pwn 0.4.673 → 0.4.675
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +2 -2
- data/bin/pwn_nmap_discover_tcp_udp +101 -38
- data/lib/pwn/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b3988112277371e7f9cafefa42d88f325db8c58a97ab35d20c2d65fde2c3bacf
|
4
|
+
data.tar.gz: b6eb594719ebab68d095d072391ddd9b747f27286cda0e30906083acf3f457ed
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3d9c197e9286753124276f6a355d16f9edcf0b6ef85a1f2202f102bfdd862dea76f7e7892db911845d2b02622f9fd07dfbd32010b7944b211130273e7035abf5
|
7
|
+
data.tar.gz: a8a8a5061682887c2e2d5a4661685c731d0c6206691bfa0e483b076db6e0e9d67d324f8a90fee8768fe3e3f6f01f092cd49018352ce48c1f5ea954aefc678b1c
|
data/Gemfile
CHANGED
@@ -66,7 +66,7 @@ gem 'rspec', '3.12.0'
|
|
66
66
|
gem 'rtesseract', '3.1.2'
|
67
67
|
gem 'rubocop', '1.50.2'
|
68
68
|
gem 'rubocop-rake', '0.6.0'
|
69
|
-
gem 'rubocop-rspec', '2.
|
69
|
+
gem 'rubocop-rspec', '2.21.0'
|
70
70
|
gem 'ruby-audio', '1.6.1'
|
71
71
|
gem 'ruby-nmap', '1.0.1'
|
72
72
|
gem 'ruby-saml', '1.15.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.675]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.675]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'optparse'
|
5
5
|
require 'pwn'
|
6
|
+
require 'time'
|
6
7
|
|
7
8
|
opts = {}
|
8
9
|
OptionParser.new do |options|
|
@@ -10,8 +11,8 @@ OptionParser.new do |options|
|
|
10
11
|
#{$PROGRAM_NAME} [opts]
|
11
12
|
"
|
12
13
|
|
13
|
-
options.on('-
|
14
|
-
opts[:
|
14
|
+
options.on('-tRANGE', '--target-range=RANGE', '<Required - nmap supported host || ip range e.g. foo.bar, 192.168.1.1-20, 192.168.1.0/24, etc>') do |t|
|
15
|
+
opts[:target_range] = t
|
15
16
|
end
|
16
17
|
|
17
18
|
options.on('-eFILE', '--target-exclude-file=FILE', '<Optional - nmap excludes file>') do |e|
|
@@ -32,7 +33,13 @@ if opts.empty?
|
|
32
33
|
exit 1
|
33
34
|
end
|
34
35
|
|
35
|
-
|
36
|
+
ftimestr = '%Y-%m-%d %H:%M:%S.%N%z'
|
37
|
+
started_at = Time.now.strftime(ftimestr)
|
38
|
+
banner = '-' * 64
|
39
|
+
puts "\n\n\n#{banner}"
|
40
|
+
puts "- STARTED: #{started_at} "
|
41
|
+
|
42
|
+
target_range = opts[:target_range]
|
36
43
|
exclude_file = opts[:exclude_file]
|
37
44
|
exclude_file ||= '/tmp/nmap_targets_exclude.txt'
|
38
45
|
interface = opts[:interface]
|
@@ -49,28 +56,24 @@ nmap_results_root = File.dirname(exclude_file)
|
|
49
56
|
FileUtils.mkdir_p nmap_results_root
|
50
57
|
puts "nmap Results Saved in: #{nmap_results_root}"
|
51
58
|
|
52
|
-
|
59
|
+
discovery_tcp_ports = {
|
53
60
|
ftp: 21,
|
54
61
|
ssh: 22,
|
55
62
|
telnet: 23,
|
56
63
|
smtp: 25,
|
57
|
-
dns: 53,
|
58
64
|
http: 80,
|
59
65
|
pop3: 110,
|
60
|
-
rpc: 111,
