pwn 0.4.673 → 0.4.676
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +2 -2
- data/bin/pwn_nmap_discover_tcp_udp +136 -42
- data/lib/pwn/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fa9249af262af0f9d2dbaea4245691d09da20bc452967e60095ff4c28a404eba
|
4
|
+
data.tar.gz: 02b24daf26e3107a37e25392e27fd4176a0a7c8af63f41d3f8c38bf2d3207abc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c648625f56139d973443eee4ba91478e6b9a6e67db1d38c65a86de2b8cba6b245046616a426d9c8ed865b1a20250744b4d5eaf158022b218e58d3ab9051edfbb
|
7
|
+
data.tar.gz: 3955ada6705bfefdc4ec255e60de2b9579dba5407e8ebb36cad2a20ed96ba89cb5285ab540ed0974bab11d381cf7cb2a35da63e81bf39212f388cd4e579bc9c0
|
data/Gemfile
CHANGED
@@ -66,7 +66,7 @@ gem 'rspec', '3.12.0'
|
|
66
66
|
gem 'rtesseract', '3.1.2'
|
67
67
|
gem 'rubocop', '1.50.2'
|
68
68
|
gem 'rubocop-rake', '0.6.0'
|
69
|
-
gem 'rubocop-rspec', '2.
|
69
|
+
gem 'rubocop-rspec', '2.21.0'
|
70
70
|
gem 'ruby-audio', '1.6.1'
|
71
71
|
gem 'ruby-nmap', '1.0.1'
|
72
72
|
gem 'ruby-saml', '1.15.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.676]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.676]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -3,6 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'optparse'
|
5
5
|
require 'pwn'
|
6
|
+
require 'time'
|
6
7
|
|
7
8
|
opts = {}
|
8
9
|
OptionParser.new do |options|
|
@@ -10,8 +11,8 @@ OptionParser.new do |options|
|
|
10
11
|
#{$PROGRAM_NAME} [opts]
|
11
12
|
"
|
12
13
|
|
13
|
-
options.on('-
|
14
|
-
opts[:
|
14
|
+
options.on('-tRANGE', '--target-range=RANGE', '<Required - nmap supported host || ip range e.g. foo.bar, 192.168.1.1-20, 192.168.1.0/24, etc>') do |t|
|
15
|
+
opts[:target_range] = t
|
15
16
|
end
|
16
17
|
|
17
18
|
options.on('-eFILE', '--target-exclude-file=FILE', '<Optional - nmap excludes file>') do |e|
|
@@ -32,7 +33,14 @@ if opts.empty?
|
|
32
33
|
exit 1
|
33
34
|
end
|
34
35
|
|
35
|
-
|
36
|
+
ftimestr = '%Y-%m-%d %H:%M:%S.%N%z'
|
37
|
+
started_at = Time.now.strftime(ftimestr)
|
38
|
+
started_at_parse = Time.parse(started_at)
|
39
|
+
banner = '-' * 64
|
40
|
+
puts "\n\n\n#{banner}"
|
41
|
+
puts "- STARTED: #{started_at} "
|
42
|
+
|
43
|
+
target_range = opts[:target_range]
|
36
44
|
exclude_file = opts[:exclude_file]
|
37
45
|
exclude_file ||= '/tmp/nmap_targets_exclude.txt'
|
38
46
|
interface = opts[:interface]
|
@@ -49,28 +57,24 @@ nmap_results_root = File.dirname(exclude_file)
|
|
49
57
|
FileUtils.mkdir_p nmap_results_root
|
50
58
|
puts "nmap Results Saved in: #{nmap_results_root}"
|
51
59
|
|
52
|
-
|
60
|
+
discovery_tcp_ports = {
|
53
61
|
ftp: 21,
|
54
62
|
ssh: 22,
|
55
63
|
telnet: 23,
|
56
64
|
smtp: 25,
|
57
|
-
dns: 53,
|
58
65
|
http: 80,
|
59
66
|
pop3: 110,
|
60
|
-
rpc: 111,
|
61
67
|
ident: 113,
|
62
