pwn 0.4.701 → 0.4.702
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_burp_suite_pro_active_scan +2 -1
- data/bin/pwn_domain_reversewhois +7 -6
- data/bin/pwn_owasp_zap_active_scan +3 -2
- data/bin/pwn_pastebin_sample_filter +5 -3
- data/bin/pwn_web_cache_deception +10 -7
- data/bin/pwn_www_checkip +5 -4
- data/bin/pwn_www_uri_buster +5 -4
- data/bin/pwn_xss_dom_vectors +11 -8
- data/lib/pwn/plugins/baresip.rb +3 -2
- data/lib/pwn/plugins/beef.rb +5 -2
- data/lib/pwn/plugins/burp_suite.rb +7 -5
- data/lib/pwn/plugins/defect_dojo.rb +5 -3
- data/lib/pwn/plugins/github.rb +2 -1
- data/lib/pwn/plugins/hacker_one.rb +4 -2
- data/lib/pwn/plugins/ibm_appscan.rb +13 -6
- data/lib/pwn/plugins/ip_info.rb +4 -2
- data/lib/pwn/plugins/jira_server.rb +2 -1
- data/lib/pwn/plugins/nessus_cloud.rb +2 -1
- data/lib/pwn/plugins/open_ai.rb +3 -1
- data/lib/pwn/plugins/owasp_zap.rb +2 -1
- data/lib/pwn/plugins/shodan.rb +2 -1
- data/lib/pwn/plugins/transparent_browser.rb +22 -32
- data/lib/pwn/plugins/twitter_api.rb +5 -2
- data/lib/pwn/plugins/vsphere.rb +1 -2
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www/app_cobalt_io.rb +17 -11
- data/lib/pwn/www/bing.rb +7 -4
- data/lib/pwn/www/bug_crowd.rb +17 -11
- data/lib/pwn/www/checkip.rb +5 -3
- data/lib/pwn/www/coinbase_pro.rb +16 -10
- data/lib/pwn/www/duckduckgo.rb +13 -6
- data/lib/pwn/www/facebook.rb +14 -8
- data/lib/pwn/www/google.rb +10 -6
- data/lib/pwn/www/hacker_one.rb +14 -8
- data/lib/pwn/www/linkedin.rb +14 -8
- data/lib/pwn/www/pandora.rb +14 -8
- data/lib/pwn/www/pastebin.rb +7 -3
- data/lib/pwn/www/paypal.rb +34 -26
- data/lib/pwn/www/synack.rb +17 -11
- data/lib/pwn/www/torch.rb +10 -5
- data/lib/pwn/www/trading_view.rb +17 -11
- data/lib/pwn/www/twitter.rb +18 -10
- data/lib/pwn/www/uber.rb +14 -8
- data/lib/pwn/www/upwork.rb +14 -8
- data/lib/pwn/www/youtube.rb +7 -4
- metadata +2 -6
- data/bin/pwn_arachni +0 -157
- data/bin/pwn_arachni_rest +0 -174
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2ed1a0adc6438474f96321a77062d0ae6179b023a399d89455317c968e319411
|
|
4
|
+
data.tar.gz: f6e92b7c81b4a95c1386d28fbfd312251a44c7f1c0d5d87f8c35c6fc71b21131
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8e1febea97aca0637a6ab1151c4308edee84c2e1566ad2d84a5dd0eedfdd35c9f29fe5bb119e90a222f1c2696e42e4f8997e693960359e71cfc32aa9d785a88b
|
|
7
|
+
data.tar.gz: 8a32dc2f9eecf7a052ef52202bab7ab04d88e70d8cce2cd18220c69f211610e8d6aa42c01c40c63123bb783a37144b3d0d0cbb56267ea2df5fdf118b9f466448
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
37
37
|
$ rvm list gemsets
|
|
38
38
|
$ gem install --verbose pwn
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.4.
|
|
40
|
+
pwn[v0.4.702]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.4.