|
61
66
|
ident: 113,
|
62
|
-
|
67
|
+
msrpc: 135,
|
63
68
|
netbios_name_service: 137,
|
64
69
|
netbios_session_service: 139,
|
65
70
|
imap: 143,
|
66
|
-
snmp: 161,
|
67
71
|
ldap: 389,
|
68
72
|
https: 443,
|
69
73
|
smb: 445,
|
70
74
|
smtps: 465,
|
71
75
|
remote_process: 512,
|
72
76
|
login: 513,
|
73
|
-
rsh: 514,
|
74
77
|
ldaps: 636,
|
75
78
|
rsync: 873,
|
76
79
|
imaps: 993,
|
@@ -84,13 +87,12 @@ discovery_ports = {
|
|
84
87
|
rdp: 3389,
|
85
88
|
meterpreter: 4444,
|
86
89
|
upnp: 5000,
|
87
|
-
sip: 5060,
|
88
90
|
postgres: 5432,
|
89
91
|
postgres_alt: 5433,
|
90
92
|
amqp: 5672,
|
91
93
|
vnc: 5900,
|
92
94
|
vncs: 5901,
|
93
|
-
|
95
|
+
x11: 6000,
|
94
96
|
irc: 6667,
|
95
97
|
http_alt: 8080,
|
96
98
|
https_alt: 8443,
|
@@ -99,10 +101,34 @@ discovery_ports = {
|
|
99
101
|
http_alt4: 9999
|
100
102
|
}
|
101
103
|
|
104
|
+
discovery_udp_ports = {
|
105
|
+
dns: 53,
|
106
|
+
dhcp: 67,
|
107
|
+
dhcp_client: 68,
|
108
|
+
tftp: 69,
|
109
|
+
nfs: 111,
|
110
|
+
ntp: 123,
|
111
|
+
snmp: 161,
|
112
|
+
snmp_traps: 162,
|
113
|
+
syslog: 514,
|
114
|
+
rip: 520,
|
115
|
+
iax: 4569,
|
116
|
+
sip: 5060,
|
117
|
+
mdns: 5353
|
118
|
+
}
|
119
|
+
|
120
|
+
discovery_sctp_ports = {
|
121
|
+
sigtran: 2905,
|
122
|
+
stl: 5000,
|
123
|
+
sap: 5004,
|
124
|
+
turn_ip: 5766,
|
125
|
+
sicc: 38_412
|
126
|
+
}
|
127
|
+
|
102
128
|
target_file = "#{nmap_results_root}/nmap_targets.txt"
|
103
|
-
latest_discovery_results = "#{nmap_results_root}/
|
104
|
-
latest_tcp_results = "#{nmap_results_root}/
|
105
|
-
latest_udp_results = "#{nmap_results_root}/
|
129
|
+
latest_discovery_results = "#{nmap_results_root}/nmap_discovery_results.xml"
|
130
|
+
latest_tcp_results = "#{nmap_results_root}/nmap_tcp_results"
|
131
|
+
latest_udp_results = "#{nmap_results_root}/nmap_udp_results"
|
106
132
|
|
107
133
|
begin
|
108
134
|
# Per man nmap:
|
@@ -124,7 +150,10 @@ begin
|
|
124
150
|
# Target Discovery Scan
|
125
151
|
# Using -T5 template to reduce number of
|
126
152
|
# retransmission attempts on filtered ports.
|
153
|
+
puts "\n\n\n#{banner}"
|
154
|
+
puts '- PHASE 1: Target Discovery'
|
127
155
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
156
|
+
nmap.verbose = true
|
128
157
|
nmap.exclude_file = exclude_file
|
129
158
|
nmap.interface = interface
|
130
159
|
nmap.insane_timing = true
|
@@ -132,13 +161,16 @@ begin
|
|
132
161
|
nmap.arp_ping = true
|
133
162
|
nmap.icmp_echo_discovery = true
|
134
163
|
nmap.icmp_timestamp_discovery = true
|
135
|
-
nmap.syn_discovery =
|
136
|
-
nmap.ack_discovery =
|
137
|
-
nmap.udp_discovery =
|
138
|
-
nmap.sctp_init_ping =
|
139
|
-
nmap.
