pwn 0.4.669 → 0.4.671
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_nmap_discover_tcp_udp +195 -0
- data/bin/pwn_openvas_vulnscan +7 -0
- data/lib/pwn/plugins/nmap_it.rb +7 -1
- data/lib/pwn/plugins/openvas.rb +9 -3
- data/lib/pwn/version.rb +1 -1
- metadata +3 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7da5c11247c09b3a6355dd825d5b200c7b54845d2b02b4a91a2b651ac6e0f693
|
4
|
+
data.tar.gz: 8ae730c8dcc7af833543ac7b999fb075dd53e64cfb8a348791caadc03bf16c4a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7480b0859bedc2c26bc36fef113eeb0981169f500edfe0d3ece6a69b36a5c5e10bffc052c0640d705620e456233254224df1d5a8bb904b3301189572d8d0a2d9
|
7
|
+
data.tar.gz: 6486d7ffa7d468d772639c8666594e21b326de1a5acbafad7fdc966746237df97ed43e7883016d98df3692ad2c0b0a7b623a73162885da0f196f0b1260050375
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.671]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.671]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -0,0 +1,195 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
require 'optparse'
|
5
|
+
require 'nokogiri'
|
6
|
+
require 'pwn'
|
7
|
+
|
8
|
+
opts = {}
|
9
|
+
OptionParser.new do |options|
|
10
|
+
options.banner = "USAGE:
|
11
|
+
#{$PROGRAM_NAME} [opts]
|
12
|
+
"
|
13
|
+
|
14
|
+
options.on('-IRANGE', '--ip-range=RANGE', '<Required - nmap supported ip range e.g. 192.168.1.1-20, 192.168.1.0/24, etc>') do |i|
|
15
|
+
opts[:ip_range] = i
|
16
|
+
end
|
17
|
+
|
18
|
+
options.on('-eFILE', '--target-exclude-file=FILE', '<Optional - nmap excludes file>') do |e|
|
19
|
+
opts[:exclude_file] = e
|
20
|
+
end
|
21
|
+
|
22
|
+
options.on('-iINTERFACE', '--interface=INTERFACE', '<Optional - use specified network interface (Default: eth0)') do |i|
|
23
|
+
opts[:interface] = i
|
24
|
+
end
|
25
|
+
|
26
|
+
options.on('-T', '--tor', '<Optional - Source Scans from Tor Nodes>') do |t|
|
27
|
+
opts[:with_tor] = t
|
28
|
+
end
|
29
|
+
end.parse!
|
30
|
+
|
31
|
+
if opts.empty?
|
32
|
+
puts `#{$PROGRAM_NAME} --help`
|
33
|
+
exit 1
|
34
|
+
end
|
35
|
+
|
36
|
+
ip_range = opts[:ip_range]
|
37
|
+
exclude_file = opts[:exclude_file]
|
38
|
+
exclude_file ||= '/tmp/nmap_targets_exclude.txt'
|
39
|
+
interface = opts[:interface]
|
40
|
+
interface ||= 'eth0'
|
41
|
+
with_tor = true if opts[:with_tor]
|
42
|
+
with_tor ||= false
|
43
|
+
if with_tor
|
44
|
+
tor_obj = PWN::Plugins::Tor.start
|
45
|
+
proxy = "socks4://#{tor_obj[:ip]}:#{tor_obj[:port]}"
|
46
|
+
end
|
47
|
+
|
48
|
+
File.new(exclude_file, 'w') unless File.exist?(exclude_file)
|
49
|
+
nmap_results_root = File.dirname(exclude_file)
|
50
|
+
FileUtils.mkdir_p nmap_results_root
|
51
|
+
puts "nmap Results Saved in: #{nmap_results_root}"
|
52
|
+
|
53
|
+
discovery_ports = {
|
54
|
+
ftp: 21,
|
55
|
+
ssh: 22,
|
56
|
+
telnet: 23,
|
57
|
+
smtp: 25,
|
58
|
+
dns: 53,
|
