pwn 0.4.670 → 0.4.671

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d48662417de23f29ea2e4a610b7c79477a98ee0164cbc393848ebc5a389015ec
4
- data.tar.gz: c3b99f5416f14f38e7d49ddb749a105805a1b72322713ab9dcf93fd3289d2764
3
+ metadata.gz: 7da5c11247c09b3a6355dd825d5b200c7b54845d2b02b4a91a2b651ac6e0f693
4
+ data.tar.gz: 8ae730c8dcc7af833543ac7b999fb075dd53e64cfb8a348791caadc03bf16c4a
5
5
  SHA512:
6
- metadata.gz: b35d6ecd5fdd6a0c3a33cd5fcd19516ba9e8bdb20c56587af541c2ceff0c348cf3c7828e2bbf04b034979b6bad7ad30a4a8f018219d860dc0cb8e72526b760df
7
- data.tar.gz: d46298ac157563739c49d686d60df1064cd1cafeecf2d2b02b502c6a3b7804ebf990f9b907ab5382b11c6e868b787e076cd76bd1201b9263869f376379eb114e
6
+ metadata.gz: 7480b0859bedc2c26bc36fef113eeb0981169f500edfe0d3ece6a69b36a5c5e10bffc052c0640d705620e456233254224df1d5a8bb904b3301189572d8d0a2d9
7
+ data.tar.gz: 6486d7ffa7d468d772639c8666594e21b326de1a5acbafad7fdc966746237df97ed43e7883016d98df3692ad2c0b0a7b623a73162885da0f196f0b1260050375
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.670]:001 >>> PWN.help
40
+ pwn[v0.4.671]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.670]:001 >>> PWN.help
55
+ pwn[v0.4.671]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
@@ -0,0 +1,195 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: false
3
+
4
+ require 'optparse'
5
+ require 'nokogiri'
6
+ require 'pwn'
7
+
8
+ opts = {}
9
+ OptionParser.new do |options|
10
+ options.banner = "USAGE:
11
+ #{$PROGRAM_NAME} [opts]
12
+ "
13
+
14
+ options.on('-IRANGE', '--ip-range=RANGE', '<Required - nmap supported ip range e.g. 192.168.1.1-20, 192.168.1.0/24, etc>') do |i|
15
+ opts[:ip_range] = i
16
+ end
17
+
18
+ options.on('-eFILE', '--target-exclude-file=FILE', '<Optional - nmap excludes file>') do |e|
19
+ opts[:exclude_file] = e
20
+ end
21
+
22
+ options.on('-iINTERFACE', '--interface=INTERFACE', '<Optional - use specified network interface (Default: eth0)') do |i|
23
+ opts[:interface] = i
24
+ end
25
+
26
+ options.on('-T', '--tor', '<Optional - Source Scans from Tor Nodes>') do |t|
27
+ opts[:with_tor] = t
28
+ end
29
+ end.parse!
30
+
31
+ if opts.empty?
32
+ puts `#{$PROGRAM_NAME} --help`
33
+ exit 1
34
+ end
35
+
36
+ ip_range = opts[:ip_range]
37
+ exclude_file = opts[:exclude_file]
38
+ exclude_file ||= '/tmp/nmap_targets_exclude.txt'
39
+ interface = opts[:interface]
40
+ interface ||= 'eth0'
41
+ with_tor = true if opts[:with_tor]
42
+ with_tor ||= false
43
+ if with_tor
44
+ tor_obj = PWN::Plugins::Tor.start
45
+ proxy = "socks4://#{tor_obj[:ip]}:#{tor_obj[:port]}"
46
+ end
47
+
48
+ File.new(exclude_file, 'w') unless File.exist?(exclude_file)
49
+ nmap_results_root = File.dirname(exclude_file)
50
+ FileUtils.mkdir_p nmap_results_root
51
+ puts "nmap Results Saved in: #{nmap_results_root}"
52
+
53
+ discovery_ports = {
54
+ ftp: 21,
55
+ ssh: 22,
56
+ telnet: 23,
57
+ smtp: 25,
58
+ dns: 53,
59
+ http: 80,
60
+ pop3: 110,
61
+ rpc: 111,
62
+ ident: 113,
63
+ ntp: 123,
64
+ netbios_name_service: 137,
65
+ netbios_session_service: 139,
66
+ imap: 143,
67
+ snmp: 161,
68
+ ldap: 389,
69
+ https: 443,
70
+ smb: 445,
71
+ smtps: 465,
72
+ remote_process: 512,
73
+ login: 513,
74
+ rsh: 514,
75
+ ldaps: 636,
76
+ rsync: 873,
77
+ imaps: 993,
78
+ openvpn: 1194,
79
+ mssql: 1433,
80
+ oracle: 1521,
81
+ pptp: 1723,
82
+ radius: 1812,
83
+ nfs: 2049,
84
+ mysql: 3306,
85
+ rdp: 3389,
86
+ meterpreter: 4444,
87
+ upnp: 5000,
88
+ sip: 5060,
89
+ postgres: 5432,
90
+ postgres_alt: 5433,
