pwn 0.4.673 → 0.4.675
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +2 -2
- data/bin/pwn_nmap_discover_tcp_udp +101 -38
- data/lib/pwn/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b3988112277371e7f9cafefa42d88f325db8c58a97ab35d20c2d65fde2c3bacf
|
4
|
+
data.tar.gz: b6eb594719ebab68d095d072391ddd9b747f27286cda0e30906083acf3f457ed
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3d9c197e9286753124276f6a355d16f9edcf0b6ef85a1f2202f102bfdd862dea76f7e7892db911845d2b02622f9fd07dfbd32010b7944b211130273e7035abf5
|
7
|
+
data.tar.gz: a8a8a5061682887c2e2d5a4661685c731d0c6206691bfa0e483b076db6e0e9d67d324f8a90fee8768fe3e3f6f01f092cd49018352ce48c1f5ea954aefc678b1c
|
data/Gemfile
CHANGED
@@ -66,7 +66,7 @@ gem 'rspec', '3.12.0'
|
|
66
66
|
gem 'rtesseract', '3.1.2'
|
67
67
|
gem 'rubocop', '1.50.2'
|
68
68
|
gem 'rubocop-rake', '0.6.0'
|
69
|
-
gem 'rubocop-rspec', '2.
|
69
|
+
gem 'rubocop-rspec', '2.21.0'
|
70
70
|
gem 'ruby-audio', '1.6.1'
|
71
71
|
gem 'ruby-nmap', '1.0.1'
|
72
72
|
gem 'ruby-saml', '1.15.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.675]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.675]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'optparse'
|
5
5
|
require 'pwn'
|
6
|
+
require 'time'
|
6
7
|
|
7
8
|
opts = {}
|
8
9
|
OptionParser.new do |options|
|
@@ -10,8 +11,8 @@ OptionParser.new do |options|
|
|
10
11
|
#{$PROGRAM_NAME} [opts]
|
11
12
|
"
|
12
13
|
|
13
|
-
options.on('-
|
14
|
-
opts[:
|
14
|
+
options.on('-tRANGE', '--target-range=RANGE', '<Required - nmap supported host || ip range e.g. foo.bar, 192.168.1.1-20, 192.168.1.0/24, etc>') do |t|
|
15
|
+
opts[:target_range] = t
|
15
16
|
end
|
16
17
|
|
17
18
|
options.on('-eFILE', '--target-exclude-file=FILE', '<Optional - nmap excludes file>') do |e|
|
@@ -32,7 +33,13 @@ if opts.empty?
|
|
32
33
|
exit 1
|
33
34
|
end
|
34
35
|
|
35
|
-
|
36
|
+
ftimestr = '%Y-%m-%d %H:%M:%S.%N%z'
|
37
|
+
started_at = Time.now.strftime(ftimestr)
|
38
|
+
banner = '-' * 64
|
39
|
+
puts "\n\n\n#{banner}"
|
40
|
+
puts "- STARTED: #{started_at} "
|
41
|
+
|
42
|
+
target_range = opts[:target_range]
|
36
43
|
exclude_file = opts[:exclude_file]
|
37
44
|
exclude_file ||= '/tmp/nmap_targets_exclude.txt'
|
38
45
|
interface = opts[:interface]
|
@@ -49,28 +56,24 @@ nmap_results_root = File.dirname(exclude_file)
|
|
49
56
|
FileUtils.mkdir_p nmap_results_root
|
50
57
|
puts "nmap Results Saved in: #{nmap_results_root}"
|
51
58
|
|
52
|
-
|
59
|
+
discovery_tcp_ports = {
|
53
60
|
ftp: 21,
|
54
61
|
ssh: 22,
|
55
62
|
telnet: 23,
|
56
63
|
smtp: 25,
|
57
|
-
dns: 53,
|
58
64
|
http: 80,
|
59
65
|
pop3: 110,
|
60
|
-
rpc: 111,
