pwn 0.4.673 → 0.4.676
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +2 -2
- data/bin/pwn_nmap_discover_tcp_udp +136 -42
- data/lib/pwn/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fa9249af262af0f9d2dbaea4245691d09da20bc452967e60095ff4c28a404eba
|
|
4
|
+
data.tar.gz: 02b24daf26e3107a37e25392e27fd4176a0a7c8af63f41d3f8c38bf2d3207abc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c648625f56139d973443eee4ba91478e6b9a6e67db1d38c65a86de2b8cba6b245046616a426d9c8ed865b1a20250744b4d5eaf158022b218e58d3ab9051edfbb
|
|
7
|
+
data.tar.gz: 3955ada6705bfefdc4ec255e60de2b9579dba5407e8ebb36cad2a20ed96ba89cb5285ab540ed0974bab11d381cf7cb2a35da63e81bf39212f388cd4e579bc9c0
|
data/Gemfile
CHANGED
|
@@ -66,7 +66,7 @@ gem 'rspec', '3.12.0'
|
|
|
66
66
|
gem 'rtesseract', '3.1.2'
|
|
67
67
|
gem 'rubocop', '1.50.2'
|
|
68
68
|
gem 'rubocop-rake', '0.6.0'
|
|
69
|
-
gem 'rubocop-rspec', '2.
|
|
69
|
+
gem 'rubocop-rspec', '2.21.0'
|
|
70
70
|
gem 'ruby-audio', '1.6.1'
|
|
71
71
|
gem 'ruby-nmap', '1.0.1'
|
|
72
72
|
gem 'ruby-saml', '1.15.0'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
37
37
|
$ rvm list gemsets
|
|
38
38
|
$ gem install --verbose pwn
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.4.
|
|
40
|
+
pwn[v0.4.676]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.4.
|
|
55
|
+
pwn[v0.4.676]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
|
|
4
4
|
require 'optparse'
|
|
5
5
|
require 'pwn'
|
|
6
|
+
require 'time'
|
|
6
7
|
|
|
7
8
|
opts = {}
|
|
8
9
|
OptionParser.new do |options|
|
|
@@ -10,8 +11,8 @@ OptionParser.new do |options|
|
|
|
10
11
|
#{$PROGRAM_NAME} [opts]
|
|
11
12
|
"
|
|
12
13
|
|
|
13
|
-
options.on('-
|
|
14
|
-
opts[:
|
|
14
|
+
options.on('-tRANGE', '--target-range=RANGE', '<Required - nmap supported host || ip range e.g. foo.bar, 192.168.1.1-20, 192.168.1.0/24, etc>') do |t|
|
|
15
|
+
opts[:target_range] = t
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
options.on('-eFILE', '--target-exclude-file=FILE', '<Optional - nmap excludes file>') do |e|
|
|
@@ -32,7 +33,14 @@ if opts.empty?
