pwn 0.4.701 → 0.4.702

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/bin/pwn_burp_suite_pro_active_scan +2 -1
  4. data/bin/pwn_domain_reversewhois +7 -6
  5. data/bin/pwn_owasp_zap_active_scan +3 -2
  6. data/bin/pwn_pastebin_sample_filter +5 -3
  7. data/bin/pwn_web_cache_deception +10 -7
  8. data/bin/pwn_www_checkip +5 -4
  9. data/bin/pwn_www_uri_buster +5 -4
  10. data/bin/pwn_xss_dom_vectors +11 -8
  11. data/lib/pwn/plugins/baresip.rb +3 -2
  12. data/lib/pwn/plugins/beef.rb +5 -2
  13. data/lib/pwn/plugins/burp_suite.rb +7 -5
  14. data/lib/pwn/plugins/defect_dojo.rb +5 -3
  15. data/lib/pwn/plugins/github.rb +2 -1
  16. data/lib/pwn/plugins/hacker_one.rb +4 -2
  17. data/lib/pwn/plugins/ibm_appscan.rb +13 -6
  18. data/lib/pwn/plugins/ip_info.rb +4 -2
  19. data/lib/pwn/plugins/jira_server.rb +2 -1
  20. data/lib/pwn/plugins/nessus_cloud.rb +2 -1
  21. data/lib/pwn/plugins/open_ai.rb +3 -1
  22. data/lib/pwn/plugins/owasp_zap.rb +2 -1
  23. data/lib/pwn/plugins/shodan.rb +2 -1
  24. data/lib/pwn/plugins/transparent_browser.rb +22 -32
  25. data/lib/pwn/plugins/twitter_api.rb +5 -2
  26. data/lib/pwn/plugins/vsphere.rb +1 -2
  27. data/lib/pwn/version.rb +1 -1
  28. data/lib/pwn/www/app_cobalt_io.rb +17 -11
  29. data/lib/pwn/www/bing.rb +7 -4
  30. data/lib/pwn/www/bug_crowd.rb +17 -11
  31. data/lib/pwn/www/checkip.rb +5 -3
  32. data/lib/pwn/www/coinbase_pro.rb +16 -10
  33. data/lib/pwn/www/duckduckgo.rb +13 -6
  34. data/lib/pwn/www/facebook.rb +14 -8
  35. data/lib/pwn/www/google.rb +10 -6
  36. data/lib/pwn/www/hacker_one.rb +14 -8
  37. data/lib/pwn/www/linkedin.rb +14 -8
  38. data/lib/pwn/www/pandora.rb +14 -8
  39. data/lib/pwn/www/pastebin.rb +7 -3
  40. data/lib/pwn/www/paypal.rb +34 -26
  41. data/lib/pwn/www/synack.rb +17 -11
  42. data/lib/pwn/www/torch.rb +10 -5
  43. data/lib/pwn/www/trading_view.rb +17 -11
  44. data/lib/pwn/www/twitter.rb +18 -10
  45. data/lib/pwn/www/uber.rb +14 -8
  46. data/lib/pwn/www/upwork.rb +14 -8
  47. data/lib/pwn/www/youtube.rb +7 -4
  48. metadata +2 -6
  49. data/bin/pwn_arachni +0 -157
  50. data/bin/pwn_arachni_rest +0 -174
data/bin/pwn_arachni DELETED
@@ -1,157 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # frozen_string_literal: true
3
-
4
- require 'pwn'
5
- require 'optparse'
6
-
7
- opts = {}
8
- OptionParser.new do |options|
9
- options.banner = "USAGE:
10
- #{$PROGRAM_NAME} [opts]
11
- "
12
-
13
- options.on('-tTARGET', '--target_url=TARGET', '<Required - Target URI to Scan>') do |t|
14
- opts[:target_url] = t
15
- end
16
-
17
- options.on('-oDIR', '--report_output_dir=DIR', '<Required - Output Directory for Results Generation>') do |o|
18
- opts[:output_dir] = o
