pwn 0.4.673 → 0.4.676

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/README.md +2 -2
  4. data/bin/pwn_nmap_discover_tcp_udp +136 -42
  5. data/lib/pwn/version.rb +1 -1
  6. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 66259ccdc59be89f796f56e88a20f9eb5bef320c46a4b7fc268b62f664e50c6e
4
- data.tar.gz: 162ad18b794121a96802d6f5de739b4fc22eb8c0dda0a780fc6144fedc107af3
3
+ metadata.gz: fa9249af262af0f9d2dbaea4245691d09da20bc452967e60095ff4c28a404eba
4
+ data.tar.gz: 02b24daf26e3107a37e25392e27fd4176a0a7c8af63f41d3f8c38bf2d3207abc
5
5
  SHA512:
6
- metadata.gz: 2e6515b72bf8b01805b50cc9e5bb701edf2fb725182c1a1c425188e8d2542badd19cd93cbdf4c358fc2c2cfcb9c49341b4322cc76d596a200548eebe73c4ffd4
7
- data.tar.gz: 846a1b1ca1f1ef9bc2affdb57ea1accf45f210e86085da968b54d01e45e9f6d6103f8108a7ef7a2888f4ebadd57988f68afafea86925f8c7c4867915388c36a7
6
+ metadata.gz: c648625f56139d973443eee4ba91478e6b9a6e67db1d38c65a86de2b8cba6b245046616a426d9c8ed865b1a20250744b4d5eaf158022b218e58d3ab9051edfbb
7
+ data.tar.gz: 3955ada6705bfefdc4ec255e60de2b9579dba5407e8ebb36cad2a20ed96ba89cb5285ab540ed0974bab11d381cf7cb2a35da63e81bf39212f388cd4e579bc9c0
data/Gemfile CHANGED
@@ -66,7 +66,7 @@ gem 'rspec', '3.12.0'
66
66
  gem 'rtesseract', '3.1.2'
67
67
  gem 'rubocop', '1.50.2'
68
68
  gem 'rubocop-rake', '0.6.0'
69
- gem 'rubocop-rspec', '2.20.0'
69
+ gem 'rubocop-rspec', '2.21.0'
70
70
  gem 'ruby-audio', '1.6.1'
71
71
  gem 'ruby-nmap', '1.0.1'
72
72
  gem 'ruby-saml', '1.15.0'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.673]:001 >>> PWN.help
40
+ pwn[v0.4.676]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.673]:001 >>> PWN.help
55
+ pwn[v0.4.676]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_nmap_discover_tcp_udp CHANGED
@@ -3,6 +3,7 @@
3
3
 
4
4
  require 'optparse'
5
5
  require 'pwn'
6
+ require 'time'
6
7
 
7
8
  opts = {}
8
9
  OptionParser.new do |options|
@@ -10,8 +11,8 @@ OptionParser.new do |options|
10
11
  #{$PROGRAM_NAME} [opts]
11
12
  "
12
13
 
13
- options.on('-IRANGE', '--ip-range=RANGE', '<Required - nmap supported ip range e.g. 192.168.1.1-20, 192.168.1.0/24, etc>') do |i|
14
- opts[:ip_range] = i
14
+ options.on('-tRANGE', '--target-range=RANGE', '<Required - nmap supported host || ip range e.g. foo.bar, 192.168.1.1-20, 192.168.1.0/24, etc>') do |t|
15
+ opts[:target_range] = t
15
16
  end
16
17
 
17
18
  options.on('-eFILE', '--target-exclude-file=FILE', '<Optional - nmap excludes file>') do |e|
@@ -32,7 +33,14 @@ if opts.empty?
32
33
  exit 1
33
34
  end
34
35
 
35
- ip_range = opts[:ip_range]
36
+ ftimestr = '%Y-%m-%d %H:%M:%S.%N%z'
37
+ started_at = Time.now.strftime(ftimestr)
38
+ started_at_parse = Time.parse(started_at)
39
+ banner = '-' * 64
40
+ puts "\n\n\n#{banner}"
41
+ puts "- STARTED: #{started_at} "
42
+
43
+ target_range = opts[:target_range]
36
44
  exclude_file = opts[:exclude_file]
37
45
  exclude_file ||= '/tmp/nmap_targets_exclude.txt'
38
46
  interface = opts[:interface]
@@ -49,28 +57,24 @@ nmap_results_root = File.dirname(exclude_file)
49
57
  FileUtils.mkdir_p nmap_results_root
50
58
  puts "nmap Results Saved in: #{nmap_results_root}"
51
59
 
