pwn 0.4.634 → 0.4.636

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0fb832accac7268a584655b8dba3fb618f58cc8fd7ea9151897c1a164a3d0c23
-  data.tar.gz: d87a84d5411d8ab60f526f47a7e8f915358fa7528fc5a9ab741db2d00d8a3744
+  metadata.gz: a53e0d51559f7f2ef0d158dad69d01317a5b3d1effc551bdc2864296472ce1ca
+  data.tar.gz: b3c9a88c2fae88c35bc97d6461107482bc33565d60d2c8acaa714debcc400999
 SHA512:
-  metadata.gz: f59ad00b51892108357b9b6daa0a13c4eef91b1bb31e95d0ab11a2fa31baaee93a83b8415b13c52cdfd40f3edd0649eb73745be549ae008f66e0187a415ff9e8
-  data.tar.gz: 86b721306e332d7a3ac2feef0bd583ef88806c86ce7278c5b9ce3a106eb74733cecdf50c73b2d40b60af1f32226246a30bc6e70d5d7d51d26be968679084bc0d
+  metadata.gz: 0e03ec1ebe7a078a6c2872172d28e7af661905e0612b5768ddec77621a86635a79a2c6a3f3b2fe1e9a00d1bbad0802dbf08b8ee5095d9387eeb557aa0e603c2c
+  data.tar.gz: 3dcd87ad285151b44c6f3d1d6bb4d8944b668db44b836d46a956470040fe5ab3cca9d665802420bf9da6602bdebd4474cbefafb09d05ddfd0cb169c3dc43d61b

data/Gemfile

@@ -18,7 +18,7 @@ gem 'aws-sdk', '3.1.0'
 gem 'bettercap', '1.6.2'
 gem 'brakeman', '5.4.1'
 gem 'bson', '4.15.0'
-gem 'bundler', '>=2.4.10'
+gem 'bundler', '>=2.4.12'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.20.3'
 gem 'colorize', '0.8.1'
@@ -47,7 +47,7 @@ gem 'net-ldap', '0.18.0'
 gem 'net-openvpn', '0.8.7'
 gem 'net-smtp', '0.3.3'
 gem 'nexpose', '7.3.0'
-gem 'nokogiri', '1.14.2'
+gem 'nokogiri', '1.14.3'
 gem 'oily_png', '1.2.1'
 gem 'os', '1.1.4'
 gem 'packetfu', '1.1.13'
@@ -64,7 +64,7 @@ gem 'rex', '2.0.13'
 gem 'rmagick', '5.2.0'
 gem 'rspec', '3.12.0'
 gem 'rtesseract', '3.1.2'
-gem 'rubocop', '1.49.0'
+gem 'rubocop', '1.50.2'
 gem 'rubocop-rake', '0.6.0'
 gem 'rubocop-rspec', '2.19.0'
 gem 'ruby-audio', '1.6.1'
@@ -74,7 +74,7 @@ gem 'rvm', '1.11.3.9'
 gem 'savon', '2.14.0'
 gem 'selenium-devtools', '0.111.0'
 gem 'serialport', '1.3.2'
-gem 'sinatra', '3.0.5'
+gem 'sinatra', '3.0.6'
 gem 'slack-ruby-client', '2.1.0'
 gem 'socksify', '1.7.1'
 gem 'spreadsheet', '1.3.0'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.634]:001 >>> PWN.help
+pwn[v0.4.636]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.634]:001 >>> PWN.help
+pwn[v0.4.636]:001 >>> PWN.help
 ```
 
 

data/lib/pwn/plugins/burp_suite.rb

@@ -29,9 +29,11 @@ module PWN
                        end
 
         if opts[:headless]
-          burp_cmd_string = "java -Xmx3G -Djava.awt.headless=true -classpath #{burp_root}/burpbuddy.jar:#{burp_jar_path} burp.StartBurp"
+          # burp_cmd_string = "java -Xmx3G -Djava.awt.headless=true -classpath #{burp_root}/burpbuddy.jar:#{burp_jar_path} burp.StartBurp"
+          burp_cmd_string = "java -Xmx3G -Djava.awt.headless=true -classpath #{burp_root}/burpbuddy.jar -jar #{burp_jar_path}"
         else
-          burp_cmd_string = "java -Xmx3G -classpath #{burp_root}/burpbuddy.jar:#{burp_jar_path} burp.StartBurp"
+          # burp_cmd_string = "java -Xmx3G -classpath #{burp_root}/burpbuddy.jar:#{burp_jar_path} burp.StartBurp"
