pwn 0.4.724 → 0.4.725
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/pwn/plugins/black_duck_binary_analysis.rb +209 -0
- data/lib/pwn/plugins.rb +1 -0
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/plugins/black_duck_binary_analysis_spec.rb +15 -0
- metadata +3 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e2f835654147ae0a73af5bc51c98d922d10add0e5c4acc2541ad926b33634c9e
|
4
|
+
data.tar.gz: d32135289b046d1afd2532b572653fd65b4caa3143ed75ad0b5b07b5bac642e2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 57a524eb2980d8719ed816e3635cebbe328e0539b8048c92e32da7e15bd8456ceaa8877acce5bec9da39ef9cc9621b8caedc4c41f9de0dfdd780e2437c6c4795
|
7
|
+
data.tar.gz: d3b9163c81c1db8d8a7cb802352f4a7e19d44716b075e033e8c1f561314fd044a3b93b8d8369df18880f1ae117f53ca39aac15dbbd589b9bfa7a79b5116f59fa
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.725]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.725]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -0,0 +1,209 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'json'
|
4
|
+
require 'securerandom'
|
5
|
+
require 'tty-spinner'
|
6
|
+
|
7
|
+
module PWN
|
8
|
+
module Plugins
|
9
|
+
# This plugin is used for interacting w/ the Black Duck Binary Analysis
|
10
|
+
# REST API using the 'rest' browser type of PWN::Plugins::TransparentBrowser.
|
11
|
+
# This is based on the following Black Duck Binary Analysis API Specification:
|
12
|
+
# https://protecode-sc.com/help/api
|
13
|
+
module BlackDuckBinaryAnalysis
|
14
|
+
# Supported Method Parameters::
|
15
|
+
# bd_bin_analysis_rest_call(
|
16
|
+
# token: 'required - Black Duck Binary Analysis API token',
|
17
|
+
# http_method: 'optional HTTP method (defaults to GET)
|
18
|
+
# rest_call: 'required rest call to make per the schema',
|
19
|
+
# params: 'optional params passed in the URI or HTTP Headers',
|
20
|
+
# http_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'
|
21
|
+
# )
|
22
|
+
|
23
|
+
private_class_method def self.bd_bin_analysis_rest_call(opts = {})
|
24
|
+
http_method = if opts[:http_method].nil?
|
25
|
+
:get
|
26
|
+
else
|
27
|
+
opts[:http_method].to_s.scrub.to_sym
|
28
|
+
end
|
29
|
+
rest_call = opts[:rest_call].to_s.scrub
|
30
|
+
params = opts[:params]
|
31
|
+
http_body = opts[:http_body]
|
32
|
+
http_body ||= {}
|
33
|
+
base_bd_bin_analysis_api_uri = 'https://protocode-sc.com/api'
|
34
|
+
token = opts[:token]
|
35
|
+
|
36
|
+
content_type = 'application/json; charset=UTF-8'
|
37
|
+
|
38
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
39
|
+
rest_client = browser_obj[:browser]::Request
|
40
|
+
|
41
|
+
spinner = TTY::Spinner.new
|
42
|
+
spinner.auto_spin
|
43
|
+
|
44
|
+
case http_method
|
45
|
+
when :delete
|
46
|
+
response = rest_client.execute(
|
47
|
+
method: :delete,
|
48
|
+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
|
49
|
+
headers: {
|
50
|
+
content_type: content_type,
|
51
|
+
authorization: "Bearer #{token}",
|
52
|
+
params: params
|
53
|
+
},
|
54
|
+
verify_ssl: false
|
55
|
+
)
|
56
|
+
|
57
|
+
when :get
|
58
|
+
response = rest_client.execute(
|
59
|
+