|
|
55
|
+
pwn[v0.4.702]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
|
|
@@ -72,7 +72,8 @@ begin
|
|
|
72
72
|
# support JavaScript, DOM-based XSS vuln attempts are
|
|
73
73
|
# possible as well since we have a DOM to interact w/
|
|
74
74
|
# (Burp's DOM-XSS checks are based on static code analysis)
|
|
75
|
-
|
|
75
|
+
browser_obj = burp_obj[:burp_browser]
|
|
76
|
+
browser = browser_obj[:browser]
|
|
76
77
|
browser.goto(target_url)
|
|
77
78
|
|
|
78
79
|
File.read(navigation_instruct).each_line do |instruction|
|
data/bin/pwn_domain_reversewhois
CHANGED
|
@@ -44,10 +44,11 @@ begin
|
|
|
44
44
|
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :headless)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
|
-
browser_obj
|
|
47
|
+
browser = browser_obj[:browser]
|
|
48
|
+
browser.goto("https://viewdns.info/reversewhois/?q=#{CGI.escape(registrant_filter)}")
|
|
48
49
|
|
|
49
50
|
# Consume Results Table and Convert to CSV :)
|
|
50
|
-
reversewhois_xp_resp = Nokogiri::HTML(
|
|
51
|
+
reversewhois_xp_resp = Nokogiri::HTML(browser.html).xpath('//*[@id="null"]/tbody/tr[3]/td/font/table/tbody/tr')
|
|
51
52
|
CSV.open(output_results, 'w', col_sep: ',', quote_char: "'", force_quotes: true) do |csv|
|
|
52
53
|
reversewhois_xp_resp.each do |row|
|
|
53
54
|
tarray = []
|
|
@@ -59,16 +60,16 @@ begin
|
|
|
59
60
|
end
|
|
60
61
|
|
|
61
62
|
# Ok, now let's append domain bigdata.com
|
|
62
|
-
|
|
63
|
+
browser.goto('https://domainbigdata.com')
|
|
63
64
|
|
|
64
65
|
# Type Registrant Filter in Char-by-Char to Ensure Everyone is Happy ;)
|
|
65
66
|
PWN::Plugins::TransparentBrowser.type_as_human(string: registrant_filter) do |char|
|
|
66
|
-
|
|
67
|
+
browser.text_field(id: 'txtSearchTopPage').wait_until(&:present?).send_keys(char)
|
|
67
68
|
end
|
|
68
|
-
|
|
69
|
+
browser.button(id: 'btnTopSearch').wait_until(&:present?).click
|
|
69
70
|
|
|
70
71
|
# Consume Results Table and Convert to CSV :)
|
|
71
|
-
reversewhois_xp_resp = Nokogiri::HTML(
|
|
72
|
+
reversewhois_xp_resp = Nokogiri::HTML(browser.html).xpath('//*[@id="domain-same-ip"]/div/div/table/tbody/tr')
|
|
72
73
|
CSV.open(output_results, 'a', col_sep: ',', quote_char: "'", force_quotes: true) do |csv|
|
|
73
74
|
reversewhois_xp_resp.each do |row|
|
|
74
75
|
tarray = []
|
|
@@ -77,10 +77,11 @@ begin
|
|
|
77
77
|
|
|
78
78
|
logger.info(zap_obj)
|
|
79
79
|
|
|
80
|
-
|
|
80
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(
|
|
81
81
|
browser_type: browser_type,
|
|
82
82
|
proxy: proxy
|
|
83
83
|
)
|
|
84
|
+
browser = browser_obj[:browser]
|
|
84
85
|
|
|
85
86
|
if browser_type == :rest
|
|
86
87
|
browser.get(target_url)
|
|
@@ -129,5 +130,5 @@ rescue StandardError => e
|
|
|
129
130
|
raise e
|
|
130
131
|
ensure
|
|
131
132
|
PWN::Plugins::OwaspZap.stop(zap_obj: zap_obj) unless zap_obj.nil?
|
|
132
|
-
|
|
133
|
+
browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj) unless browser_obj.nil?
|
|
133
134
|
end
|
|
@@ -32,12 +32,14 @@ browser_obj = PWN::WWW::Pastebin.open(
|
|
|
32
32
|
proxy: proxy
|
|
33
33
|
)
|
|
34
34
|
|
|
35
|
+
browser = browser_obj[:browser]
|
|
36
|
+
|
|
35
37
|
begin
|
|
36
38
|
loop do
|
|
37
|
-
|
|
38
|
-
code_frame =
|
|
39
|
+
browser.div(id: 'menu_2').links[0].click
|
|
40
|
+
code_frame = browser.div(id: 'code_frame').text
|
|
39
41
|
if code_frame.match?(/#{regex}/mi)
|
|
40
|
-
puts "\nCurrent Link: #{
|
|
42
|
+
puts "\nCurrent Link: #{browser.url}"
|
|
41
43
|
puts "#{code_frame}\n\n\n"
|
|
42
44
|
else
|
|
43
45
|
print '.'
