pwn 0.4.660 → 0.4.662

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9df12cf1f7713be0d0e51a67530a1358245af7bd35d9737df8ed70679aec5148
-  data.tar.gz: e1e70483b477b3aec9c3e2680395973a588b89ce7b86da1fe680f5563f0c28bf
+  metadata.gz: a7f9d4bd6a0a71ea65b8724013bb92fd9eb381ef0c7fb947e29b895bb0192569
+  data.tar.gz: b701eba227bf7c8fb36b034531f5112061ef1d550e0634e49d417ebd8929079c
 SHA512:
-  metadata.gz: 4edfca0e6a37c6a8199dee90a4efb20c99e1f806848c0927a2febccfca78e5118053787f555aba4ae6dd843d682d81374ecdb006421032f2d96a2c81cf91daf1
-  data.tar.gz: 697e30f757f956a8e6de26772c5e101c69c87f098ba2dacc2cdfb3cab4422850174b71399f3b6701af15ea420ffca8762e5256cb2e585928c1db0dad1e9a9a1e
+  metadata.gz: 59deae1117fe9e5078802c0c276779a2eb68d78eb57710e0da89ebf1ce0b4cc3cdf507a6c6498e921dc09cf59e4e10031c422d3352264dab8205e6f10bb637b0
+  data.tar.gz: 68fb679b424a65bf6926ba98b72118732d1d58f588f2a8819f1e6c1d94e7879839f9a4bb676c31a92da4bd00ea8a59a951c48cc4ae1bd9cdbbbc66cce96cb5e1

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.660]:001 >>> PWN.help
+pwn[v0.4.662]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.660]:001 >>> PWN.help
+pwn[v0.4.662]:001 >>> PWN.help
 ```
 
 

data/bin/pwn_nessus_cloud_vulnscan

@@ -77,7 +77,8 @@ begin
     )
 
     scan_status = scan_status_resp[:status]
-    break if scan_status != 'initializing' && scan_status != 'pending' && scan_status != 'running'
+    break if scan_status != 'initializing' && scan_status != 'pending' && scan_status != 'running' && scan_status != 'publishing'
+    # break if scan_status == 'completed'
   end
 
   raise "Scan status reached an unexpected condition: #{scan_status}.  Re-verify the scan config for, '#{scan_name}' and try again." unless scan_status == 'completed'

data/lib/pwn/log.rb

@@ -0,0 +1,117 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'logger'
+require 'securerandom'
+
+module PWN
+  # This plugin is used to instantiate a PWN logger with a custom message format
+  module Log
+    # Supported Method Parameters::
+    # PWN::Log.create(
+    # )
+    public_class_method def self.append(opts = {})
+      level = opts[:level].to_s.downcase.to_sym
+      msg = opts[:msg]
+      which_self = opts[:which_self].to_s
+
+      driver_name = File.basename($PROGRAM_NAME)
+
+      # Only attempt to exit gracefully if level == :error
+      exit_gracefully = false
+
+      # Define Date / Time Format
+      datetime_str = '%Y-%m-%d %H:%M:%S.%N%z'
+
+      # Always append to log file
+      if level == :learning
+        session = SecureRandom.hex
+        log_file_path = "/tmp/pwn-ai-#{session}.json" if level == :learning
+        log_file = File.open(log_file_path, 'w')
+      else
+        log_file_path = '/tmp/pwn.log'
+        log_file = File.open(log_file_path, 'a')
+      end
+
+      # Leave 10 "old" log files where
+      # each file is ~ 1,024,000 bytes
+      logger = Logger.new(
+        log_file,
+        10,
+        1_024_000
+      )
+      logger.datetime_format = datetime_str
+
+      case level
+      when :debug
+        logger.level = Logger::DEBUG
+      when :error
+        logger.level = Logger::ERROR
+        exit_gracefully = true unless driver_name == 'pwn'
+        puts "\nERROR: See #{log_file_path} for more details." if driver_name == 'pwn'
+      when :fatal
+        # This is reserved for the PWN::UI::Exit module
+        # if the Interrupt or StandardError exceptions are
+        # triggered.  This prevents infintely attempting to
+        # exit if something in the module fails.
