pwn 0.4.697 → 0.4.698

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2572514219bb53ad28d5bdb441d795b192a4f18b8bcf371652ef8661be793d06
-  data.tar.gz: 6afc53d56f23965bebfed008a7e7819457e6fc0face0daa5c4dd21110e1d7c9a
+  metadata.gz: 1876724f8a6e17d3f41247dc8bc4daea0f8fadaf433a99883ed67b016c45205d
+  data.tar.gz: f5f93dd5ed24f7d8e3d880bcd05d183d3105c10f3515302cf88a8db256e5fdf1
 SHA512:
-  metadata.gz: 986d271d939c0652a3c8c8ba943a51c56884e95102faad3ee36393f0e3c275af78c3edcdb8cde327424ab487dcc60fd87522010e6e2f587132d88fbd384fc573
-  data.tar.gz: 5158e21c12952017324123711dfb88776bc802c10a6cc5519cf10bff9607a8147bf452cae98f9769971c6f7e77510899d37376aba95bbf8d19b1fcf23089488a
+  metadata.gz: f8703953cf8b45c61a0de488246dd9ee19d213d3c7577e43f756d26283f49842fc45371aeddcc00e734f730f9b89146a8df3363f47e9c9476de1c77f53078383
+  data.tar.gz: 5403587ece0718fa16fb20a053c37b12a32470cca9c97b0dade132d1ad321a4326253e7826458fbbc9fd50933e7f4fc4def891f8856b38658cf18d0e32297fce

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.697]:001 >>> PWN.help
+pwn[v0.4.698]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.697]:001 >>> PWN.help
+pwn[v0.4.698]:001 >>> PWN.help
 ```
 
 

data/lib/pwn/plugins/tor.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'netaddr'
 require 'pty'
 
 module PWN
@@ -77,6 +78,7 @@ module PWN
       #   ip: 'optional - IP address to listen (default: 127.0.0.1)',
       #   port: 'optional - socks port to listen (default: 1024-65535)',
       #   ctrl_port: 'optional - tor control port to listen (default: 1024-65535)',
+      #   net: 'optional - CIDR notation to accept connections (default: 127.0.0.0.1/32)',
       #   data_dir: 'optional - directory to keep tor session data (default: /tmp/tor_pwn-TIMESTAMP)'
       # )
 
@@ -92,6 +94,11 @@ module PWN
             break if ctrl_port != port
           end
         end
+
+        net = opts[:net]
+        net ||= "#{ip}/32"
+        acl_net = NetAddr.parse_net(net)
+
         timestamp = Time.now.strftime('%Y-%m-%d_%H-%M-%S.%N%z')
         data_dir = opts[:data_dir]
         data_dir ||= "/tmp/tor_pwn-#{timestamp}"
@@ -115,7 +122,11 @@ module PWN
             'ControlPort',
             ctrl_port.to_s,
             'CookieAuthentication',
-            '1'
+            '1',
+            'SocksPolicy',
+            "accept #{acl_net}",
+            'SocksPolicy',
+            'reject *'
           ) do |stdout, _stdin, pid|
             File.write(pid_file, pid)
             stdout.each do |line|
@@ -201,6 +212,7 @@ module PWN
             ip: 'optional - IP address to listen (default: 127.0.0.1)',
             port: 'optional - socks port to listen (default: 9050)',
             ctrl_port: 'optional - tor control port to listen (default: 9051)',
+            net: 'optional - CIDR notation to accept connections (default: 127.0.0.1/32)',
             data_dir: 'optional - directory to keep tor session data (default: /tmp/tor_pwn-TIMESTAMP)'
           )
 

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.697'
+  VERSION = '0.4.698'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.697
+  version: 0.4.698
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-15 00:00:00.000000000 Z
+date: 2023-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport