pwn 0.4.740 → 0.4.742
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_bdba_groups +66 -0
- data/bin/pwn_bdba_scan +105 -0
- data/lib/pwn/plugins/black_duck_binary_analysis.rb +42 -0
- data/lib/pwn/version.rb +1 -1
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f03ccf5285b9493395a67e0b5b51843362dbfc39ba2326128beec08a9cae11e1
|
4
|
+
data.tar.gz: 48c793f00f5c0be3965bd431562bb8e8f30684b328dc9eced35ea920d745889b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8a1516cc7f528b8775563dcfa0e835ac9764775b38b494da666bd2a9bcd86a7a7ac640c80a78fbd19a690645a9d9759dc48b3b346615f2222325f35d9c4f4572
|
7
|
+
data.tar.gz: 6b651741cecc34f0f23d3b0d6ec994dbabfba7febe50f3eec18b9d55f6d6f8c010dca588948b139d6affbc3b8433b63c81789b03c66d459f1dcc058f80f212cd
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.742]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.742]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn_bdba_groups
ADDED
@@ -0,0 +1,66 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
require 'optparse'
|
5
|
+
require 'pwn'
|
6
|
+
require 'yaml'
|
7
|
+
|
8
|
+
opts = {}
|
9
|
+
OptionParser.new do |options|
|
10
|
+
options.banner = "USAGE:
|
11
|
+
#{$PROGRAM_NAME} [opts]
|
12
|
+
"
|
13
|
+
|
14
|
+
options.on('-cCONFIG', '--config=CONFG', '<Required - Black Duck Binary Analysis YAML config>') do |c|
|
15
|
+
opts[:config] = c
|
16
|
+
end
|
17
|
+
|
18
|
+
options.on('-CGROUP', '--create=GROUP', '<Required - Black Duck Binary Analysis Group/Sub-Group to Create>') do |g|
|
19
|
+
opts[:group_name] = g
|
20
|
+
end
|
21
|
+
|
22
|
+
options.on('-pNAME', '--parent-group=NAME', '<Optional - Black Duck Binary Analysis Parent Group Name to Associate with Group>') do |p|
|
23
|
+
opts[:parent_group_name] = p
|
24
|
+
end
|
25
|
+
end.parse!
|
26
|
+
|
27
|
+
if opts.empty?
|
28
|
+
puts `#{$PROGRAM_NAME} --help`
|
29
|
+
exit 1
|
30
|
+
end
|
31
|
+
|
32
|
+
begin
|
33
|
+
pwn_provider = 'ruby-gem'
|
34
|
+
pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
|
35
|
+
|
36
|
+
config = opts[:config]
|
37
|
+
raise "ERROR: BDBA YAML Config File Not Found: #{config}" unless File.exist?(config)
|
38
|
+
|
39
|
+
yaml_config = YAML.load_file(config, symbolize_names: true)
|
40
|
+
|
41
|
+
token = yaml_config[:token]
|
42
|
+
raise "ERROR: BDBA Token Not Found: #{token}" if token.nil?
|
43
|
+
|
44
|
+
group_name = opts[:group_name]
|
45
|
+
raise "ERROR: BDBA Group Name Not Provided: #{group_name}" if group_name.nil?
|
46
|
+
|
47
|
+
parent_group_name = opts[:parent_group_name]
|
48
|
+
|
49
|
+
if parent_group_name
|
50
|
+
groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
|
51
|
+
token: token
|
52
|
+
)
|
53
|
+
|
54
|
+
parent_id = groups_resp[:data].find { |g| g[:name] == parent_group_name }[:id]
|
55
|
+
end
|
56
|
+
|
57
|
+
PWN::Plugins::BlackDuckBinaryAnalysis.create_group(
|
58
|
+
token: token,
|
59
|
+
name: group_name,
|
60
|
+
parent: parent_id
|
61
|
+
)
|
62
|
+
rescue SystemExit, Interrupt
|
63
|
+
puts "\nGoodbye."