|
-
|
68
|
+
msrpc: 135,
|
63
69
|
netbios_name_service: 137,
|
64
70
|
netbios_session_service: 139,
|
65
71
|
imap: 143,
|
66
|
-
snmp: 161,
|
67
72
|
ldap: 389,
|
68
73
|
https: 443,
|
69
74
|
smb: 445,
|
70
75
|
smtps: 465,
|
71
76
|
remote_process: 512,
|
72
77
|
login: 513,
|
73
|
-
rsh: 514,
|
74
78
|
ldaps: 636,
|
75
79
|
rsync: 873,
|
76
80
|
imaps: 993,
|
@@ -84,13 +88,12 @@ discovery_ports = {
|
|
84
88
|
rdp: 3389,
|
85
89
|
meterpreter: 4444,
|
86
90
|
upnp: 5000,
|
87
|
-
sip: 5060,
|
88
91
|
postgres: 5432,
|
89
92
|
postgres_alt: 5433,
|
90
93
|
amqp: 5672,
|
91
94
|
vnc: 5900,
|
92
95
|
vncs: 5901,
|
93
|
-
|
96
|
+
x11: 6000,
|
94
97
|
irc: 6667,
|
95
98
|
http_alt: 8080,
|
96
99
|
https_alt: 8443,
|
@@ -99,10 +102,34 @@ discovery_ports = {
|
|
99
102
|
http_alt4: 9999
|
100
103
|
}
|
101
104
|
|
105
|
+
discovery_udp_ports = {
|
106
|
+
dns: 53,
|
107
|
+
dhcp: 67,
|
108
|
+
dhcp_client: 68,
|
109
|
+
tftp: 69,
|
110
|
+
nfs: 111,
|
111
|
+
ntp: 123,
|
112
|
+
snmp: 161,
|
113
|
+
snmp_traps: 162,
|
114
|
+
syslog: 514,
|
115
|
+
rip: 520,
|
116
|
+
iax: 4569,
|
117
|
+
sip: 5060,
|
118
|
+
mdns: 5353
|
119
|
+
}
|
120
|
+
|
121
|
+
discovery_sctp_ports = {
|
122
|
+
sigtran: 2905,
|
123
|
+
stl: 5000,
|
124
|
+
sap: 5004,
|
125
|
+
turn_ip: 5766,
|
126
|
+
sicc: 38_412
|
127
|
+
}
|
128
|
+
|
102
129
|
target_file = "#{nmap_results_root}/nmap_targets.txt"
|
103
|
-
latest_discovery_results = "#{nmap_results_root}/
|
104
|
-
latest_tcp_results = "#{nmap_results_root}/
|
105
|
-
latest_udp_results = "#{nmap_results_root}/
|
130
|
+
latest_discovery_results = "#{nmap_results_root}/nmap_discovery_results.xml"
|
131
|
+
latest_tcp_results = "#{nmap_results_root}/nmap_tcp_results"
|
132
|
+
latest_udp_results = "#{nmap_results_root}/nmap_udp_results"
|
106
133
|
|
107
134
|
begin
|
108
135
|
# Per man nmap:
|
@@ -124,21 +151,30 @@ begin
|
|
124
151
|
# Target Discovery Scan
|
125
152
|
# Using -T5 template to reduce number of
|
126
153
|
# retransmission attempts on filtered ports.
|
154
|
+
puts "\n\n\n#{banner}"
|
155
|
+
puts '- PHASE 1: Target Discovery'
|
127
156
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
157
|
+
if with_tor
|
158
|
+
nmap.syn_discovery = discovery_tcp_ports.values
|
159
|
+
nmap.ack_discovery = discovery_tcp_ports.values
|
160
|
+
else
|
161
|
+
nmap.ping = true
|
162
|
+
nmap.arp_ping = true
|
163
|
+
nmap.icmp_echo_discovery = true
|
164
|
+
nmap.icmp_timestamp_discovery = true
|
165
|
+
nmap.udp_discovery = discovery_udp_ports.values
|
166
|
+
nmap.sctp_init_ping = discovery_sctp_ports.values
|
167
|
+
end
|
168
|
+
nmap.verbose = true
|
128
169
|
nmap.exclude_file = exclude_file
|
129
170
|
nmap.interface = interface
|
130
171
|
nmap.insane_timing = true
|
131
|
-
nmap.
|
132
|
-
nmap.