59
|
+
http: 80,
|
60
|
+
pop3: 110,
|
61
|
+
rpc: 111,
|
62
|
+
ident: 113,
|
63
|
+
ntp: 123,
|
64
|
+
netbios_name_service: 137,
|
65
|
+
netbios_session_service: 139,
|
66
|
+
imap: 143,
|
67
|
+
snmp: 161,
|
68
|
+
ldap: 389,
|
69
|
+
https: 443,
|
70
|
+
smb: 445,
|
71
|
+
smtps: 465,
|
72
|
+
remote_process: 512,
|
73
|
+
login: 513,
|
74
|
+
rsh: 514,
|
75
|
+
ldaps: 636,
|
76
|
+
rsync: 873,
|
77
|
+
imaps: 993,
|
78
|
+
openvpn: 1194,
|
79
|
+
mssql: 1433,
|
80
|
+
oracle: 1521,
|
81
|
+
pptp: 1723,
|
82
|
+
radius: 1812,
|
83
|
+
nfs: 2049,
|
84
|
+
mysql: 3306,
|
85
|
+
rdp: 3389,
|
86
|
+
meterpreter: 4444,
|
87
|
+
upnp: 5000,
|
88
|
+
sip: 5060,
|
89
|
+
postgres: 5432,
|
90
|
+
postgres_alt: 5433,
|
91
|
+
amqp: 5672,
|
92
|
+
vnc: 5900,
|
93
|
+
vncs: 5901,
|
94
|
+
xfree86: 6000,
|
95
|
+
irc: 6667,
|
96
|
+
http_alt: 8080,
|
97
|
+
https_alt: 8443,
|
98
|
+
http_alt2: 8888,
|
99
|
+
http_alt3: 9090,
|
100
|
+
http_alt4: 9999
|
101
|
+
}
|
102
|
+
|
103
|
+
target_file = "#{nmap_results_root}/nmap_targets.txt"
|
104
|
+
latest_discovery_results = "#{nmap_results_root}/nmap_latest_discovery_results"
|
105
|
+
latest_tcp_results = "#{nmap_results_root}/nmap_latest_tcp_results"
|
106
|
+
latest_udp_results = "#{nmap_results_root}/nmap_latest_udp_results"
|
107
|
+
|
108
|
+
begin
|
109
|
+
# Target Discovery Scan
|
110
|
+
PWN::Plugins::NmapIt.port_scan do |nmap|
|
111
|
+
nmap.exclude_file = exclude_file
|
112
|
+
nmap.interface = interface
|
113
|
+
nmap.aggressive_timing = true
|
114
|
+
nmap.ping = true
|
115
|
+
nmap.arp_ping = true
|
116
|
+
nmap.icmp_echo_discovery = true
|
117
|
+
nmap.icmp_timestamp_discovery = true
|
118
|
+
nmap.syn_discovery = discovery_ports.values
|
119
|
+
nmap.ack_discovery = discovery_ports.values
|
120
|
+
nmap.udp_discovery = discovery_ports.values
|
121
|
+
nmap.sctp_init_ping = discovery_ports.values
|
122
|
+
nmap.output_all = latest_discovery_results
|
123
|
+
nmap.targets = ip_range
|
124
|
+
nmap.proxies = proxy if with_tor
|
125
|
+
end
|
126
|
+
|
127
|
+
# Generate targets.txt from discovery above
|
128
|
+
# taking into consideration IPs to skip scans
|
129
|
+
File.open(target_file, 'w') do |f|
|
130
|
+
PWN::Plugins::NmapIt.parse_xml_results(
|
131
|
+
xml_file: "#{latest_discovery_results}.xml"
|
132
|
+
) do |xml|
|
133
|
+
xml.each_host do |host|
|
134
|
+
f.puts host.ip unless File.read(exclude_file).include?(host.ip)
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
# Switch Tor Exit Node if with_tor
|
140
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
|
141
|
+
|
142
|
+
# TCP Scan
|
143
|
+
PWN::Plugins::NmapIt.port_scan do |nmap|
|
144
|
+
nmap.target_file = target_file
|
145
|
+
nmap.show_reason = true
|
146
|
+
nmap.exclude_file = exclude_file
|
147
|
+
nmap.interface = interface
|
148
|
+
nmap.min_host_group = 3