|
140
|
-
nmap.targets =
|
164
|
+
nmap.syn_discovery = discovery_tcp_ports.values
|
165
|
+
nmap.ack_discovery = discovery_tcp_ports.values
|
166
|
+
nmap.udp_discovery = discovery_udp_ports.values
|
167
|
+
nmap.sctp_init_ping = discovery_sctp_ports.values
|
168
|
+
nmap.output_xml = latest_discovery_results
|
169
|
+
nmap.targets = target_range
|
141
170
|
nmap.randomize_hosts = true
|
171
|
+
nmap.min_parallelism = 36
|
172
|
+
nmap.max_retries = 3
|
173
|
+
nmap.max_scan_delay = 3
|
142
174
|
nmap.proxies = proxy if with_tor
|
143
175
|
end
|
144
176
|
|
@@ -146,69 +178,89 @@ begin
|
|
146
178
|
# taking into consideration IPs to skip scans
|
147
179
|
File.open(target_file, 'w') do |f|
|
148
180
|
PWN::Plugins::NmapIt.parse_xml_results(
|
149
|
-
xml_file:
|
181
|
+
xml_file: latest_discovery_results
|
150
182
|
) do |xml|
|
151
183
|
xml.each_host do |host|
|
152
|
-
|
184
|
+
next unless File.read(exclude_file).include?(host.ip)
|
185
|
+
|
186
|
+
hosts_arr = host.hostnames.map { |h| h[:name] }
|
187
|
+
f.print host.ip
|
188
|
+
f.puts " # { \"hostnames\": #{hosts_arr}}, \"mac\": \"#{host.mac}\" }"
|
153
189
|
end
|
154
190
|
end
|
155
191
|
end
|
192
|
+
|
193
|
+
# Produce a good targets.txt redacting duplicates
|
156
194
|
sorted_targets = File.readlines(target_file).sort.join
|
157
195
|
File.write(target_file, sorted_targets)
|
158
196
|
|
159
197
|
# Switch Tor Exit Node if with_tor
|
160
|
-
|
198
|
+
if with_tor
|
199
|
+
puts "\n\n\n#{banner}"
|
200
|
+
puts '- INFO: Switching to Clean Tor Circuit...'
|
201
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
|
202
|
+
end
|
161
203
|
|
162
204
|
# TCP Scan
|
163
205
|
# Using -T5 template to reduce number of
|
164
206
|
# retransmission attempts on filtered ports.
|
207
|
+
puts "\n\n\n#{banner}"
|
208
|
+
puts '- PHASE 2: TCP Port Scanning'
|
165
209
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
210
|
+
nmap.verbose = true
|
166
211
|
nmap.target_file = target_file
|
167
212
|
nmap.randomize_hosts = true
|
168
213
|
nmap.show_reason = true
|
169
214
|
nmap.exclude_file = exclude_file
|
170
215
|
nmap.interface = interface
|
171
|
-
nmap.min_host_group =
|
172
|
-
nmap.host_timeout = '
|
216
|
+
nmap.min_host_group = 9
|
217
|
+
nmap.host_timeout = '36m'
|
173
218
|
nmap.insane_timing = true
|
174
219
|
nmap.skip_discovery = true
|
175
220
|
nmap.syn_scan = true
|
176
221
|
nmap.default_script = true
|
177
222
|
nmap.update_scriptdb = true
|
178
|
-
nmap.service_scan = true
|
179
|
-
nmap.os_fingerprint = true
|
180
|
-
nmap.verbose = true
|
181
|
-
nmap.all = true
|
182
223
|
nmap.ports = [1..65_535]
|
183
224
|
nmap.output_all = latest_tcp_results
|
225
|
+
nmap.min_parallelism = 36
|
226
|
+
nmap.max_retries = 3
|
227
|
+
nmap.max_scan_delay = 3
|
184
228
|
nmap.proxies = proxy if with_tor
|
185
229
|
end
|
186
230
|
FileUtils.cp("#{latest_tcp_results}.nmap", "#{latest_tcp_results}.txt")
|
187
231
|
|
188
232
|
# Switch Tor Exit Node if with_tor
|
189
|
-
|
233
|
+
if with_tor
|
234
|
+
puts "\n\n\n#{banner}"
|
235
|
+
puts '- INFO: Switching to Clean Tor Circuit...'