|
data/bin/pwn_web_cache_deception
CHANGED
|
@@ -92,8 +92,9 @@ begin
|
|
|
92
92
|
payload = opts[:payload].to_s.scrub.chomp.strip
|
|
93
93
|
|
|
94
94
|
# Browse to original page to compare response lengths
|
|
95
|
-
browser_obj
|
|
96
|
-
|
|
95
|
+
browser = browser_obj[:browser]
|
|
96
|
+
browser.goto(target_url)
|
|
97
|
+
orig_url_response_length = browser.html.length
|
|
97
98
|
|
|
98
99
|
http_result = ''
|
|
99
100
|
if target_url.include?('?')
|
|
@@ -102,8 +103,8 @@ begin
|
|
|
102
103
|
injected_target_url.path = "#{injected_target_url.path.to_s.chomp('/')}/wcd.#{payload}"
|
|
103
104
|
web_cache_deception_url = injected_target_url.to_s
|
|
104
105
|
|
|
105
|
-
|
|
106
|
-
injected_url_response_length =
|
|
106
|
+
browser.goto(injected_target_url.to_s)
|
|
107
|
+
injected_url_response_length = browser.html.length
|
|
107
108
|
|
|
108
109
|
if injected_url_response_length == orig_url_response_length
|
|
109
110
|
# TODO: Add incognito Chrome browser
|
|
@@ -115,8 +116,8 @@ begin
|
|
|
115
116
|
end
|
|
116
117
|
else
|
|
117
118
|
web_cache_deception_url = "#{target_url.chomp('/')}/wcd.#{payload}"
|
|
118
|
-
|
|
119
|
-
wcd_url_response_length =
|
|
119
|
+
browser.goto(web_cache_deception_url)
|
|
120
|
+
wcd_url_response_length = browser.html.length
|
|
120
121
|
|
|
121
122
|
if orig_url_response_length == wcd_url_response_length
|
|
122
123
|
# TODO: Add incognito Chrome browser
|
|
@@ -176,8 +177,10 @@ begin
|
|
|
176
177
|
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :chrome)
|
|
177
178
|
end
|
|
178
179
|
|
|
180
|
+
browser = browser_obj[:browser]
|
|
181
|
+
|
|
179
182
|
puts "#{@green}Navigating to Target URL: #{target_url}#{@end_of_color}\n\n\n"
|
|
180
|
-
|
|
183
|
+
browser.goto(target_url)
|
|
181
184
|
|
|
182
185
|
web_cache_deception_payload_arr = %w[
|
|
183
186
|
aif aiff au avi bin bmp cab carb cct cdf class css doc dcr dtd gcf gff gif grv hdml hqx ico ini jpeg jpg js mov mp3 mp4 nc pct ppc pws swa swf txt vbs w32 wav wbmp wml wmlc wmls wmlsc xsd zip
|
data/bin/pwn_www_checkip
CHANGED
|
@@ -27,19 +27,20 @@ begin
|
|
|
27
27
|
browser_obj = PWN::Plugins::TransparentBrowser.open(
|
|
28
28
|
browser_type: :rest,
|
|
29
29
|
proxy: proxy
|
|
30
|
-
)
|
|
30
|
+
)
|
|
31
31
|
else
|
|
32
|
-
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
32
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
33
33
|
end
|
|
34
|
+
browser = browser_obj[:browser]::Request
|
|
34
35
|
|
|
35
36
|
if proxy
|
|
36
|
-
public_ip_address =
|
|
37
|
+
public_ip_address = browser.execute(
|
|
37
38
|
method: :get,
|
|
38
39
|
url: 'https://checkip.amazonaws.com',
|
|
39
40
|
verify_ssl: false
|
|
40
41
|
).to_s.chomp
|
|
41
42
|
else
|
|
42
|
-
public_ip_address =
|
|
43
|
+
public_ip_address = browser.execute(
|
|
43
44
|
method: :get,
|
|
44
45
|
url: 'https://checkip.amazonaws.com'
|
|
45
46
|
).to_s.chomp
|
data/bin/pwn_www_uri_buster
CHANGED
|
@@ -67,15 +67,16 @@ def request_path(opts = {})
|
|
|
67
67
|
print '.'