+          burp_cmd_string = "java -Xmx3G -classpath #{burp_root}/burpbuddy.jar -jar #{burp_jar_path}"
         end
 
         # Construct burp_obj

data/lib/pwn/plugins/sock.rb

@@ -120,7 +120,7 @@ module PWN
           listen_obj = UDPSocket.new
           listen_obj.bind(server_ip, port)
           while (client_input = listen_obj.recvmsg)
-            puts client_input[0].to_s
+            puts client_input[0]
           end
         else
           raise "Unsupported protocol: #{protocol}"

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.634'
+  VERSION = '0.4.636'
 end

data/third_party/http-request-headers-fields-large.txt

@@ -0,0 +1,1185 @@
+A-IM
+Accept
+Accept-Application
+Accept-Charset
+Accept-Datetime
+Accept-Encoding
+Accept-Encodxng
+Accept-Language
+Accept-Ranges
+Accept-Version
+Accepted
+Access-Control-Allow-Credentials
+Access-Control-Allow-Headers
+Access-Control-Allow-Methods
+Access-Control-Allow-Origin
+Access-Control-Expose-Headers
+Access-Control-Max-Age
+Access-Control-Request-Headers
+Access-Control-Request-Method
+Access-Token
+Accesskey
+Action
+Admin
+Age
+Ajax
+Akamai-Origin-Hop
+Allow
+App
+App-Env
+App-Key
+Appcookie
+Apply-To-Redirect-Ref
+Appname
+Appversion
+Atcept-Language
+Auth
+Auth-Any
+Auth-Basic
+Auth-Digest
+Auth-Digest-Ie
+Auth-Gssneg
+Auth-Key
+Auth-Ntlm
+Auth-Password
+Auth-Realm
+Auth-Type
+Auth-User
+Authentication
+Authorization
+Bad-Gateway
+Bad-Request
+Bae-Env-Addr-Bcms
+Bae-Env-Addr-Bcs
+Bae-Env-Addr-Bus
+Bae-Env-Addr-Channel
+Bae-Env-Addr-Sql-Ip
+Bae-Env-Addr-Sql-Port
+Bae-Env-Ak
+Bae-Env-Appid
+Bae-Env-Sk
+Bae-Logid
+Bar
+Base
+Base-Url
+Basic
+Bearer-Indication
+Body-Maxlength
+Body-Truncated
+Brief
+Browser-User-Agent
+Cache-Control
+Cache-Info
+Case-Files
+Catalog
+Catalog-Server
+Category
+Cert-Cookie
+Cert-Flags
+Cert-Issuer
+Cert-Keysize
+Cert-Secretkeysize
+Cert-Serialnumber
+Cert-Server-Issuer
+Cert-Server-Subject
+Cert-Subject
+Cf-Connecting-Ip
+Cf-Ipcountry
+Cf-Template-Path
+Cf-Visitor
+Ch
+Challenge-Response
+Charset
+Chunk-Size
+Client
+Client-Address
+Client-Bad-Request
+Client-Conflict
+Client-Error-Cannot-Access-Local-File
+Client-Error-Cannot-Connect
+Client-Error-Communication-Failure
+Client-Error-Connect
+Client-Error-Invalid-Parameters
+Client-Error-Invalid-Server-Address
+Client-Error-No-Error
+Client-Error-Protocol-Failure
+Client-Error-Unspecified-Error
+Client-Expectation-Failed
+Client-Forbidden
+Client-Gone
+Client-Ip
+Client-IP
+Client-Length-Required
+Client-Method-Not-Allowed
+Client-Not-Acceptable
+Client-Not-Found
+Client-Payment-Required
+Client-Precondition-Failed
+Client-Proxy-Auth-Required
+Client-Quirk-Mode
+Client-Request-Timeout
+Client-Request-Too-Large
+Client-Request-Uri-Too-Large
+Client-Requested-Range-Not-Possible
+Client-Unauthorized
+Client-Unsupported-Media-Type
+Clientaddress
+Clientip
+Cloudfront-Viewer-Country
+Cloudinary-Name
+Cloudinary-Public-Id
+Cloudinary-Version
+Cloudinaryurl
+Cluster-Client-IP
+Code
+Coming-From
+Compress
+Conflict
+Connection
+Connection-Type
+Contact
+Content
+Content-Disposition