|
236
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
|
237
|
+
end
|
190
238
|
|
191
239
|
# UDP Scan
|
192
240
|
# Using -T5 template to reduce number of
|
193
241
|
# retransmission attempts on filtered ports.
|
242
|
+
puts "\n\n\n#{banner}"
|
243
|
+
puts '- PHASE 3: UDP Port Scanning'
|
194
244
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
245
|
+
nmap.verbose = true
|
195
246
|
nmap.target_file = target_file
|
247
|
+
nmap.fast = true
|
196
248
|
nmap.randomize_hosts = true
|
197
249
|
nmap.show_reason = true
|
198
250
|
nmap.exclude_file = exclude_file
|
199
251
|
nmap.interface = interface
|
200
|
-
nmap.min_host_group =
|
201
|
-
nmap.host_timeout = '
|
252
|
+
nmap.min_host_group = 9
|
253
|
+
nmap.host_timeout = '3m'
|
202
254
|
nmap.insane_timing = true
|
203
255
|
nmap.skip_discovery = true
|
204
256
|
nmap.udp_scan = true
|
205
|
-
nmap.default_script = true
|
206
|
-
nmap.update_scriptdb = true
|
207
|
-
nmap.service_scan = true
|
208
|
-
nmap.os_fingerprint = true
|
209
|
-
nmap.verbose = true
|
210
|
-
nmap.all = true
|
257
|
+
nmap.default_script = true unless with_tor
|
258
|
+
nmap.update_scriptdb = true unless with_tor
|
211
259
|
nmap.output_all = latest_udp_results
|
260
|
+
nmap.min_parallelism = 36
|
261
|
+
nmap.max_retries = 0
|
262
|
+
nmap.max_scan_delay = 3
|
263
|
+
nmap.data_length = Random.rand(1..256)
|
212
264
|
nmap.proxies = proxy if with_tor
|
213
265
|
end
|
214
266
|
FileUtils.cp("#{latest_udp_results}.nmap", "#{latest_udp_results}.txt")
|
@@ -218,4 +270,15 @@ rescue StandardError => e
|
|
218
270
|
raise e
|
219
271
|
ensure
|
220
272
|
tor_obj = PWN::Plugins::Tor.stop(tor_obj: tor_obj) if with_tor
|
273
|
+
ended_at = Time.now.strftime(ftimestr)
|
274
|
+
puts "\n\n\n#{banner}"
|
275
|
+
puts "- ENDED: #{ended_at}"
|
276
|
+
|
277
|
+
started_at_parse = Time.parse(started_at)
|
278
|
+
ended_at_parse = Time.parse(ended_at)
|
279
|
+
elapsed_in_seconds = (ended_at_parse - started_at_parse).to_f
|
280
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
281
|
+
puts "\n\n\n#{banner}"
|
282
|
+
puts "- SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
283
|
+
puts banner
|
221
284
|
end
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.675
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-05-
|
11
|
+
date: 2023-05-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -786,14 +786,14 @@ dependencies:
|
|
786
786
|
requirements:
|
787
787
|
- - '='
|
788
788
|
- !ruby/object:Gem::Version
|
789
|
-
version: 2.
|
789
|
+
version: 2.21.0
|
790
790
|
type: :runtime
|
791
791
|
prerelease: false
|
792
792
|
version_requirements: !ruby/object:Gem::Requirement
|
793
793
|
requirements:
|
794
794
|
- - '='
|
795
795
|
- !ruby/object:Gem::Version
|
796
|
-
version: 2.
|
796
|
+
version: 2.21.0
|
797
797
|
- !ruby/object:Gem::Dependency
|
798
798
|
name: ruby-audio
|
799
799
|
requirement: !ruby/object:Gem::Requirement
|