19
- end
20
-
21
- options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless> (Defaults to chrome)>') do |b|
22
- opts[:browser_type] = b
23
- end
24
-
25
- options.on('-IINST', '--navigation_instruct=INST', '<Optional - Path to Navigation Instructions (e.g. Auth w/ Target - see /pwn/etc/arachni/navigation.instruct.EXAMPLE)>') do |i|
26
- opts[:navigation_instruct] = i
27
- end
28
-
29
- options.on('-pPROXY', '--proxy=PROXY', '<Optional - Proxy SCHEME://ADDRESS:PORT>') do |p|
30
- opts[:proxy] = p
31
- end
32
-
33
- options.on('-xTYPE', '--proxy-type=TYPE', '<Optional - Proxy Type (See arachni --help)>') do |x|
34
- opts[:proxy_type] = x
35
- end
36
-
37
- options.on('-ePATTERN', '--exclude-pattern=PATTERN', '<Optional - Exclude comma-delimited resources whose URL matches pattern>') do |e|
38
- opts[:exclude_pattern] = e
39
- end
40
-
41
- options.on('-d', '--[no-]deep', '<Optional - Enable Deep Scanning (Much Longer to Complete)>') do |d|
42
- opts[:deep_scan] = d
43
- end
44
- end.parse!
45
-
46
- if opts.empty?
47
- puts `#{$PROGRAM_NAME} --help`
48
- exit 1
49
- end
50
-
51
- begin
52
- logger = PWN::Plugins::PWNLogger.create
53
-
54
- target_url = opts[:target_url].to_s.scrub
55
- output_dir = opts[:output_dir].to_s.scrub if Dir.exist?(opts[:output_dir].to_s.scrub)
56
- if opts[:browser_type].nil?
57
- browser_type = :chrome
58
- else
59
- browser_type = opts[:browser_type].to_s.strip.chomp.scrub.to_sym
60
- end
61
- navigation_instruct = opts[:navigation_instruct].to_s.strip.chomp.scrub if File.exist?(opts[:navigation_instruct].to_s.strip.chomp.scrub)
62
- proxy = opts[:proxy]
63
- proxy_type = opts[:proxy_type]
64
- exclude_pattern = opts[:exclude_pattern]
65
- deep_scan = opts[:deep_scan]
66
-
67
- raise 'ERROR: please use pwn_arachni_rest for REST Scanning.' if browser_type == :rest
68
-
69
- browser = PWN::Plugins::TransparentBrowser.open(
70
- browser_type: browser_type,
71
- proxy: proxy
72
- )
73
-
74
- browser.goto(target_url)
75
-
76
- if navigation_instruct
77
- File.read(navigation_instruct).each_line do |instruction|
78
- browser.instance_eval(instruction.to_s.scrub.strip.chomp)
79
- end
80
-
81
- # We should have an authenticated session by now in our browser object...
82
- http_cookie_header = ''
83
- browser.cookies.to_a.each_with_index do |this_symbolized_cookie_hash, index|
84
- # Need to convert symbolized key names in browser.cookies.to_a[index]
85
- # to strings for proper CGI::Cookie consumption
86
- this_cookie = {}
87
- this_symbolized_cookie_hash.each do |key, val|
88
- this_cookie[key.to_s] = val
89
- end
90
-
91
- cgi_cookie_str = CGI::Cookie.new(this_cookie).to_s
92
-
93
- if index.zero?
