pwn 0.4.673 → 0.4.675

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/README.md +2 -2
  4. data/bin/pwn_nmap_discover_tcp_udp +101 -38
  5. data/lib/pwn/version.rb +1 -1
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 66259ccdc59be89f796f56e88a20f9eb5bef320c46a4b7fc268b62f664e50c6e
4
- data.tar.gz: 162ad18b794121a96802d6f5de739b4fc22eb8c0dda0a780fc6144fedc107af3
3
+ metadata.gz: b3988112277371e7f9cafefa42d88f325db8c58a97ab35d20c2d65fde2c3bacf
4
+ data.tar.gz: b6eb594719ebab68d095d072391ddd9b747f27286cda0e30906083acf3f457ed
5
5
  SHA512:
6
- metadata.gz: 2e6515b72bf8b01805b50cc9e5bb701edf2fb725182c1a1c425188e8d2542badd19cd93cbdf4c358fc2c2cfcb9c49341b4322cc76d596a200548eebe73c4ffd4
7
- data.tar.gz: 846a1b1ca1f1ef9bc2affdb57ea1accf45f210e86085da968b54d01e45e9f6d6103f8108a7ef7a2888f4ebadd57988f68afafea86925f8c7c4867915388c36a7
6
+ metadata.gz: 3d9c197e9286753124276f6a355d16f9edcf0b6ef85a1f2202f102bfdd862dea76f7e7892db911845d2b02622f9fd07dfbd32010b7944b211130273e7035abf5
7
+ data.tar.gz: a8a8a5061682887c2e2d5a4661685c731d0c6206691bfa0e483b076db6e0e9d67d324f8a90fee8768fe3e3f6f01f092cd49018352ce48c1f5ea954aefc678b1c
data/Gemfile CHANGED
@@ -66,7 +66,7 @@ gem 'rspec', '3.12.0'
66
66
  gem 'rtesseract', '3.1.2'
67
67
  gem 'rubocop', '1.50.2'
68
68
  gem 'rubocop-rake', '0.6.0'
69
- gem 'rubocop-rspec', '2.20.0'
69
+ gem 'rubocop-rspec', '2.21.0'
70
70
  gem 'ruby-audio', '1.6.1'
71
71
  gem 'ruby-nmap', '1.0.1'
72
72
  gem 'ruby-saml', '1.15.0'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.673]:001 >>> PWN.help
40
+ pwn[v0.4.675]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.673]:001 >>> PWN.help
55
+ pwn[v0.4.675]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_nmap_discover_tcp_udp CHANGED
@@ -3,6 +3,7 @@
3
3
 
4
4
  require 'optparse'
5
5
  require 'pwn'
6
+ require 'time'
6
7
 
7
8
  opts = {}
8
9
  OptionParser.new do |options|
@@ -10,8 +11,8 @@ OptionParser.new do |options|
10
11
  #{$PROGRAM_NAME} [opts]
11
12
  "
12
13
 
13
- options.on('-IRANGE', '--ip-range=RANGE', '<Required - nmap supported ip range e.g. 192.168.1.1-20, 192.168.1.0/24, etc>') do |i|
14
- opts[:ip_range] = i
14
+ options.on('-tRANGE', '--target-range=RANGE', '<Required - nmap supported host || ip range e.g. foo.bar, 192.168.1.1-20, 192.168.1.0/24, etc>') do |t|
15
+ opts[:target_range] = t
15
16
  end
16
17
 
17
18
  options.on('-eFILE', '--target-exclude-file=FILE', '<Optional - nmap excludes file>') do |e|
@@ -32,7 +33,13 @@ if opts.empty?
32
33
  exit 1
33
34
  end
34
35
 
