pwn 0.4.701 → 0.4.702
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_burp_suite_pro_active_scan +2 -1
- data/bin/pwn_domain_reversewhois +7 -6
- data/bin/pwn_owasp_zap_active_scan +3 -2
- data/bin/pwn_pastebin_sample_filter +5 -3
- data/bin/pwn_web_cache_deception +10 -7
- data/bin/pwn_www_checkip +5 -4
- data/bin/pwn_www_uri_buster +5 -4
- data/bin/pwn_xss_dom_vectors +11 -8
- data/lib/pwn/plugins/baresip.rb +3 -2
- data/lib/pwn/plugins/beef.rb +5 -2
- data/lib/pwn/plugins/burp_suite.rb +7 -5
- data/lib/pwn/plugins/defect_dojo.rb +5 -3
- data/lib/pwn/plugins/github.rb +2 -1
- data/lib/pwn/plugins/hacker_one.rb +4 -2
- data/lib/pwn/plugins/ibm_appscan.rb +13 -6
- data/lib/pwn/plugins/ip_info.rb +4 -2
- data/lib/pwn/plugins/jira_server.rb +2 -1
- data/lib/pwn/plugins/nessus_cloud.rb +2 -1
- data/lib/pwn/plugins/open_ai.rb +3 -1
- data/lib/pwn/plugins/owasp_zap.rb +2 -1
- data/lib/pwn/plugins/shodan.rb +2 -1
- data/lib/pwn/plugins/transparent_browser.rb +22 -32
- data/lib/pwn/plugins/twitter_api.rb +5 -2
- data/lib/pwn/plugins/vsphere.rb +1 -2
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www/app_cobalt_io.rb +17 -11
- data/lib/pwn/www/bing.rb +7 -4
- data/lib/pwn/www/bug_crowd.rb +17 -11
- data/lib/pwn/www/checkip.rb +5 -3
- data/lib/pwn/www/coinbase_pro.rb +16 -10
- data/lib/pwn/www/duckduckgo.rb +13 -6
- data/lib/pwn/www/facebook.rb +14 -8
- data/lib/pwn/www/google.rb +10 -6
- data/lib/pwn/www/hacker_one.rb +14 -8
- data/lib/pwn/www/linkedin.rb +14 -8
- data/lib/pwn/www/pandora.rb +14 -8
- data/lib/pwn/www/pastebin.rb +7 -3
- data/lib/pwn/www/paypal.rb +34 -26
- data/lib/pwn/www/synack.rb +17 -11
- data/lib/pwn/www/torch.rb +10 -5
- data/lib/pwn/www/trading_view.rb +17 -11
- data/lib/pwn/www/twitter.rb +18 -10
- data/lib/pwn/www/uber.rb +14 -8
- data/lib/pwn/www/upwork.rb +14 -8
- data/lib/pwn/www/youtube.rb +7 -4
- metadata +2 -6
- data/bin/pwn_arachni +0 -157
- data/bin/pwn_arachni_rest +0 -174
data/bin/pwn_arachni
DELETED
@@ -1,157 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'pwn'
|
5
|
-
require 'optparse'
|
6
|
-
|
7
|
-
opts = {}
|
8
|
-
OptionParser.new do |options|
|
9
|
-
options.banner = "USAGE:
|
10
|
-
#{$PROGRAM_NAME} [opts]
|
11
|
-
"
|
12
|
-
|
13
|
-
options.on('-tTARGET', '--target_url=TARGET', '<Required - Target URI to Scan>') do |t|
|
14
|
-
opts[:target_url] = t
|
15
|
-
end
|
16
|
-
|
17
|
-
options.on('-oDIR', '--report_output_dir=DIR', '<Required - Output Directory for Results Generation>') do |o|
|
18
|
-
opts[:output_dir] = o
|
19
|
-
end
|
20
|
-
|
21
|
-
options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless> (Defaults to chrome)>') do |b|
|
22
|
-
opts[:browser_type] = b
|
23
|
-
end
|
24
|
-
|
25
|
-