|
|
68
68
|
http_uri = "#{target_url}/#{wordlist_line}"
|
|
69
69
|
if proxy
|
|
70
|
-
|
|
70
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(
|
|
71
71
|
browser_type: :rest,
|
|
72
72
|
proxy: proxy
|
|
73
|
-
)
|
|
73
|
+
)
|
|
74
74
|
else
|
|
75
|
-
|
|
75
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(
|
|
76
76
|
browser_type: :rest
|
|
77
|
-
)
|
|
77
|
+
)
|
|
78
78
|
end
|
|
79
|
+
rest_client = browser_obj[:browser]::Request
|
|
79
80
|
|
|
80
81
|
headers = nil
|
|
81
82
|
if http_request_headers
|
data/bin/pwn_xss_dom_vectors
CHANGED
|
@@ -73,9 +73,10 @@ begin
|
|
|
73
73
|
target_page = opts[:url].to_s.scrub.chomp.strip
|
|
74
74
|
output_dir = opts[:output_dir].to_s.scrub.chomp.strip
|
|
75
75
|
|
|
76
|
+
browser = browser_obj[:browser]
|
|
76
77
|
puts "#{@green}Navigating to Page #{target_page}#{@end_of_color}"
|
|
77
|
-
|
|
78
|
-
|
|
78
|
+
browser.goto(target_page)
|
|
79
|
+
browser.scripts.each do |script|
|
|
79
80
|
if script.src == ''
|
|
80
81
|
# Save a copy of the outer_html
|
|
81
82
|
puts "#{@yellow}Saving OuterHTML of Native '<script>' Element#{@end_of_color}"
|
|
@@ -87,15 +88,15 @@ begin
|
|
|
87
88
|
else
|
|
88
89
|
# Save a copy of the script
|
|
89
90
|
puts "#{@yellow}Navigating to #{script.src}#{@end_of_color}"
|
|
90
|
-
|
|
91
|
-
sha256_hexdigest = OpenSSL::Digest::SHA256.hexdigest(
|
|
92
|
-
uri = URI.parse(
|
|
91
|
+
browser.goto(script.src)
|
|
92
|
+
sha256_hexdigest = OpenSSL::Digest::SHA256.hexdigest(browser.text)
|
|
93
|
+
uri = URI.parse(browser.url)
|
|
93
94
|
script_filename = File.basename(uri.path)
|
|
94
95
|
script_results = "#{output_dir}/#{File.basename(script_filename, '.*')}-#{sha256_hexdigest}#{File.extname(script_filename)}".to_s.scrub.chomp.strip
|
|
95
96
|
File.open(script_results, 'w') do |f|
|
|
96
|
-
f.puts
|
|
97
|
+
f.puts browser.text
|
|
97
98
|
end
|
|
98
|
-
|
|
99
|
+
browser.back
|
|
99
100
|
end
|
|
100
101
|
puts "#{@green}Saved #{script_results}#{@end_of_color}\n\n\n"
|
|
101
102
|
end
|
|
@@ -112,8 +113,10 @@ begin
|
|
|
112
113
|
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: browser_type)
|
|
113
114
|
end
|
|
114
115
|
|
|
116
|
+
browser = browser_obj[:browser]
|
|
117
|
+
|
|
115
118
|
puts "#{@green}Navigating to Target FQDN: #{target_fqdn}#{@end_of_color}\n\n\n"
|
|
116
|
-
|
|
119
|
+
browser.goto(target_fqdn)
|
|
117
120
|
|
|
118
121
|
if spider
|
|
119
122
|
if File.exist?(spider_results)
|
data/lib/pwn/plugins/baresip.rb
CHANGED
|
@@ -25,9 +25,10 @@ module PWN
|
|
|
25
25
|
begin
|
|
26
26
|
conn_attempt += 1
|
|
27
27
|
|
|
28
|
-
|
|
28
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(
|
|
29
29
|
browser_type: :rest
|
|
30
|
-
)
|
|
30
|
+
)
|
|
31
|
+
rest_client = browser_obj[:browser]::Request
|
|
31
32
|
|
|
32
33
|
response = rest_client.execute(
|
|
33
34
|
method: :get,
|
data/lib/pwn/plugins/beef.rb
CHANGED
|
@@ -39,7 +39,9 @@ module PWN
|
|
|
39
39
|
auth_payload[:password] = password
|
|
40
40
|
|
|
41
41
|
@@logger.info("Logging into BeEF REST API: #{beef_ip}")
|
|
42
|
-
|
|
42
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
43
|
+
rest_client = browser_obj[:browser]::Request
|
|
44
|
+
|
|
43
45
|
response = rest_client.execute(
|
|
44
46
|
method: :post,
|
|
45
47
|
url: "#{base_beef_api_uri}/admin/login",
|
|
@@ -85,7 +87,8 @@ module PWN
|
|
|
85
87
|