|
149
|
+
nmap.host_timeout = '999m'
|
150
|
+
nmap.aggressive_timing = true
|
151
|
+
nmap.skip_discovery = true
|
152
|
+
nmap.syn_scan = true
|
153
|
+
nmap.default_script = true
|
154
|
+
nmap.update_scriptdb = true
|
155
|
+
nmap.service_scan = true
|
156
|
+
nmap.os_fingerprint = true
|
157
|
+
nmap.verbose = true
|
158
|
+
nmap.all = true
|
159
|
+
nmap.ports = [1..65_535]
|
160
|
+
nmap.output_all = latest_tcp_results
|
161
|
+
nmap.proxies = proxy if with_tor
|
162
|
+
end
|
163
|
+
FileUtils.cp("#{latest_tcp_results}.nmap", "#{latest_tcp_results}.txt")
|
164
|
+
|
165
|
+
# Switch Tor Exit Node if with_tor
|
166
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
|
167
|
+
|
168
|
+
# UDP Scan
|
169
|
+
PWN::Plugins::NmapIt.port_scan do |nmap|
|
170
|
+
nmap.target_file = target_file
|
171
|
+
nmap.show_reason = true
|
172
|
+
nmap.exclude_file = exclude_file
|
173
|
+
nmap.interface = interface
|
174
|
+
nmap.min_host_group = 3
|
175
|
+
nmap.host_timeout = '999m'
|
176
|
+
nmap.aggressive_timing = true
|
177
|
+
nmap.skip_discovery = true
|
178
|
+
nmap.udp_scan = true
|
179
|
+
nmap.default_script = true
|
180
|
+
nmap.update_scriptdb = true
|
181
|
+
nmap.service_scan = true
|
182
|
+
nmap.os_fingerprint = true
|
183
|
+
nmap.verbose = true
|
184
|
+
nmap.all = true
|
185
|
+
nmap.output_all = latest_udp_results
|
186
|
+
nmap.proxies = proxy if with_tor
|
187
|
+
end
|
188
|
+
FileUtils.cp("#{latest_udp_results}.nmap", "#{latest_udp_results}.txt")
|
189
|
+
rescue SystemExit, Interrupt
|
190
|
+
puts "\nGoodbye."
|
191
|
+
rescue StandardError => e
|
192
|
+
raise e
|
193
|
+
ensure
|
194
|
+
tor_obj = PWN::Plugins::Tor.stop(tor_obj: tor_obj) if with_tor
|
195
|
+
end
|
data/bin/pwn_openvas_vulnscan
CHANGED
@@ -25,6 +25,10 @@ OptionParser.new do |options|
|
|
25
25
|
options.on('-pPASSWORD', '--password=PASSWORD', '<Optional - Password to AuthN (Will Prompt if nil)>') do |p|
|
26
26
|
opts[:password] = p
|
27
27
|
end
|
28
|
+
|
29
|
+
options.on('-fFILTER', '--report-filter=FILTER', '<Optional - GVM Results Filter (Default: "apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity")>') do |p|
|
30
|
+
opts[:password] = p
|
31
|
+
end
|
28
32
|
end.parse!
|
29
33
|
|
30
34
|
if opts.empty?
|
@@ -46,6 +50,8 @@ password = if opts[:password].nil?
|
|
46
50
|
opts[:password].to_s.scrub
|
47
51
|
end
|
48
52
|
|
53
|
+
report_filter = opts[:report_filter]
|
54
|
+
|
49
55
|
begin
|
50
56
|
start_time = Time.now
|
51
57
|
puts "Started: #{start_time}"
|
@@ -89,6 +95,7 @@ begin
|
|
89
95
|
report_type: :csv,
|
90
96
|
report_id: last_report_id,
|
91
97
|
report_dir: report_dir,
|
98
|
+
report_filter: report_filter,
|
92
99
|
username: username,
|
93
100
|
password: password
|
94
101
|
)
|
data/lib/pwn/plugins/nmap_it.rb
CHANGED
@@ -5,11 +5,17 @@ require 'nmap/xml'