|
61
66
|
ident: 113,
|
62
|
-
|
67
|
+
msrpc: 135,
|
63
68
|
netbios_name_service: 137,
|
64
69
|
netbios_session_service: 139,
|
65
70
|
imap: 143,
|
66
|
-
snmp: 161,
|
67
71
|
ldap: 389,
|
68
72
|
https: 443,
|
69
73
|
smb: 445,
|
70
74
|
smtps: 465,
|
71
75
|
remote_process: 512,
|
72
76
|
login: 513,
|
73
|
-
rsh: 514,
|
74
77
|
ldaps: 636,
|
75
78
|
rsync: 873,
|
76
79
|
imaps: 993,
|
@@ -84,13 +87,12 @@ discovery_ports = {
|
|
84
87
|
rdp: 3389,
|
85
88
|
meterpreter: 4444,
|
86
89
|
upnp: 5000,
|
87
|
-
sip: 5060,
|
88
90
|
postgres: 5432,
|
89
91
|
postgres_alt: 5433,
|
90
92
|
amqp: 5672,
|
91
93
|
vnc: 5900,
|
92
94
|
vncs: 5901,
|
93
|
-
|
95
|
+
x11: 6000,
|
94
96
|
irc: 6667,
|
95
97
|
http_alt: 8080,
|
96
98
|
https_alt: 8443,
|
@@ -99,10 +101,34 @@ discovery_ports = {
|
|
99
101
|
http_alt4: 9999
|
100
102
|
}
|
101
103
|
|
104
|
+
discovery_udp_ports = {
|
105
|
+
dns: 53,
|
106
|
+
dhcp: 67,
|
107
|
+
dhcp_client: 68,
|
108
|
+
tftp: 69,
|
109
|
+
nfs: 111,
|
110
|
+
ntp: 123,
|
111
|
+
snmp: 161,
|
112
|
+
snmp_traps: 162,
|
113
|
+
syslog: 514,
|
114
|
+
rip: 520,
|
115
|
+
iax: 4569,
|
116
|
+
sip: 5060,
|
117
|
+
mdns: 5353
|
118
|
+
}
|
119
|
+
|
120
|
+
discovery_sctp_ports = {
|
121
|
+
sigtran: 2905,
|
122
|
+
stl: 5000,
|
123
|
+
sap: 5004,
|
124
|
+
turn_ip: 5766,
|
125
|
+
sicc: 38_412
|
126
|
+
}
|
127
|
+
|
102
128
|
target_file = "#{nmap_results_root}/nmap_targets.txt"
|
103
|
-
latest_discovery_results = "#{nmap_results_root}/
|
104
|
-
latest_tcp_results = "#{nmap_results_root}/
|
105
|
-
latest_udp_results = "#{nmap_results_root}/
|
129
|
+
latest_discovery_results = "#{nmap_results_root}/nmap_discovery_results.xml"
|
130
|
+
latest_tcp_results = "#{nmap_results_root}/nmap_tcp_results"
|
131
|
+
latest_udp_results = "#{nmap_results_root}/nmap_udp_results"
|
106
132
|
|
107
133
|
begin
|
108
134
|
# Per man nmap:
|
@@ -124,7 +150,10 @@ begin
|
|
124
150
|
# Target Discovery Scan
|
125
151
|
# Using -T5 template to reduce number of
|
126
152
|
# retransmission attempts on filtered ports.
|
153
|
+
puts "\n\n\n#{banner}"
|
154
|
+
puts '- PHASE 1: Target Discovery'
|
127
155
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
156
|
+
nmap.verbose = true
|
128
157
|
nmap.exclude_file = exclude_file
|
129
158
|
nmap.interface = interface
|
130
159
|
nmap.insane_timing = true
|
@@ -132,13 +161,16 @@ begin
|
|
132
161
|
nmap.arp_ping = true
|
133
162
|
nmap.icmp_echo_discovery = true
|
134
163
|
nmap.icmp_timestamp_discovery = true
|
135
|
-
nmap.syn_discovery =
|
136
|
-
nmap.ack_discovery =
|
137
|
-
nmap.udp_discovery =
|
138
|
-
nmap.sctp_init_ping =
|
139
|
-
nmap.