|
|
|
32
33
|
exit 1
|
|
33
34
|
end
|
|
34
35
|
|
|
35
|
-
|
|
36
|
+
ftimestr = '%Y-%m-%d %H:%M:%S.%N%z'
|
|
37
|
+
started_at = Time.now.strftime(ftimestr)
|
|
38
|
+
started_at_parse = Time.parse(started_at)
|
|
39
|
+
banner = '-' * 64
|
|
40
|
+
puts "\n\n\n#{banner}"
|
|
41
|
+
puts "- STARTED: #{started_at} "
|
|
42
|
+
|
|
43
|
+
target_range = opts[:target_range]
|
|
36
44
|
exclude_file = opts[:exclude_file]
|
|
37
45
|
exclude_file ||= '/tmp/nmap_targets_exclude.txt'
|
|
38
46
|
interface = opts[:interface]
|
|
@@ -49,28 +57,24 @@ nmap_results_root = File.dirname(exclude_file)
|
|
|
49
57
|
FileUtils.mkdir_p nmap_results_root
|
|
50
58
|
puts "nmap Results Saved in: #{nmap_results_root}"
|
|
51
59
|
|
|
52
|
-
|
|
60
|
+
discovery_tcp_ports = {
|
|
53
61
|
ftp: 21,
|
|
54
62
|
ssh: 22,
|
|
55
63
|
telnet: 23,
|
|
56
64
|
smtp: 25,
|
|
57
|
-
dns: 53,
|
|
58
65
|
http: 80,
|
|
59
66
|
pop3: 110,
|
|
60
|
-
rpc: 111,
|
|
61
67
|
ident: 113,
|
|
62
|
-
|
|
68
|
+
msrpc: 135,
|
|
63
69
|
netbios_name_service: 137,
|
|
64
70
|
netbios_session_service: 139,
|
|
65
71
|
imap: 143,
|
|
66
|
-
snmp: 161,
|
|
67
72
|
ldap: 389,
|
|
68
73
|
https: 443,
|
|
69
74
|
smb: 445,
|
|
70
75
|
smtps: 465,
|
|
71
76
|
remote_process: 512,
|
|
72
77
|
login: 513,
|
|
73
|
-
rsh: 514,
|
|
74
78
|
ldaps: 636,
|
|
75
79
|
rsync: 873,
|
|
76
80
|
imaps: 993,
|
|
@@ -84,13 +88,12 @@ discovery_ports = {
|
|
|
84
88
|
rdp: 3389,
|
|
85
89
|
meterpreter: 4444,
|
|
86
90
|
upnp: 5000,
|
|
87
|
-
sip: 5060,
|
|
88
91
|
postgres: 5432,
|
|
89
92
|
postgres_alt: 5433,
|
|
90
93
|
amqp: 5672,
|
|
91
94
|
vnc: 5900,
|
|
92
95
|
vncs: 5901,
|
|
93
|
-
|
|
96
|
+
x11: 6000,
|
|
94
97
|
irc: 6667,
|
|
95
98
|
http_alt: 8080,
|
|
96
99
|
https_alt: 8443,
|
|
@@ -99,10 +102,34 @@ discovery_ports = {
|
|
|
99
102
|
http_alt4: 9999
|
|
100
103
|
}
|
|
101
104
|
|
|
105
|
+
discovery_udp_ports = {
|
|
106
|
+
dns: 53,
|
|
107
|
+
dhcp: 67,
|
|
108
|
+
dhcp_client: 68,
|
|
109
|
+
tftp: 69,
|
|
110
|
+
nfs: 111,
|
|
111
|
+
ntp: 123,
|
|
112
|
+
snmp: 161,
|
|
113
|
+
snmp_traps: 162,
|
|
114
|
+
syslog: 514,
|
|
115
|
+
rip: 520,
|
|
116
|
+
iax: 4569,
|
|
117
|
+
sip: 5060,
|
|
118
|
+
mdns: 5353
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
discovery_sctp_ports = {
|
|
122
|
+
sigtran: 2905,
|
|
123
|
+
stl: 5000,
|
|
124
|
+
sap: 5004,
|
|
125
|
+
turn_ip: 5766,
|
|
126
|
+
sicc: 38_412
|
|
127
|
+
}
|
|
128
|
+
|
|
102
129
|
target_file = "#{nmap_results_root}/nmap_targets.txt"
|
|
103
|
-
latest_discovery_results = "#{nmap_results_root}/
|
|
104
|
-
latest_tcp_results = "#{nmap_results_root}/
|
|
105
|
-
latest_udp_results = "#{nmap_results_root}/
|
|
130
|
+
latest_discovery_results = "#{nmap_results_root}/nmap_discovery_results.xml"
|
|
131
|
+
latest_tcp_results = "#{nmap_results_root}/nmap_tcp_results"
|
|
132
|
+
latest_udp_results = "#{nmap_results_root}/nmap_udp_results"
