pwn 0.4.735 → 0.4.737
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/pwn/plugins/black_duck_binary_analysis.rb +70 -21
- data/lib/pwn/plugins/open_ai.rb +12 -15
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '01249a06b7f5f3b1bcd331c75d9946a1f1aedfa947cb72ca492e97191229ad10'
|
4
|
+
data.tar.gz: cfbbfb84754859f5e9b2e2727bcc02c2c392682027d58764d1abb70f83334e7f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b45b7cd565ddab92c10e5187b750f30533727b0ead8e94ee1e808c669b789ff4cd87122535eb424ad262496bb2f203822c89cb2808ff07b98985a1050496ed90
|
7
|
+
data.tar.gz: 8a56c95492231605c2bce0e2cf141655e2374b0810cc51ccb445781b5c77b01438ab5d50680b1646c2bdf0d3f2c48c42c86c3d046fbd50edc8f0b1e626566237
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.737]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.737]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -32,7 +32,7 @@ module PWN
|
|
32
32
|
|
33
33
|
headers = opts[:http_headers]
|
34
34
|
headers ||= {
|
35
|
-
content_type:
|
35
|
+
content_type: 'application/json; charset=UTF-8',
|
36
36
|
authorization: "Bearer #{token}"
|
37
37
|
}
|
38
38
|
|
@@ -40,8 +40,6 @@ module PWN
|
|
40
40
|
base_bd_bin_analysis_api_uri = 'https://protecode-sc.com/api'
|
41
41
|
token = opts[:token]
|
42
42
|
|
43
|
-
content_type = 'application/json; charset=UTF-8'
|
44
|
-
|
45
43
|
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
46
44
|
rest_client = browser_obj[:browser]::Request
|
47
45
|
|
@@ -59,13 +57,25 @@ module PWN
|
|
59
57
|
)
|
60
58
|
|
61
59
|
when :post, :put
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
60
|
+
if http_body.key?(:multipart)
|
61
|
+
headers[:content_type] = 'multipart/form-data'
|
62
|
+
|
63
|
+
response = rest_client.execute(
|
64
|
+
method: :post,
|
65
|
+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
|
66
|
+
headers: headers,
|
67
|
+
payload: http_body,
|
68
|
+
verify_ssl: false
|
69
|
+
)
|
70
|
+
else
|
71
|
+
response = rest_client.execute(
|
72
|
+
method: :post,
|
73
|
+
url: "#{base_bd_bin_analysis_api_uri}/#{rest_call}",
|
74
|
+
headers: headers,
|
75
|
+
payload: http_body.to_json,
|
76
|
+
verify_ssl: false
|
77
|
+
)
|
78
|
+
end
|
69
79
|
else
|
70
80
|
raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
|
71
81
|
end
|
@@ -122,7 +132,16 @@ module PWN
|
|
122
132
|
# Supported Method Parameters::
|
123
133
|
# response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
|
124
134
|
# token: 'required - Bearer token',
|
125
|
-
# file: 'required - file to upload'
|
135
|
+
# file: 'required - path of file to upload',
|
136
|
+
# group_id: 'optional - group id',
|
137
|
+
# delete_binary: 'optional - delete binary after upload (defaults to false)',
|
138
|
+
# force_scan: 'optional - force scan (defaults to false)',
|
139
|
+
# callback_url: 'optional - callback url',
|
140
|
+
# scan_infoleak: 'optional - scan infoleak (defaults to true)',
|
141
|
+
# code_analysis: 'optional - code analysis (defaults to true)',
|
142
|
+
# scan_code_familiarity: 'optional - scan code familiarity (defaults to true)',
|
143
|
+
# version: 'optional - version',
|
144
|
+
# product_id: 'optional - product id'
|
126
145
|
# )
|
127
146
|
|
128
147
|