52
- discovery_ports = {
60
+ discovery_tcp_ports = {
53
61
  ftp: 21,
54
62
  ssh: 22,
55
63
  telnet: 23,
56
64
  smtp: 25,
57
- dns: 53,
58
65
  http: 80,
59
66
  pop3: 110,
60
- rpc: 111,
61
67
  ident: 113,
62
- ntp: 123,
68
+ msrpc: 135,
63
69
  netbios_name_service: 137,
64
70
  netbios_session_service: 139,
65
71
  imap: 143,
66
- snmp: 161,
67
72
  ldap: 389,
68
73
  https: 443,
69
74
  smb: 445,
70
75
  smtps: 465,
71
76
  remote_process: 512,
72
77
  login: 513,
73
- rsh: 514,
74
78
  ldaps: 636,
75
79
  rsync: 873,
76
80
  imaps: 993,
@@ -84,13 +88,12 @@ discovery_ports = {
84
88
  rdp: 3389,
85
89
  meterpreter: 4444,
86
90
  upnp: 5000,
87
- sip: 5060,
88
91
  postgres: 5432,
89
92
  postgres_alt: 5433,
90
93
  amqp: 5672,
91
94
  vnc: 5900,
92
95
  vncs: 5901,
93
- xfree86: 6000,
96
+ x11: 6000,
94
97
  irc: 6667,
95
98
  http_alt: 8080,
96
99
  https_alt: 8443,
@@ -99,10 +102,34 @@ discovery_ports = {
99
102
  http_alt4: 9999
100
103
  }
101
104
 
105
+ discovery_udp_ports = {
106
+ dns: 53,
107
+ dhcp: 67,
108
+ dhcp_client: 68,
109
+ tftp: 69,
110
+ nfs: 111,
111
+ ntp: 123,
112
+ snmp: 161,
113
+ snmp_traps: 162,
114
+ syslog: 514,
115
+ rip: 520,
116
+ iax: 4569,
117
+ sip: 5060,
118
+ mdns: 5353
119
+ }
120
+
121
+ discovery_sctp_ports = {
122
+ sigtran: 2905,
123
+ stl: 5000,
124
+ sap: 5004,
125
+ turn_ip: 5766,
126
+ sicc: 38_412
127
+ }
128
+
102
129
  target_file = "#{nmap_results_root}/nmap_targets.txt"
103
- latest_discovery_results = "#{nmap_results_root}/nmap_latest_discovery_results"
104
- latest_tcp_results = "#{nmap_results_root}/nmap_latest_tcp_results"
105
- latest_udp_results = "#{nmap_results_root}/nmap_latest_udp_results"
130
+ latest_discovery_results = "#{nmap_results_root}/nmap_discovery_results.xml"
131
+ latest_tcp_results = "#{nmap_results_root}/nmap_tcp_results"
132
+ latest_udp_results = "#{nmap_results_root}/nmap_udp_results"
106
133
 
107
134
  begin
108
135
  # Per man nmap:
@@ -124,21 +151,30 @@ begin
124
151
  # Target Discovery Scan
125
152
  # Using -T5 template to reduce number of
126
153
  # retransmission attempts on filtered ports.
154
+ puts "\n\n\n#{banner}"
155
+ puts '- PHASE 1: Target Discovery'
127
156
  PWN::Plugins::NmapIt.port_scan do |nmap|
157
+ if with_tor
158
+ nmap.syn_discovery = discovery_tcp_ports.values
159
+ nmap.ack_discovery = discovery_tcp_ports.values
160
+ else
161
+ nmap.ping = true
162
+ nmap.arp_ping = true
163
+ nmap.icmp_echo_discovery = true
164
+ nmap.icmp_timestamp_discovery = true
165
+ nmap.udp_discovery = discovery_udp_ports.values
166
+ nmap.sctp_init_ping = discovery_sctp_ports.values
167
+ end
168
+ nmap.verbose = true
128
169
  nmap.exclude_file = exclude_file
129
170
  nmap.interface = interface
130
171
  nmap.insane_timing = true
131
- nmap.ping = true
132
- nmap.arp_ping = true
133
- nmap.icmp_echo_discovery = true
134
- nmap.icmp_timestamp_discovery = true
135
- nmap.syn_discovery = discovery_ports.values
136
- nmap.ack_discovery = discovery_ports.values
137
- nmap.udp_discovery = discovery_ports.values
138
- nmap.sctp_init_ping = discovery_ports.values
139
- nmap.output_all = latest_discovery_results
140
- nmap.targets = ip_range
172
+ nmap.output_xml = latest_discovery_results
173
+ nmap.targets = target_range
141
174
  nmap.randomize_hosts = true
175
+ nmap.min_parallelism = 36
176
+ nmap.max_retries = 3
177
+ nmap.max_scan_delay = 3
142
178
  nmap.proxies = proxy if with_tor
143
179
  end
144
180
 