94
- http_cookie_header = cgi_cookie_str
95
- else
96
- http_cookie_header = "#{http_cookie_header}, #{cgi_cookie_str}"
97
- end
98
- end
99
- end
100
-
101
- arachni_cmd_str = "arachni #{target_url} --audit-parameter-names"
102
- arachni_cmd_str = "#{arachni_cmd_str} --output-debug"
103
- arachni_cmd_str = "#{arachni_cmd_str} --checks=*"
104
- arachni_cmd_str = "#{arachni_cmd_str} --audit-ui-inputs --audit-ui-forms"
105
- arachni_cmd_str = "#{arachni_cmd_str} --audit-jsons --audit-xmls"
106
- arachni_cmd_str = "#{arachni_cmd_str} --audit-links --audit-forms --audit-cookies"
107
- arachni_cmd_str = "#{arachni_cmd_str} --report-save-path=#{output_dir}/arachni_results.afr"
108
- arachni_cmd_str = "#{arachni_cmd_str} --http-proxy #{proxy}" if proxy
109
- arachni_cmd_str = "#{arachni_cmd_str} --http-proxy-type #{proxy_type}" if proxy_type
110
- arachni_cmd_str = "#{arachni_cmd_str} --http-cookie-string='#{http_cookie_header}'" if navigation_instruct
111
- arachni_cmd_str = "#{arachni_cmd_str} --audit-headers --audit-with-both-methods --audit-cookies-extensively" if deep_scan
112
-
113
- if exclude_pattern
114
- exclude_pattern.to_s.split(',').each do |exclude_entry|
115
- arachni_cmd_str = "#{arachni_cmd_str} --scope-exclude-pattern #{exclude_entry}"
116
- end
117
- end
118
-
119
- # Kick off scan as defined by pwn_arachni flags
120
- system(
121
- 'sudo',
122
- '/bin/bash',
123
- '--login',
124
- '-c',
125
- arachni_cmd_str
126
- )
127
-
128
- # Report Scan Results
129
- system(
130
- 'sudo',
131
- '/bin/bash',
132
- '--login',
133
- '-c',
134
- "arachni_reporter #{output_dir}/arachni_results.afr --reporter=html:outfile=#{output_dir}/arachni_results.html.zip"
135
- )
136
-
137
- system(
138
- 'sudo',
139
- '/bin/bash',
140
- '--login',
141
- '-c',
142
- "arachni_reporter #{output_dir}/arachni_results.afr --reporter=json:outfile=#{output_dir}/arachni_results.json"
143
- )
144
-
145
- # Unzip Results in Output Dir
146
- system(
147
- 'sudo',
148
- '/bin/bash',
149
- '--login',
150
- '-c',
151
- "cd #{output_dir} && unzip -o arachni_results.html.zip"
152
- )
153
- rescue StandardError, SystemExit, Interrupt => e
154
- raise e
155
- ensure
156
- browser = PWN::Plugins::TransparentBrowser.close(browser_obj: browser) unless browser.nil?
157
- end
data/bin/pwn_arachni_rest DELETED
@@ -1,174 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # frozen_string_literal: true
3
-
4
- require 'pwn'
5
- require 'optparse'
6
- require 'securerandom'
7
- require 'pty'
8
- require 'json'
9
-
10
- opts = {}
11
- OptionParser.new do |options|
12
- options.banner = "USAGE:
13
- #{$PROGRAM_NAME} [opts]
14
- "
15
-
16
- options.on('-tTARGET', '--target_url=TARGET', '<Required - Target URI to Scan>') do |t|
17
- opts[:target_url] = t
18
- end
19
-
20
- options.on('-oDIR', '--report_output_dir=DIR', '<Required - Output Directory for Results Generation>') do |o|
21
- opts[:output_dir] = o
22
- end
23
-
24
- options.on('-IINST', '--navigation_instruct=INST', '<Required - Path to Navigation Instructions (e.g. Auth w/ Target - see /pwn/etc/arachni/navigation-REST.instruct.EXAMPLE)>') do |i|
25
- opts[:navigation_instruct] = i
26
- end
27
-
28
- options.on('-pPROXY', '--proxy=PROXY', '<Optional - Proxy SCHEME://ADDRESS:PORT>') do |p|
29
- opts[:proxy] = p
30
- end
31
-
32
- options.on('-xTYPE', '--proxy-type=TYPE', '<Optional - Proxy Type (See arachni --help)>') do |x|
33
- opts[:proxy_type] = x
34
- end
35
-
36
- options.on('-ePATTERN', '--exclude-pattern=PATTERN', '<Optional - Exclude comma-delimited resources whose URL matches pattern>') do |e|
37
- opts[:exclude_pattern] = e
38
- end
39
-
40
- options.on('-d', '--[no-]deep', '<Optional - Enable Deep Scanning (Much Longer to Complete)>') do |d|
41
- opts[:deep_scan] = d
42
- end
43
- end.parse!