method: :get,
|
60
|
+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
|
61
|
+
headers: {
|
62
|
+
content_type: content_type,
|
63
|
+
authorization: "Bearer #{token}",
|
64
|
+
params: params
|
65
|
+
},
|
66
|
+
verify_ssl: false
|
67
|
+
)
|
68
|
+
|
69
|
+
when :post
|
70
|
+
if http_body.key?(:multipart)
|
71
|
+
response = rest_client.execute(
|
72
|
+
method: :post,
|
73
|
+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
|
74
|
+
headers: {
|
75
|
+
authorization: "Bearer #{token}"
|
76
|
+
},
|
77
|
+
payload: http_body,
|
78
|
+
verify_ssl: false
|
79
|
+
)
|
80
|
+
else
|
81
|
+
response = rest_client.execute(
|
82
|
+
method: :post,
|
83
|
+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
|
84
|
+
headers: {
|
85
|
+
content_type: content_type,
|
86
|
+
authorization: "Bearer #{token}"
|
87
|
+
},
|
88
|
+
payload: http_body.to_json,
|
89
|
+
verify_ssl: false
|
90
|
+
)
|
91
|
+
end
|
92
|
+
|
93
|
+
when :put
|
94
|
+
if http_body.key?(:multipart)
|
95
|
+
response = rest_client.execute(
|
96
|
+
method: :put,
|
97
|
+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
|
98
|
+
headers: {
|
99
|
+
authorization: "Bearer #{token}"
|
100
|
+
},
|
101
|
+
payload: http_body,
|
102
|
+
verify_ssl: false
|
103
|
+
)
|
104
|
+
else
|
105
|
+
response = rest_client.execute(
|
106
|
+
method: :post,
|
107
|
+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
|
108
|
+
headers: {
|
109
|
+
content_type: content_type,
|
110
|
+
authorization: "Bearer #{token}"
|
111
|
+
},
|
112
|
+
payload: http_body.to_json,
|
113
|
+
verify_ssl: false
|
114
|
+
)
|
115
|
+
end
|
116
|
+
|
117
|
+
else
|
118
|
+
raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
|
119
|
+
end
|
120
|
+
response
|
121
|
+
rescue StandardError => e
|
122
|
+
case e.message
|
123
|
+
when '400 Bad Request', '404 Resource Not Found'
|
124
|
+
"#{e.message}: #{e.response}"
|
125
|
+
else
|
126
|
+
raise e
|
127
|
+
end
|
128
|
+
ensure
|
129
|
+
spinner.stop
|
130
|
+
end
|
131
|
+
|
132
|
+
# Supported Method Parameters::
|
133
|
+
# response = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
|
134
|
+
# token: 'required - Bearer token'
|
135
|
+
# )
|
136
|
+
|
137
|
+
public_class_method def self.get_groups(opts = {})
|
138
|
+
token = opts[:token]
|
139
|
+
|
140
|
+
response = bd_bin_analysis_rest_call(
|
141
|
+
token: token,
|
142
|
+
rest_call: 'groups'
|
143
|
+
)
|
144
|
+
|
145
|
+
JSON.parse(response, symbolize_names: true)
|
146
|
+
rescue StandardError => e
|
147
|
+
raise e
|
148
|
+
end
|
149
|
+
|
150
|
+
# Supported Method Parameters::
|
151
|
+
# response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
|
152
|
+
# token: 'required - Bearer token',
|
153
|
+
# file: 'required - file to upload',
|
154
|
+
# purpose: 'optional - intended purpose of the uploaded documents (defaults to fine-tune'
|
155
|
+
# )
|
156
|
+
|
157
|
+
public_class_method def self.upload_file(opts = {})
|
158
|
+
token = opts[:token]
|
159
|
+
file = opts[:file]
|
160
|
+
raise "ERROR: #{file} not found." unless File.exist?(file)
|
161
|
+
|
162
|
+