@@ -146,76 +182,134 @@ begin
146
182
  # taking into consideration IPs to skip scans
147
183
  File.open(target_file, 'w') do |f|
148
184
  PWN::Plugins::NmapIt.parse_xml_results(
149
- xml_file: "#{latest_discovery_results}.xml"
185
+ xml_file: latest_discovery_results
150
186
  ) do |xml|
151
187
  xml.each_host do |host|
152
- f.puts host.ip unless File.read(exclude_file).include?(host.ip)
188
+ next if File.read(exclude_file).include?(host.ip) ||
189
+ host.status.state != :up
190
+
191
+ hosts_arr = host.hostnames.map { |h| h[:name] }
192
+ f.print host.ip
193
+ f.puts " # { \"hostnames\": #{hosts_arr}}, \"mac\": \"#{host.mac}\" }"
153
194
  end
154
195
  end
155
196
  end
197
+
198
+ # Produce a good targets.txt redacting duplicates
156
199
  sorted_targets = File.readlines(target_file).sort.join
157
200
  File.write(target_file, sorted_targets)
158
201
 
202
+ phase1_ended_at = Time.now.strftime(ftimestr)
203
+ phase1_ended_at_parse = Time.parse(phase1_ended_at)
204
+ elapsed_in_seconds = (phase1_ended_at_parse - started_at_parse).to_f
205
+ fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
206
+ puts "\n\n\n#{banner}"
207
+ puts "- DISCOVERY COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
208
+
209
+ puts "\n\n\n#{banner}"
210
+ puts '- PHASE 2: TCP Port Scanning'
211
+ phase2_started_at = Time.now.strftime(ftimestr)
212
+ phase2_started_at_parse = Time.parse(phase2_started_at)
213
+
159
214
  # Switch Tor Exit Node if with_tor
160
- PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
215
+ if with_tor
216
+ puts "\n\n\n#{banner}"
217
+ puts '- INFO: Switching to Clean Tor Circuit...'
218
+ PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
219
+ end
161
220
 
162
221
  # TCP Scan
163
222
  # Using -T5 template to reduce number of
164
223
  # retransmission attempts on filtered ports.
165
224
  PWN::Plugins::NmapIt.port_scan do |nmap|
225
+ nmap.verbose = true
166
226
  nmap.target_file = target_file
167
227
  nmap.randomize_hosts = true
168
228
  nmap.show_reason = true
169
229
  nmap.exclude_file = exclude_file
170
230
  nmap.interface = interface
171
- nmap.min_host_group = 3
172
- nmap.host_timeout = '999m'
231
+ nmap.min_host_group = 9
232
+ nmap.host_timeout = '36m'
173
233
  nmap.insane_timing = true
174
234
  nmap.skip_discovery = true
175
235
  nmap.syn_scan = true
176
236
  nmap.default_script = true
177
237
  nmap.update_scriptdb = true
178
- nmap.service_scan = true
179
- nmap.os_fingerprint = true
180
- nmap.verbose = true
181
- nmap.all = true
182
238
  nmap.ports = [1..65_535]
183
239
  nmap.output_all = latest_tcp_results
240
+ nmap.min_parallelism = 36
241
+ nmap.max_retries = 3
242
+ nmap.max_scan_delay = 3
184
243
  nmap.proxies = proxy if with_tor
185
244
  end
186
245
  FileUtils.cp("#{latest_tcp_results}.nmap", "#{latest_tcp_results}.txt")
246
+ phase2_ended_at = Time.now.strftime(ftimestr)
247
+ phase2_ended_at_parse = Time.parse(phase2_ended_at)
248
+ elapsed_in_seconds = (phase2_ended_at_parse - phase2_started_at).to_f
249
+ fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
250
+ puts "\n\n\n#{banner}"
251
+ puts "- TCP SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
252
+
253
+ puts "\n\n\n#{banner}"
254
+ puts '- PHASE 3: UDP Port Scanning'
255
+ phase3_started_at = Time.now.strftime(ftimestr)
256
+ phase3_started_at_parse = Time.parse(phase3_started_at)
187
257
 
