pwn 0.4.660 → 0.4.662
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_nessus_cloud_vulnscan +2 -1
- data/lib/pwn/log.rb +117 -0
- data/lib/pwn/plugins/ansible_vault.rb +0 -2
- data/lib/pwn/plugins/baresip.rb +0 -1
- data/lib/pwn/plugins/burp_suite.rb +0 -2
- data/lib/pwn/plugins/char.rb +0 -2
- data/lib/pwn/plugins/fuzz.rb +0 -2
- data/lib/pwn/plugins/open_ai.rb +2 -5
- data/lib/pwn/plugins/pony.rb +0 -1
- data/lib/pwn/plugins/spider.rb +0 -2
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn.rb +1 -0
- data/spec/lib/pwn/log_spec.rb +10 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a7f9d4bd6a0a71ea65b8724013bb92fd9eb381ef0c7fb947e29b895bb0192569
|
4
|
+
data.tar.gz: b701eba227bf7c8fb36b034531f5112061ef1d550e0634e49d417ebd8929079c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 59deae1117fe9e5078802c0c276779a2eb68d78eb57710e0da89ebf1ce0b4cc3cdf507a6c6498e921dc09cf59e4e10031c422d3352264dab8205e6f10bb637b0
|
7
|
+
data.tar.gz: 68fb679b424a65bf6926ba98b72118732d1d58f588f2a8819f1e6c1d94e7879839f9a4bb676c31a92da4bd00ea8a59a951c48cc4ae1bd9cdbbbc66cce96cb5e1
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.662]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.662]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -77,7 +77,8 @@ begin
|
|
77
77
|
)
|
78
78
|
|
79
79
|
scan_status = scan_status_resp[:status]
|
80
|
-
break if scan_status != 'initializing' && scan_status != 'pending' && scan_status != 'running'
|
80
|
+
break if scan_status != 'initializing' && scan_status != 'pending' && scan_status != 'running' && scan_status != 'publishing'
|
81
|
+
# break if scan_status == 'completed'
|
81
82
|
end
|
82
83
|
|
83
84
|
raise "Scan status reached an unexpected condition: #{scan_status}. Re-verify the scan config for, '#{scan_name}' and try again." unless scan_status == 'completed'
|
data/lib/pwn/log.rb
ADDED
@@ -0,0 +1,117 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'json'
|
4
|
+
require 'logger'
|
5
|
+
require 'securerandom'
|
6
|
+
|
7
|
+
module PWN
|
8
|
+
# This plugin is used to instantiate a PWN logger with a custom message format
|
9
|
+
module Log
|
10
|
+
# Supported Method Parameters::
|
11
|
+
# PWN::Log.create(
|
12
|
+
# )
|
13
|
+
public_class_method def self.append(opts = {})
|
14
|
+
level = opts[:level].to_s.downcase.to_sym
|
15
|
+
msg = opts[:msg]
|
16
|
+
which_self = opts[:which_self].to_s
|
17
|
+
|
18
|
+
driver_name = File.basename($PROGRAM_NAME)
|
19
|
+
|
20
|
+
# Only attempt to exit gracefully if level == :error
|
21
|
+
exit_gracefully = false
|
22
|
+
|
23
|
+
# Define Date / Time Format
|
24
|
+
datetime_str = '%Y-%m-%d %H:%M:%S.%N%z'
|
25
|
+
|
26
|
+
# Always append to log file
|
27
|
+
if level == :learning
|
28
|
+
session = SecureRandom.hex
|
29
|
+
log_file_path = "/tmp/pwn-ai-#{session}.json" if level == :learning
|
30
|
+
log_file = File.open(log_file_path, 'w')
|
31
|
+
else
|
32
|
+
log_file_path = '/tmp/pwn.log'
|
33
|
+
log_file = File.open(log_file_path, 'a')
|
34
|
+
end
|
35
|
+
|
36
|
+
# Leave 10 "old" log files where
|
37
|
+
# each file is ~ 1,024,000 bytes
|
38
|
+
logger = Logger.new(
|
39
|
+
log_file,
|
40
|
+
10,
|
41
|
+
1_024_000
|
42
|
+
)
|
43
|
+
logger.datetime_format = datetime_str
|
44
|
+
|
45
|
+
case level
|
46
|
+
when :debug
|
47
|
+
logger.level = Logger::DEBUG
|
48
|
+
when :error
|
49
|
+
logger.level = Logger::ERROR
|
50
|
+
exit_gracefully = true unless driver_name == 'pwn'
|
51
|
+
puts "\nERROR: See #{log_file_path} for more details." if driver_name == 'pwn'
|
52
|
+
when :fatal
|
53
|
+
# This is reserved for the PWN::UI::Exit module
|
54
|
+
# if the Interrupt or StandardError exceptions are
|
55
|
+
# triggered. This prevents infintely attempting to
|
56
|
+
# exit if something in the module fails.
|
57
|
+
logger.level = Logger::FATAL
|
58
|
+
if driver_name == 'pwn'
|
59
|
+
puts "\n FATAL ERROR: See #{log_file_path} for more details."