35
- ip_range = opts[:ip_range]
36
+ ftimestr = '%Y-%m-%d %H:%M:%S.%N%z'
37
+ started_at = Time.now.strftime(ftimestr)
38
+ banner = '-' * 64
39
+ puts "\n\n\n#{banner}"
40
+ puts "- STARTED: #{started_at} "
41
+
42
+ target_range = opts[:target_range]
36
43
  exclude_file = opts[:exclude_file]
37
44
  exclude_file ||= '/tmp/nmap_targets_exclude.txt'
38
45
  interface = opts[:interface]
@@ -49,28 +56,24 @@ nmap_results_root = File.dirname(exclude_file)
49
56
  FileUtils.mkdir_p nmap_results_root
50
57
  puts "nmap Results Saved in: #{nmap_results_root}"
51
58
 
52
- discovery_ports = {
59
+ discovery_tcp_ports = {
53
60
  ftp: 21,
54
61
  ssh: 22,
55
62
  telnet: 23,
56
63
  smtp: 25,
57
- dns: 53,
58
64
  http: 80,
59
65
  pop3: 110,
60
- rpc: 111,
61
66
  ident: 113,
62
- ntp: 123,
67
+ msrpc: 135,
63
68
  netbios_name_service: 137,
64
69
  netbios_session_service: 139,
65
70
  imap: 143,
66
- snmp: 161,
67
71
  ldap: 389,
68
72
  https: 443,
69
73
  smb: 445,
70
74
  smtps: 465,
71
75
  remote_process: 512,
72
76
  login: 513,
73
- rsh: 514,
74
77
  ldaps: 636,
75
78
  rsync: 873,
76
79
  imaps: 993,
@@ -84,13 +87,12 @@ discovery_ports = {
84
87
  rdp: 3389,
85
88
  meterpreter: 4444,
86
89
  upnp: 5000,
87
- sip: 5060,
88
90
  postgres: 5432,
89
91
  postgres_alt: 5433,
90
92
  amqp: 5672,
91
93
  vnc: 5900,
92
94
  vncs: 5901,
93
- xfree86: 6000,
95
+ x11: 6000,
94
96
  irc: 6667,
95
97
  http_alt: 8080,
96
98
  https_alt: 8443,
@@ -99,10 +101,34 @@ discovery_ports = {
99
101
  http_alt4: 9999
100
102
  }
101
103
 
104
+ discovery_udp_ports = {
105
+ dns: 53,
106
+ dhcp: 67,
107
+ dhcp_client: 68,
108
+ tftp: 69,
109
+ nfs: 111,
110
+ ntp: 123,
111
+ snmp: 161,
112
+ snmp_traps: 162,
113
+ syslog: 514,
114
+ rip: 520,
115
+ iax: 4569,
116
+ sip: 5060,
117
+ mdns: 5353
118
+ }
119
+
120
+ discovery_sctp_ports = {
121
+ sigtran: 2905,
122
+ stl: 5000,
123
+ sap: 5004,
124
+ turn_ip: 5766,
125
+ sicc: 38_412
126
+ }
127
+
102
128
  target_file = "#{nmap_results_root}/nmap_targets.txt"
103
- latest_discovery_results = "#{nmap_results_root}/nmap_latest_discovery_results"
104
- latest_tcp_results = "#{nmap_results_root}/nmap_latest_tcp_results"
105
- latest_udp_results = "#{nmap_results_root}/nmap_latest_udp_results"
129
+ latest_discovery_results = "#{nmap_results_root}/nmap_discovery_results.xml"
130
+ latest_tcp_results = "#{nmap_results_root}/nmap_tcp_results"
131
+ latest_udp_results = "#{nmap_results_root}/nmap_udp_results"
106
132
 
