pwn 0.4.741 → 0.4.744
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -2
- data/README.md +2 -2
- data/bin/pwn_bdba_groups +66 -0
- data/bin/pwn_bdba_scan +105 -0
- data/lib/pwn/plugins/black_duck_binary_analysis.rb +1 -1
- data/lib/pwn/version.rb +1 -1
- metadata +8 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0b3ab7ac0628c2670ec267f2a0719cc10dd982c3f68d909b2de60294b75af0ce
|
4
|
+
data.tar.gz: 28bdeed7007e21cf2cfc38db72c00a7245bda60f0f17340144e963e1a1bf8177
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4ec31704bb820fdebe8ea0ddae7053f5911eaaaafa8478d3ddaa0bf9dcb258ce693f7604b99d03a9f4b876711c673ad28468c16520d260dc9163514f14ffa373
|
7
|
+
data.tar.gz: e49732d0b87954ed54042b4c383b301d2f7a95184a7356c69d95540b3ac6c0e381eabb7a31d62bbec74fa14702c14182a6fd5475eb7a90ce73c0b43785b002f4
|
data/Gemfile
CHANGED
@@ -15,13 +15,13 @@ gem 'activesupport', '7.0.5'
|
|
15
15
|
gem 'anemone', '0.7.2'
|
16
16
|
gem 'authy', '3.0.1'
|
17
17
|
gem 'aws-sdk', '3.1.0'
|
18
|
-
gem 'bettercap', '1.6.2'
|
18
|
+
# gem 'bettercap', '1.6.2'
|
19
19
|
gem 'brakeman', '6.0.0'
|
20
20
|
gem 'bson', '4.15.0'
|
21
21
|
gem 'bundler', '>=2.4.14'
|
22
22
|
gem 'bundler-audit', '0.9.1'
|
23
23
|
gem 'bunny', '2.22.0'
|
24
|
-
gem 'colorize', '0.
|
24
|
+
gem 'colorize', '1.0.3'
|
25
25
|
gem 'credit_card_validations', '6.0.0'
|
26
26
|
gem 'eventmachine', '1.2.7'
|
27
27
|
gem 'executable-hooks', '1.6.1'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.744]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.744]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn_bdba_groups
ADDED
@@ -0,0 +1,66 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
require 'optparse'
|
5
|
+
require 'pwn'
|
6
|
+
require 'yaml'
|
7
|
+
|
8
|
+
opts = {}
|
9
|
+
OptionParser.new do |options|
|
10
|
+
options.banner = "USAGE:
|
11
|
+
#{$PROGRAM_NAME} [opts]
|
12
|
+
"
|
13
|
+
|
14
|
+
options.on('-cCONFIG', '--config=CONFG', '<Required - Black Duck Binary Analysis YAML config>') do |c|
|
15
|
+
opts[:config] = c
|
16
|
+
end
|
17
|
+
|
18
|
+
options.on('-CGROUP', '--create=GROUP', '<Required - Black Duck Binary Analysis Group/Sub-Group to Create>') do |g|
|
19
|
+
opts[:group_name] = g
|
20
|
+
end
|
21
|
+
|
22
|
+
options.on('-pNAME', '--parent-group=NAME', '<Optional - Black Duck Binary Analysis Parent Group Name to Associate with Group>') do |p|
|
23
|
+
opts[:parent_group_name] = p
|
24
|
+
end
|
25
|
+
end.parse!
|
26
|
+
|
27
|
+
if opts.empty?
|
28
|
+
puts `#{$PROGRAM_NAME} --help`
|
29
|
+
exit 1
|
30
|
+
end
|
31
|
+
|
32
|
+
begin
|
33
|
+
pwn_provider = 'ruby-gem'
|
34
|
+
pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
|
35
|
+
|
36
|
+
config = opts[:config]
|
37
|
+
raise "ERROR: BDBA YAML Config File Not Found: #{config}" unless File.exist?(config)
|
38
|
+
|
39
|
+
yaml_config = YAML.load_file(config, symbolize_names: true)
|
40
|
+
|
41
|
+
token = yaml_config[:token]
|
42
|
+
raise "ERROR: BDBA Token Not Found: #{token}" if token.nil?
|
43
|
+
|
44
|
+
group_name = opts[:group_name]
|
45
|
+
raise "ERROR: BDBA Group Name Not Provided: #{group_name}" if group_name.nil?