+Content-Encoding
+Content-Language
+Content-Length
+Content-Location
+Content-MD5
+Content-Md5
+Content-Range
+Content-Security-Policy
+Content-Security-Policy-Report-Only
+Content-Type
+Content-Type-Xhtml
+Context-Path
+Continue
+Cookie
+Cookie-Domain
+Cookie-Httponly
+Cookie-Parse-Raw
+Cookie-Path
+Cookie-Secure
+Cookie-Vars
+Cookie2
+Cookies
+Core-Base
+Correlates
+Created
+Credentials-Filepath
+Cross-Origin-Embedder-Policy
+Cross-Origin-Opener-Policy
+Cross-Origin-Resource-Policy
+Curl
+Curl-Multithreaded
+Custom-Header
+Custom-Secret-Header
+Dataserviceversion
+Date
+Debug
+Deflate-Level-Def
+Deflate-Level-Max
+Deflate-Level-Min
+Deflate-Strategy-Def
+Deflate-Strategy-Filt
+Deflate-Strategy-Fixed
+Deflate-Strategy-Huff
+Deflate-Strategy-Rle
+Deflate-Type-Gzip
+Deflate-Type-Raw
+Deflate-Type-Zlib
+Delete
+Depth
+Destination
+Destroy
+Devblocksproxybase
+Devblocksproxyhost
+Devblocksproxyssl
+Device-Stock-Ua
+Digest
+Dir
+Dir-Name
+Dir-Resource
+Disable-Gzip
+Dkim-Signature
+DNT
+Dnt
+Download-Attachment
+Download-Bad-Url
+Download-Bz2
+Download-Cut-Short
+Download-E-Headers-Sent
+Download-E-Invalid-Archive-Type
+Download-E-Invalid-Content-Type
+Download-E-Invalid-File
+Download-E-Invalid-Param
+Download-E-Invalid-Request
+Download-E-Invalid-Resource
+Download-E-No-Ext-Mmagic
+Download-E-No-Ext-Zlib
+Download-Inline
+Download-Mime-Type
+Download-No-Server
+Download-Size
+Download-Status-Not-Found
+Download-Status-Server-Error
+Download-Status-Unauthorized
+Download-Status-Unknown
+Download-Tar
+Download-Tgz
+Download-Url
+Download-Zip
+E-Encoding
+E-Header
+E-Invalid-Param
+E-Malformed-Headers
+E-Message-Type
+E-Querystring
+E-Request
+E-Request-Method
+E-Request-Pool
+E-Response
+E-Runtime
+E-Socket
+E-Url
+Enable-Gzip
+Enable-No-Cache-Headers
+Encoding-Stream-Flush-Full
+Encoding-Stream-Flush-None
+Encoding-Stream-Flush-Sync
+Env-Silla-Environment
+Env-Vars
+Error
+Error-1
+Error-2
+Error-3
+Error-4
+Error-Formatting-Html
+Espo-Authorization
+Espo-Cgi-Auth
+Etag
+Eve-Charid
+Eve-Charname
+Eve-Solarsystemid
+Eve-Solarsystemname
+Eve-Trusted
+Ex-Copy-Movie
+Expect
+Expect-CT
+Expectation-Failed
+Expires
+Ext
+Failed-Dependency
+Fake-Header
+Fastly-Client-Ip
+Fb-Appid
+Fb-Secret
+Feature-Policy
+File-Not-Found
+Filename
+Files
+Files-Vars
+Fire-Breathing-Dragon
+Foo
+Foo-Bar
+Forbidden
+Force-Language
+Force-Local-Xhprof
+Format
+Forwarded
+Forwarded-For
+Forwarded-For-Ip
+Forwarded-Proto
+From
+Fromlink
+Front-End-Https
+Gateway-Interface
+Gateway-Time-Out
+Get
+Get-Vars
+Givenname
+Global-All
+Global-Cookie
+Global-Get
+Global-Post
+Gone
+Google-Code-Project-Hosting-Hook-Hmac
+Gzip-Level
+H0st
+Head
+Header
+Header-Lf
+Header-Status-Client-Error
+Header-Status-Informational
+Header-Status-Redirect
+Header-Status-Server-Error
+Header-Status-Successful
+Home
+Host
+Host-Liveserver
+Host-Name
+Host-Unavailable
+Hosti
+Htaccess
+Http-Accept
+Http-Accept-Encoding
+Http-Accept-Language
+Http-Authorization
+Http-Connection
+Http-Cookie
+Http-Host
+Http-Phone-Number