|
|
5
5
|
|
6
6
|
module PWN
|
7
7
|
module Plugins
|
8
|
-
# This plugin is used as an interface to nmap, the exploration tool and security / port scanner.
|
8
|
+
# This plugin is used as an interface to nmap, the exploration tool and security / port scanner. More info on available options can be found at: https://github.com/postmodern/ruby-nmap/blob/main/lib/nmap/command.rb
|
9
9
|
module NmapIt
|
10
10
|
# Supported Method Parameters::
|
11
11
|
# PWN::Plugins::NmapIt.port_scan do |nmap|
|
12
12
|
# puts nmap.public_methods
|
13
|
+
# nmap.connect_scan = true
|
14
|
+
# nmap.service_scan = true
|
15
|
+
# nmap.verbose = true
|
16
|
+
# nmap.ports = [1..1024,1337]
|
17
|
+
# nmap.targets = '127.0.0.1'
|
18
|
+
# nmap.xml = '/tmp/nmap_port_scan_res.xml'
|
13
19
|
# end
|
14
20
|
|
15
21
|
public_class_method def self.port_scan
|
data/lib/pwn/plugins/openvas.rb
CHANGED
@@ -147,8 +147,10 @@ module PWN
|
|
147
147
|
# PWN::Plugins::OpenVAS.save_report(
|
148
148
|
# report_type: 'required report type (csv|itg|pdf|txt|xml)',
|
149
149
|
# report_id: 'required report id to save',
|
150
|
+
# report_dir: 'required directory to save report',
|
150
151
|
# username: 'required username',
|
151
|
-
# password: 'optional password (will prompt if nil)'
|
152
|
+
# password: 'optional password (will prompt if nil)',
|
153
|
+
# report_filter: 'optional - results filter (Default: "apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity")
|
152
154
|
# )
|
153
155
|
|
154
156
|
public_class_method def self.save_report(opts = {})
|
@@ -167,6 +169,9 @@ module PWN
|
|
167
169
|
opts[:password].to_s.scrub
|
168
170
|
end
|
169
171
|
|
172
|
+
report_filter = opts[:report_filter]
|
173
|
+
report_filter ||= 'apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity'
|
174
|
+
|
170
175
|
case report_type.to_sym
|
171
176
|
when :csv
|
172
177
|
report_type_name = 'CSV Results'
|
@@ -203,7 +208,7 @@ module PWN
|
|
203
208
|
--gmp-username '#{username}' \
|
204
209
|
--gmp-password '#{password}' \
|
205
210
|
socket \
|
206
|
-
--xml="<get_reports report_id='#{report_id}' format_id='#{format_id}' details='1' />"
|
211
|
+
--xml="<get_reports report_id='#{report_id}' format_id='#{format_id}' filter='#{report_filter}' details='1' />"
|
207
212
|
`
|
208
213
|
)
|
209
214
|
|
@@ -292,7 +297,8 @@ module PWN
|
|
292
297
|
report_id: 'required report id to save',
|
293
298
|
report_dir: 'required directory to save report',
|
294
299
|
username: 'required username',
|
295
|
-
password: 'optional password (will prompt if nil)'
|
300
|
+
password: 'optional password (will prompt if nil)',
|
301
|
+
report_filter: 'optional - results filter (Default: \"apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity\")
|
296
302
|
)
|
297
303
|
|
298
304
|
report_types = #{self}.get_report_types(
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.671
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
@@ -1123,6 +1123,7 @@ executables:
|
|
1123
1123
|
- pwn_nessus_cloud_scan_crud
|
1124
1124
|
- pwn_nessus_cloud_vulnscan
|
1125
1125
|
- pwn_nexpose
|
1126
|
+
- pwn_nmap_discover_tcp_udp
|
1126
1127
|
- pwn_openvas_vulnscan
|
1127
1128
|
- pwn_owasp_zap_active_scan
|
1128
1129
|
- pwn_pastebin_sample_filter
|
@@ -1190,6 +1191,7 @@ files:
|
|
1190
1191
|
- bin/pwn_nessus_cloud_scan_crud
|
1191
1192
|
- bin/pwn_nessus_cloud_vulnscan
|
1192
1193
|
- bin/pwn_nexpose
|
1194
|
+
- bin/pwn_nmap_discover_tcp_udp
|
1193
1195
|
- bin/pwn_openvas_vulnscan
|
1194
1196
|
- bin/pwn_owasp_zap_active_scan
|
1195
1197
|
- bin/pwn_pastebin_sample_filter
|