|
46
|
+
|
47
|
+
parent_group_name = opts[:parent_group_name]
|
48
|
+
|
49
|
+
if parent_group_name
|
50
|
+
groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
|
51
|
+
token: token
|
52
|
+
)
|
53
|
+
|
54
|
+
parent_id = groups_resp[:data].find { |g| g[:name] == parent_group_name }[:id]
|
55
|
+
end
|
56
|
+
|
57
|
+
PWN::Plugins::BlackDuckBinaryAnalysis.create_group(
|
58
|
+
token: token,
|
59
|
+
name: group_name,
|
60
|
+
parent: parent_id
|
61
|
+
)
|
62
|
+
rescue SystemExit, Interrupt
|
63
|
+
puts "\nGoodbye."
|
64
|
+
rescue StandardError => e
|
65
|
+
raise e
|
66
|
+
end
|
data/bin/pwn_bdba_scan
ADDED
@@ -0,0 +1,105 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: false
|
3
|
+
|
4
|
+
require 'optparse'
|
5
|
+
require 'pwn'
|
6
|
+
require 'yaml'
|
7
|
+
|
8
|
+
opts = {}
|
9
|
+
OptionParser.new do |options|
|
10
|
+
options.banner = "USAGE:
|
11
|
+
#{$PROGRAM_NAME} [opts]
|
12
|
+
"
|
13
|
+
|
14
|
+
options.on('-cCONFIG', '--config=CONFG', '<Required - Black Duck Binary Analysis YAML config>') do |g|
|
15
|
+
opts[:config] = g
|
16
|
+
end
|
17
|
+
|
18
|
+
options.on('-pNAME', '--parent-group=NAME', '<Required - Black Duck Binary Analysis Parent Group Name to Associate with Binary Scan>') do |p|
|
19
|
+
opts[:parent_group_name] = p
|
20
|
+
end
|
21
|
+
|
22
|
+
options.on('-sFILE', '--scan=FILE', '<Required - File to Scan in Black Duck Binary Analysis>') do |f|
|
23
|
+
opts[:target_file] = f
|
24
|
+
end
|
25
|
+
|
26
|
+
options.on('-rPATH', '--report=PATH', '<Required - Path to Save Black Duck Binary Analysis Scan Report>') do |r|
|
27
|
+
opts[:report_path] = r
|
28
|
+
end
|
29
|
+
|
30
|
+
options.on('-tTYPE', '--report-type=TYPE', '<Optional - Black Duck Binary Analysis Scan Report Type csv_libs|csv_vulns|pdf (Default: csv_vulns)>') do |t|
|
31
|
+
opts[:report_type] = t
|
32
|
+
end
|
33
|
+
end.parse!
|
34
|
+
|
35
|
+
if opts.empty?
|
36
|
+
puts `#{$PROGRAM_NAME} --help`
|
37
|
+
exit 1
|
38
|
+
end
|
39
|
+
|
40
|
+
begin
|
41
|
+
pwn_provider = 'ruby-gem'
|
42
|
+
pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
|
43
|
+
|
44
|
+
config = opts[:config]
|
45
|
+
raise "ERROR: BDBA YAML Config File Not Found: #{config}" unless File.exist?(config)
|
46
|
+
|
47
|
+
yaml_config = YAML.load_file(config, symbolize_names: true)
|
48
|
+
|
49
|
+
token = yaml_config[:token]
|
50
|
+
raise "ERROR: BDBA Token Not Found: #{token}" if token.nil?
|
51
|
+
|
52
|
+
parent_group_name = opts[:parent_group_name]
|
53
|
+
raise "ERROR: BDBA Parent Group Name Not Provided: #{parent_group_name}" if parent_group_name.nil?
|
54
|
+
|
55
|
+
target_file = opts[:target_file]
|
56
|
+
raise "ERROR: BDBA Target File Not Found: #{target_file}" unless File.exist?(target_file)
|
57
|
+
|
58
|
+
report_path = opts[:report_path]
|
59
|
+
raise "ERROR: BDBA Report Path Not Provided: #{report_path}" if report_path.nil?