|
|
106
133
|
|
|
107
134
|
begin
|
|
108
135
|
# Per man nmap:
|
|
@@ -124,21 +151,30 @@ begin
|
|
|
124
151
|
# Target Discovery Scan
|
|
125
152
|
# Using -T5 template to reduce number of
|
|
126
153
|
# retransmission attempts on filtered ports.
|
|
154
|
+
puts "\n\n\n#{banner}"
|
|
155
|
+
puts '- PHASE 1: Target Discovery'
|
|
127
156
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
|
157
|
+
if with_tor
|
|
158
|
+
nmap.syn_discovery = discovery_tcp_ports.values
|
|
159
|
+
nmap.ack_discovery = discovery_tcp_ports.values
|
|
160
|
+
else
|
|
161
|
+
nmap.ping = true
|
|
162
|
+
nmap.arp_ping = true
|
|
163
|
+
nmap.icmp_echo_discovery = true
|
|
164
|
+
nmap.icmp_timestamp_discovery = true
|
|
165
|
+
nmap.udp_discovery = discovery_udp_ports.values
|
|
166
|
+
nmap.sctp_init_ping = discovery_sctp_ports.values
|
|
167
|
+
end
|
|
168
|
+
nmap.verbose = true
|
|
128
169
|
nmap.exclude_file = exclude_file
|
|
129
170
|
nmap.interface = interface
|
|
130
171
|
nmap.insane_timing = true
|
|
131
|
-
nmap.
|
|
132
|
-
nmap.
|
|
133
|
-
nmap.icmp_echo_discovery = true
|
|
134
|
-
nmap.icmp_timestamp_discovery = true
|
|
135
|
-
nmap.syn_discovery = discovery_ports.values
|
|
136
|
-
nmap.ack_discovery = discovery_ports.values
|
|
137
|
-
nmap.udp_discovery = discovery_ports.values
|
|
138
|
-
nmap.sctp_init_ping = discovery_ports.values
|
|
139
|
-
nmap.output_all = latest_discovery_results
|
|
140
|
-
nmap.targets = ip_range
|
|
172
|
+
nmap.output_xml = latest_discovery_results
|
|
173
|
+
nmap.targets = target_range
|
|
141
174
|
nmap.randomize_hosts = true
|
|
175
|
+
nmap.min_parallelism = 36
|
|
176
|
+
nmap.max_retries = 3
|
|
177
|
+
nmap.max_scan_delay = 3
|
|
142
178
|
nmap.proxies = proxy if with_tor
|
|
143
179
|
end
|
|
144
180
|
|
|
@@ -146,76 +182,134 @@ begin
|
|
|
146
182
|
# taking into consideration IPs to skip scans
|
|
147
183
|
File.open(target_file, 'w') do |f|
|
|
148
184
|
PWN::Plugins::NmapIt.parse_xml_results(
|
|
149
|
-
xml_file:
|
|
185
|
+
xml_file: latest_discovery_results
|
|
150
186
|
) do |xml|
|
|
151
187
|
xml.each_host do |host|
|
|
152
|
-
|
|
188
|
+
next if File.read(exclude_file).include?(host.ip) ||
|
|
189
|
+
host.status.state != :up
|
|
190
|
+
|
|
191
|
+
hosts_arr = host.hostnames.map { |h| h[:name] }
|
|
192
|
+
f.print host.ip
|
|
193
|
+
f.puts " # { \"hostnames\": #{hosts_arr}}, \"mac\": \"#{host.mac}\" }"
|
|
153
194
|
end
|
|
154
195
|
end
|
|
155
196
|
end
|
|
197
|
+
|
|
198
|
+
# Produce a good targets.txt redacting duplicates
|
|
156
199
|
sorted_targets = File.readlines(target_file).sort.join
|
|
157
200
|
File.write(target_file, sorted_targets)
|
|
158
201
|
|
|
202
|
+
phase1_ended_at = Time.now.strftime(ftimestr)
|
|
203
|
+
phase1_ended_at_parse = Time.parse(phase1_ended_at)
|
|
204
|
+
elapsed_in_seconds = (phase1_ended_at_parse - started_at_parse).to_f
|
|
205
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
|
206
|
+
puts "\n\n\n#{banner}"
|
|
207
|
+
puts "- DISCOVERY COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
|
208
|
+
|
|
209
|
+
puts "\n\n\n#{banner}"
|
|
210
|
+
puts '- PHASE 2: TCP Port Scanning'
|
|
211
|
+
phase2_started_at = Time.now.strftime(ftimestr)
|
|
212
|
+
phase2_started_at_parse = Time.parse(phase2_started_at)
|
|
213
|
+
|
|
159
214
|
# Switch Tor Exit Node if with_tor
|
|
160
|
-
|
|
215
|
+
if with_tor
|
|
216
|
+
puts "\n\n\n#{banner}"
|
|
217
|
+
puts '- INFO: Switching to Clean Tor Circuit...'
