pwn 0.4.636 → 0.4.638
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/pwn/plugins/baresip.rb +7 -6
- data/lib/pwn/plugins/burp_suite.rb +3 -0
- data/lib/pwn/plugins/owasp_zap.rb +5 -4
- data/lib/pwn/plugins/sock.rb +38 -3
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e3997d085d7b525c646e2899c95468a734df8021f722717c1453c52cf3d6c208
|
4
|
+
data.tar.gz: 5490d6e641a80efa324b8b12184f8d368012c3a7fd7a137c0d5171efd77f6a45
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 72c2121bfc843d071e745e53452a77523e996d18b88e2e1fd93184048e3154151a5348fa86fbdbc669d33af01c028483d1cbf19278eb721b5aa34aab2abd2029
|
7
|
+
data.tar.gz: 894d262d198208c8c585594edb0fa36805b32bf465abcf4ac61fc4e4609021f6a6845ab776b91139c5b4a257a2bfb209c3b7c08cdf9470404719f0a885cf7862
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.638]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.638]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/lib/pwn/plugins/baresip.rb
CHANGED
@@ -84,12 +84,13 @@ module PWN
|
|
84
84
|
raise "no http_listen value found in #{config}." if http_list_entry.empty?
|
85
85
|
|
86
86
|
# Update http_listen value in respective config with random available port
|
87
|
-
random_port = -1
|
88
|
-
port_in_use = true
|
89
|
-
while port_in_use
|
90
|
-
|
91
|
-
|
92
|
-
end
|
87
|
+
# random_port = -1
|
88
|
+
# port_in_use = true
|
89
|
+
# while port_in_use
|
90
|
+
# random_port = Random.rand(1024..65_535)
|
91
|
+
# port_in_use = PWN::Plugins::Sock.check_port_in_use(port: random_port)
|
92
|
+
# end
|
93
|
+
random_port = PWN::Plugins::Sock.get_random_unused_port
|
93
94
|
http_listen_ip_port = "127.0.0.1:#{random_port}"
|
94
95
|
|
95
96
|
updated_config_content = ''
|
@@ -40,6 +40,9 @@ module PWN
|
|
40
40
|
burp_obj = {}
|
41
41
|
burp_obj[:pid] = Process.spawn(burp_cmd_string)
|
42
42
|
rest_browser = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
43
|
+
# random_mitm_port = PWN::Plugins::Sock.get_random_unused_port
|
44
|
+
# random_bb_port = random_mitm_port
|
45
|
+
# random_bb_port = PWN::Plugins::Sock.get_random_unused_port while random_bb_port == random_mitm_port
|
43
46
|
burp_obj[:mitm_proxy] = '127.0.0.1:8080'
|
44
47
|
burp_obj[:burpbuddy_api] = '127.0.0.1:8001'
|
45
48
|
burp_obj[:rest_browser] = rest_browser
|
@@ -75,7 +75,7 @@ module PWN
|
|
75
75
|
# api_key: 'required - api key for API authorization',
|
76
76
|
# zap_bin_path: 'optional - path to zap.sh file'
|
77
77
|
# headless: 'optional - run zap headless if set to true',
|
78
|
-
# proxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1
|
78
|
+
# proxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:<Random 1024-65535>)',
|
79
79
|
# )
|
80
80
|
|
81
81
|
public_class_method def self.start(opts = {})
|
@@ -116,11 +116,12 @@ module PWN
|
|
116
116
|
if opts[:proxy]
|
117
117
|
proxy = opts[:proxy].to_s.scrub.strip.chomp
|
118
118
|
proxy_uri = URI.parse(proxy)
|
119
|
-
owasp_zap_cmd = "#{owasp_zap_cmd} -host #{proxy_uri.host} -port #{proxy_uri.port}"
|
120
119
|
else
|
121
|
-
|
120
|
+
random_port = PWN::Plugins::Sock.get_random_unused_port
|
121
|
+
proxy = "http://127.0.0.1:#{random_port}"
|
122
122
|
proxy_uri = URI.parse(proxy)
|
123
123
|
end
|
124
|
+
owasp_zap_cmd = "#{owasp_zap_cmd} -host #{proxy_uri.host} -port #{proxy_uri.port}"
|
124
125
|
zap_obj[:host] = proxy_uri.host.to_s.scrub
|
125
126
|
zap_obj[:port] = proxy_uri.port.to_i
|
126
127
|
|
@@ -499,7 +500,7 @@ module PWN
|
|
499
500
|
api_key: 'required - api key for API authorization',
|
500
501
|
zap_bin_path: 'optional - path to zap.sh file',
|
501
502
|
headless: 'optional - run zap headless if set to true',
|
502
|
-
proxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1
|
503
|
+
proxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:<Random 1024-65535>)'
|
503
504
|
)
|
504
505
|
puts zap_obj.public_methods
|
505
506
|
|
data/lib/pwn/plugins/sock.rb
CHANGED
@@ -47,10 +47,40 @@ module PWN
|
|
47
47
|
raise e
|
48
48
|
end
|
49
49
|
|
50
|
+
# Supported Method Parameters::
|
51
|
+
# PWN::Plugins::Sock.get_random_unused_port(
|
52
|
+
# server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
|
53
|
+
# protocol: 'optional - :tcp || :udp (defaults to tcp)'
|
54
|
+
# )
|
55
|
+
|
56
|
+
public_class_method def self.get_random_unused_port(opts = {})
|
57
|
+
server_ip = opts[:server_ip]
|
58
|
+
server_ip ||= '127.0.0.1'
|
59
|
+
port = -1
|
60
|
+
protocol = opts[:protocol]
|
61
|
+
protocol ||= :tcp
|
62
|
+
|
63
|
+
port_in_use = true
|
64
|
+
while port_in_use
|
65
|
+
port = Random.rand(1024..65_535)
|
66
|
+
port_in_use = check_port_in_use(
|
67
|
+
server_ip: server_ip,
|
68
|
+
port: port,
|
69
|
+
protocol: protocol
|
70
|
+
)
|
71
|
+
end
|
72
|
+
|
73
|
+
port
|
74
|
+
rescue Errno::ECONNREFUSED,
|
75
|
+
Errno::EHOSTUNREACH,
|
76
|
+
Errno::ETIMEDOUT
|
77
|
+
false
|
78
|
+
end
|
79
|
+
|
50
80
|
# Supported Method Parameters::
|
51
81
|
# PWN::Plugins::Sock.check_port_in_use(
|
52
|
-
# port: 'required - target port',
|
53
82
|
# server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
|
83
|
+
# port: 'required - target port',
|
54
84
|
# protocol: 'optional - :tcp || :udp (defaults to tcp)'
|
55
85
|
# )
|
56
86
|
|
@@ -163,9 +193,14 @@ module PWN
|
|
163
193
|
tls: 'optional - boolean connect to target socket using TLS (defaults to false)'
|
164
194
|
)
|
165
195
|
|
166
|
-
#{self}.
|
167
|
-
|
196
|
+
port = #{self}.get_random_unused_port(
|
197
|
+
server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
|
198
|
+
protocol: 'optional - :tcp || :udp (defaults to tcp)'
|
199
|
+
)
|
200
|
+
|
201
|
+
#{self}.check_port_in_use(
|
168
202
|
server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
|
203
|
+
port: 'required - target port',
|
169
204
|
protocol: 'optional - :tcp || :udp (defaults to tcp)'
|
170
205
|
)
|
171
206
|
|
data/lib/pwn/version.rb
CHANGED