+Http-Referer
+Http-Url
+Http-User-Agent
+HTTP2-Settings
+Https
+Https-From-Lb
+Https-Keysize
+Https-Secretkeysize
+Https-Server-Issuer
+Https-Server-Subject
+If
+If-Match
+If-Modified-Since
+If-Modified-Since-Version
+If-None-Match
+If-Posted-Before
+If-Range
+If-Unmodified-Since
+If-Unmodified-Since-Version
+Image
+Images
+Incap-Client-Ip
+Info
+Info-Download-Size
+Info-Download-Time
+Info-Return-Code
+Info-Total-Request-Stat
+Info-Total-Response-Stat
+Insufficient-Storage
+Internal-Server-Error
+Ipresolve-Any
+Ipresolve-V4
+Ipresolve-V6
+Ischedule-Version
+Iv-Groups
+Iv-User
+Javascript
+Jenkins
+Keep-Alive
+Kiss-Rpc
+Label
+Large-Allocation
+Last-Event-Id
+Last-Modified
+Length-Required
+Link
+Local-Addr
+Local-Content-Sha1
+Local-Dir
+Location
+Lock-Token
+Locked
+Mail
+Mandatory
+Max-Conn
+Max-Forwards
+Max-Request-Size
+Max-Uri-Length
+Maxdataserviceversion
+Message
+Message-B
+Meth-
+Meth-Acl
+Meth-Baseline-Control
+Meth-Checkin
+Meth-Checkout
+Meth-Connect
+Meth-Copy
+Meth-Delete
+Meth-Get
+Meth-Head
+Meth-Label
+Meth-Lock
+Meth-Merge
+Meth-Mkactivity
+Meth-Mkcol
+Meth-Mkworkspace
+Meth-Move
+Meth-Options
+Meth-Post
+Meth-Propfind
+Meth-Proppatch
+Meth-Put
+Meth-Report
+Meth-Trace
+Meth-Uncheckout
+Meth-Unlock
+Meth-Update
+Meth-Version-Control
+Method
+Method-Not-Allowed
+Mimetype
+Mod-Env
+Mod-Rewrite
+Mod-Security-Message
+Modauth
+Mode
+Module-Class
+Module-Class-Path
+Module-Name
+Moved-Permanently
+Moved-Temporarily
+Ms-Asprotocolversion
+Msg-None
+Msg-Request
+Msg-Response
+Msisdn
+Multi-Status
+Multipart-Boundary
+Multiple-Choices
+Must
+My-Header
+Mysqlport
+Native-Sockets
+Negotiate
+Nl
+No-Content
+Non-Authoritative
+Nonce
+Not-Acceptable
+Not-Exists
+Not-Extended
+Not-Found
+Not-Implemented
+Not-Modified
+Notification-Template
+Oc-Chunked
+Ocs-Apirequest
+Ok
+On-Behalf-Of
+Onerror-Continue
+Onerror-Die
+Onerror-Return
+Only
+Opencart
+Options
+Organizer
+Orig_path_info
+Origin
+Origin-Isolation
+Originator
+Overwrite
+Params-Allow-Comma
+Params-Allow-Failure
+Params-Default
+Params-Get-Catid
+Params-Get-Currentday
+Params-Get-Disposition
+Params-Get-Downwards
+Params-Get-Givendate
+Params-Get-Lang
+Params-Get-Type
+Params-Raise-Error
+Partial-Content
+Passkey
+Password
+Path
+Path-Base
+Path-Info
+Path-Themes
+Path-Translated
+Payment-Required
+Pc-Remote-Addr
+Permanent
+Phone-Number
+Php
+Php-Auth-Pw
+Php-Auth-User
+Phpthreads
+Pink-Pony
+Port
+Portsensor-Auth
+Post
+Post-Error
+Post-Files
+Post-Vars
+Postredir-301
+Postredir-302
+Postredir-All
+Pragma
+Pragma-No-Cache
+Precondition-Failed
+Prefer
+Processing
+Profile
+Protocol
+Protocols
+Proxy
+Proxy-Agent
+Proxy-Authenticate
+Proxy-Authentication-Required
+Proxy-Authorization
+Proxy-Connection
+Proxy-Host
+Proxy-Http
+Proxy-Http-1-0
+Proxy-Password
+Proxy-Port
+Proxy-Pwd
+Proxy-Request-Fulluri
+Proxy-Socks4
+Proxy-Socks4a
+Proxy-Socks5
+Proxy-Socks5-Hostname
+Proxy-Url
+Proxy-User
+Public-Key-Pins
+Public-Key-Pins-Report-Only
+Pull
+Put
+Query-String
+Querystring
+Querystring-Type-Array