+        logger.level = Logger::FATAL
+        if driver_name == 'pwn'
+          puts "\n FATAL ERROR: See #{log_file_path} for more details."
+        end
+      when :info, :learning
+        logger.level = Logger::INFO
+      when :unknown
+        logger.level = Logger::UNKNOWN
+      when :warn
+        logger.level = Logger::WARN
+      else
+        level_error = "ERROR: Invalid log level. Valid options are:\n"
+        level_error += ":debug\n:error\n:fatal\n:info\n:learning\n:unknown\n:warn\n"
+        raise level_error
+      end
+
+      if level == :learning
+        log_event = msg
+        logger.formatter = proc do |_severity, _datetime, _progname, learning_arr|
+          JSON.pretty_generate(
+            learning_data: learning_arr
+          )
+        end
+      else
+        log_event = "driver: #{driver_name}"
+
+        if msg.instance_of?(Interrupt)
+          logger.level = Logger::WARN
+          if driver_name == 'pwn'
+            log_event += ' => CTRL+C Detected.'
+          else
+            log_event += ' => CTRL+C Detected...Exiting Session.'
+            exit_gracefully = true unless driver_name == 'pwn'
+          end
+        else
+          log_event += " => #{msg}"
+          if msg.respond_to?('backtrace') && !msg.instance_of?(Errno::ECONNRESET)
+            log_event += " => \n\t#{msg.backtrace.join("\n\t")}"
+            log_event += "\n\n\n"
+          end
+        end
+      end
+
+      logger.add(logger.level, log_event, which_self)
+    rescue Interrupt, StandardError => e
+      raise e
+    end
+
+    # Display Usage for this Module
+
+    public_class_method def self.help
+      puts "USAGE:
+        logger = #{self}.append(
+          level: 'required - log verbosity :debug|:error|:fatal|:info|:learning|:unknown|:warn',
+          msg: 'required - message to log',
+          which_self: 'required - pass in self object from module calling #{self}'
+        )
+      "
+    end
+  end
+end

data/lib/pwn/plugins/ansible_vault.rb

@@ -6,8 +6,6 @@ module PWN
     # Used to encrypt/decrypt configuration files leveraging AES256
     # (ansible-vault utility wrapper)
     module AnsibleVault
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::Plugins::AnsibleVault.encrypt(
       #   yaml_config: 'required - yaml config to encrypt',

data/lib/pwn/plugins/baresip.rb

@@ -6,7 +6,6 @@ module PWN
   module Plugins
     # This plugin is used for interacting w/ baresip over a screen session.
     module BareSIP
-      @@logger = PWN::Plugins::PWNLogger.create
       @session_data = []
       # Supported Method Parameters::
       # baresip_http_call(

data/lib/pwn/plugins/burp_suite.rb

@@ -14,8 +14,6 @@ module PWN
       #   browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',
       # )
 
-      @@logger = PWN::Plugins::PWNLogger.create
-
       public_class_method def self.start(opts = {})
         burp_jar_path = opts[:burp_jar_path]
         raise 'Invalid path to burp jar file.  Please check your spelling and try again.' unless File.exist?(burp_jar_path)

data/lib/pwn/plugins/char.rb

@@ -7,8 +7,6 @@ module PWN
   module Plugins
     # This plugin was created to generate various characters for fuzzing
     module Char
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::Plugins::Char.generate_by_range(
       #   from: 'required - integer to start from',

data/lib/pwn/plugins/fuzz.rb

@@ -8,8 +8,6 @@ module PWN
   module Plugins
     # This plugin was created to support fuzzing various networking protocols
     module Fuzz
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # socket_fuzz_results_arr = PWN::Plugins::Fuzz.socket(
       #   target: 'required - target host or ip',

data/lib/pwn/plugins/open_ai.rb

@@ -11,8 +11,6 @@ module PWN
     # This is based on the following OpenAI API Specification:
     # https://api.openai.com/v1
     module OpenAI
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # open_ai_rest_call(
       #   token: 'required - open_ai bearer token',
@@ -146,13 +144,14 @@ module PWN
 
         gpt = true if model.include?('gpt-3.5') || model.include?('gpt-4')
 
+        max_tokens = 4_096 - (request.to_s.length / 4)
+
         if gpt
           rest_call = 'chat/completions'
 
           response_history = opts[:response_history]
 
           max_tokens = response_history[:usage][:total_tokens] unless response_history.nil?