|
64
|
+
rescue StandardError => e
|
65
|
+
raise e
|
66
|
+
end
|
data/bin/pwn_bdba_scan
ADDED
@@ -0,0 +1,105 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
require 'optparse'
|
5
|
+
require 'pwn'
|
6
|
+
require 'yaml'
|
7
|
+
|
8
|
+
opts = {}
|
9
|
+
OptionParser.new do |options|
|
10
|
+
options.banner = "USAGE:
|
11
|
+
#{$PROGRAM_NAME} [opts]
|
12
|
+
"
|
13
|
+
|
14
|
+
options.on('-cCONFIG', '--config=CONFG', '<Required - Black Duck Binary Analysis YAML config>') do |g|
|
15
|
+
opts[:config] = g
|
16
|
+
end
|
17
|
+
|
18
|
+
options.on('-pNAME', '--parent-group=NAME', '<Required - Black Duck Binary Analysis Parent Group Name to Associate with Binary Scan>') do |p|
|
19
|
+
opts[:parent_group_name] = p
|
20
|
+
end
|
21
|
+
|
22
|
+
options.on('-sFILE', '--scan=FILE', '<Required - File to Scan in Black Duck Binary Analysis>') do |f|
|
23
|
+
opts[:target_file] = f
|
24
|
+
end
|
25
|
+
|
26
|
+
options.on('-rPATH', '--report=PATH', '<Required - Path to Save Black Duck Binary Analysis Scan Report>') do |r|
|
27
|
+
opts[:report_path] = r
|
28
|
+
end
|
29
|
+
|
30
|
+
options.on('-tTYPE', '--report-type=TYPE', '<Optional - Black Duck Binary Analysis Scan Report Type csv_libs|csv_vulns|pdf (Default: csv_vulns)>') do |t|
|
31
|
+
opts[:report_type] = t
|
32
|
+
end
|
33
|
+
end.parse!
|
34
|
+
|
35
|
+
if opts.empty?
|
36
|
+
puts `#{$PROGRAM_NAME} --help`
|
37
|
+
exit 1
|
38
|
+
end
|
39
|
+
|
40
|
+
begin
|
41
|
+
pwn_provider = 'ruby-gem'
|
42
|
+
pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
|
43
|
+
|
44
|
+
config = opts[:config]
|
45
|
+
raise "ERROR: BDBA YAML Config File Not Found: #{config}" unless File.exist?(config)
|
46
|
+
|
47
|
+
yaml_config = YAML.load_file(config, symbolize_names: true)
|
48
|
+
|
49
|
+
token = yaml_config[:token]
|
50
|
+
raise "ERROR: BDBA Token Not Found: #{token}" if token.nil?
|
51
|
+
|
52
|
+
parent_group_name = opts[:parent_group_name]
|
53
|
+
raise "ERROR: BDBA Parent Group Name Not Provided: #{parent_group_name}" if parent_group_name.nil?
|
54
|
+
|
55
|
+
target_file = opts[:target_file]
|
56
|
+
raise "ERROR: BDBA Target File Not Found: #{target_file}" unless File.exist?(target_file)
|
57
|
+
|
58
|
+
report_path = opts[:report_path]
|
59
|
+
raise "ERROR: BDBA Report Path Not Provided: #{report_path}" if report_path.nil?
|
60
|
+
|
61
|
+
report_type_str = opts[:report_type] ||= 'csv_vulns'
|
62
|
+
report_type = report_type_str.to_s.to_sym
|
63
|
+
|
64
|
+
groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
|
65
|
+
token: token
|
66
|
+
)
|
67
|
+
|
68
|
+
parent_id = groups_resp[:data].find { |g| g[:name] == parent_group_name }[:id]
|
69
|
+
|
70
|
+
PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
|
71
|
+
token: token,
|
72
|
+
file: target_file,
|
73
|
+
group_id: parent_id
|
74
|
+
)
|
75
|
+
|
76
|
+
scan_progress_resp = {}
|
77
|
+
loop do
|
78
|
+
scan_progress_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
|
79
|
+
token: token,
|
80
|
+
group_id: parent_id
|
81
|
+
)
|
82
|
+
|
83
|
+
30.times do
|
84
|
+
print '.'
|
85
|
+
sleep 1
|
86
|
+
end
|
87
|
+
|
88
|
+
break if scan_progress_resp[:products].none? { |p| p[:status] == 'B' }
|
89
|
+
end
|
90
|
+
|
91
|
+
product_id = scan_progress_resp[:products].find { |p| p[:name] == File.basename(target_file) }[:product_id]
|
92
|
+
|
93
|
+
scan_report_resp = PWN::Plugins::BlackDuckBinaryAnalysis.generate_product_report(
|
94
|
+
token: token,
|
95
|
+
product_id: product_id,
|
96
|
+
type: report_type,
|
97
|
+
output_path: report_path
|
98
|
+
)
|
99
|
+
|
100
|
+
puts "Report Saved to: #{report_path}"
|
101
|
+
rescue SystemExit, Interrupt
|
102
|
+
puts "\nGoodbye."