public_class_method def self.upload_file(opts = {})
|
@@ -130,8 +149,29 @@ module PWN
|
|
130
149
|
file = opts[:file]
|
131
150
|
raise "ERROR: #{file} not found." unless File.exist?(file)
|
132
151
|
|
152
|
+
file_name = File.basename(file)
|
153
|
+
|
154
|
+
group_id = opts[:group_id]
|
155
|
+
delete_binary = true if opts[:delete_binary] ||= false
|
156
|
+
force_scan = true if opts[:force_scan] ||= false
|
157
|
+
callback_url = opts[:callback_url]
|
158
|
+
scan_infoleak = false if opts[:scan_infoleak] ||= true
|
159
|
+
code_analysis = false if opts[:code_analysis] ||= true
|
160
|
+
scan_code_familiarity = false if opts[:scan_code_familiarity] ||= true
|
161
|
+
version = opts[:version]
|
162
|
+
product_id = opts[:product_id]
|
163
|
+
|
133
164
|
http_headers = {
|
134
|
-
authorization: "Bearer #{token}"
|
165
|
+
authorization: "Bearer #{token}",
|
166
|
+
delete_binary: delete_binary,
|
167
|
+
force_scan: force_scan,
|
168
|
+
group: group_id,
|
169
|
+
callback: callback_url,
|
170
|
+
scan_infoleak: scan_infoleak,
|
171
|
+
code_analysis: code_analysis,
|
172
|
+
scan_code_familiarity: scan_code_familiarity,
|
173
|
+
version: version,
|
174
|
+
replace: product_id
|
135
175
|
}
|
136
176
|
|
137
177
|
http_body = {
|
@@ -140,9 +180,9 @@ module PWN
|
|
140
180
|
}
|
141
181
|
|
142
182
|
response = bd_bin_analysis_rest_call(
|
143
|
-
http_method: :
|
183
|
+
http_method: :put,
|
144
184
|
token: token,
|
145
|
-
rest_call:
|
185
|
+
rest_call: "upload/#{file_name}",
|
146
186
|
http_headers: http_headers,
|
147
187
|
http_body: http_body
|
148
188
|
)
|
@@ -193,7 +233,7 @@ module PWN
|
|
193
233
|
# token: 'required - Bearer token',
|
194
234
|
# name: 'required - group name',
|
195
235
|
# desc: 'optional - group description',
|
196
|
-
#
|
236
|
+
# parent_id: 'optional - parent group id',
|
197
237
|
# delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
|
198
238
|
# binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
|
199
239
|
# product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
|
@@ -212,7 +252,7 @@ module PWN
|
|
212
252
|
token = opts[:token]
|
213
253
|
name = opts[:name]
|
214
254
|
desc = opts[:desc]
|
215
|
-
|
255
|
+
parent_id = opts[:parent_id]
|
216
256
|
delete_binary = opts[:delete_binary] ||= 'C'
|
217
257
|
binary_cleanup_age = opts[:binary_cleanup_age] ||= 604_800
|
218
258
|
product_cleanup_age = opts[:product_cleanup_age] ||= 604_800
|
@@ -230,7 +270,7 @@ module PWN
|
|
230
270
|
authorization: "Bearer #{token}",
|
231
271
|
name: name,
|
232
272
|
description: desc,
|
233
|
-
parent:
|
273
|
+
parent: parent_id,
|
234
274
|
delete_binary_after_scan: delete_binary,
|
235
275
|
binary_cleanup_age: binary_cleanup_age,
|
236
276
|
product_cleanup_age: product_cleanup_age,
|
@@ -473,9 +513,18 @@ module PWN
|
|
473
513
|
token: 'required - Bearer token'
|
474
514
|
)
|
475
515
|
|
476
|
-
response =
|
477
|
-
token: 'required -
|
478
|
-
file: 'required - file to upload'
|
516
|
+
response = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
|
517
|
+
token: 'required - Bearer token',
|
518
|
+
file: 'required - path of file to upload',
|
519
|
+
group_id: 'optional - group id',
|
520
|
+