91
+ amqp: 5672,
92
+ vnc: 5900,
93
+ vncs: 5901,
94
+ xfree86: 6000,
95
+ irc: 6667,
96
+ http_alt: 8080,
97
+ https_alt: 8443,
98
+ http_alt2: 8888,
99
+ http_alt3: 9090,
100
+ http_alt4: 9999
101
+ }
102
+
103
+ target_file = "#{nmap_results_root}/nmap_targets.txt"
104
+ latest_discovery_results = "#{nmap_results_root}/nmap_latest_discovery_results"
105
+ latest_tcp_results = "#{nmap_results_root}/nmap_latest_tcp_results"
106
+ latest_udp_results = "#{nmap_results_root}/nmap_latest_udp_results"
107
+
108
+ begin
109
+ # Target Discovery Scan
110
+ PWN::Plugins::NmapIt.port_scan do |nmap|
111
+ nmap.exclude_file = exclude_file
112
+ nmap.interface = interface
113
+ nmap.aggressive_timing = true
114
+ nmap.ping = true
115
+ nmap.arp_ping = true
116
+ nmap.icmp_echo_discovery = true
117
+ nmap.icmp_timestamp_discovery = true
118
+ nmap.syn_discovery = discovery_ports.values
119
+ nmap.ack_discovery = discovery_ports.values
120
+ nmap.udp_discovery = discovery_ports.values
121
+ nmap.sctp_init_ping = discovery_ports.values
122
+ nmap.output_all = latest_discovery_results
123
+ nmap.targets = ip_range
124
+ nmap.proxies = proxy if with_tor
125
+ end
126
+
127
+ # Generate targets.txt from discovery above
128
+ # taking into consideration IPs to skip scans
129
+ File.open(target_file, 'w') do |f|
130
+ PWN::Plugins::NmapIt.parse_xml_results(
131
+ xml_file: "#{latest_discovery_results}.xml"
132
+ ) do |xml|
133
+ xml.each_host do |host|
134
+ f.puts host.ip unless File.read(exclude_file).include?(host.ip)
135
+ end
136
+ end
137
+ end
138
+
139
+ # Switch Tor Exit Node if with_tor
140
+ PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
141
+
142
+ # TCP Scan
143
+ PWN::Plugins::NmapIt.port_scan do |nmap|
144
+ nmap.target_file = target_file
145
+ nmap.show_reason = true
146
+ nmap.exclude_file = exclude_file
147
+ nmap.interface = interface
148
+ nmap.min_host_group = 3
149
+ nmap.host_timeout = '999m'
150
+ nmap.aggressive_timing = true
151
+ nmap.skip_discovery = true
152
+ nmap.syn_scan = true
153
+ nmap.default_script = true
154
+ nmap.update_scriptdb = true
155
+ nmap.service_scan = true
156
+ nmap.os_fingerprint = true
157
+ nmap.verbose = true
158
+ nmap.all = true
159
+ nmap.ports = [1..65_535]
160
+ nmap.output_all = latest_tcp_results
161
+ nmap.proxies = proxy if with_tor
162
+ end
163
+ FileUtils.cp("#{latest_tcp_results}.nmap", "#{latest_tcp_results}.txt")
164
+
165
+ # Switch Tor Exit Node if with_tor
166
+ PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
167
+
168
+ # UDP Scan
169
+ PWN::Plugins::NmapIt.port_scan do |nmap|
170
+ nmap.target_file = target_file
171
+ nmap.show_reason = true
172
+ nmap.exclude_file = exclude_file
173
+ nmap.interface = interface
174
+ nmap.min_host_group = 3
175
+ nmap.host_timeout = '999m'
176
+ nmap.aggressive_timing = true
177
+ nmap.skip_discovery = true
178
+ nmap.udp_scan = true
179
+ nmap.default_script = true
180
+ nmap.update_scriptdb = true
181
+ nmap.service_scan = true
182
+ nmap.os_fingerprint = true
183
+ nmap.verbose = true
184
+ nmap.all = true
185
+ nmap.output_all = latest_udp_results
186
+ nmap.proxies = proxy if with_tor
187
+ end
188
+ FileUtils.cp("#{latest_udp_results}.nmap", "#{latest_udp_results}.txt")
189
+ rescue SystemExit, Interrupt
190
+ puts "\nGoodbye."
191
+ rescue StandardError => e
192
+ raise e
193
+ ensure
194
+ tor_obj = PWN::Plugins::Tor.stop(tor_obj: tor_obj) if with_tor
195
+ end
@@ -5,11 +5,17 @@ require 'nmap/xml'
5
5
 