base_beef_api_uri = "http://#{beef_ip}:#{beef_port}/api".to_s.scrub
|
|
86
88
|
api_token = beef_obj[:api_token]
|
|
87
89
|
|
|
88
|
-
|
|
90
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
91
|
+
rest_client = browser_obj[:browser]::Request
|
|
89
92
|
|
|
90
93
|
case http_method
|
|
91
94
|
when :get
|
|
@@ -37,7 +37,9 @@ module PWN
|
|
|
37
37
|
# Construct burp_obj
|
|
38
38
|
burp_obj = {}
|
|
39
39
|
burp_obj[:pid] = Process.spawn(burp_cmd_string)
|
|
40
|
-
|
|
40
|
+
browser_obj1 = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
41
|
+
rest_browser = browser_obj1[:browser]
|
|
42
|
+
|
|
41
43
|
# random_mitm_port = PWN::Plugins::Sock.get_random_unused_port
|
|
42
44
|
# random_bb_port = random_mitm_port
|
|
43
45
|
# random_bb_port = PWN::Plugins::Sock.get_random_unused_port while random_bb_port == random_mitm_port
|
|
@@ -46,12 +48,12 @@ module PWN
|
|
|
46
48
|
burp_obj[:rest_browser] = rest_browser
|
|
47
49
|
|
|
48
50
|
# Proxy always listens on localhost...use SSH tunneling if remote access is required
|
|
49
|
-
|
|
51
|
+
browser_obj2 = PWN::Plugins::TransparentBrowser.open(
|
|
50
52
|
browser_type: browser_type,
|
|
51
53
|
proxy: "http://#{burp_obj[:mitm_proxy]}"
|
|
52
54
|
)
|
|
53
55
|
|
|
54
|
-
burp_obj[:burp_browser] =
|
|
56
|
+
burp_obj[:burp_browser] = browser_obj2
|
|
55
57
|
|
|
56
58
|
# Wait for TCP 8001 to open prior to returning burp_obj
|
|
57
59
|
loop do
|
|
@@ -278,10 +280,10 @@ module PWN
|
|
|
278
280
|
|
|
279
281
|
public_class_method def self.stop(opts = {})
|
|
280
282
|
burp_obj = opts[:burp_obj]
|
|
281
|
-
|
|
283
|
+
browser_obj = burp_obj[:burp_browser]
|
|
282
284
|
burp_pid = burp_obj[:pid]
|
|
283
285
|
|
|
284
|
-
|
|
286
|
+
browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
|
|
285
287
|
Process.kill('TERM', burp_pid)
|
|
286
288
|
|
|
287
289
|
burp_obj = nil
|
|
@@ -67,15 +67,17 @@ module PWN
|
|
|
67
67
|
api_version = dd_obj[:api_version]
|
|
68
68
|
base_dd_api_uri = "#{url}/api/#{api_version}".to_s.scrub
|
|
69
69
|
|
|
70
|
-
|
|
70
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
71
71
|
|
|
72
72
|
if dd_obj[:proxy]
|
|
73
|
-
|
|
73
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(
|
|
74
74
|
browser_type: :rest,
|
|
75
75
|
proxy: dd_obj[:proxy]
|
|
76
|
-
)
|
|
76
|
+
)
|
|
77
77
|
end
|
|
78
78
|
|
|
79
|
+
rest_client = browser_obj[:browser]::Request
|
|
80
|
+
|
|
79
81
|
case http_method
|
|
80
82
|
when :get
|
|
81
83
|
response = rest_client.execute(
|
data/lib/pwn/plugins/github.rb
CHANGED
|
@@ -28,7 +28,8 @@ module PWN
|
|
|
28
28
|
http_body = opts[:http_body].to_s.scrub
|
|
29
29
|
base_gist_api_uri = 'https://api.github.com'
|
|
30
30
|
|
|
31
|
-
|
|
31
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
32
|
+
rest_client = browser_obj[:browser]::Request
|
|
32
33
|
|
|
33
34
|
case http_method
|
|
34
35
|
when :get
|
|
@@ -35,7 +35,8 @@ module PWN
|
|
|
35
35
|
basic_auth_header = "Basic #{base64_encoded_auth}"
|
|
36
36
|
|
|
37
37
|
@@logger.info("Logging into HackerOne REST API: #{base_h1_api_uri}")
|
|
38
|
-
|
|
38
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
39
|
+
rest_client = browser_obj[:browser]::Request
|
|
39
40
|
response = rest_client.execute(
|
|
40
41
|
method: :get,
|
|
41
42
|
url: base_h1_api_uri,
|
|
@@ -80,7 +81,8 @@ module PWN
|
|
|
80
81
|