|
60
|
+
end
|
61
|
+
when :info, :learning
|
62
|
+
logger.level = Logger::INFO
|
63
|
+
when :unknown
|
64
|
+
logger.level = Logger::UNKNOWN
|
65
|
+
when :warn
|
66
|
+
logger.level = Logger::WARN
|
67
|
+
else
|
68
|
+
level_error = "ERROR: Invalid log level. Valid options are:\n"
|
69
|
+
level_error += ":debug\n:error\n:fatal\n:info\n:learning\n:unknown\n:warn\n"
|
70
|
+
raise level_error
|
71
|
+
end
|
72
|
+
|
73
|
+
if level == :learning
|
74
|
+
log_event = msg
|
75
|
+
logger.formatter = proc do |_severity, _datetime, _progname, learning_arr|
|
76
|
+
JSON.pretty_generate(
|
77
|
+
learning_data: learning_arr
|
78
|
+
)
|
79
|
+
end
|
80
|
+
else
|
81
|
+
log_event = "driver: #{driver_name}"
|
82
|
+
|
83
|
+
if msg.instance_of?(Interrupt)
|
84
|
+
logger.level = Logger::WARN
|
85
|
+
if driver_name == 'pwn'
|
86
|
+
log_event += ' => CTRL+C Detected.'
|
87
|
+
else
|
88
|
+
log_event += ' => CTRL+C Detected...Exiting Session.'
|
89
|
+
exit_gracefully = true unless driver_name == 'pwn'
|
90
|
+
end
|
91
|
+
else
|
92
|
+
log_event += " => #{msg}"
|
93
|
+
if msg.respond_to?('backtrace') && !msg.instance_of?(Errno::ECONNRESET)
|
94
|
+
log_event += " => \n\t#{msg.backtrace.join("\n\t")}"
|
95
|
+
log_event += "\n\n\n"
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
logger.add(logger.level, log_event, which_self)
|
101
|
+
rescue Interrupt, StandardError => e
|
102
|
+
raise e
|
103
|
+
end
|
104
|
+
|
105
|
+
# Display Usage for this Module
|
106
|
+
|
107
|
+
public_class_method def self.help
|
108
|
+
puts "USAGE:
|
109
|
+
logger = #{self}.append(
|
110
|
+
level: 'required - log verbosity :debug|:error|:fatal|:info|:learning|:unknown|:warn',
|
111
|
+
msg: 'required - message to log',
|
112
|
+
which_self: 'required - pass in self object from module calling #{self}'
|
113
|
+
)
|
114
|
+
"
|
115
|
+
end
|
116
|
+
end
|
117
|
+
end
|
@@ -6,8 +6,6 @@ module PWN
|
|
6
6
|
# Used to encrypt/decrypt configuration files leveraging AES256
|
7
7
|
# (ansible-vault utility wrapper)
|
8
8
|
module AnsibleVault
|
9
|
-
@@logger = PWN::Plugins::PWNLogger.create
|
10
|
-
|
11
9
|
# Supported Method Parameters::
|
12
10
|
# PWN::Plugins::AnsibleVault.encrypt(
|
13
11
|
# yaml_config: 'required - yaml config to encrypt',
|
data/lib/pwn/plugins/baresip.rb
CHANGED
@@ -14,8 +14,6 @@ module PWN
|
|
14
14
|
# browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',
|
15
15
|
# )
|
16
16
|
|
17
|
-
@@logger = PWN::Plugins::PWNLogger.create
|
18
|
-
|
19
17
|
public_class_method def self.start(opts = {})
|
20
18
|
burp_jar_path = opts[:burp_jar_path]
|
21
19
|
raise 'Invalid path to burp jar file. Please check your spelling and try again.' unless File.exist?(burp_jar_path)
|
data/lib/pwn/plugins/char.rb
CHANGED
@@ -7,8 +7,6 @@ module PWN
|
|
7
7
|
module Plugins
|
8
8
|
# This plugin was created to generate various characters for fuzzing
|
9
9
|
module Char
|
10
|
-
@@logger = PWN::Plugins::PWNLogger.create
|
11
|
-
|
12
10
|
# Supported Method Parameters::
|
13
11
|
# PWN::Plugins::Char.generate_by_range(
|
14
12
|
# from: 'required - integer to start from',
|
data/lib/pwn/plugins/fuzz.rb
CHANGED
@@ -8,8 +8,6 @@ module PWN
|
|
8
8
|
module Plugins
|
9
9
|
# This plugin was created to support fuzzing various networking protocols
|
10
10
|
module Fuzz
|
11
|
-
@@logger = PWN::Plugins::PWNLogger.create
|
12
|
-
|
13
11
|
# Supported Method Parameters::
|
14
12
|
# socket_fuzz_results_arr = PWN::Plugins::Fuzz.socket(
|
15
13
|
# target: 'required - target host or ip',
|
data/lib/pwn/plugins/open_ai.rb
CHANGED
@@ -11,8 +11,6 @@ module PWN
|
|
11
11
|
# This is based on the following OpenAI API Specification:
|
12
12
|
# https://api.openai.com/v1
|
13
13
|
module OpenAI
|
14
|
-
@@logger = PWN::Plugins::PWNLogger.create
|
15
|
-
|
16
14
|
# Supported Method Parameters::
|
17
15
|
# open_ai_rest_call(
|
18
16
|
# token: 'required - open_ai bearer token',
|
@@ -146,13 +144,14 @@ module PWN
|
|
146
144
|
|
147
145
|
gpt = true if model.include?('gpt-3.5') || model.include?('gpt-4')
|
148
146
|
|
147
|
+
max_tokens = 4_096 - (request.to_s.length / 4)
|
148
|
+
|
149
149
|
if gpt
|
150
150
|
rest_call = 'chat/completions'
|
151
151
|
|
152
152
|
response_history = opts[:response_history]
|
153
153
|
|
154
154
|
max_tokens = response_history[:usage][:total_tokens] unless response_history.nil?