188
258
  # Switch Tor Exit Node if with_tor
189
- PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj) if with_tor
259
+ if with_tor
260
+ puts "\n\n\n#{banner}"
261
+ puts '- INFO: Switching to Clean Tor Circuit...'
262
+ PWN::Plugins::Tor.switch_exit_node(tor_obj: tor_obj)
263
+ end
190
264
 
191
265
  # UDP Scan
192
266
  # Using -T5 template to reduce number of
193
267
  # retransmission attempts on filtered ports.
194
268
  PWN::Plugins::NmapIt.port_scan do |nmap|
269
+ unless with_tor
270
+ nmap.default_script = true
271
+ nmap.update_scriptdb = true
272
+ end
273
+ nmap.verbose = true
195
274
  nmap.target_file = target_file
275
+ nmap.fast = true
196
276
  nmap.randomize_hosts = true
197
277
  nmap.show_reason = true
198
278
  nmap.exclude_file = exclude_file
199
279
  nmap.interface = interface
200
- nmap.min_host_group = 3
201
- nmap.host_timeout = '999m'
280
+ nmap.min_host_group = 9
281
+ nmap.host_timeout = '3m'
202
282
  nmap.insane_timing = true
203
283
  nmap.skip_discovery = true
204
284
  nmap.udp_scan = true
205
- nmap.default_script = true
206
- nmap.update_scriptdb = true
207
- nmap.service_scan = true
208
- nmap.os_fingerprint = true
209
- nmap.verbose = true
210
- nmap.all = true
211
285
  nmap.output_all = latest_udp_results
286
+ nmap.min_parallelism = 36
287
+ nmap.max_retries = 0
288
+ nmap.max_scan_delay = 3
289
+ nmap.data_length = Random.rand(1..256)
212
290
  nmap.proxies = proxy if with_tor
213
291
  end
214
292
  FileUtils.cp("#{latest_udp_results}.nmap", "#{latest_udp_results}.txt")
293
+ phase3_ended_at = Time.now.strftime(ftimestr)
294
+ phase3_ended_at_parse = Time.parse(phase3_ended_at)
295
+ elapsed_in_seconds = (phase3_ended_at_parse - phase3_started_at).to_f
296
+ fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
297
+ puts "\n\n\n#{banner}"
298
+ puts "- UDP SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
215
299
  rescue SystemExit, Interrupt
216
300
  puts "\nGoodbye."
217
301
  rescue StandardError => e
218
302
  raise e
219
303
  ensure
220
304
  tor_obj = PWN::Plugins::Tor.stop(tor_obj: tor_obj) if with_tor
305
+ ended_at = Time.now.strftime(ftimestr)
306
+ puts "\n\n\n#{banner}"
307
+ puts "- ENDED: #{ended_at}"
308
+
309
+ ended_at_parse = Time.parse(ended_at)
310
+ elapsed_in_seconds = (ended_at_parse - started_at_parse).to_f
311
+ fmt_elapsed_in_seconds = format('%0.2f', elapsed_in_seconds)
312
+ puts "\n\n\n#{banner}"
313
+ puts "- SCAN COMPLETE! DURATION: #{fmt_elapsed_in_seconds} seconds"
314
+ puts banner
221
315
  end
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.673'
4
+ VERSION = '0.4.676'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.673
4
+ version: 0.4.676
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-04 00:00:00.000000000 Z
11
+ date: 2023-05-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -786,14 +786,14 @@ dependencies:
786
786
  requirements:
787
787
  - - '='
788
788
  - !ruby/object:Gem::Version
789
- version: 2.20.0
789
+ version: 2.21.0
790
790
  type: :runtime
791
791
  prerelease: false
792
792
  version_requirements: !ruby/object:Gem::Requirement
793
793
  requirements:
794
794
  - - '='
795
795
  - !ruby/object:Gem::Version
796
- version: 2.20.0
796
+ version: 2.21.0
797
797
  - !ruby/object:Gem::Dependency
798
798
  name: ruby-audio
799
799
  requirement: !ruby/object:Gem::Requirement