5.1.0'
 gem 'whois-parser', '2.0.0'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-ruby-3.2.1@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.624]:001 >>> PWN.help
+pwn[v0.4.626]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-ruby-3.2.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.624]:001 >>> PWN.help
+pwn[v0.4.626]:001 >>> PWN.help
 ```
 
 

data/lib/pwn/plugins/pwn_logger.rb

@@ -10,10 +10,26 @@ module PWN
       # PWN::Plugins::PWNLogger.create(
       # )
 
-      public_class_method def self.create
+      public_class_method def self.create(opts = {})
         logger = Logger.new($stdout)
-        logger.level = Logger::INFO
-        logger.datetime_format = '%Y-%m-%d %H:%M:%S'
+        level = opts[:level]
+
+        case level.to_s.downcase.to_sym
+        when :debug
+          logger.level = Logger::DEBUG
+        when :error
+          logger.level = Logger::ERROR
+        when :fatal
+          logger.level = Logger::FATAL
+        when :unknown
+          logger.level = Logger::UNKNOWN
+        when :warn
+          logger.level = Logger::WARN
+        else
+          logger.level = Logger::INFO
+        end
+
+        logger.datetime_format = '%Y-%m-%d %H:%M:%S.%N'
 
         logger.formatter = proc do |severity, _datetime, _progname, msg|
           # TODO: Include datetime & progname vars
@@ -37,8 +53,10 @@ module PWN
 
       public_class_method def self.help
         puts "USAGE:
-          logger = #{self}.create()
-         #{self}.authors
+          logger = #{self}.create(
+            level: 'optional - logging verbosity :debug|:error|:fatal|:info|:unknown|:warn (Defaults to :info)'
+          )
+          #{self}.authors
         "
       end
     end

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.624'
+  VERSION = '0.4.626'
 end

data/pwn.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.license = 'MIT'
   spec.metadata['rubygems_mfa_required'] = 'true'
 
-  spec.files = `git ls-files -z`.split("\x0")
+  spec.files = `git ls-files -z`.split("\x00")
   spec.executables = spec.files.grep(%r{^bin/}) do |f|
     File.basename(f)
   end

data/spec/lib/pwn/plugins/ansible_vault_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Plugins::AnsibleVault do
+  it 'should display information for authors' do
+    authors_response = PWN::Plugins::AnsibleVault
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Plugins::AnsibleVault
+    expect(help_response).to respond_to :help
+  end
+end

data/spec/lib/pwn/plugins/baresip_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Plugins::BareSIP do
+  it 'should display information for authors' do
+    authors_response = PWN::Plugins::BareSIP
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Plugins::BareSIP
+    expect(help_response).to respond_to :help
+  end
+end

data/spec/lib/pwn/plugins/openai_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Plugins::OpenAI do
+  it 'should display information for authors' do
+    authors_response = PWN::Plugins::OpenAI
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Plugins::OpenAI
+    expect(help_response).to respond_to :help
+  end
+end

data/spec/lib/pwn/plugins/pwn_logger_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Plugins::PWNLogger do
+  it 'should display information for authors' do
+    authors_response = PWN::Plugins::PWNLogger
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Plugins::PWNLogger
+    expect(help_response).to respond_to :help
+  end
+end

data/spec/lib/pwn/plugins/voice_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Plugins::Voice do
+  it 'should display information for authors' do
+    authors_response = PWN::Plugins::Voice
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Plugins::Voice