base_h1_api_uri = 'https://api.hackerone.com/v1/'.to_s.scrub
|
|
81
82
|
api_token = h1_obj[:api_token]
|
|
82
83
|
|
|
83
|
-
|
|
84
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)::Request
|
|
85
|
+
rest_client = browser_obj[:browser]::Request
|
|
84
86
|
|
|
85
87
|
case http_method
|
|
86
88
|
when :get
|
|
@@ -33,7 +33,9 @@ module PWN
|
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
@@logger.info("Logging into IBM Appscan Enterprise Server: #{appscan_ip}")
|
|
36
|
-
|
|
36
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
37
|
+
rest_client = browser_obj[:browser]::Request
|
|
38
|
+
|
|
37
39
|
response = rest_client.execute(
|
|
38
40
|
method: :post,
|
|
39
41
|
url: "#{base_appscan_api_uri}/login",
|
|
@@ -91,7 +93,8 @@ module PWN
|
|
|
91
93
|
base_appscan_api_uri = "https://#{appscan_ip}/ase/services".to_s.scrub
|
|
92
94
|
retry_count = 3
|
|
93
95
|
|
|
94
|
-
|
|
96
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
97
|
+
rest_client = browser_obj[:browser]::Request
|
|
95
98
|
|
|
96
99
|
case http_method
|
|
97
100
|
when :get
|
|
@@ -694,7 +697,9 @@ module PWN
|
|
|
694
697
|
|
|
695
698
|
# First Get request
|
|
696
699
|
uri = URI.parse(report_link)
|
|
697
|
-
|
|
700
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
701
|
+
rb = browser_obj[:browser]
|
|
702
|
+
|
|
698
703
|
res = rb.get(report_link, 'Cookie' => appscan_obj[:cookie], :verify_ssl => OpenSSL::SSL::VERIFY_NONE)
|
|
699
704
|
location = "https://#{uri.host}#{res.headers['location']}"
|
|
700
705
|
|
|
@@ -736,9 +741,11 @@ module PWN
|
|
|
736
741
|
# verify the output path actually exists
|
|
737
742
|
return @@logger.error("Output directory does not exist: #{output_path}") unless File.directory?(output_path)
|
|
738
743
|
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
744
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(
|
|
745
|
+
browser_type: :headless,
|
|
746
|
+
proxy: 'http://127.0.0.1:8080'
|
|
747
|
+
)
|
|
748
|
+
h_browser = browser_obj[:browser]
|
|
742
749
|
|
|
743
750
|
# log into the system
|
|
744
751
|
h_browser.goto login_uri.to_s.to_s.scrub
|
data/lib/pwn/plugins/ip_info.rb
CHANGED
|
@@ -20,10 +20,12 @@ module PWN
|
|
|
20
20
|
|
|
21
21
|
if IPAddress.valid?(ip)
|
|
22
22
|
if proxy
|
|
23
|
-
|
|
23
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest, proxy: proxy)
|
|
24
24
|
else
|
|
25
|
-
|
|
25
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
26
26
|
end
|
|
27
|
+
rest_client = browser_obj[:browser]
|
|
28
|
+
|
|
27
29
|
ip_resp_str = rest_client.get("http://ip-api.com/json/#{ip}?fields=country,countryCode,region,regionName,city,zip,lat,lon,timezone,isp,org,as,reverse,mobile,proxy,query,status,message")
|
|
28
30
|
ip_resp_json = JSON.parse(
|
|
29
31
|
ip_resp_str,
|
|
@@ -36,7 +36,8 @@ module PWN
|
|
|
36
36
|
|
|
37
37
|
token = opts[:token]
|
|
38
38
|
|
|
39
|
-
|
|
39
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
40
|
+
rest_client = browser_obj[:browser]::Request
|
|
40
41
|
|
|
41
42
|
spinner = TTY::Spinner.new
|
|
42
43
|
spinner.auto_spin
|
|
@@ -30,7 +30,8 @@ module PWN
|
|
|
30
30
|
secret_key = nessus_obj[:secret_key]
|
|
31
31
|
base_nessus_cloud_api_uri = 'https://cloud.tenable.com'
|
|
32
32
|
|
|
33
|
-
|
|
33
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
34
|
+
rest_client = browser_obj[:browser]::Request
|
|
34
35
|
|
|
35
36
|
case http_method