107
133
  begin
108
134
  # Per man nmap:
@@ -124,7 +150,10 @@ begin
124
150
  # Target Discovery Scan
125
151
  # Using -T5 template to reduce number of
126
152
  # retransmission attempts on filtered ports.
153
+ puts "\n\n\n#{banner}"
154
+ puts '- PHASE 1: Target Discovery'
127
155
  PWN::Plugins::NmapIt.port_scan do |nmap|
156
+ nmap.verbose = true
128
157
  nmap.exclude_file = exclude_file
129
158
  nmap.interface = interface
130
159
  nmap.insane_timing = true
@@ -132,13 +161,16 @@ begin
132
161
  nmap.arp_ping = true
133
162
  nmap.icmp_echo_discovery = true
134
163
  nmap.icmp_timestamp_discovery = true
135
- nmap.syn_discovery = discovery_ports.values
136
- nmap.ack_discovery = discovery_ports.values
137
- nmap.udp_discovery = discovery_ports.values
138
- nmap.sctp_init_ping = discovery_ports.values
139
- nmap.output_all = latest_discovery_results
140
- nmap.targets = ip_range
164
+ nmap.syn_discovery = discovery_tcp_ports.values
165
+ nmap.ack_discovery = discovery_tcp_ports.values
166
+ nmap.udp_discovery = discovery_udp_ports.values
167
+ nmap.sctp_init_ping = discovery_sctp_ports.values
168
+ nmap.output_xml = latest_discovery_results
169
+ nmap.targets = target_range
141
170
  nmap.randomize_hosts = true
171
+ nmap.min_parallelism = 36
172
+ nmap.max_retries = 3
173
+ nmap.max_scan_delay = 3
142
174
  nmap.proxies = proxy if with_tor
143
175
  end
144
176
 
@@ -146,69 +178,89 @@ begin
146
178
  # taking into consideration IPs to skip scans
147
179
  File.open(target_file, 'w') do |f|
148
180
  PWN::Plugins::NmapIt.parse_xml_results(
149
- xml_file: "#{latest_discovery_results}.xml"
181
+ xml_file: latest_discovery_results
150
182
  ) do |xml|
151
183
  xml.each_host do |host|
152
- f.puts host.ip unless File.read(exclude_file).include?(host.ip)
184
+ next unless File.read(exclude_file).include?(host.ip)
185
+
186
+ hosts_arr = host.hostnames.map { |h| h[:name] }
187
+ f.print host.ip
188
+ f.puts " # { \"hostnames\": #{hosts_arr}}, \"mac\": \"#{host.mac}\" }"
153
189
  end
154
190
  end
155
191
  end
192
+
193
+ # Produce a good targets.txt redacting duplicates
156
194
  sorted_targets = File.readlines(target_file).sort.join
157
195
  File.write(target_file, sorted_targets)
158
196
 
159
197
  # Switch Tor Exit Node if with_tor
160
- PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
198
+ if with_tor
199
+ puts "\n\n\n#{banner}"
200
+ puts '- INFO: Switching to Clean Tor Circuit...'
201
+ PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
202
+ end
161
203
 
162
204
  # TCP Scan
163
205
  # Using -T5 template to reduce number of
164
206
  # retransmission attempts on filtered ports.
207
+ puts "\n\n\n#{banner}"
208
+ puts '- PHASE 2: TCP Port Scanning'
165
209
  PWN::Plugins::NmapIt.port_scan do |nmap|
210
+ nmap.verbose = true
166
211
  nmap.target_file = target_file
167
212
  nmap.randomize_hosts = true
168
213
  nmap.show_reason = true
169
214
  nmap.exclude_file = exclude_file
170
215
  nmap.interface = interface
171
- nmap.min_host_group = 3
172
- nmap.host_timeout = '999m'
216
+ nmap.min_host_group = 9
217
+ nmap.host_timeout = '36m'
173
218
  nmap.insane_timing = true
174
219
  nmap.skip_discovery = true
175
220
  nmap.syn_scan = true
176
221
  nmap.default_script = true
177
222
  nmap.update_scriptdb = true
178
- nmap.service_scan = true
179
- nmap.os_fingerprint = true
180
- nmap.verbose = true
181
- nmap.all = true
182
223
  nmap.ports = [1..65_535]
183
224
  nmap.output_all = latest_tcp_results
225
+ nmap.min_parallelism = 36
226
+ nmap.max_retries = 3
227
+ nmap.max_scan_delay = 3
184
228
  nmap.proxies = proxy if with_tor
185
229
  end
186
230
  FileUtils.cp("#{latest_tcp_results}.nmap", "#{latest_tcp_results}.txt")
187
231
 