|
|
218
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
|
|
219
|
+
end
|
|
161
220
|
|
|
162
221
|
# TCP Scan
|
|
163
222
|
# Using -T5 template to reduce number of
|
|
164
223
|
# retransmission attempts on filtered ports.
|
|
165
224
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
|
225
|
+
nmap.verbose = true
|
|
166
226
|
nmap.target_file = target_file
|
|
167
227
|
nmap.randomize_hosts = true
|
|
168
228
|
nmap.show_reason = true
|
|
169
229
|
nmap.exclude_file = exclude_file
|
|
170
230
|
nmap.interface = interface
|
|
171
|
-
nmap.min_host_group =
|
|
172
|
-
nmap.host_timeout = '
|
|
231
|
+
nmap.min_host_group = 9
|
|
232
|
+
nmap.host_timeout = '36m'
|
|
173
233
|
nmap.insane_timing = true
|
|
174
234
|
nmap.skip_discovery = true
|
|
175
235
|
nmap.syn_scan = true
|
|
176
236
|
nmap.default_script = true
|
|
177
237
|
nmap.update_scriptdb = true
|
|
178
|
-
nmap.service_scan = true
|
|
179
|
-
nmap.os_fingerprint = true
|
|
180
|
-
nmap.verbose = true
|
|
181
|
-
nmap.all = true
|
|
182
238
|
nmap.ports = [1..65_535]
|
|
183
239
|
nmap.output_all = latest_tcp_results
|
|
240
|
+
nmap.min_parallelism = 36
|
|
241
|
+
nmap.max_retries = 3
|
|
242
|
+
nmap.max_scan_delay = 3
|
|
184
243
|
nmap.proxies = proxy if with_tor
|
|
185
244
|
end
|
|
186
245
|
FileUtils.cp("#{latest_tcp_results}.nmap", "#{latest_tcp_results}.txt")
|
|
246
|
+
phase2_ended_at = Time.now.strftime(ftimestr)
|
|
247
|
+
phase2_ended_at_parse = Time.parse(phase2_ended_at)
|
|
248
|
+
elapsed_in_seconds = (phase2_ended_at_parse - phase2_started_at).to_f
|
|
249
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
|
250
|
+
puts "\n\n\n#{banner}"
|
|
251
|
+
puts "- TCP SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
|
252
|
+
|
|
253
|
+
puts "\n\n\n#{banner}"
|
|
254
|
+
puts '- PHASE 3: UDP Port Scanning'
|
|
255
|
+
phase3_started_at = Time.now.strftime(ftimestr)
|
|
256
|
+
phase3_started_at_parse = Time.parse(phase3_started_at)
|
|
187
257
|
|
|
188
258
|
# Switch Tor Exit Node if with_tor
|
|
189
|
-
|
|
259
|
+
if with_tor
|
|
260
|
+
puts "\n\n\n#{banner}"
|
|
261
|
+
puts '- INFO: Switching to Clean Tor Circuit...'