|
155
|
-
max_tokens ||= 4_096 - (request.to_s.length / 4)
|
156
155
|
max_tokens = 8_192 - (request.to_s.length / 4) if model.include?('gpt-4')
|
157
156
|
max_tokens = 32_768 - (request.to_s.length / 4) if model.include?('gpt-4-32k')
|
158
157
|
max_tokens = 300 unless max_tokens.positive?
|
@@ -191,7 +190,6 @@ module PWN
|
|
191
190
|
else
|
192
191
|
# Per https://openai.com/pricing:
|
193
192
|
# For English text, 1 token is approximately 4 characters or 0.75 words.
|
194
|
-
max_tokens = 4_097 - (request.to_s.length / 4)
|
195
193
|
max_tokens = 300 unless max_tokens.positive?
|
196
194
|
|
197
195
|
rest_call = 'completions'
|
@@ -541,7 +539,6 @@ module PWN
|
|
541
539
|
public_class_method def self.delete_file(opts = {})
|
542
540
|
token = opts[:token]
|
543
541
|
file = opts[:file]
|
544
|
-
raise "ERROR: #{file} not found." unless File.exist?(file)
|
545
542
|
|
546
543
|
response = list_files(token: token)
|
547
544
|
file_id = response[:data].select { |f| f if f[:filename] == File.basename(file) }.first[:id]
|
data/lib/pwn/plugins/pony.rb
CHANGED
@@ -10,7 +10,6 @@ module PWN
|
|
10
10
|
# This module's purpose is to exist until the necessary
|
11
11
|
# functionality can be integrated into PWN::Plugins::MailAgent
|
12
12
|
module Pony
|
13
|
-
@@logger = PWN::Plugins::PWNLogger.create
|
14
13
|
@@options = {}
|
15
14
|
@@override_options = {}
|
16
15
|
@@subject_prefix = false
|
data/lib/pwn/plugins/spider.rb
CHANGED
@@ -13,8 +13,6 @@ module PWN
|
|
13
13
|
# proxy: 'optional - proxy to spider through e.g. http://127.0.0.1:8080'
|
14
14
|
# )
|
15
15
|
|
16
|
-
@@logger = PWN::Plugins::PWNLogger.create
|
17
|
-
|
18
16
|
public_class_method def self.crawl(opts = {})
|
19
17
|
# TODO: Add AuthN Support
|
20
18
|
# FYI: Anemone very well may have a memory leak.
|
data/lib/pwn/version.rb
CHANGED
data/lib/pwn.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.662
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-05-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -1629,6 +1629,7 @@ files:
|
|
1629
1629
|
- lib/pwn/banner/off_the_air.rb
|
1630
1630
|
- lib/pwn/banner/pirate.rb
|
1631
1631
|
- lib/pwn/ffi.rb
|
1632
|
+
- lib/pwn/log.rb
|
1632
1633
|
- lib/pwn/plugins.rb
|
1633
1634
|
- lib/pwn/plugins/android.rb
|
1634
1635
|
- lib/pwn/plugins/ansible_vault.rb
|
@@ -1937,6 +1938,7 @@ files:
|
|
1937
1938
|
- spec/lib/pwn/banner/pirate_spec.rb
|
1938
1939
|
- spec/lib/pwn/banner_spec.rb
|
1939
1940
|
- spec/lib/pwn/ffi_spec.rb
|
1941
|
+
- spec/lib/pwn/log_spec.rb
|
1940
1942
|
- spec/lib/pwn/plugins/android_spec.rb
|
1941
1943
|
- spec/lib/pwn/plugins/ansible_vault_spec.rb
|
1942
1944
|
- spec/lib/pwn/plugins/authentication_helper_spec.rb
|