|
60
|
+
|
61
|
+
report_type_str = opts[:report_type] ||= 'csv_vulns'
|
62
|
+
report_type = report_type_str.to_s.to_sym
|
63
|
+
|
64
|
+
groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
|
65
|
+
token: token
|
66
|
+
)
|
67
|
+
|
68
|
+
parent_id = groups_resp[:data].find { |g| g[:name] == parent_group_name }[:id]
|
69
|
+
|
70
|
+
PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
|
71
|
+
token: token,
|
72
|
+
file: target_file,
|
73
|
+
group_id: parent_id
|
74
|
+
)
|
75
|
+
|
76
|
+
scan_progress_resp = {}
|
77
|
+
loop do
|
78
|
+
scan_progress_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
|
79
|
+
token: token,
|
80
|
+
group_id: parent_id
|
81
|
+
)
|
82
|
+
|
83
|
+
30.times do
|
84
|
+
print '.'
|
85
|
+
sleep 1
|
86
|
+
end
|
87
|
+
|
88
|
+
break if scan_progress_resp[:products].none? { |p| p[:status] == 'B' }
|
89
|
+
end
|
90
|
+
|
91
|
+
product_id = scan_progress_resp[:products].find { |p| p[:name] == File.basename(target_file) }[:product_id]
|
92
|
+
|
93
|
+
scan_report_resp = PWN::Plugins::BlackDuckBinaryAnalysis.generate_product_report(
|
94
|
+
token: token,
|
95
|
+
product_id: product_id,
|
96
|
+
type: report_type,
|
97
|
+
output_path: report_path
|
98
|
+
)
|
99
|
+
|
100
|
+
puts "Report Saved to: #{report_path}"
|
101
|
+
rescue SystemExit, Interrupt
|
102
|
+
puts "\nGoodbye."
|
103
|
+
rescue StandardError => e
|
104
|
+
raise e
|
105
|
+
end
|
@@ -37,7 +37,7 @@ module PWN
|
|
37
37
|
authorization: "Bearer #{token}"
|
38
38
|
}
|
39
39
|
|
40
|
-
http_body = opts[:http_body]
|
40
|
+
http_body = opts[:http_body] ||= {}
|
41
41
|
base_bd_bin_analysis_api_uri = 'https://protecode-sc.com/api'
|
42
42
|
|
43
43
|
browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.744
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-06-
|
11
|
+
date: 2023-06-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -66,20 +66,6 @@ dependencies:
|
|
66
66
|
- - '='
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: 3.1.0
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: bettercap
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - '='
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: 1.6.2
|
76
|
-
type: :runtime
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - '='
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: 1.6.2
|
83
69
|
- !ruby/object:Gem::Dependency
|
84
70
|
name: brakeman
|
85
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -156,14 +142,14 @@ dependencies:
|
|
156
142
|
requirements:
|
157
143
|
- - '='
|
158
144
|
- !ruby/object:Gem::Version
|
159
|
-
version: 0.
|
145
|
+
version: 1.0.3
|
160
146
|
type: :runtime
|
161
147
|
prerelease: false
|
162
148
|
version_requirements: !ruby/object:Gem::Requirement
|
163
149
|
requirements:
|
164
150
|
- - '='
|
165
151
|
- !ruby/object:Gem::Version
|
166
|
-
version: 0.
|
152
|
+
version: 1.0.3
|
167
153
|
- !ruby/object:Gem::Dependency
|
168
154
|
name: credit_card_validations
|
169
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1138,6 +1124,8 @@ executables:
|
|
1138
1124
|
- pwn_android_war_dialer
|
1139
1125
|
- pwn_autoinc_version
|
1140
1126
|
- pwn_aws_describe_resources
|
1127
|
+
- pwn_bdba_groups
|
1128
|
+
- pwn_bdba_scan
|
1141
1129
|
- pwn_burp_suite_pro_active_scan
|
1142
1130
|
- pwn_char_base64_encoding
|
1143
1131
|
- pwn_char_dec_encoding
|
@@ -1203,6 +1191,8 @@ files:
|
|
1203
1191
|
- bin/pwn_android_war_dialer
|
1204
1192
|
- bin/pwn_autoinc_version
|
1205
1193
|
- bin/pwn_aws_describe_resources
|
1194
|
+
- bin/pwn_bdba_groups
|
1195
|
+
- bin/pwn_bdba_scan
|
1206
1196
|
- bin/pwn_burp_suite_pro_active_scan
|
1207
1197
|
- bin/pwn_char_base64_encoding
|
1208
1198
|
- bin/pwn_char_dec_encoding
|