188
232
  # Switch Tor Exit Node if with_tor
189
- PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
233
+ if with_tor
234
+ puts "\n\n\n#{banner}"
235
+ puts '- INFO: Switching to Clean Tor Circuit...'
236
+ PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
237
+ end
190
238
 
191
239
  # UDP Scan
192
240
  # Using -T5 template to reduce number of
193
241
  # retransmission attempts on filtered ports.
242
+ puts "\n\n\n#{banner}"
243
+ puts '- PHASE 3: UDP Port Scanning'
194
244
  PWN::Plugins::NmapIt.port_scan do |nmap|
245
+ nmap.verbose = true
195
246
  nmap.target_file = target_file
247
+ nmap.fast = true
196
248
  nmap.randomize_hosts = true
197
249
  nmap.show_reason = true
198
250
  nmap.exclude_file = exclude_file
199
251
  nmap.interface = interface
200
- nmap.min_host_group = 3
201
- nmap.host_timeout = '999m'
252
+ nmap.min_host_group = 9
253
+ nmap.host_timeout = '3m'
202
254
  nmap.insane_timing = true
203
255
  nmap.skip_discovery = true
204
256
  nmap.udp_scan = true
205
- nmap.default_script = true
206
- nmap.update_scriptdb = true
207
- nmap.service_scan = true
208
- nmap.os_fingerprint = true
209
- nmap.verbose = true
210
- nmap.all = true
257
+ nmap.default_script = true unless with_tor
258
+ nmap.update_scriptdb = true unless with_tor
211
259
  nmap.output_all = latest_udp_results
260
+ nmap.min_parallelism = 36
261
+ nmap.max_retries = 0
262
+ nmap.max_scan_delay = 3
263
+ nmap.data_length = Random.rand(1..256)
212
264
  nmap.proxies = proxy if with_tor
213
265
  end
214
266
  FileUtils.cp("#{latest_udp_results}.nmap", "#{latest_udp_results}.txt")
@@ -218,4 +270,15 @@ rescue StandardError => e
218
270
  raise e
219
271
  ensure
220
272
  tor_obj = PWN::Plugins::Tor.stop(tor_obj: tor_obj) if with_tor
273
+ ended_at = Time.now.strftime(ftimestr)
274
+ puts "\n\n\n#{banner}"
275
+ puts "- ENDED: #{ended_at}"
276
+
277
+ started_at_parse = Time.parse(started_at)
278
+ ended_at_parse = Time.parse(ended_at)
279
+ elapsed_in_seconds = (ended_at_parse - started_at_parse).to_f
280
+ fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
281
+ puts "\n\n\n#{banner}"
282
+ puts "- SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
283
+ puts banner
221
284
  end
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.673'
4
+ VERSION = '0.4.675'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.673
4
+ version: 0.4.675
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-04 00:00:00.000000000 Z
11
+ date: 2023-05-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -786,14 +786,14 @@ dependencies:
786
786
  requirements:
787
787
  - - '='
788
788
  - !ruby/object:Gem::Version
789
- version: 2.20.0
789
+ version: 2.21.0
790
790
  type: :runtime
791
791
  prerelease: false
792
792
  version_requirements: !ruby/object:Gem::Requirement
793
793
  requirements:
794
794
  - - '='
795
795
  - !ruby/object:Gem::Version
796
- version: 2.20.0
796
+ version: 2.21.0
797
797
  - !ruby/object:Gem::Dependency
798
798
  name: ruby-audio
799
799
  requirement: !ruby/object:Gem::Requirement