+Querystring-Type-Bool
+Querystring-Type-Float
+Querystring-Type-Int
+Querystring-Type-Object
+Querystring-Type-String
+Range
+Range-Not-Satisfiable
+Raw-Post-Data
+Read-State-Begin
+Read-State-Body
+Read-State-Headers
+Real-Ip
+Real-Method
+Reason
+Reason-Phrase
+Recipient
+Redirect
+Redirect-Found
+Redirect-Perm
+Redirect-Post
+Redirect-Problem-Withoutwww
+Redirect-Problem-Withwww
+Redirect-Proxy
+Redirect-Temp
+Redirected-Accept-Language
+Redirection-Found
+Redirection-Multiple-Choices
+Redirection-Not-Modified
+Redirection-Permanent
+Redirection-See-Other
+Redirection-Temporary
+Redirection-Unused
+Redirection-Use-Proxy
+Ref
+Referer
+Referrer
+Referrer-Policy
+Refferer
+Refresh
+Remix-Hash
+Remote-Addr
+Remote-Host
+Remote-Host-Wp
+Remote-User
+Remote-Userhttps
+Report-To
+Request
+Request-Entity-Too-Large
+Request-Error
+Request-Error-File
+Request-Error-Gzip-Crc
+Request-Error-Gzip-Data
+Request-Error-Gzip-Method
+Request-Error-Gzip-Read
+Request-Error-Proxy
+Request-Error-Redirects
+Request-Error-Response
+Request-Error-Url
+Request-Http-Ver-1-0
+Request-Http-Ver-1-1
+Request-Mbstring
+Request-Method
+Request-Method-
+Request-Method-Delete
+Request-Method-Get
+Request-Method-Head
+Request-Method-Options
+Request-Method-Post
+Request-Method-Put
+Request-Method-Trace
+Request-Time-Out
+Request-Timeout
+Request-Uri
+Request-Uri-Too-Large
+Request-Vars
+Request2-Tests-Base-Url
+Request2-Tests-Proxy-Host
+Requesttoken
+Reset-Content
+Response
+Rest-Key
+Rest-Sign
+Retry-After
+Returned-Error
+Rlnclientipaddr
+Root
+Safe-Ports-List
+Safe-Ports-Ssl-List
+Save-Data
+Schedule-Reply
+Scheme
+Script-Name
+Sec-Websocket-Accept
+Sec-Websocket-Extensions
+Sec-Websocket-Key
+Sec-Websocket-Key1
+Sec-Websocket-Key2
+Sec-Websocket-Origin
+Sec-Websocket-Protocol
+Sec-Websocket-Version
+Secretkey
+See-Other
+Self
+Send-X-Frame-Options
+Server
+Server-Bad-Gateway
+Server-Error
+Server-Gateway-Timeout
+Server-Internal
+Server-Name
+Server-Not-Implemented
+Server-Port
+Server-Port-Secure
+Server-Protocol
+Server-Service-Unavailable
+Server-Software
+Server-Unsupported-Version
+Server-Vars
+Server-Varsabantecart
+Service-Unavailable
+Session-Id-Tag
+Session-Vars
+Set-Cookie
+Set-Cookie2
+Shib-
+Shib-Application-Id
+Shib-Identity-Provider
+Shib-Logouturl
+Shopilex
+Slug
+Sn
+Soapaction
+Socket-Connection-Err
+Socketlog
+Somevar
+Sourcemap
+Sp-Client
+Sp-Host
+Ssl
+Ssl-Https
+Ssl-Offloaded
+Ssl-Session-Id
+Ssl-Version-Any
+Sslsessionid
+Start
+Status
+Status-
+Status-403
+Status-403-Admin-Del
+Status-404
+Status-Bad-Request
+Status-Code
+Status-Forbidden
+Status-Ok
+Status-Platform-403
+Str-Match
+Strict-Transport-Security
+Success-Accepted
+Success-Created
+Success-No-Content
+Success-Non-Authoritative
+Success-Ok
+Success-Partial-Content
+Success-Reset-Content
+Support
+Support-Encodings
+Support-Events
+Support-Magicmime
+Support-Requests
+Support-Sslrequests
+Surrogate-Capability
+Switching-Protocols
+TE
+Te
+Temporary-Redirect
+Test
+Test-Config
+Test-Server-Path