|
|
36
37
|
when :get
|
data/lib/pwn/plugins/open_ai.rb
CHANGED
|
@@ -35,7 +35,9 @@ module PWN
|
|
|
35
35
|
|
|
36
36
|
content_type = 'application/json; charset=UTF-8'
|
|
37
37
|
|
|
38
|
-
|
|
38
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
39
|
+
rest_client = browser_obj[:browser]::Request
|
|
40
|
+
|
|
39
41
|
spinner = TTY::Spinner.new
|
|
40
42
|
spinner.auto_spin
|
|
41
43
|
|
|
@@ -34,7 +34,8 @@ module PWN
|
|
|
34
34
|
port = zap_obj[:port]
|
|
35
35
|
base_zap_api_uri = "http://#{host}:#{port}"
|
|
36
36
|
|
|
37
|
-
|
|
37
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
38
|
+
rest_client = browser_obj[:browser]::Request
|
|
38
39
|
|
|
39
40
|
case http_method
|
|
40
41
|
when :get
|
data/lib/pwn/plugins/shodan.rb
CHANGED
|
@@ -33,7 +33,8 @@ module PWN
|
|
|
33
33
|
base_shodan_api_uri = 'https://api.shodan.io'
|
|
34
34
|
api_key = opts[:api_key]
|
|
35
35
|
|
|
36
|
-
|
|
36
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
37
|
+
rest_client = browser_obj[:browser]::Request
|
|
37
38
|
|
|
38
39
|
case http_method
|
|
39
40
|
when :get
|
|
@@ -9,20 +9,9 @@ require 'openssl'
|
|
|
9
9
|
require 'em/pure_ruby'
|
|
10
10
|
require 'faye/websocket'
|
|
11
11
|
|
|
12
|
-
# Monkey Patch Watir
|
|
13
|
-
module Watir
|
|
14
|
-
# Browser Class to allow tor_obj from PWN::Plugins::Tor.start
|
|
15
|
-
# to populate attr_accessor :tor_obj
|
|
16
|
-
# This was done this way soley to maintain backwards compatibility
|
|
17
|
-
# with how browser_obj is returned.
|
|
18
|
-
class Browser
|
|
19
|
-
attr_accessor :tor_obj
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
|
|
23
12
|
module PWN
|
|
24
13
|
module Plugins
|
|
25
|
-
# This plugin rocks. Chrome, Firefox,
|
|
14
|
+
# This plugin rocks. Chrome, Firefox, headless, REST Client,
|
|
26
15
|
# all from the comfort of one plugin. Proxy support (e.g. Burp
|
|
27
16
|
# Suite Professional) is completely available for all browsers
|
|
28
17
|
# except for limited functionality within IE (IE has interesting
|
|
@@ -39,14 +28,16 @@ module PWN
|
|
|
39
28
|
# )
|
|
40
29
|
|
|
41
30
|
public_class_method def self.open(opts = {})
|
|
42
|
-
this_browser = nil
|
|
43
31
|
browser_type = opts[:browser_type]
|
|
44
32
|
proxy = opts[:proxy].to_s unless opts[:proxy].nil?
|
|
45
33
|
|
|
34
|
+
browser_obj = {}
|
|
35
|
+
|
|
46
36
|
tor_obj = nil
|
|
47
37
|
if opts[:proxy] == 'tor'
|
|
48
38
|
tor_obj = PWN::Plugins::Tor.start
|
|
49
39
|
proxy = "socks5://#{tor_obj[:ip]}:#{tor_obj[:port]}"
|
|
40
|
+
browser_obj[:tor_obj] = tor_obj
|
|
50
41
|
end
|
|
51
42
|
|
|
52
43
|
opts[:with_devtools] ? (with_devtools = true) : (with_devtools = false)
|
|
@@ -114,7 +105,7 @@ module PWN
|
|
|
114
105
|
options.profile = this_profile
|
|
115
106
|
# driver = Selenium::WebDriver.for(:firefox, capabilities: options)
|
|
116
107
|
driver = Selenium::WebDriver.for(:firefox, options: options)
|
|
117
|
-
|
|
108
|
+
browser_obj[:browser] = Watir::Browser.new(driver)
|
|
118
109
|
|
|
119
110
|
when :chrome
|
|
120
111
|
this_profile = Selenium::WebDriver::Chrome::Profile.new
|
|
@@ -143,7 +134,7 @@ module PWN
|
|
|
143
134
|
options.profile = this_profile
|
|
144
135
|
# driver = Selenium::WebDriver.for(:chrome, capabilities: options)
|
|
145
136
|
driver = Selenium::WebDriver.for(:chrome, options: options)
|
|
146
|
-
|
|
137
|
+