|
103
|
+
rescue StandardError => e
|
104
|
+
raise e
|
105
|
+
end
|
@@ -212,6 +212,41 @@ module PWN
|
|
212
212
|
raise e
|
213
213
|
end
|
214
214
|
|
215
|
+
# Supported Method Parameters::
|
216
|
+
# response = PWN::Plugins::BlackDuckBinaryAnalysis.generate_product_report(
|
217
|
+
# token: 'required - Bearer token',
|
218
|
+
# product_id: 'required - product id',
|
219
|
+
# output_path: 'required - path to output file',
|
220
|
+
# type: 'optional - report type csv_libs||csv_vulns|pdf (Defaults to csv_vulns)'
|
221
|
+
# )
|
222
|
+
|
223
|
+
public_class_method def self.generate_product_report(opts = {})
|
224
|
+
token = opts[:token]
|
225
|
+
product_id = opts[:product_id]
|
226
|
+
output_path = opts[:output_path]
|
227
|
+
type = opts[:type] ||= :csv_vulns
|
228
|
+
|
229
|
+
case type.to_s.downcase.to_sym
|
230
|
+
when :csv_libs
|
231
|
+
rest_call = "product/#{product_id}/csv-libs"
|
232
|
+
when :csv_vulns
|
233
|
+
rest_call = "product/#{product_id}/csv-vulns"
|
234
|
+
when :pdf
|
235
|
+
rest_call = "product/#{product_id}/pdf-report"
|
236
|
+
else
|
237
|
+
raise "ERROR: Invalid report type #{type}"
|
238
|
+
end
|
239
|
+
|
240
|
+
response = bd_bin_analysis_rest_call(
|
241
|
+
token: token,
|
242
|
+
rest_call: rest_call
|
243
|
+
)
|
244
|
+
|
245
|
+
File.write(output_path, response.body)
|
246
|
+
rescue StandardError => e
|
247
|
+
raise e
|
248
|
+
end
|
249
|
+
|
215
250
|
# Supported Method Parameters::
|
216
251
|
# response = PWN::Plugins::BlackDuckBinaryAnalysis.get_tasks(
|
217
252
|
# token: 'required - Bearer token'
|
@@ -552,6 +587,13 @@ module PWN
|
|
552
587
|
product_id: 'required - product id'
|
553
588
|
)
|
554
589
|
|
590
|
+
response = #{self}.generate_product_report(
|
591
|
+
token: 'required - Bearer token',
|
592
|
+
product_id: 'required - product id',
|
593
|
+
output_path: 'required - path to output file',
|
594
|
+
type: 'optional - report type csv_libs||csv_vulns|pdf (Defaults to csv_vulns)'
|
595
|
+
)
|
596
|
+
|
555
597
|
response = #{self}.get_tasks(
|
556
598
|
token: 'required - Bearer token'
|
557
599
|
)
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.742
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-06-
|
11
|
+
date: 2023-06-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -1138,6 +1138,8 @@ executables:
|
|
1138
1138
|
- pwn_android_war_dialer
|
1139
1139
|
- pwn_autoinc_version
|
1140
1140
|
- pwn_aws_describe_resources
|
1141
|
+
- pwn_bdba_groups
|
1142
|
+
- pwn_bdba_scan
|
1141
1143
|
- pwn_burp_suite_pro_active_scan
|
1142
1144
|
- pwn_char_base64_encoding
|
1143
1145
|
- pwn_char_dec_encoding
|
@@ -1203,6 +1205,8 @@ files:
|
|
1203
1205
|
- bin/pwn_android_war_dialer
|
1204
1206
|
- bin/pwn_autoinc_version
|
1205
1207
|
- bin/pwn_aws_describe_resources
|
1208
|
+
- bin/pwn_bdba_groups
|
1209
|
+
- bin/pwn_bdba_scan
|
1206
1210
|
- bin/pwn_burp_suite_pro_active_scan
|
1207
1211
|
- bin/pwn_char_base64_encoding
|
1208
1212
|
- bin/pwn_char_dec_encoding
|