options.on('-IINST', '--navigation_instruct=INST', '<Optional - Path to Navigation Instructions (e.g. Auth w/ Target - see /pwn/etc/arachni/navigation.instruct.EXAMPLE)>') do |i|
|
26
|
-
opts[:navigation_instruct] = i
|
27
|
-
end
|
28
|
-
|
29
|
-
options.on('-pPROXY', '--proxy=PROXY', '<Optional - Proxy SCHEME://ADDRESS:PORT>') do |p|
|
30
|
-
opts[:proxy] = p
|
31
|
-
end
|
32
|
-
|
33
|
-
options.on('-xTYPE', '--proxy-type=TYPE', '<Optional - Proxy Type (See arachni --help)>') do |x|
|
34
|
-
opts[:proxy_type] = x
|
35
|
-
end
|
36
|
-
|
37
|
-
options.on('-ePATTERN', '--exclude-pattern=PATTERN', '<Optional - Exclude comma-delimited resources whose URL matches pattern>') do |e|
|
38
|
-
opts[:exclude_pattern] = e
|
39
|
-
end
|
40
|
-
|
41
|
-
options.on('-d', '--[no-]deep', '<Optional - Enable Deep Scanning (Much Longer to Complete)>') do |d|
|
42
|
-
opts[:deep_scan] = d
|
43
|
-
end
|
44
|
-
end.parse!
|
45
|
-
|
46
|
-
if opts.empty?
|
47
|
-
puts `#{$PROGRAM_NAME} --help`
|
48
|
-
exit 1
|
49
|
-
end
|
50
|
-
|
51
|
-
begin
|
52
|
-
logger = PWN::Plugins::PWNLogger.create
|
53
|
-
|
54
|
-
target_url = opts[:target_url].to_s.scrub
|
55
|
-
output_dir = opts[:output_dir].to_s.scrub if Dir.exist?(opts[:output_dir].to_s.scrub)
|
56
|
-
if opts[:browser_type].nil?
|
57
|
-
browser_type = :chrome
|
58
|
-
else
|
59
|
-
browser_type = opts[:browser_type].to_s.strip.chomp.scrub.to_sym
|
60
|
-
end
|
61
|
-
navigation_instruct = opts[:navigation_instruct].to_s.strip.chomp.scrub if File.exist?(opts[:navigation_instruct].to_s.strip.chomp.scrub)
|
62
|
-
proxy = opts[:proxy]
|
63
|
-
proxy_type = opts[:proxy_type]
|
64
|
-
exclude_pattern = opts[:exclude_pattern]
|
65
|
-
deep_scan = opts[:deep_scan]
|
66
|
-
|
67
|
-
raise 'ERROR: please use pwn_arachni_rest for REST Scanning.' if browser_type == :rest
|
68
|
-
|
69
|
-
browser = PWN::Plugins::TransparentBrowser.open(
|
70
|
-
browser_type: browser_type,
|
71
|
-
proxy: proxy
|
72
|
-
)
|
73
|
-
|
74
|
-
browser.goto(target_url)
|
75
|
-
|
76
|
-
if navigation_instruct
|
77
|
-
File.read(navigation_instruct).each_line do |instruction|
|
78
|
-
browser.instance_eval(instruction.to_s.scrub.strip.chomp)
|
79
|
-
end
|
80
|
-
|
81
|
-
# We should have an authenticated session by now in our browser object...
|
82
|
-
http_cookie_header = ''
|
83
|
-
browser.cookies.to_a.each_with_index do |this_symbolized_cookie_hash, index|
|
84
|
-
# Need to convert symbolized key names in browser.cookies.to_a[index]
|
85
|
-
# to strings for proper CGI::Cookie consumption
|
86
|
-
this_cookie = {}
|
87
|
-
this_symbolized_cookie_hash.each do |key, val|
|
88
|
-
this_cookie[key.to_s] = val
|
89
|
-
end
|
90
|
-
|
91
|
-
cgi_cookie_str = CGI::Cookie.new(this_cookie).to_s
|
92
|
-
|
93
|
-
if index.zero?