delete_binary: 'optional - delete binary after upload (defaults to false)',
|
521
|
+
force_scan: 'optional - force scan (defaults to false)',
|
522
|
+
callback_url: 'optional - callback url',
|
523
|
+
scan_infoleak: 'optional - scan infoleak (defaults to true)',
|
524
|
+
code_analysis: 'optional - code analysis (defaults to true)',
|
525
|
+
scan_code_familiarity: 'optional - scan code familiarity (defaults to true)',
|
526
|
+
version: 'optional - version',
|
527
|
+
product_id: 'optional - product id'
|
479
528
|
)
|
480
529
|
|
481
530
|
response = #{self}.get_tasks(
|
@@ -495,7 +544,7 @@ module PWN
|
|
495
544
|
token: 'required - Bearer token',
|
496
545
|
name: 'required - group name',
|
497
546
|
desc: 'optional - group description',
|
498
|
-
|
547
|
+
parent_id: 'optional - parent_id group id',
|
499
548
|
delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
|
500
549
|
binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
|
501
550
|
product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
|
data/lib/pwn/plugins/open_ai.rb
CHANGED
@@ -21,6 +21,7 @@ module PWN
|
|
21
21
|
# )
|
22
22
|
|
23
23
|
private_class_method def self.open_ai_rest_call(opts = {})
|
24
|
+
token = opts[:token]
|
24
25
|
http_method = if opts[:http_method].nil?
|
25
26
|
:get
|
26
27
|
else
|
@@ -28,12 +29,14 @@ module PWN
|
|
28
29
|
end
|
29
30
|
rest_call = opts[:rest_call].to_s.scrub
|
30
31
|
params = opts[:params]
|
32
|
+
headers = {
|
33
|
+
content_type: 'application/json; charset=UTF-8',
|
34
|
+
authorization: "Bearer #{token}"
|
35
|
+
}
|
36
|
+
|
31
37
|
http_body = opts[:http_body]
|
32
38
|
http_body ||= {}
|
33
39
|
base_open_ai_api_uri = 'https://api.openai.com/v1'
|
34
|
-
token = opts[:token]
|
35
|
-
|
36
|
-
content_type = 'application/json; charset=UTF-8'
|
37
40
|
|
38
41
|
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
39
42
|
rest_client = browser_obj[:browser]::Request
|
@@ -43,25 +46,22 @@ module PWN
|
|
43
46
|
|
44
47
|
case http_method
|
45
48
|
when :delete, :get
|
49
|
+
headers[:params] = params
|
46
50
|
response = rest_client.execute(
|
47
51
|
method: http2_method,
|
48
52
|
url: "#{base_open_ai_api_uri}/#{rest_call}",
|
49
|
-
headers:
|
50
|
-
content_type: content_type,
|
51
|
-
authorization: "Bearer #{token}",
|
52
|
-
params: params
|
53
|
-
},
|
53
|
+
headers: headers,
|
54
54
|
verify_ssl: false
|
55
55
|
)
|
56
56
|
|
57
57
|
when :post
|
58
58
|
if http_body.key?(:multipart)
|
59
|
+
headers[:content_type] = 'multipart/form-data'
|
60
|
+
|
59
61
|
response = rest_client.execute(
|
60
62
|
method: http_method,
|
61
63
|
url: "#{base_open_ai_api_uri}/#{rest_call}",
|
62
|
-
headers:
|
63
|
-
authorization: "Bearer #{token}"
|
64
|
-
},
|
64
|
+
headers: headers,
|
65
65
|
payload: http_body,
|
66
66
|
verify_ssl: false
|
67
67
|
)
|
@@ -69,10 +69,7 @@ module PWN
|
|
69
69
|
response = rest_client.execute(
|
70
70
|
method: http_method,
|
71
71
|
url: "#{base_open_ai_api_uri}/#{rest_call}",
|
72
|
-
headers:
|
73
|
-
content_type: content_type,
|
74
|
-
authorization: "Bearer #{token}"
|
75
|
-
},
|
72
|
+
headers: headers,
|
76
73
|
payload: http_body.to_json,
|
77
74
|
verify_ssl: false
|
78
75
|
)
|
data/lib/pwn/version.rb
CHANGED