|
140
|
-
nmap.targets =
|
164
|
+
nmap.syn_discovery = discovery_tcp_ports.values
|
165
|
+
nmap.ack_discovery = discovery_tcp_ports.values
|
166
|
+
nmap.udp_discovery = discovery_udp_ports.values
|
167
|
+
nmap.sctp_init_ping = discovery_sctp_ports.values
|
168
|
+
nmap.output_xml = latest_discovery_results
|
169
|
+
nmap.targets = target_range
|
141
170
|
nmap.randomize_hosts = true
|
171
|
+
nmap.min_parallelism = 36
|
172
|
+
nmap.max_retries = 3
|
173
|
+
nmap.max_scan_delay = 3
|
142
174
|
nmap.proxies = proxy if with_tor
|
143
175
|
end
|
144
176
|
|
@@ -146,69 +178,89 @@ begin
|
|
146
178
|
# taking into consideration IPs to skip scans
|
147
179
|
File.open(target_file, 'w') do |f|
|
148
180
|
PWN::Plugins::NmapIt.parse_xml_results(
|
149
|
-
xml_file:
|
181
|
+
xml_file: latest_discovery_results
|
150
182
|
) do |xml|
|
151
183
|
xml.each_host do |host|
|
152
|
-
|
184
|
+
next unless File.read(exclude_file).include?(host.ip)
|
185
|
+
|
186
|
+
hosts_arr = host.hostnames.map { |h| h[:name] }
|
187
|
+
f.print host.ip
|
188
|
+
f.puts " # { \"hostnames\": #{hosts_arr}}, \"mac\": \"#{host.mac}\" }"
|
153
189
|
end
|
154
190
|
end
|
155
191
|
end
|
192
|
+
|
193
|
+
# Produce a good targets.txt redacting duplicates
|
156
194
|
sorted_targets = File.readlines(target_file).sort.join
|
157
195
|
File.write(target_file, sorted_targets)
|
158
196
|
|
159
197
|
# Switch Tor Exit Node if with_tor
|
160
|
-
|
198
|
+
if with_tor
|
199
|
+
puts "\n\n\n#{banner}"
|
200
|
+
puts '- INFO: Switching to Clean Tor Circuit...'
|
201
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
|
202
|
+
end
|
161
203
|
|
162
204
|
# TCP Scan
|
163
205
|
# Using -T5 template to reduce number of
|
164
206
|
# retransmission attempts on filtered ports.
|
207
|
+
puts "\n\n\n#{banner}"
|
208
|
+
puts '- PHASE 2: TCP Port Scanning'
|
165
209
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
210
|
+
nmap.verbose = true
|
166
211
|
nmap.target_file = target_file
|
167
212
|
nmap.randomize_hosts = true
|
168
213
|
nmap.show_reason = true
|
169
214
|
nmap.exclude_file = exclude_file
|
170
215
|
nmap.interface = interface
|
171
|
-
nmap.min_host_group =
|
172
|
-
nmap.host_timeout = '
|
216
|
+
nmap.min_host_group = 9
|
217
|
+
nmap.host_timeout = '36m'
|
173
218
|
nmap.insane_timing = true
|
174
219
|
nmap.skip_discovery = true
|
175
220
|
nmap.syn_scan = true
|
176
221
|
nmap.default_script = true
|
177
222
|
nmap.update_scriptdb = true
|
178
|
-
nmap.service_scan = true
|
179
|
-
nmap.os_fingerprint = true
|
180
|
-
nmap.verbose = true
|
181
|
-
nmap.all = true
|
182
223
|
nmap.ports = [1..65_535]
|
183
224
|
nmap.output_all = latest_tcp_results
|
225
|
+
nmap.min_parallelism = 36
|
226
|
+
nmap.max_retries = 3
|
227
|
+
nmap.max_scan_delay = 3
|
184
228
|
nmap.proxies = proxy if with_tor
|
185
229
|
end
|
186
230
|
FileUtils.cp("#{latest_tcp_results}.nmap", "#{latest_tcp_results}.txt")
|
187
231
|
|
188
232
|
# Switch Tor Exit Node if with_tor
|
189
|
-
|
233
|
+
if with_tor
|
234
|
+
puts "\n\n\n#{banner}"
|
235
|
+
puts '- INFO: Switching to Clean Tor Circuit...'