+    expect(help_response).to respond_to :help
+  end
+end

data/spec/lib/pwn/sast/outer_html_spec.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::SAST::OuterHTML do
+  it 'scan method should exist' do
+    scan_response = PWN::SAST::OuterHTML
+    expect(scan_response).to respond_to :scan
+  end
+
+  it 'should display information for security_references' do
+    security_references_response = PWN::SAST::OuterHTML
+    expect(security_references_response).to respond_to :security_references
+  end
+
+  it 'should display information for authors' do
+    authors_response = PWN::SAST::OuterHTML
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::SAST::OuterHTML
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.624
+  version: 0.4.626
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-17 00:00:00.000000000 Z
+date: 2023-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.8
+        version: 2.4.9
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.8
+        version: 2.4.9
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -1010,14 +1010,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.1.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.1.3
 - !ruby/object:Gem::Dependency
   name: webrick
   requirement: !ruby/object:Gem::Requirement
@@ -1638,7 +1638,6 @@ files:
 - lib/pwn/plugins/git.rb
 - lib/pwn/plugins/github.rb
 - lib/pwn/plugins/hacker_one.rb
-- lib/pwn/plugins/http_intercept_helper.rb
 - lib/pwn/plugins/ibm_appscan.rb
 - lib/pwn/plugins/ip_info.rb
 - lib/pwn/plugins/jenkins.rb
@@ -1924,7 +1923,9 @@ files:
 - spec/lib/pwn/banner_spec.rb
 - spec/lib/pwn/ffi_spec.rb
 - spec/lib/pwn/plugins/android_spec.rb
+- spec/lib/pwn/plugins/ansible_vault_spec.rb
 - spec/lib/pwn/plugins/authentication_helper_spec.rb
+- spec/lib/pwn/plugins/baresip_spec.rb
 - spec/lib/pwn/plugins/basic_auth_spec.rb
 - spec/lib/pwn/plugins/beef_spec.rb
 - spec/lib/pwn/plugins/burp_suite_spec.rb
@@ -1955,11 +1956,13 @@ files:
 - spec/lib/pwn/plugins/nmap_it_spec.rb
 - spec/lib/pwn/plugins/oauth2_spec.rb
 - spec/lib/pwn/plugins/ocr_spec.rb
+- spec/lib/pwn/plugins/openai_spec.rb
 - spec/lib/pwn/plugins/openvas_spec.rb
 - spec/lib/pwn/plugins/owasp_zap_spec.rb
 - spec/lib/pwn/plugins/packet_spec.rb
 - spec/lib/pwn/plugins/pdf_parse_spec.rb
 - spec/lib/pwn/plugins/pony_spec.rb
+- spec/lib/pwn/plugins/pwn_logger_spec.rb
 - spec/lib/pwn/plugins/rabbit_mq_spec.rb
 - spec/lib/pwn/plugins/rfidler_spec.rb
 - spec/lib/pwn/plugins/serial_spec.rb
@@ -1973,6 +1976,7 @@ files:
 - spec/lib/pwn/plugins/transparent_browser_spec.rb
 - spec/lib/pwn/plugins/twitter_api_spec.rb
 - spec/lib/pwn/plugins/uri_scheme_spec.rb
+- spec/lib/pwn/plugins/voice_spec.rb
 - spec/lib/pwn/plugins/vsphere_spec.rb
 - spec/lib/pwn/plugins_spec.rb
 - spec/lib/pwn/reports/fuzz_spec.rb
@@ -2002,6 +2006,7 @@ files:
 - spec/lib/pwn/sast/log4j_spec.rb
 - spec/lib/pwn/sast/logger_spec.rb
 - spec/lib/pwn/sast/md5_spec.rb
+- spec/lib/pwn/sast/outer_html_spec.rb
 - spec/lib/pwn/sast/password_spec.rb
 - spec/lib/pwn/sast/php_input_mechanisms_spec.rb
 - spec/lib/pwn/sast/php_type_juggling_spec.rb
@@ -2095,7 +2100,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.8
+rubygems_version: 3.4.9
 signing_key:
 specification_version: 4
 summary: Automated Security Testing for CI/CD Pipelines & Beyond

data/lib/pwn/plugins/http_intercept_helper.rb

@@ -1,122 +0,0 @@
-# frozen_string_literal: true
-
-module PWN
-  module Plugins
-    # This plugin was created to generate UTF-8 characters for fuzzing
-    module HTTPInterceptHelper
-      @@logger = PWN::Plugins::PWNLogger.create
-
-      # Supported Method Parameters::
-      # request_hash = PWN::Plugins::HTTPInterceptHelper.raw_to_hash(
