pwn 0.4.670 → 0.4.671
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_nmap_discover_tcp_udp +195 -0
- data/lib/pwn/plugins/nmap_it.rb +7 -1
- data/lib/pwn/plugins/openvas.rb +8 -6
- data/lib/pwn/version.rb +1 -1
- metadata +3 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7da5c11247c09b3a6355dd825d5b200c7b54845d2b02b4a91a2b651ac6e0f693
|
4
|
+
data.tar.gz: 8ae730c8dcc7af833543ac7b999fb075dd53e64cfb8a348791caadc03bf16c4a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7480b0859bedc2c26bc36fef113eeb0981169f500edfe0d3ece6a69b36a5c5e10bffc052c0640d705620e456233254224df1d5a8bb904b3301189572d8d0a2d9
|
7
|
+
data.tar.gz: 6486d7ffa7d468d772639c8666594e21b326de1a5acbafad7fdc966746237df97ed43e7883016d98df3692ad2c0b0a7b623a73162885da0f196f0b1260050375
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.671]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.671]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -0,0 +1,195 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
require 'optparse'
|
5
|
+
require 'nokogiri'
|
6
|
+
require 'pwn'
|
7
|
+
|
8
|
+
opts = {}
|
9
|
+
OptionParser.new do |options|
|
10
|
+
options.banner = "USAGE:
|
11
|
+
#{$PROGRAM_NAME} [opts]
|
12
|
+
"
|
13
|
+
|
14
|
+
options.on('-IRANGE', '--ip-range=RANGE', '<Required - nmap supported ip range e.g. 192.168.1.1-20, 192.168.1.0/24, etc>') do |i|
|
15
|
+
opts[:ip_range] = i
|
16
|
+
end
|
17
|
+
|
18
|
+
options.on('-eFILE', '--target-exclude-file=FILE', '<Optional - nmap excludes file>') do |e|
|
19
|
+
opts[:exclude_file] = e
|
20
|
+
end
|
21
|
+
|
22
|
+
options.on('-iINTERFACE', '--interface=INTERFACE', '<Optional - use specified network interface (Default: eth0)') do |i|
|
23
|
+
opts[:interface] = i
|
24
|
+
end
|
25
|
+
|
26
|
+
options.on('-T', '--tor', '<Optional - Source Scans from Tor Nodes>') do |t|
|
27
|
+
opts[:with_tor] = t
|
28
|
+
end
|
29
|
+
end.parse!
|
30
|
+
|
31
|
+
if opts.empty?
|
32
|
+
puts `#{$PROGRAM_NAME} --help`
|
33
|
+
exit 1
|
34
|
+
end
|
35
|
+
|
36
|
+
ip_range = opts[:ip_range]
|
37
|
+
exclude_file = opts[:exclude_file]
|
38
|
+
exclude_file ||= '/tmp/nmap_targets_exclude.txt'
|
39
|
+
interface = opts[:interface]
|
40
|
+
interface ||= 'eth0'
|
41
|
+
with_tor = true if opts[:with_tor]
|
42
|
+
with_tor ||= false
|
43
|
+
if with_tor
|
44
|
+
tor_obj = PWN::Plugins::Tor.start
|
45
|
+
proxy = "socks4://#{tor_obj[:ip]}:#{tor_obj[:port]}"
|
46
|
+
end
|
47
|
+
|
48
|
+
File.new(exclude_file, 'w') unless File.exist?(exclude_file)
|
49
|
+
nmap_results_root = File.dirname(exclude_file)
|
50
|
+
FileUtils.mkdir_p nmap_results_root
|
51
|
+
puts "nmap Results Saved in: #{nmap_results_root}"
|
52
|
+
|
53
|
+
discovery_ports = {
|
54
|
+
ftp: 21,
|
55
|
+
ssh: 22,
|
56
|
+
telnet: 23,
|
57
|
+
smtp: 25,
|
58
|
+
dns: 53,
|
59
|
+
http: 80,
|
60
|
+
pop3: 110,
|
61
|
+
rpc: 111,
|
62
|
+
ident: 113,
|
63
|
+
ntp: 123,
|
64
|
+
netbios_name_service: 137,
|
65
|
+
netbios_session_service: 139,
|
66
|
+
imap: 143,
|
67
|
+
snmp: 161,
|
68
|
+
ldap: 389,
|
69
|
+
https: 443,
|
70
|
+
smb: 445,
|
71
|
+
smtps: 465,
|
72
|
+
remote_process: 512,
|
73
|
+
login: 513,
|
74
|
+
rsh: 514,
|
75
|
+
ldaps: 636,
|
76
|
+
rsync: 873,
|
77
|
+
imaps: 993,
|
78
|
+
openvpn: 1194,
|
79
|
+
mssql: 1433,
|
80
|
+
oracle: 1521,
|
81
|
+
pptp: 1723,
|
82
|
+
radius: 1812,
|
83
|
+
nfs: 2049,
|
84
|
+
mysql: 3306,
|
85
|
+
rdp: 3389,
|
86
|
+
meterpreter: 4444,
|
87
|
+
upnp: 5000,
|
88
|
+
sip: 5060,
|
89
|
+
postgres: 5432,
|
90
|
+
postgres_alt: 5433,
|
91
|
+
amqp: 5672,
|
92
|
+
vnc: 5900,
|
93
|
+
vncs: 5901,
|
94
|
+