+Test-Something-Anything
+Ticket
+Time-Out
+Timeout
+Timing-Allow-Origin
+Title
+Tk
+Tmp
+Token
+Trailer
+Transfer-Encoding
+Translate
+Transport-Err
+True-Client-Ip
+True-Client-IP
+Ua
+Ua-Color
+Ua-Cpu
+Ua-Os
+Ua-Pixels
+Ua-Resolution
+Ua-Voice
+Unauthorized
+Unencoded-Url
+Unit-Test-Mode
+UniqueId
+Unless-Modified-Since
+Unprocessable-Entity
+Unsupported-Media-Type
+Upgrade
+Upgrade-Insecure-Requests
+Upgrade-Required
+Upload-Default-Chmod
+Uri
+Url
+Url-From-Env
+Url-Join-Path
+Url-Join-Query
+Url-Replace
+Url-Sanitize-Path
+Url-Strip-
+Url-Strip-All
+Url-Strip-Auth
+Url-Strip-Fragment
+Url-Strip-Pass
+Url-Strip-Path
+Url-Strip-Port
+Url-Strip-Query
+Url-Strip-User
+Use-Gzip
+Use-Proxy
+User
+User-Agent
+User-Agent-Via
+User-Email
+User-Id
+User-Mail
+User-Name
+User-Photos
+Useragent
+Useragent-Via
+Util
+Variant-Also-Varies
+Vary
+Verbose
+Verbose-Throttle
+Verify-Cert
+Version
+Version-1-0
+Version-1-1
+Version-Any
+Version-None
+Version-Not-Supported
+Versioncode
+Via
+Viad
+Waf-Stuff-Below
+Wap-Connection
+Warning
+Web-Server-Api
+Webodf-Member-Id
+Webodf-Session-Id
+Webodf-Session-Revision
+Work-Directory
+Www-Address
+Www-Authenticate
+X
+X-
+X-Aastra-Expmod1
+X-Aastra-Expmod2
+X-Aastra-Expmod3
+X-Accel-Mapping
+X-Access-Token
+X-Advertiser-Id
+X-Ajax-Real-Method
+X-Alto-Ajax-Keyz
+X-Amz-Date
+X-Amz-Website-Redirect-Location
+X-Amzn-Remapped-Host
+X-Api-Key
+X-Api-Signature
+X-Api-Timestamp
+X-Apitoken
+X-Apple-Client-Application
+X-Apple-Store-Front
+X-Arr-Log-Id
+X-Arr-Ssl
+X-ATT-DeviceId
+X-Att-Deviceid
+X-Auth-Key
+X-Auth-Mode
+X-Auth-Password
+X-Auth-Service-Provider
+X-Auth-Token
+X-Auth-User
+X-Auth-Userid
+X-Auth-Username
+X-Authentication
+X-Authentication-Key
+X-Authorization
+X-Avantgo-Screensize
+X-Azc-Remote-Addr
+X-Bear-Ajax-Request
+X-Bluecoat-Via
+X-Bolt-Phone-Ua
+X-Browser-Height
+X-Browser-Width
+X-Cascade
+X-Cept-Encoding
+X-Cf-Url
+X-Chrome-Extension
+X-Cisco-Bbsm-Clientip
+X-Client-Host
+X-Client-Id
+X-Client-Ip
+X-Client-IP
+X-Client-Key
+X-Client-Os
+X-Client-Os-Ver
+X-Clientip
+X-Cluster-Client-Ip
+X-Codeception-Codecoverage
+X-Codeception-Codecoverage-Config
+X-Codeception-Codecoverage-Debug
+X-Codeception-Codecoverage-Suite
+X-Collect-Coverage
+X-Coming-From
+X-Confirm-Delete
+X-Content-Type
+X-Content-Type-Options
+X-Correlation-ID
+X-Credentials-Request
+X-Csrf-Crumb
+X-Csrf-Token
+X-Csrftoken
+X-Cuid
+X-Custom
+X-Dagd-Proxy
+X-Davical-Testcase
+X-Dcmguid
+X-Debug-Test
+X-Device-User-Agent
+X-Download-Options
+X-Dialog
+X-Dns-Prefetch-Control
+X-Do-Not-Track
+X-Dokuwiki-Do
+X-Drestcg
+X-Dsid
+X-Elgg-Apikey
+X-Elgg-Hmac
+X-Elgg-Hmac-Algo
+X-Elgg-Nonce
+X-Elgg-Posthash
+X-Elgg-Posthash-Algo
+X-Elgg-Time
+X-Em-Uid
+X-Enable-Coverage
+X-Environment-Override
+X-Expected-Entity-Length
+X-Experience-Api-Version
+X-Fb-User-Remote-Addr
+X-File-Id
+X-File-Name
+X-File-Resume
+X-File-Size
+X-File-Type
+X-Filename
+X-Firelogger
+X-Fireloggerauth
+X-Firephp-Version
+X-Flash-Version
+X-Flx-Consumer-Key
+X-Flx-Consumer-Secret
+X-Flx-Redirect-Url
+X-Foo