|
94
|
-
http_cookie_header = cgi_cookie_str
|
95
|
-
else
|
96
|
-
http_cookie_header = "#{http_cookie_header}, #{cgi_cookie_str}"
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
arachni_cmd_str = "arachni #{target_url} --audit-parameter-names"
|
102
|
-
arachni_cmd_str = "#{arachni_cmd_str} --output-debug"
|
103
|
-
arachni_cmd_str = "#{arachni_cmd_str} --checks=*"
|
104
|
-
arachni_cmd_str = "#{arachni_cmd_str} --audit-ui-inputs --audit-ui-forms"
|
105
|
-
arachni_cmd_str = "#{arachni_cmd_str} --audit-jsons --audit-xmls"
|
106
|
-
arachni_cmd_str = "#{arachni_cmd_str} --audit-links --audit-forms --audit-cookies"
|
107
|
-
arachni_cmd_str = "#{arachni_cmd_str} --report-save-path=#{output_dir}/arachni_results.afr"
|
108
|
-
arachni_cmd_str = "#{arachni_cmd_str} --http-proxy #{proxy}" if proxy
|
109
|
-
arachni_cmd_str = "#{arachni_cmd_str} --http-proxy-type #{proxy_type}" if proxy_type
|
110
|
-
arachni_cmd_str = "#{arachni_cmd_str} --http-cookie-string='#{http_cookie_header}'" if navigation_instruct
|
111
|
-
arachni_cmd_str = "#{arachni_cmd_str} --audit-headers --audit-with-both-methods --audit-cookies-extensively" if deep_scan
|
112
|
-
|
113
|
-
if exclude_pattern
|
114
|
-
exclude_pattern.to_s.split(',').each do |exclude_entry|
|
115
|
-
arachni_cmd_str = "#{arachni_cmd_str} --scope-exclude-pattern #{exclude_entry}"
|
116
|
-
end
|
117
|
-
end
|
118
|
-
|
119
|
-
# Kick off scan as defined by pwn_arachni flags
|
120
|
-
system(
|
121
|
-
'sudo',
|
122
|
-
'/bin/bash',
|
123
|
-
'--login',
|
124
|
-
'-c',
|
125
|
-
arachni_cmd_str
|
126
|
-
)
|
127
|
-
|
128
|
-
# Report Scan Results
|
129
|
-
system(
|
130
|
-
'sudo',
|
131
|
-
'/bin/bash',
|
132
|
-
'--login',
|
133
|
-
'-c',
|
134
|
-
"arachni_reporter #{output_dir}/arachni_results.afr --reporter=html:outfile=#{output_dir}/arachni_results.html.zip"
|
135
|
-
)
|
136
|
-
|
137
|
-
system(
|
138
|
-
'sudo',
|
139
|
-
'/bin/bash',
|
140
|
-
'--login',
|
141
|
-
'-c',
|
142
|
-
"arachni_reporter #{output_dir}/arachni_results.afr --reporter=json:outfile=#{output_dir}/arachni_results.json"
|
143
|
-
)
|
144
|
-
|
145
|
-
# Unzip Results in Output Dir
|
146
|
-
system(
|
147
|
-
'sudo',
|
148
|
-
'/bin/bash',
|
149
|
-
'--login',
|
150
|
-
'-c',
|
151
|
-
"cd #{output_dir} && unzip -o arachni_results.html.zip"
|
152
|
-
)
|
153
|
-
rescue StandardError, SystemExit, Interrupt => e
|
154
|
-
raise e
|
155
|
-
ensure
|
156
|
-
browser = PWN::Plugins::TransparentBrowser.close(browser_obj: browser) unless browser.nil?