6
6
  module PWN
7
7
  module Plugins
8
- # This plugin is used as an interface to nmap, the exploration tool and security / port scanner.
8
+ # This plugin is used as an interface to nmap, the exploration tool and security / port scanner. More info on available options can be found at: https://github.com/postmodern/ruby-nmap/blob/main/lib/nmap/command.rb
9
9
  module NmapIt
10
10
  # Supported Method Parameters::
11
11
  # PWN::Plugins::NmapIt.port_scan do |nmap|
12
12
  # puts nmap.public_methods
13
+ # nmap.connect_scan = true
14
+ # nmap.service_scan = true
15
+ # nmap.verbose = true
16
+ # nmap.ports = [1..1024,1337]
17
+ # nmap.targets = '127.0.0.1'
18
+ # nmap.xml = '/tmp/nmap_port_scan_res.xml'
13
19
  # end
14
20
 
15
21
  public_class_method def self.port_scan
@@ -147,9 +147,10 @@ module PWN
147
147
  # PWN::Plugins::OpenVAS.save_report(
148
148
  # report_type: 'required report type (csv|itg|pdf|txt|xml)',
149
149
  # report_id: 'required report id to save',
150
- # report_filter: 'optional - results filter (Default: "")
150
+ # report_dir: 'required directory to save report',
151
151
  # username: 'required username',
152
- # password: 'optional password (will prompt if nil)'
152
+ # password: 'optional password (will prompt if nil)',
153
+ # report_filter: 'optional - results filter (Default: "apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity")
153
154
  # )
154
155
 
155
156
  public_class_method def self.save_report(opts = {})
@@ -160,9 +161,6 @@ module PWN
160
161
  report_dir
161
162
  )
162
163
 
163
- report_filter = opts[:report_filter]
164
- report_filter ||= 'apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity'
165
-
166
164
  username = opts[:username].to_s.scrub
167
165
 
168
166
  password = if opts[:password].nil?
@@ -171,6 +169,9 @@ module PWN
171
169
  opts[:password].to_s.scrub
172
170
  end
173
171
 
172
+ report_filter = opts[:report_filter]
173
+ report_filter ||= 'apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity'
174
+
174
175
  case report_type.to_sym
175
176
  when :csv
176
177
  report_type_name = 'CSV Results'
@@ -296,7 +297,8 @@ module PWN
296
297
  report_id: 'required report id to save',
297
298
  report_dir: 'required directory to save report',
298
299
  username: 'required username',
299
- password: 'optional password (will prompt if nil)'
300
+ password: 'optional password (will prompt if nil)',
301
+ report_filter: 'optional - results filter (Default: \"apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity\")
300
302
  )
301
303
 
302
304
  report_types = #{self}.get_report_types(
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.670'
4
+ VERSION = '0.4.671'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.670
4
+ version: 0.4.671
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
@@ -1123,6 +1123,7 @@ executables:
1123
1123
  - pwn_nessus_cloud_scan_crud
1124
1124
  - pwn_nessus_cloud_vulnscan
1125
1125
  - pwn_nexpose
1126
+ - pwn_nmap_discover_tcp_udp
1126
1127
  - pwn_openvas_vulnscan
1127
1128
  - pwn_owasp_zap_active_scan
1128
1129
  - pwn_pastebin_sample_filter
@@ -1190,6 +1191,7 @@ files:
1190
1191
  - bin/pwn_nessus_cloud_scan_crud
1191
1192
  - bin/pwn_nessus_cloud_vulnscan
1192
1193
  - bin/pwn_nexpose
1194
+ - bin/pwn_nmap_discover_tcp_udp
1193
1195
  - bin/pwn_openvas_vulnscan
1194
1196
  - bin/pwn_owasp_zap_active_scan
1195
1197
  - bin/pwn_pastebin_sample_filter