44
-
45
- if opts.empty?
46
- puts `#{$PROGRAM_NAME} --help`
47
- exit 1
48
- end
49
-
50
- logger = PWN::Plugins::PWNLogger.create
51
-
52
- target_url = opts[:target_url].to_s.scrub
53
- output_dir = opts[:output_dir].to_s.scrub if Dir.exist?(opts[:output_dir].to_s.scrub)
54
- navigation_instruct = opts[:navigation_instruct].to_s.strip.chomp.scrub if File.exist?(opts[:navigation_instruct].to_s.strip.chomp.scrub)
55
- proxy = opts[:proxy]
56
- proxy_type = opts[:proxy_type]
57
- exclude_pattern = opts[:exclude_pattern]
58
- deep_scan = opts[:deep_scan]
59
-
60
- # Proxy defaults to 127.0.0.1:8282
61
- arachni_cmd_str = 'arachni --plugin=proxy:address=127.0.0.1,port=8282'
62
- arachni_cmd_str = "#{arachni_cmd_str} --output-debug"
63
- arachni_cmd_str = "#{arachni_cmd_str} --scope-page-limit=0"
64
- arachni_cmd_str = "#{arachni_cmd_str} --checks=*,-common_*,-backup*,-backdoors,-directory_listing,-csrf"
65
- arachni_cmd_str = "#{arachni_cmd_str} --report-save-path=#{output_dir}/arachni_results.afr"
66
- arachni_cmd_str = "#{arachni_cmd_str} --http-proxy #{proxy}" if proxy
67
- arachni_cmd_str = "#{arachni_cmd_str} --http-proxy-type #{proxy_type}" if proxy_type
68
- arachni_cmd_str = "#{arachni_cmd_str} --audit-jsons --audit-xmls --audit-forms --audit-links"
69
- arachni_cmd_str = "#{arachni_cmd_str} --audit-headers --audit-with-both-methods --audit-parameter-names" if deep_scan
70
- arachni_cmd_str = "#{arachni_cmd_str} #{target_url}"
71
-
72
- if exclude_pattern
73
- exclude_pattern.to_s.split(',').each do |exclude_entry|
74
- arachni_cmd_str = "#{arachni_cmd_str} --scope-exclude-pattern #{exclude_entry}"
75
- end
76
- end
77
-
78
- arachni_stdout_log_path = "/tmp/pwn_arachni_rest-#{SecureRandom.hex}.log"
79
- arachni_stdout_log = File.new(arachni_stdout_log_path, 'w')
80
- # Immediately writes all buffered data in IO to disk
81
- arachni_stdout_log.sync = true
82
- arachni_stdout_log.fsync
83
-
84
- trained_attack_vectors_yaml = ''
85
-
86
- # Kick off scan as defined by pwn_arachni_rest flags
87
- begin
88
- fork_pid = Process.fork do
89
- PTY.spawn(
90
- "sudo /bin/bash --login -c \"#{arachni_cmd_str}\""
91
- ) do |stdout, _stdin, _pid|
92
- stdout.each do |line|
93
- puts line
94
- arachni_stdout_log.puts line
95
- end
96
- end
97
- end
98
- Process.detach(fork_pid)
99
- puts 'Arachni proxy plugin process exiting...'
100
- rescue StandardError => e
101
- puts 'ERROR: Arachni proxy plugin process exiting...'
102
- raise e
103
- rescue Interrupt
104
- puts 'CTRL+C Detected - goodbye.'
105
- exit 1
106
- ensure
107
- Process.kill('TERM', fork_pid) if fork_pid
108
- File.unlink(arachni_stdout_log_path)
109
- File.unlink(trained_attack_vectors_yaml)
110
- end
111
-
112
- # Watch for Arachni proxy plugin to intialize prior to invoking navigation-REST.instruct
113
- return_pattern = 'Proxy: The scan will resume once you visit the shutdown URL.'