|
236
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
|
237
|
+
end
|
190
238
|
|
191
239
|
# UDP Scan
|
192
240
|
# Using -T5 template to reduce number of
|
193
241
|
# retransmission attempts on filtered ports.
|
242
|
+
puts "\n\n\n#{banner}"
|
243
|
+
puts '- PHASE 3: UDP Port Scanning'
|
194
244
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
245
|
+
nmap.verbose = true
|
195
246
|
nmap.target_file = target_file
|
247
|
+
nmap.fast = true
|
196
248
|
nmap.randomize_hosts = true
|
197
249
|
nmap.show_reason = true
|
198
250
|
nmap.exclude_file = exclude_file
|
199
251
|
nmap.interface = interface
|
200
|
-
nmap.min_host_group =
|
201
|
-
nmap.host_timeout = '
|
252
|
+
nmap.min_host_group = 9
|
253
|
+
nmap.host_timeout = '3m'
|
202
254
|
nmap.insane_timing = true
|
203
255
|
nmap.skip_discovery = true
|
204
256
|
nmap.udp_scan = true
|
205
|
-
nmap.default_script = true
|
206
|
-
nmap.update_scriptdb = true
|
207
|
-
nmap.service_scan = true
|
208
|
-
nmap.os_fingerprint = true
|
209
|
-
nmap.verbose = true
|
210
|
-
nmap.all = true
|
257
|
+
nmap.default_script = true unless with_tor
|
258
|
+
nmap.update_scriptdb = true unless with_tor
|
211
259
|
nmap.output_all = latest_udp_results
|
260
|
+
nmap.min_parallelism = 36
|
261
|
+
nmap.max_retries = 0
|
262
|
+
nmap.max_scan_delay = 3
|
263
|
+
nmap.data_length = Random.rand(1..256)
|
212
264
|
nmap.proxies = proxy if with_tor
|
213
265
|
end
|
214
266
|
FileUtils.cp("#{latest_udp_results}.nmap", "#{latest_udp_results}.txt")
|
@@ -218,4 +270,15 @@ rescue StandardError => e
|
|
218
270
|
raise e
|
219
271
|
ensure
|
220
272
|
tor_obj = PWN::Plugins::Tor.stop(tor_obj: tor_obj) if with_tor
|
273
|
+
ended_at = Time.now.strftime(ftimestr)
|
274
|
+
puts "\n\n\n#{banner}"
|
275
|
+
puts "- ENDED: #{ended_at}"
|
276
|
+
|
277
|
+
started_at_parse = Time.parse(started_at)
|
278
|
+
ended_at_parse = Time.parse(ended_at)
|
279
|
+
elapsed_in_seconds = (ended_at_parse - started_at_parse).to_f
|
280
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
281
|
+
puts "\n\n\n#{banner}"
|
282
|
+
puts "- SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
283
|
+
puts banner
|
221
284
|
end
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.675
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-05-
|
11
|
+
date: 2023-05-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -786,14 +786,14 @@ dependencies:
|
|
786
786
|
requirements:
|
787
787
|
- - '='
|
788
788
|
- !ruby/object:Gem::Version
|
789
|
-
version: 2.
|
789
|
+
version: 2.21.0
|
790
790
|
type: :runtime
|
791
791
|
prerelease: false
|
792
792
|
version_requirements: !ruby/object:Gem::Requirement
|
793
793
|
requirements:
|
794
794
|
- - '='
|
795
795
|
- !ruby/object:Gem::Version
|
796
|
-
version: 2.
|
796
|
+
version: 2.21.0
|
797
797
|
- !ruby/object:Gem::Dependency
|
798
798
|
name: ruby-audio
|
799
799
|
requirement: !ruby/object:Gem::Requirement
|