-          max_tokens ||= 4_096 - (request.to_s.length / 4)
           max_tokens = 8_192 - (request.to_s.length / 4) if model.include?('gpt-4')
           max_tokens = 32_768 - (request.to_s.length / 4) if model.include?('gpt-4-32k')
           max_tokens = 300 unless max_tokens.positive?
@@ -191,7 +190,6 @@ module PWN
         else
           # Per https://openai.com/pricing:
           # For English text, 1 token is approximately 4 characters or 0.75 words.
-          max_tokens = 4_097 - (request.to_s.length / 4)
           max_tokens = 300 unless max_tokens.positive?
 
           rest_call = 'completions'
@@ -541,7 +539,6 @@ module PWN
       public_class_method def self.delete_file(opts = {})
         token = opts[:token]
         file = opts[:file]
-        raise "ERROR: #{file} not found." unless File.exist?(file)
 
         response = list_files(token: token)
         file_id = response[:data].select { |f| f if f[:filename] == File.basename(file) }.first[:id]

data/lib/pwn/plugins/pony.rb

@@ -10,7 +10,6 @@ module PWN
     # This module's purpose is to exist until the necessary
     # functionality can be integrated into PWN::Plugins::MailAgent
     module Pony
-      @@logger = PWN::Plugins::PWNLogger.create
       @@options = {}
       @@override_options = {}
       @@subject_prefix = false

data/lib/pwn/plugins/spider.rb

@@ -13,8 +13,6 @@ module PWN
       #   proxy: 'optional - proxy to spider through e.g. http://127.0.0.1:8080'
       # )
 
-      @@logger = PWN::Plugins::PWNLogger.create
-
       public_class_method def self.crawl(opts = {})
         # TODO: Add AuthN Support
         # FYI: Anemone very well may have a memory leak.

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.660'
+  VERSION = '0.4.662'
 end

data/lib/pwn.rb

@@ -12,6 +12,7 @@ module PWN
   autoload :AWS, 'pwn/aws'
   autoload :Banner, 'pwn/banner'
   autoload :FFI, 'pwn/ffi'
+  autoload :Log, 'pwn/log'
   autoload :Plugins, 'pwn/plugins'
   autoload :Reports, 'pwn/reports'
   autoload :SAST, 'pwn/sast'

data/spec/lib/pwn/log_spec.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Log do
+  it 'should return data for help method' do
+    help_response = PWN::Log.help
+    expect(help_response).not_to be_nil
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.660
+  version: 0.4.662
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-28 00:00:00.000000000 Z
+date: 2023-05-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -1629,6 +1629,7 @@ files:
 - lib/pwn/banner/off_the_air.rb
 - lib/pwn/banner/pirate.rb
 - lib/pwn/ffi.rb
+- lib/pwn/log.rb
 - lib/pwn/plugins.rb
 - lib/pwn/plugins/android.rb
 - lib/pwn/plugins/ansible_vault.rb
@@ -1937,6 +1938,7 @@ files:
 - spec/lib/pwn/banner/pirate_spec.rb
 - spec/lib/pwn/banner_spec.rb
 - spec/lib/pwn/ffi_spec.rb
+- spec/lib/pwn/log_spec.rb
 - spec/lib/pwn/plugins/android_spec.rb
 - spec/lib/pwn/plugins/ansible_vault_spec.rb
 - spec/lib/pwn/plugins/authentication_helper_spec.rb