|
|
262
|
+
PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
|
|
263
|
+
end
|
|
190
264
|
|
|
191
265
|
# UDP Scan
|
|
192
266
|
# Using -T5 template to reduce number of
|
|
193
267
|
# retransmission attempts on filtered ports.
|
|
194
268
|
PWN::Plugins::NmapIt.port_scan do |nmap|
|
|
269
|
+
unless with_tor
|
|
270
|
+
nmap.default_script = true
|
|
271
|
+
nmap.update_scriptdb = true
|
|
272
|
+
end
|
|
273
|
+
nmap.verbose = true
|
|
195
274
|
nmap.target_file = target_file
|
|
275
|
+
nmap.fast = true
|
|
196
276
|
nmap.randomize_hosts = true
|
|
197
277
|
nmap.show_reason = true
|
|
198
278
|
nmap.exclude_file = exclude_file
|
|
199
279
|
nmap.interface = interface
|
|
200
|
-
nmap.min_host_group =
|
|
201
|
-
nmap.host_timeout = '
|
|
280
|
+
nmap.min_host_group = 9
|
|
281
|
+
nmap.host_timeout = '3m'
|
|
202
282
|
nmap.insane_timing = true
|
|
203
283
|
nmap.skip_discovery = true
|
|
204
284
|
nmap.udp_scan = true
|
|
205
|
-
nmap.default_script = true
|
|
206
|
-
nmap.update_scriptdb = true
|
|
207
|
-
nmap.service_scan = true
|
|
208
|
-
nmap.os_fingerprint = true
|
|
209
|
-
nmap.verbose = true
|
|
210
|
-
nmap.all = true
|
|
211
285
|
nmap.output_all = latest_udp_results
|
|
286
|
+
nmap.min_parallelism = 36
|
|
287
|
+
nmap.max_retries = 0
|
|
288
|
+
nmap.max_scan_delay = 3
|
|
289
|
+
nmap.data_length = Random.rand(1..256)
|
|
212
290
|
nmap.proxies = proxy if with_tor
|
|
213
291
|
end
|
|
214
292
|
FileUtils.cp("#{latest_udp_results}.nmap", "#{latest_udp_results}.txt")
|
|
293
|
+
phase3_ended_at = Time.now.strftime(ftimestr)
|
|
294
|
+
phase3_ended_at_parse = Time.parse(phase3_ended_at)
|
|
295
|
+
elapsed_in_seconds = (phase3_ended_at_parse - phase3_started_at).to_f
|
|
296
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
|
297
|
+
puts "\n\n\n#{banner}"
|
|
298
|
+
puts "- UDP SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
|
215
299
|
rescue SystemExit, Interrupt
|
|
216
300
|
puts "\nGoodbye."
|
|
217
301
|
rescue StandardError => e
|
|
218
302
|
raise e
|
|
219
303
|
ensure
|
|
220
304
|
tor_obj = PWN::Plugins::Tor.stop(tor_obj: tor_obj) if with_tor
|
|
305
|
+
ended_at = Time.now.strftime(ftimestr)
|
|
306
|
+
puts "\n\n\n#{banner}"
|
|
307
|
+
puts "- ENDED: #{ended_at}"
|
|
308
|
+
|
|
309
|
+
ended_at_parse = Time.parse(ended_at)
|
|
310
|
+
elapsed_in_seconds = (ended_at_parse - started_at_parse).to_f
|
|
311
|
+
fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
|
|
312
|
+
puts "\n\n\n#{banner}"
|
|
313
|
+
puts "- SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
|
|
314
|
+
puts banner
|
|
221
315
|
end
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.676
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-05-
|
|
11
|
+
date: 2023-05-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -786,14 +786,14 @@ dependencies:
|
|
|
786
786
|
requirements:
|
|
787
787
|
- - '='
|
|
788
788
|
- !ruby/object:Gem::Version
|
|
789
|
-
version: 2.
|
|
789
|
+
version: 2.21.0
|
|
790
790
|
type: :runtime
|
|
791
791
|
prerelease: false
|
|
792
792
|
version_requirements: !ruby/object:Gem::Requirement
|
|
793
793
|
requirements:
|
|
794
794
|
- - '='
|
|
795
795
|
- !ruby/object:Gem::Version
|
|
796
|
-
version: 2.
|
|
796
|
+
version: 2.21.0
|
|
797
797
|
- !ruby/object:Gem::Dependency
|
|
798
798
|
name: ruby-audio
|
|
799
799
|
requirement: !ruby/object:Gem::Requirement
|