|
157
|
-
end
|
data/bin/pwn_arachni_rest
DELETED
@@ -1,174 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'pwn'
|
5
|
-
require 'optparse'
|
6
|
-
require 'securerandom'
|
7
|
-
require 'pty'
|
8
|
-
require 'json'
|
9
|
-
|
10
|
-
opts = {}
|
11
|
-
OptionParser.new do |options|
|
12
|
-
options.banner = "USAGE:
|
13
|
-
#{$PROGRAM_NAME} [opts]
|
14
|
-
"
|
15
|
-
|
16
|
-
options.on('-tTARGET', '--target_url=TARGET', '<Required - Target URI to Scan>') do |t|
|
17
|
-
opts[:target_url] = t
|
18
|
-
end
|
19
|
-
|
20
|
-
options.on('-oDIR', '--report_output_dir=DIR', '<Required - Output Directory for Results Generation>') do |o|
|
21
|
-
opts[:output_dir] = o
|
22
|
-
end
|
23
|
-
|
24
|
-
options.on('-IINST', '--navigation_instruct=INST', '<Required - Path to Navigation Instructions (e.g. Auth w/ Target - see /pwn/etc/arachni/navigation-REST.instruct.EXAMPLE)>') do |i|
|
25
|
-
opts[:navigation_instruct] = i
|
26
|
-
end
|
27
|
-
|
28
|
-
options.on('-pPROXY', '--proxy=PROXY', '<Optional - Proxy SCHEME://ADDRESS:PORT>') do |p|
|
29
|
-
opts[:proxy] = p
|
30
|
-
end
|
31
|
-
|
32
|
-
options.on('-xTYPE', '--proxy-type=TYPE', '<Optional - Proxy Type (See arachni --help)>') do |x|
|
33
|
-
opts[:proxy_type] = x
|
34
|
-
end
|
35
|
-
|
36
|
-
options.on('-ePATTERN', '--exclude-pattern=PATTERN', '<Optional - Exclude comma-delimited resources whose URL matches pattern>') do |e|
|
37
|
-
opts[:exclude_pattern] = e
|
38
|
-
end
|
39
|
-
|
40
|
-
options.on('-d', '--[no-]deep', '<Optional - Enable Deep Scanning (Much Longer to Complete)>') do |d|
|
41
|
-
opts[:deep_scan] = d
|
42
|
-
end
|
43
|
-
end.parse!
|
44
|
-
|
45
|
-
if opts.empty?
|
46
|
-
puts `#{$PROGRAM_NAME} --help`
|
47
|
-
exit 1
|
48
|
-
end
|
49
|
-
|
50
|
-
logger = PWN::Plugins::PWNLogger.create
|
51
|
-
|
52
|
-
target_url = opts[:target_url].to_s.scrub
|
53
|
-
output_dir = opts[:output_dir].to_s.scrub if Dir.exist?(opts[:output_dir].to_s.scrub)
|
54
|
-
navigation_instruct = opts[:navigation_instruct].to_s.strip.chomp.scrub if File.exist?(opts[:navigation_instruct].to_s.strip.chomp.scrub)
|
55
|
-
proxy = opts[:proxy]
|
56
|
-
proxy_type = opts[:proxy_type]
|
57
|
-
exclude_pattern = opts[:exclude_pattern]
|
58
|
-
deep_scan = opts[:deep_scan]
|
59
|
-
|
60
|
-
# Proxy defaults to 127.0.0.1:8282
|
61
|
-
arachni_cmd_str = 'arachni --plugin=proxy:address=127.0.0.1,port=8282'
|
62
|
-
arachni_cmd_str = "#{arachni_cmd_str} --output-debug"
|
63
|
-
arachni_cmd_str = "#{arachni_cmd_str} --scope-page-limit=0"
|
64
|
-