114
- loop do
115
- if File.exist?(arachni_stdout_log_path) &&
116
- File.read(arachni_stdout_log_path).include?(return_pattern)
117
-
118
- print 'Proxy started...sleeping for 9s. '
119
- sleep 9
120
- puts 'Ready to proceed.'
121
- break
122
- end
123
- sleep 3
124
- end
125
-
126
- # Initiate rest_client object to pump requests through Arachni proxy plugin.
127
- rest_client = PWN::Plugins::TransparentBrowser.open(
128
- browser_type: :rest,
129
- proxy: 'http://127.0.0.1:8282'
130
- )::Request
131
-
132
- # Now that the proxy is up, we can run the navigation-REST.instruct through the Arachni
133
- # proxy plugin (http://127.0.0.1:8282) to train arachni how to interact w/ the API.
134
- puts "Initialize REST API Training: #{navigation_instruct}"
135
- pwn_arachni_rest_custom_http_header = instance_eval(File.read(navigation_instruct), navigation_instruct)
136
- puts "REST API Training Complete: #{navigation_instruct}"
137
- puts 'Sleeping for 9s prior to proceeding...'
138
- sleep 9
139
-
140
- # Close rest_client used for training Arachni
141
- PWN::Plugins::TransparentBrowser.close(browser_obj: rest_client)
142
-
143
- trained_attack_vectors_yaml = "#{File.dirname(arachni_stdout_log_path)}/#{File.basename(arachni_stdout_log_path, File.extname(arachni_stdout_log_path))}.yml"
144
-
145
- # TODO: Use Process.spawn instead of system to capture pid for proper cleanup
146
- system("/bin/bash --login -c \"http_proxy=http://127.0.0.1:8282 curl http://arachni.proxy/panel/vectors.yml -o #{trained_attack_vectors_yaml}\"")
147
- # TODO: Use Process.spawn instead of system to capture pid for proper cleanup
148
- system('/bin/bash --login -c "http_proxy=http://127.0.0.1:8282 curl http://arachni.proxy/shutdown"')
149
- fork_pid = nil
150
-
151
- arachni_trained_cmd_str = "arachni --plugin=vector_feed:yaml_file=#{trained_attack_vectors_yaml}"
152
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --output-debug"
153
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --scope-page-limit=0"
154
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --checks=*,-common_*,-backup*,-backdoors,-directory_listing,-csrf"
155
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --http-request-header='#{pwn_arachni_rest_custom_http_header}'" if pwn_arachni_rest_custom_http_header != ''
156
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --report-save-path=#{output_dir}/arachni_results.afr"
157
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --http-proxy #{proxy}" if proxy
158
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --http-proxy-type #{proxy_type}" if proxy_type
159
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --audit-jsons --audit-xmls --audit-forms --audit-links"
160
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} --audit-headers --audit-with-both-methods --audit-parameter-names" if deep_scan
161
- arachni_trained_cmd_str = "#{arachni_trained_cmd_str} #{target_url}"
162
-
163
- # TODO: Use Process.spawn instead of system to capture pid for proper cleanup
164
- system("sudo /bin/bash --login -c \"#{arachni_trained_cmd_str}\"")
165
-
166
- # Report Scan Results
167
- # TODO: Use Process.spawn instead of system to capture pid for proper cleanup
168
- system("sudo /bin/bash --login -c \"arachni_reporter #{output_dir}/arachni_results.afr --reporter=html:outfile=#{output_dir}/arachni_results.html.zip\"")
169
- # TODO: Use Process.spawn instead of system to capture pid for proper cleanup
170
- system("sudo /bin/bash --login -c \"arachni_reporter #{output_dir}/arachni_results.afr --reporter=json:outfile=#{output_dir}/arachni_results.json\"")
171
-
172
- # Unzip Results in Output Dir
173
- # TODO: Use Process.spawn instead of system to capture pid for proper cleanup
174
- system("sudo /bin/bash --login -c \"cd #{output_dir} && unzip -o arachni_results.html.zip\"")