|
133
|
-
nmap.icmp_echo_discovery = true
|
134
|
-
nmap.icmp_timestamp_discovery = true
|
135
|
-
nmap.syn_discovery = discovery_ports.values
|
136
|
-
nmap.ack_discovery = discovery_ports.values
|
137
|
-
nmap.udp_discovery = discovery_ports.values
|
138
|
-
nmap.sctp_init_ping = discovery_ports.values
|
139
|
-
nmap.output_all = latest_discovery_results
|
140
|
-
nmap.targets = ip_range
|
172
|
+
nmap.output_xml = latest_discovery_results
|
173
|
+
nmap.targets = target_range
|
141
174
|
nmap.randomize_hosts = true
|
175
|
+
nmap.min_parallelism = 36
|
176
|
+
nmap.max_retries = 3
|
177
|
+
nmap.max_scan_delay = 3
|
142
178
|
nmap.proxies = proxy if with_tor
|
143
179
|
end
|
144
180
|
|
@@ -146,76 +182,134 @@ begin
|
|
146
182
|
# taking into consideration IPs to skip scans
|
147
183
|
File.open(target_file, 'w') do |f|
|
148
184
|
PWN::Plugins::NmapIt.parse_xml_results(
|
149
|
-
xml_file:
|
185
|
+
xml_file: latest_discovery_results
|
150
186
|
) do |xml|
|
151
187
|
xml.each_host do |host|
|
152
|
-
|
188
|
+
next if File.read(exclude_file).include?(host.ip) ||
|
189
|
+
host.status.state != :up
|
190
|
+
|
191
|
+
hosts_arr = host.hostnames.map { |h| h[:name] }
|
192
|
+
f.print host.ip
|
193
|
+
f.puts " # { \"hostnames\": #{hosts_arr}}, \"mac\": \"#{host.mac}\" }"
|
153
194
|
end
|
154
195
|
end
|
155
196
|
end
|
197
|
+
|
198
|
+
# Produce a good targets.txt redacting duplicates
|
156
199
|
sorted_targets = File.readlines(target_file).sort.join
|
157
200
|
File.write(target_file, sorted_targets)
|
158
201
|
|
202
|
+
phase1_ended_at = Time.now.strftime(ftimestr)
|
203
|
+
phase1_ended_at_parse = Time.parse(phase1_ended_at)
|
204
|
+
elapsed_in_seconds = (phase1_ended_at_parse - started_at_parse).to_f
|
205
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
206
|
+
puts "\n\n\n#{banner}"
|
207
|
+
puts "- DISCOVERY COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
208
|
+
|
209
|
+
puts "\n\n\n#{banner}"
|
210
|
+
puts '- PHASE 2: TCP Port Scanning'
|
211
|
+
phase2_started_at = Time.now.strftime(ftimestr)
|
212
|
+
phase2_started_at_parse = Time.parse(phase2_started_at)
|
213
|
+
|
159
214
|
# Switch Tor Exit Node if with_tor
|
160
|
-
|
215
|
+
if with_tor
|
216
|
+
puts "\n\n\n#{banner}"
|
217
|
+
puts '- INFO: Switching to Clean Tor Circuit...'
|
218
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
|
219
|
+
end
|
161
220
|
|
162
221
|
# TCP Scan
|
163
222
|
# Using -T5 template to reduce number of
|
164
223
|
# retransmission attempts on filtered ports.
|
165
224
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
225
|
+
nmap.verbose = true
|
166
226
|
nmap.target_file = target_file
|
167
227
|
nmap.randomize_hosts = true
|
168
228
|
nmap.show_reason = true
|
169
229
|
nmap.exclude_file = exclude_file
|
170
230
|
nmap.interface = interface
|
171
|
-
nmap.min_host_group =
|
172
|
-
nmap.host_timeout = '
|
231
|
+
nmap.min_host_group = 9
|
232
|
+
nmap.host_timeout = '36m'
|
173
233
|
nmap.insane_timing = true
|
174
234
|
nmap.skip_discovery = true
|
175
235
|
nmap.syn_scan = true
|
176
236
|
nmap.default_script = true
|
177
237
|
nmap.update_scriptdb = true
|
178
|
-
nmap.service_scan = true
|
179
|
-
nmap.os_fingerprint = true
|
180
|
-
nmap.verbose = true
|
181
|
-
nmap.all = true
|
182
238
|
nmap.ports = [1..65_535]
|
183
239
|
nmap.output_all = latest_tcp_results
|
240
|
+
nmap.min_parallelism = 36
|
241
|
+
nmap.max_retries = 3
|
242
|
+
nmap.max_scan_delay = 3
|
184
243
|
nmap.proxies = proxy if with_tor
|
185
244
|
end
|
186
245
|
FileUtils.cp("#{latest_tcp_results}.nmap", "#{latest_tcp_results}.txt")
|
246
|
+
phase2_ended_at = Time.now.strftime(ftimestr)
|
247
|
+
phase2_ended_at_parse = Time.parse(phase2_ended_at)
|
248
|
+
elapsed_in_seconds = (phase2_ended_at_parse - phase2_started_at).to_f
|
249
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
250
|
+
puts "\n\n\n#{banner}"
|
251
|
+
puts "- TCP SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
252
|
+
|
253
|
+
puts "\n\n\n#{banner}"
|
254
|
+
puts '- PHASE 3: UDP Port Scanning'
|
255
|
+
phase3_started_at = Time.now.strftime(ftimestr)
|
256
|
+
phase3_started_at_parse = Time.parse(phase3_started_at)
|
187
257
|
|
188
258
|
# Switch Tor Exit Node if with_tor
|
189
|
-
|
259
|
+
if with_tor
|
260
|
+
puts "\n\n\n#{banner}"
|
261
|
+
puts '- INFO: Switching to Clean Tor Circuit...'