+X-Foo-Bar
+X-Forward-For
+X-Forward-Proto
+X-Forwarded
+X-Forwarded-By
+X-Forwarded-For
+X-Forwarded-For-Original
+X-Forwarded-Host
+X-Forwarded-Port
+X-Forwarded-Proto
+X-Forwarded-Protocol
+X-Forwarded-Scheme
+X-Forwarded-Server
+X-Forwarded-Ssl
+X-Forwarder-For
+X-From
+X-Gb-Shared-Secret
+X-Geoip-Country
+X-Get-Checksum
+X-Helpscout-Event
+X-Helpscout-Signature
+X-Hgarg-
+X-Host
+X-Http-Destinationurl
+X-Http-Host-Override
+X-Http-Method
+X-Http-Method-Override
+X-Http-Path-Override
+X-Https
+X-Htx-Agent
+X-Huawei-Userid
+X-Hub-Signature
+X-If-Unmodified-Since
+X-Imbo-Test-Config
+X-Insight
+X-Ip
+X-Ip-Trail
+X-Iwproxy-Nesting
+X-Jphone-Color
+X-Jphone-Display
+X-Jphone-Geocode
+X-Jphone-Msname
+X-Jphone-Uid
+X-Json
+X-Kaltura-Remote-Addr
+X-Known-Signature
+X-Known-Username
+X-Litmus
+X-Litmus-Second
+X-Locking
+X-Machine
+X-Mandrill-Signature
+X-Method-Override
+X-Mobile-Gateway
+X-Mobile-Ua
+X-Mosso-Dt
+X-Moz
+X-Ms-Policykey
+X-Msisdn
+X-Myqee-System-Debug
+X-Myqee-System-Hash
+X-Myqee-System-Isadmin
+X-Myqee-System-Isrest
+X-Myqee-System-Pathinfo
+X-Myqee-System-Project
+X-Myqee-System-Rstr
+X-Myqee-System-Time
+X-Network-Info
+X-Nfsn-Https
+X-Ning-Request-Uri
+X-No-WWW-Authenticate
+X-Nokia-Bearer
+X-Nokia-Connection-Mode
+X-Nokia-Gateway-Id
+X-Nokia-Ipaddress
+X-Nokia-Msisdn
+X-Nokia-Wia-Accept-Original
+X-Nokia-Wtls
+X-Nuget-Apikey
+X-Oc-Mtime
+X-Opera-Info
+X-Operamini-Features
+X-Operamini-Phone
+X-Operamini-Phone-Ua
+X-Options
+X-Orange-Id
+X-Orchestra-Scheme
+X-Orig-Client
+X-Original-Host
+X-Original-Http-Command
+X-Original-Remote-Addr
+X-Original-Url
+X-Original-User-Agent
+X-Originally-Forwarded-For
+X-Originally-Forwarded-Proto
+X-Originating-Ip
+X-Originating-IP
+X-Os-Prefs
+X-Overlay
+X-Pagelet-Fragment
+X-Password
+X-Permitted-Cross-Domain-Policies
+X-Phabricator-Csrf
+X-Phpbb-Using-Plupload
+X-Pjax
+X-Pjax-Container
+X-Powered-By
+X-Prototype-Version
+X-Proxy-Url
+X-Pswd
+X-Purpose
+X-Qafoo-Profiler
+X-Real-Ip
+X-Remote-Addr
+X-Remote-IP
+X-Remote-Protocol
+X-Render-Partial
+X-Request
+X-Request-ID
+X-Request-Id
+X-Request-Signature
+X-Request-Start
+X-Request-Timestamp
+X-Requested-With
+X-Response-Format
+X-Rest-Cors
+X-Rest-Password
+X-Rest-Username
+X-Rewrite-Url
+X-Sakura-Forwarded-For
+X-Scalr-Auth-Key
+X-Scalr-Auth-Token
+X-Scalr-Env-Id
+X-Scanner
+X-Scheme
+X-Screen-Height
+X-Screen-Width
+X-Sendfile-Type
+X-Serial-Number
+X-Serialize
+X-Server-Id
+X-Server-Name
+X-Server-Port
+X-Signature
+X-Sina-Proxyuser
+X-Skyfire-Phone
+X-Skyfire-Screen
+X-Ssl
+X-Subdomain
+X-Te
+X-Teamsite-Preremap
+X-Test-Session-Id
+X-Timer
+X-Tine20-Jsonkey
+X-Tine20-Request-Type
+X-Tomboy-Client
+X-Tor
+X-Twilio-Signature
+X-Ua-Device
+X-Ucbrowser-Device-Ua
+X-UIDH
+X-Uidh
+X-Unique-Id
+X-Uniquewcid
+X-Up-Calling-Line-Id
+X-Up-Devcap-Iscolor
+X-Up-Devcap-Screendepth
+X-Up-Devcap-Screenpixels
+X-Up-Subno
+X-Update
+X-Update-Range
+X-Upload-Maxresolution
+X-Upload-Name
+X-Upload-Size
+X-Upload-Type
+X-Url-Scheme
+X-User
+X-User-Agent
+X-Username
+X-Varnish