browser_obj[:browser] = Watir::Browser.new(driver)
|
|
147
138
|
|
|
148
139
|
when :headless, :headless_firefox
|
|
149
140
|
this_profile = Selenium::WebDriver::Firefox::Profile.new
|
|
@@ -200,7 +191,7 @@ module PWN
|
|
|
200
191
|
options = Selenium::WebDriver::Firefox::Options.new(args: ['-headless'], accept_insecure_certs: true)
|
|
201
192
|
options.profile = this_profile
|
|
202
193
|
driver = Selenium::WebDriver.for(:firefox, options: options)
|
|
203
|
-
|
|
194
|
+
browser_obj[:browser] = Watir::Browser.new(driver)
|
|
204
195
|
|
|
205
196
|
when :headless_chrome
|
|
206
197
|
this_profile = Selenium::WebDriver::Chrome::Profile.new
|
|
@@ -224,16 +215,16 @@ module PWN
|
|
|
224
215
|
|
|
225
216
|
options.profile = this_profile
|
|
226
217
|
driver = Selenium::WebDriver.for(:chrome, options: options)
|
|
227
|
-
|
|
218
|
+
browser_obj[:browser] = Watir::Browser.new(driver)
|
|
228
219
|
|
|
229
220
|
when :rest
|
|
230
|
-
|
|
221
|
+
browser_obj[:browser] = RestClient
|
|
231
222
|
if proxy
|
|
232
223
|
if tor_obj
|
|
233
224
|
TCPSocket.socks_server = tor_obj[:ip]
|
|
234
225
|
TCPSocket.socks_port = tor_obj[:port]
|
|
235
226
|
else
|
|
236
|
-
|
|
227
|
+
browser_obj[:browser].proxy = proxy
|
|
237
228
|
end
|
|
238
229
|
end
|
|
239
230
|
|
|
@@ -245,7 +236,7 @@ module PWN
|
|
|
245
236
|
end
|
|
246
237
|
proxy_opts = { origin: proxy }
|
|
247
238
|
tls_opts = { verify_peer: false }
|
|
248
|
-
|
|
239
|
+
browser_obj[:browser] = Faye::WebSocket::Client.new(
|
|
249
240
|
'',
|
|
250
241
|
[],
|
|
251
242
|
{
|
|
@@ -254,15 +245,14 @@ module PWN
|
|
|
254
245
|
}
|
|
255
246
|
)
|
|
256
247
|
else
|
|
257
|
-
|
|
248
|
+
browser_obj[:browser] = Faye::WebSocket::Client.new('')
|
|
258
249
|
end
|
|
259
250
|
else
|
|
260
251
|
puts 'Error: browser_type only supports :firefox, :chrome, :headless, :rest, or :websocket'
|
|
261
252
|
return nil
|
|
262
253
|
end
|
|
263
254
|
|
|
264
|
-
|
|
265
|
-
this_browser
|
|
255
|
+
browser_obj
|
|
266
256
|
rescue StandardError => e
|
|
267
257
|
raise e
|
|
268
258
|
end
|
|
@@ -273,13 +263,13 @@ module PWN
|
|
|
273
263
|
# )
|
|
274
264
|
|
|
275
265
|
public_class_method def self.linkout(opts = {})
|
|
276
|
-
|
|
266
|
+
browser_obj = opts[:browser_obj]
|
|
277
267
|
|
|
278
|
-
|
|
268
|
+
browser_obj[:browser].links.each do |link|
|
|
279
269
|
@@logger.info("#{link.text} => #{link.href}\n\n\n") unless link.text == ''
|
|
280
270
|
end
|
|
281
271
|
|
|
282
|
-
|
|
272
|
+
browser_obj
|
|
283
273
|
rescue StandardError => e
|
|
284
274
|
raise e
|
|
285
275
|
end
|
|
@@ -313,16 +303,16 @@ module PWN
|
|
|
313
303
|
# )
|
|
314
304
|
|
|
315
305
|
public_class_method def self.close(opts = {})
|
|
316
|
-
|
|
306
|
+
browser_obj = opts[:browser_obj]
|
|
317
307
|
|
|
318
|
-
|
|
319
|
-
tor_obj =
|
|
320
|
-
PWN::Plugins::Tor.stop(tor_obj: tor_obj)
|
|
308
|
+
unless browser_obj[:tor_obj].nil?
|
|
309
|
+
tor_obj = browser_obj[:tor_obj]
|
|
310
|
+
PWN::Plugins::Tor.stop(tor_obj: browser_obj[:tor_obj])
|
|
321
311
|
end
|
|
322
312
|
|
|
323
|
-
unless
|
|
313
|
+
unless browser_obj[:browser].to_s.include?('RestClient')
|
|
324
314
|
# Close the browser unless this_browser_obj.nil? (thus the &)
|
|
325
|
-
this_browser_obj&.close
|
|
315
|
+
this_browser_obj[:browser]&.close
|
|
326
316
|
end
|
|
327
317
|
nil
|
|
328
318
|
rescue StandardError => e
|