|
262
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
|
263
|
+
end
|
190
264
|
|
191
265
|
# UDP Scan
|
192
266
|
# Using -T5 template to reduce number of
|
193
267
|
# retransmission attempts on filtered ports.
|
194
268
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
269
|
+
unless with_tor
|
270
|
+
nmap.default_script = true
|
271
|
+
nmap.update_scriptdb = true
|
272
|
+
end
|
273
|
+
nmap.verbose = true
|
195
274
|
nmap.target_file = target_file
|
275
|
+
nmap.fast = true
|
196
276
|
nmap.randomize_hosts = true
|
197
277
|
nmap.show_reason = true
|
198
278
|
nmap.exclude_file = exclude_file
|
199
279
|
nmap.interface = interface
|
200
|
-
nmap.min_host_group =
|
201
|
-
nmap.host_timeout = '
|
280
|
+
nmap.min_host_group = 9
|
281
|
+
nmap.host_timeout = '3m'
|
202
282
|
nmap.insane_timing = true
|
203
283
|
nmap.skip_discovery = true
|
204
284
|
nmap.udp_scan = true
|
205
|
-
nmap.default_script = true
|
206
|
-
nmap.update_scriptdb = true
|
207
|
-
nmap.service_scan = true
|
208
|
-
nmap.os_fingerprint = true
|
209
|
-
nmap.verbose = true
|
210
|
-
nmap.all = true
|
211
285
|
nmap.output_all = latest_udp_results
|
286
|
+
nmap.min_parallelism = 36
|
287
|
+
nmap.max_retries = 0
|
288
|
+
nmap.max_scan_delay = 3
|
289
|
+
nmap.data_length = Random.rand(1..256)
|
212
290
|
nmap.proxies = proxy if with_tor
|
213
291
|
end
|
214
292
|
FileUtils.cp("#{latest_udp_results}.nmap", "#{latest_udp_results}.txt")
|
293
|
+
phase3_ended_at = Time.now.strftime(ftimestr)
|
294
|
+
phase3_ended_at_parse = Time.parse(phase3_ended_at)
|
295
|
+
elapsed_in_seconds = (phase3_ended_at_parse - phase3_started_at).to_f
|
296
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
297
|
+
puts "\n\n\n#{banner}"
|
298
|
+
puts "- UDP SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
215
299
|
rescue SystemExit, Interrupt
|
216
300
|
puts "\nGoodbye."
|
217
301
|
rescue StandardError => e
|
218
302
|
raise e
|
219
303
|
ensure
|
220
304
|
tor_obj = PWN::Plugins::Tor.stop(tor_obj: tor_obj) if with_tor
|
305
|
+
ended_at = Time.now.strftime(ftimestr)
|
306
|
+
puts "\n\n\n#{banner}"
|
307
|
+
puts "- ENDED: #{ended_at}"
|
308
|
+
|
309
|
+
ended_at_parse = Time.parse(ended_at)
|
310
|
+
elapsed_in_seconds = (ended_at_parse - started_at_parse).to_f
|
311
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
312
|
+
puts "\n\n\n#{banner}"
|
313
|
+
puts "- SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
314
|
+
puts banner
|
221
315
|
end
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.676
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-05-
|
11
|
+
date: 2023-05-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -786,14 +786,14 @@ dependencies:
|
|
786
786
|
requirements:
|
787
787
|
- - '='
|
788
788
|
- !ruby/object:Gem::Version
|
789
|
-
version: 2.
|
789
|
+
version: 2.21.0
|
790
790
|
type: :runtime
|
791
791
|
prerelease: false
|
792
792
|
version_requirements: !ruby/object:Gem::Requirement
|
793
793
|
requirements:
|
794
794
|
- - '='
|
795
795
|
- !ruby/object:Gem::Version
|
796
|
-
version: 2.
|
796
|
+
version: 2.21.0
|
797
797
|
- !ruby/object:Gem::Dependency
|
798
798
|
name: ruby-audio
|
799
799
|
requirement: !ruby/object:Gem::Requirement
|