-      #   request_raw: 'required => raw http request string to convert to hash'
-      # )
-
-      public_class_method def self.raw_to_hash(opts = {})
-        request_raw = opts[:request_raw].to_s
-        request_hash = {}
-
-        # Basic Parsing Begins
-        raw_intercepted_request_arr = request_raw.split("\r\n")
-
-        # Parse HTTP Protocol Request Line
-        raw_request_line_arr = raw_intercepted_request_arr[0].split
-        request_hash[:http_method] = raw_request_line_arr[0].to_s.upcase.to_sym
-        request_hash[:http_resource_path] = URI.parse(raw_request_line_arr[1])
-        request_hash[:http_version] = raw_request_line_arr[-1]
-
-        # Begin Parsing HTTP Headers & Body (If Applicable)
-        request_hash[:http_headers] = {}
-
-        case request_hash[:http_method]
-        when :CONNECT,
-             :DELETE,
-             :GET,
-             :HEAD,
-             :OPTIONS,
-             :PATCH,
-             :PUT,
-             :TRACE
-          puts request_hash[:http_method]
-        when :POST
-          # Parse HTTP Headers
-          raw_intercepted_request_arr[1..-1].each do |val|
-            break if val == '' # This may cause issues
-
-            key = ''
-            val.each_char do |char|
-              break if char == ':'
-
-              key = "#{key}#{char}"
-            end
-
-            header_val = val.gsub(/^#{key}:/, '').strip
-
-            request_hash[:http_headers][key.to_sym] = header_val
-          end
-
-          # Parse HTTP Body
-          raw_request_body = []
-          raw_intercepted_request_arr[1..-1].each_with_index do |val, index|
-            next if val != '' # This may cause issues
-
-            break_index = index + 2
-            request_hash[:http_body] = raw_intercepted_request_arr[break_index..-1].join(',')
-          end
-        else
-          raise "HTTP Method: #{request_hash[:http_method]} Currently Unsupported>"
-        end
-
-        request_hash
-      rescue StandardError => e
-        raise e
-      end
-
-      # Supported Method Parameters::
-      # request_raw = PWN::Plugins::HTTPInterceptHelper.hash_to_raw(
-      #   request_hash: 'required => request_hash object returned by #raw_to_hash method'
-      # )
-
-      public_class_method def self.hash_to_raw(opts = {})
-        request_hash = opts[:request_hash]
-
-        # Populate HTTP Request Line
-        request_raw = "#{request_hash[:http_method]} "
-        request_raw = "#{request_raw}#{request_hash[:http_resource_path]} "
-        request_raw = "#{request_raw}#{request_hash[:http_version]}\r\n"
-
-        # Populate HTTP Headers
-        request_hash[:http_headers].each do |key, header_val|
-          request_raw = "#{request_raw}#{key}: #{header_val}\r\n"
-        end
-
-        # Populate HTTP Body (If Applicable)
-        request_raw = "#{request_raw}\r\n"
-        request_raw = "#{request_raw}#{request_hash[:http_body]}" unless request_hash[:http_body] == ''
-      rescue StandardError => e
-        raise e
-      end
-
-      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
-
-      public_class_method def self.authors
-        "AUTHOR(S):
-          0day Inc. <request.pentest@0dayinc.com>
-        "
-      end
-
-      # Display Usage for this Module
-
-      public_class_method def self.help
-        puts "USAGE:
-          request_hash = PWN::Plugins::HTTPInterceptHelper.raw_to_hash(
-            request_raw: 'required => raw http request string to convert to hash'
-          )
-
-          request_raw = PWN::Plugins::HTTPInterceptHelper.hash_to_raw(
-            request_hash: 'required => request_hash object returned by #raw_to_hash method'
-          )
-        "
-      end
-    end
-  end
-end