+X-Verify-Credentials-Authorization
+X-Vodafone-3gpdpcontext
+X-Wap-Client-Sdu-Size
+X-Wap-Clientid
+X-Wap-Gateway
+X-Wap-Network-Client-Ip
+X-Wap-Network-Client-Msisdn
+X-Wap-Profile
+X-Wap-Proxy-Cookie
+X-Wap-Session-Id
+X-Wap-Tod
+X-Wap-Tod-Coded
+X-Whatever
+X-Wikimedia-Debug
+X-Wp-Nonce
+X-Wp-Pjax-Prefetch
+X-Ws-Api-Key
+X-Xc-Schema-Version
+X-Xhprof-Debug
+X-Xhr-Referer
+X-Xmlhttprequest
+X-Xpid
+X-Zikula-Ajax-Token
+X-Zotero-Version
+X-Ztgo-Bearerinfo
+X_alto_ajax_key
+Xauthorization
+Xonnection
+Xpdb-Debugger
+Xproxy
+Xroxy-Connection
+Xxx-Real-Ip
+Xxxxxxxxxxxxxxx
+Y
+Zotero-Api-Version
+Zotero-Write-Token
+Accept-Patch
+Alt-Svc
+Delta-Base
+ETag
+IM
+P3P
+WWW-Authenticate
+X-Frame-Options
+X-HTTP-Method-Override
+x-wap-profile
+Accept-CH
+Accept-CH-Lifetime
+Clear-Site-Data
+Cross-Origin-Resource-Policy
+DPR
+Device-Memory
+Early-Data
+Expect-CT
+Feature-Policy
+Sec-Fetch-Dest
+Sec-Fetch-Mode
+Sec-Fetch-Site
+Sec-Fetch-User
+Sec-WebSocket-Accept
+Server-Timing
+SourceMap
+Want-Digest
+X-DNS-Prefetch-Control
+X-ProxyUser-Ip
+X-XSS-Protection
+Public-Key-Pins
+Public-Key-Pins-Report-Only
+Sec-Fetch-Site
+Sec-Fetch-Mode
+Sec-Fetch-User
+Sec-Fetch-Dest
+Last-Event-ID
+Ping-From
+NEL
+Sec-WebSocket-Key
+Sec-WebSocket-Extensions
+Sec-WebSocket-Accept
+Sec-WebSocket-Protocol
+Sec-WebSocket-Version
+Accept-Push-Policy
+Accept-Signature
+Alt-Svc
+Date
+Signed-Headers
+Server-Timing
+Service-Worker-Allowed
+SourceMap

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.634
+  version: 0.4.636
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-10 00:00:00.000000000 Z
+date: 2023-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.10
+        version: 2.4.12
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.10
+        version: 2.4.12
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -520,14 +520,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.14.2
+        version: 1.14.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.14.2
+        version: 1.14.3
 - !ruby/object:Gem::Dependency
   name: oily_png
   requirement: !ruby/object:Gem::Requirement
@@ -758,14 +758,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.49.0
+        version: 1.50.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.49.0
+        version: 1.50.2
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -898,14 +898,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.0.5
+        version: 3.0.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.0.5
+        version: 3.0.6
 - !ruby/object:Gem::Dependency
   name: slack-ruby-client
   requirement: !ruby/object:Gem::Requirement
@@ -2050,6 +2050,7 @@ files:
 - spec/lib/pwn_spec.rb
 - spec/spec_helper.rb
 - third_party/.gitkeep
+- third_party/http-request-headers-fields-large.txt
 - update_pwn.sh
 - upgrade_ruby.sh
 - vagrant/provisioners/apache2.sh
@@ -2100,7 +2101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.4.12
 signing_key:
 specification_version: 4
 summary: Automated Security Testing for CI/CD Pipelines & Beyond