purpose = opts[:purpose]
|
163
|
+
purpose ||= 'fine-tune'
|
164
|
+
|
165
|
+
http_body = {
|
166
|
+
multipart: true,
|
167
|
+
file: File.new(file, 'rb'),
|
168
|
+
purpose: purpose
|
169
|
+
}
|
170
|
+
|
171
|
+
response = bd_bin_analysis_rest_call(
|
172
|
+
http_method: :post,
|
173
|
+
token: token,
|
174
|
+
rest_call: 'files',
|
175
|
+
http_body: http_body
|
176
|
+
)
|
177
|
+
|
178
|
+
JSON.parse(response, symbolize_names: true)
|
179
|
+
rescue StandardError => e
|
180
|
+
raise e
|
181
|
+
end
|
182
|
+
|
183
|
+
# Author(s):: 0day Inc. <request.pentest@0dayinc.com>
|
184
|
+
|
185
|
+
public_class_method def self.authors
|
186
|
+
"AUTHOR(S):
|
187
|
+
0day Inc. <request.pentest@0dayinc.com>
|
188
|
+
"
|
189
|
+
end
|
190
|
+
|
191
|
+
# Display Usage for this Module
|
192
|
+
|
193
|
+
public_class_method def self.help
|
194
|
+
puts "USAGE:
|
195
|
+
response = #{self}.get_groups(
|
196
|
+
token: 'required - Bearer token'
|
197
|
+
)
|
198
|
+
|
199
|
+
response = #{self}.upload_file(
|
200
|
+
token: 'required - Black Duck Binary Analysis API token',
|
201
|
+
file: 'required - file to upload'
|
202
|
+
)
|
203
|
+
|
204
|
+
#{self}.authors
|
205
|
+
"
|
206
|
+
end
|
207
|
+
end
|
208
|
+
end
|
209
|
+
end
|
data/lib/pwn/plugins.rb
CHANGED
@@ -11,6 +11,7 @@ module PWN
|
|
11
11
|
autoload :BareSIP, 'pwn/plugins/baresip'
|
12
12
|
autoload :BasicAuth, 'pwn/plugins/basic_auth'
|
13
13
|
autoload :BeEF, 'pwn/plugins/beef'
|
14
|
+
autoload :BlackDuckBinaryAnalysis, 'pwn/plugins/black_duck_binary_analysis'
|
14
15
|
autoload :BurpSuite, 'pwn/plugins/burp_suite'
|
15
16
|
autoload :BusPirate, 'pwn/plugins/bus_pirate'
|
16
17
|
autoload :Char, 'pwn/plugins/char'
|
data/lib/pwn/version.rb
CHANGED
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::Plugins::BlackDuckBinaryAnalysis do
|
6
|
+
it 'should display information for authors' do
|
7
|
+
authors_response = PWN::Plugins::BlackDuckBinaryAnalysis
|
8
|
+
expect(authors_response).to respond_to :authors
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for existing help method' do
|
12
|
+
help_response = PWN::Plugins::BlackDuckBinaryAnalysis
|
13
|
+
expect(help_response).to respond_to :help
|
14
|
+
end
|
15
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.725
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
@@ -1676,6 +1676,7 @@ files:
|
|
1676
1676
|
- lib/pwn/plugins/baresip.rb
|
1677
1677
|
- lib/pwn/plugins/basic_auth.rb
|
1678
1678
|
- lib/pwn/plugins/beef.rb
|
1679
|
+
- lib/pwn/plugins/black_duck_binary_analysis.rb
|
1679
1680
|
- lib/pwn/plugins/burp_suite.rb
|
1680
1681
|
- lib/pwn/plugins/bus_pirate.rb
|
1681
1682
|
- lib/pwn/plugins/char.rb
|
@@ -1986,6 +1987,7 @@ files:
|
|
1986
1987
|
- spec/lib/pwn/plugins/baresip_spec.rb
|
1987
1988
|
- spec/lib/pwn/plugins/basic_auth_spec.rb
|
1988
1989
|
- spec/lib/pwn/plugins/beef_spec.rb
|
1990
|
+
- spec/lib/pwn/plugins/black_duck_binary_analysis_spec.rb
|
1989
1991
|
- spec/lib/pwn/plugins/burp_suite_spec.rb
|
1990
1992
|
- spec/lib/pwn/plugins/bus_pirate_spec.rb
|
1991
1993
|
- spec/lib/pwn/plugins/char_spec.rb
|