xfree86: 6000,
|
95
|
+
irc: 6667,
|
96
|
+
http_alt: 8080,
|
97
|
+
https_alt: 8443,
|
98
|
+
http_alt2: 8888,
|
99
|
+
http_alt3: 9090,
|
100
|
+
http_alt4: 9999
|
101
|
+
}
|
102
|
+
|
103
|
+
target_file = "#{nmap_results_root}/nmap_targets.txt"
|
104
|
+
latest_discovery_results = "#{nmap_results_root}/nmap_latest_discovery_results"
|
105
|
+
latest_tcp_results = "#{nmap_results_root}/nmap_latest_tcp_results"
|
106
|
+
latest_udp_results = "#{nmap_results_root}/nmap_latest_udp_results"
|
107
|
+
|
108
|
+
begin
|
109
|
+
# Target Discovery Scan
|
110
|
+
PWN::Plugins::NmapIt.port_scan do |nmap|
|
111
|
+
nmap.exclude_file = exclude_file
|
112
|
+
nmap.interface = interface
|
113
|
+
nmap.aggressive_timing = true
|
114
|
+
nmap.ping = true
|
115
|
+
nmap.arp_ping = true
|
116
|
+
nmap.icmp_echo_discovery = true
|
117
|
+
nmap.icmp_timestamp_discovery = true
|
118
|
+
nmap.syn_discovery = discovery_ports.values
|
119
|
+
nmap.ack_discovery = discovery_ports.values
|
120
|
+
nmap.udp_discovery = discovery_ports.values
|
121
|
+
nmap.sctp_init_ping = discovery_ports.values
|
122
|
+
nmap.output_all = latest_discovery_results
|
123
|
+
nmap.targets = ip_range
|
124
|
+
nmap.proxies = proxy if with_tor
|
125
|
+
end
|
126
|
+
|
127
|
+
# Generate targets.txt from discovery above
|
128
|
+
# taking into consideration IPs to skip scans
|
129
|
+
File.open(target_file, 'w') do |f|
|
130
|
+
PWN::Plugins::NmapIt.parse_xml_results(
|
131
|
+
xml_file: "#{latest_discovery_results}.xml"
|
132
|
+
) do |xml|
|
133
|
+
xml.each_host do |host|
|
134
|
+
f.puts host.ip unless File.read(exclude_file).include?(host.ip)
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
# Switch Tor Exit Node if with_tor
|
140
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
|
141
|
+
|
142
|
+
# TCP Scan
|
143
|
+
PWN::Plugins::NmapIt.port_scan do |nmap|
|
144
|
+
nmap.target_file = target_file
|
145
|
+
nmap.show_reason = true
|
146
|
+
nmap.exclude_file = exclude_file
|
147
|
+
nmap.interface = interface
|
148
|
+
nmap.min_host_group = 3
|
149
|
+
nmap.host_timeout = '999m'
|
150
|
+
nmap.aggressive_timing = true
|
151
|
+
nmap.skip_discovery = true
|
152
|
+
nmap.syn_scan = true
|
153
|
+
nmap.default_script = true
|
154
|
+
nmap.update_scriptdb = true
|
155
|
+
nmap.service_scan = true
|
156
|
+
nmap.os_fingerprint = true
|
157
|
+
nmap.verbose = true
|
158
|
+
nmap.all = true
|
159
|
+
nmap.ports = [1..65_535]
|
160
|
+
nmap.output_all = latest_tcp_results
|
161
|
+
nmap.proxies = proxy if with_tor
|
162
|
+
end
|
163
|
+
FileUtils.cp("#{latest_tcp_results}.nmap", "#{latest_tcp_results}.txt")
|
164
|
+
|
165
|
+
# Switch Tor Exit Node if with_tor
|
166
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
|
167
|
+
|
168
|
+
# UDP Scan
|
169
|
+
PWN::Plugins::NmapIt.port_scan do |nmap|
|
170
|
+
nmap.target_file = target_file
|
171
|
+
nmap.show_reason = true
|
172
|
+
nmap.exclude_file = exclude_file
|
173
|
+
nmap.interface = interface
|
174
|
+
nmap.min_host_group = 3
|
175
|
+
nmap.host_timeout = '999m'
|
176
|
+
nmap.aggressive_timing = true
|
177
|
+
nmap.skip_discovery = true
|
178
|
+
nmap.udp_scan = true
|
179
|
+
nmap.default_script = true
|
180
|
+
nmap.update_scriptdb = true
|
181
|
+
nmap.service_scan = true
|
182
|
+
nmap.os_fingerprint = true
|
183
|
+
nmap.verbose = true
|
184
|
+
nmap.all = true
|
185
|
+
nmap.output_all = latest_udp_results
|
186
|
+
nmap.proxies = proxy if with_tor
|
187
|
+
end
|
188
|
+
FileUtils.cp("#{latest_udp_results}.nmap", "#{latest_udp_results}.txt")
|
189
|
+
rescue SystemExit, Interrupt
|
190
|
+
puts "\nGoodbye."