arachni_cmd_str = "#{arachni_cmd_str} --checks=*,-common_*,-backup*,-backdoors,-directory_listing,-csrf"
|
65
|
-
arachni_cmd_str = "#{arachni_cmd_str} --report-save-path=#{output_dir}/arachni_results.afr"
|
66
|
-
arachni_cmd_str = "#{arachni_cmd_str} --http-proxy #{proxy}" if proxy
|
67
|
-
arachni_cmd_str = "#{arachni_cmd_str} --http-proxy-type #{proxy_type}" if proxy_type
|
68
|
-
arachni_cmd_str = "#{arachni_cmd_str} --audit-jsons --audit-xmls --audit-forms --audit-links"
|
69
|
-
arachni_cmd_str = "#{arachni_cmd_str} --audit-headers --audit-with-both-methods --audit-parameter-names" if deep_scan
|
70
|
-
arachni_cmd_str = "#{arachni_cmd_str} #{target_url}"
|
71
|
-
|
72
|
-
if exclude_pattern
|
73
|
-
exclude_pattern.to_s.split(',').each do |exclude_entry|
|
74
|
-
arachni_cmd_str = "#{arachni_cmd_str} --scope-exclude-pattern #{exclude_entry}"
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
arachni_stdout_log_path = "/tmp/pwn_arachni_rest-#{SecureRandom.hex}.log"
|
79
|
-
arachni_stdout_log = File.new(arachni_stdout_log_path, 'w')
|
80
|
-
# Immediately writes all buffered data in IO to disk
|
81
|
-
arachni_stdout_log.sync = true
|
82
|
-
arachni_stdout_log.fsync
|
83
|
-
|
84
|
-
trained_attack_vectors_yaml = ''
|
85
|
-
|
86
|
-
# Kick off scan as defined by pwn_arachni_rest flags
|
87
|
-
begin
|
88
|
-
fork_pid = Process.fork do
|
89
|
-
PTY.spawn(
|
90
|
-
"sudo /bin/bash --login -c \"#{arachni_cmd_str}\""
|
91
|
-
) do |stdout, _stdin, _pid|
|
92
|
-
stdout.each do |line|
|
93
|
-
puts line
|
94
|
-
arachni_stdout_log.puts line
|
95
|
-
end
|
96
|
-
end
|
97
|
-
end
|
98
|
-
Process.detach(fork_pid)
|
99
|
-
puts 'Arachni proxy plugin process exiting...'
|
100
|
-
rescue StandardError => e
|
101
|
-
puts 'ERROR: Arachni proxy plugin process exiting...'
|
102
|
-
raise e
|
103
|
-
rescue Interrupt
|
104
|
-
puts 'CTRL+C Detected - goodbye.'
|
105
|
-
exit 1
|
106
|
-
ensure
|
107
|
-
Process.kill('TERM', fork_pid) if fork_pid
|
108
|
-
File.unlink(arachni_stdout_log_path)
|
109
|
-
File.unlink(trained_attack_vectors_yaml)
|
110
|
-
end
|
111
|
-
|
112
|
-
# Watch for Arachni proxy plugin to intialize prior to invoking navigation-REST.instruct
|
113
|
-
return_pattern = 'Proxy: The scan will resume once you visit the shutdown URL.'
|
114
|
-
loop do
|
115
|
-
if File.exist?(arachni_stdout_log_path) &&
|
116
|
-
File.read(arachni_stdout_log_path).include?(return_pattern)
|
117
|
-
|
118
|
-
print 'Proxy started...sleeping for 9s. '
|
119
|
-
sleep 9
|
120
|
-
puts 'Ready to proceed.'