|
191
|
+
rescue StandardError => e
|
192
|
+
raise e
|
193
|
+
ensure
|
194
|
+
tor_obj = PWN::Plugins::Tor.stop(tor_obj: tor_obj) if with_tor
|
195
|
+
end
|
data/lib/pwn/plugins/nmap_it.rb
CHANGED
@@ -5,11 +5,17 @@ require 'nmap/xml'
|
|
5
5
|
|
6
6
|
module PWN
|
7
7
|
module Plugins
|
8
|
-
# This plugin is used as an interface to nmap, the exploration tool and security / port scanner.
|
8
|
+
# This plugin is used as an interface to nmap, the exploration tool and security / port scanner. More info on available options can be found at: https://github.com/postmodern/ruby-nmap/blob/main/lib/nmap/command.rb
|
9
9
|
module NmapIt
|
10
10
|
# Supported Method Parameters::
|
11
11
|
# PWN::Plugins::NmapIt.port_scan do |nmap|
|
12
12
|
# puts nmap.public_methods
|
13
|
+
# nmap.connect_scan = true
|
14
|
+
# nmap.service_scan = true
|
15
|
+
# nmap.verbose = true
|
16
|
+
# nmap.ports = [1..1024,1337]
|
17
|
+
# nmap.targets = '127.0.0.1'
|
18
|
+
# nmap.xml = '/tmp/nmap_port_scan_res.xml'
|
13
19
|
# end
|
14
20
|
|
15
21
|
public_class_method def self.port_scan
|
data/lib/pwn/plugins/openvas.rb
CHANGED
@@ -147,9 +147,10 @@ module PWN
|
|
147
147
|
# PWN::Plugins::OpenVAS.save_report(
|
148
148
|
# report_type: 'required report type (csv|itg|pdf|txt|xml)',
|
149
149
|
# report_id: 'required report id to save',
|
150
|
-
#
|
150
|
+
# report_dir: 'required directory to save report',
|
151
151
|
# username: 'required username',
|
152
|
-
# password: 'optional password (will prompt if nil)'
|
152
|
+
# password: 'optional password (will prompt if nil)',
|
153
|
+
# report_filter: 'optional - results filter (Default: "apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity")
|
153
154
|
# )
|
154
155
|
|
155
156
|
public_class_method def self.save_report(opts = {})
|
@@ -160,9 +161,6 @@ module PWN
|
|
160
161
|
report_dir
|
161
162
|
)
|
162
163
|
|
163
|
-
report_filter = opts[:report_filter]
|
164
|
-
report_filter ||= 'apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity'
|
165
|
-
|
166
164
|
username = opts[:username].to_s.scrub
|
167
165
|
|
168
166
|
password = if opts[:password].nil?
|
@@ -171,6 +169,9 @@ module PWN
|
|
171
169
|
opts[:password].to_s.scrub
|
172
170
|
end
|
173
171
|
|
172
|
+
report_filter = opts[:report_filter]
|
173
|
+
report_filter ||= 'apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity'
|
174
|
+
|
174
175
|
case report_type.to_sym
|
175
176
|
when :csv
|
176
177
|
report_type_name = 'CSV Results'
|
@@ -296,7 +297,8 @@ module PWN
|
|
296
297
|
report_id: 'required report id to save',
|
297
298
|
report_dir: 'required directory to save report',
|
298
299
|
username: 'required username',
|
299
|
-
password: 'optional password (will prompt if nil)'
|
300
|
+
password: 'optional password (will prompt if nil)',
|
301
|
+
report_filter: 'optional - results filter (Default: \"apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity\")
|
300
302
|
)
|
301
303
|
|
302
304
|
report_types = #{self}.get_report_types(
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.671
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
@@ -1123,6 +1123,7 @@ executables:
|
|
1123
1123
|
- pwn_nessus_cloud_scan_crud
|
1124
1124
|
- pwn_nessus_cloud_vulnscan
|
1125
1125
|
- pwn_nexpose
|
1126
|
+
- pwn_nmap_discover_tcp_udp
|
1126
1127
|
- pwn_openvas_vulnscan
|
1127
1128
|
- pwn_owasp_zap_active_scan
|
1128
1129
|
- pwn_pastebin_sample_filter
|
@@ -1190,6 +1191,7 @@ files:
|
|
1190
1191
|
- bin/pwn_nessus_cloud_scan_crud
|
1191
1192
|
- bin/pwn_nessus_cloud_vulnscan
|
1192
1193
|
- bin/pwn_nexpose
|
1194
|
+
- bin/pwn_nmap_discover_tcp_udp
|
1193
1195
|
- bin/pwn_openvas_vulnscan
|
1194
1196
|
- bin/pwn_owasp_zap_active_scan
|
1195
1197
|
- bin/pwn_pastebin_sample_filter
|