|
121
|
-
break
|
122
|
-
end
|
123
|
-
sleep 3
|
124
|
-
end
|
125
|
-
|
126
|
-
# Initiate rest_client object to pump requests through Arachni proxy plugin.
|
127
|
-
rest_client = PWN::Plugins::TransparentBrowser.open(
|
128
|
-
browser_type: :rest,
|
129
|
-
proxy: 'http://127.0.0.1:8282'
|
130
|
-
)::Request
|
131
|
-
|
132
|
-
# Now that the proxy is up, we can run the navigation-REST.instruct through the Arachni
|
133
|
-
# proxy plugin (http://127.0.0.1:8282) to train arachni how to interact w/ the API.
|
134
|
-
puts "Initialize REST API Training: #{navigation_instruct}"
|
135
|
-
pwn_arachni_rest_custom_http_header = instance_eval(File.read(navigation_instruct), navigation_instruct)
|
136
|
-
puts "REST API Training Complete: #{navigation_instruct}"
|
137
|
-
puts 'Sleeping for 9s prior to proceeding...'
|
138
|
-
sleep 9
|
139
|
-
|
140
|
-
# Close rest_client used for training Arachni
|
141
|
-
PWN::Plugins::TransparentBrowser.close(browser_obj: rest_client)
|
142
|
-
|
143
|
-
trained_attack_vectors_yaml = "#{File.dirname(arachni_stdout_log_path)}/#{File.basename(arachni_stdout_log_path, File.extname(arachni_stdout_log_path))}.yml"
|
144
|
-
|
145
|
-
# TODO: Use Process.spawn instead of system to capture pid for proper cleanup
|
146
|
-
system("/bin/bash --login -c \"http_proxy=http://127.0.0.1:8282 curl http://arachni.proxy/panel/vectors.yml -o #{trained_attack_vectors_yaml}\"")
|
147
|
-
# TODO: Use Process.spawn instead of system to capture pid for proper cleanup
|
148
|
-
system('/bin/bash --login -c "http_proxy=http://127.0.0.1:8282 curl http://arachni.proxy/shutdown"')
|
149
|
-
fork_pid = nil
|
150
|
-
|
151
|
-
arachni_trained_cmd_str = "arachni --plugin=vector_feed:yaml_file=#{trained_attack_vectors_yaml}"
|
152
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --output-debug"
|
153
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --scope-page-limit=0"
|
154
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --checks=*,-common_*,-backup*,-backdoors,-directory_listing,-csrf"
|
155
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --http-request-header='#{pwn_arachni_rest_custom_http_header}'" if pwn_arachni_rest_custom_http_header != ''
|
156
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --report-save-path=#{output_dir}/arachni_results.afr"
|
157
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --http-proxy #{proxy}" if proxy
|
158
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --http-proxy-type #{proxy_type}" if proxy_type
|
159
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --audit-jsons --audit-xmls --audit-forms --audit-links"
|
160
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --audit-headers --audit-with-both-methods --audit-parameter-names" if deep_scan
|
161
|
-
arachni_trained_cmd_str = "#{arachni_trained_cmd_str} #{target_url}"
|
162
|
-
|
163
|
-
# TODO: Use Process.spawn instead of system to capture pid for proper cleanup
|
164
|
-
system("sudo /bin/bash --login -c \"#{arachni_trained_cmd_str}\"")
|
165
|
-
|
166
|
-
# Report Scan Results
|
167
|
-
# TODO: Use Process.spawn instead of system to capture pid for proper cleanup
|
168
|
-
system("sudo /bin/bash --login -c \"arachni_reporter #{output_dir}/arachni_results.afr --reporter=html:outfile=#{output_dir}/arachni_results.html.zip\"")
|
169
|
-
# TODO: Use Process.spawn instead of system to capture pid for proper cleanup
|
170
|
-
system("sudo /bin/bash --login -c \"arachni_reporter #{output_dir}/arachni_results.afr --reporter=json:outfile=#{output_dir}/arachni_results.json\"")
|
171
|
-
|
172
|
-
# Unzip Results in Output Dir
|
173
|
-
# TODO: Use Process.spawn instead of system to capture pid for proper cleanup
|
174
|
-
system("sudo /bin/bash --login -c \"cd #{output_dir} && unzip -o arachni_results.html.zip\"")
|