pwn 0.4.741 → 0.4.744

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7d584af8d0758445720f5d35b48ce3f518f57c18fca496626ad5e170d1d4d6d6
-  data.tar.gz: 67695c0f58e76ac3ffee236312e2dcf45a2df36ef58f61f6a089bdd764e55641
+  metadata.gz: 0b3ab7ac0628c2670ec267f2a0719cc10dd982c3f68d909b2de60294b75af0ce
+  data.tar.gz: 28bdeed7007e21cf2cfc38db72c00a7245bda60f0f17340144e963e1a1bf8177
 SHA512:
-  metadata.gz: e12c51833606be3cc64c6a492ab4bc1999299c71f4fe2d0071bfc5aba1d77404445b30ed156156eeee3203a9b287a787425e3624136b77b9acf451ba5ad4b773
-  data.tar.gz: 92ece1165b579ea8792122699d91d88f977945c4ea8e4d0a2f9095eca43c6d07b150bea49ec6edec280357c05d956cf4e76868ce9d707b37ba2393fa74d1fc3b
+  metadata.gz: 4ec31704bb820fdebe8ea0ddae7053f5911eaaaafa8478d3ddaa0bf9dcb258ce693f7604b99d03a9f4b876711c673ad28468c16520d260dc9163514f14ffa373
+  data.tar.gz: e49732d0b87954ed54042b4c383b301d2f7a95184a7356c69d95540b3ac6c0e381eabb7a31d62bbec74fa14702c14182a6fd5475eb7a90ce73c0b43785b002f4

data/Gemfile

@@ -15,13 +15,13 @@ gem 'activesupport', '7.0.5'
 gem 'anemone', '0.7.2'
 gem 'authy', '3.0.1'
 gem 'aws-sdk', '3.1.0'
-gem 'bettercap', '1.6.2'
+# gem 'bettercap', '1.6.2'
 gem 'brakeman', '6.0.0'
 gem 'bson', '4.15.0'
 gem 'bundler', '>=2.4.14'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.22.0'
-gem 'colorize', '0.8.1'
+gem 'colorize', '1.0.3'
 gem 'credit_card_validations', '6.0.0'
 gem 'eventmachine', '1.2.7'
 gem 'executable-hooks', '1.6.1'

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.741]:001 >>> PWN.help
+pwn[v0.4.744]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.741]:001 >>> PWN.help
+pwn[v0.4.744]:001 >>> PWN.help
 ```
 
 

data/bin/pwn_bdba_groups

@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+require 'optparse'
+require 'pwn'
+require 'yaml'
+
+opts = {}
+OptionParser.new do |options|
+  options.banner = "USAGE:
+    #{$PROGRAM_NAME} [opts]
+  "
+
+  options.on('-cCONFIG', '--config=CONFG', '<Required - Black Duck Binary Analysis YAML config>') do |c|
+    opts[:config] = c
+  end
+
+  options.on('-CGROUP', '--create=GROUP', '<Required - Black Duck Binary Analysis Group/Sub-Group to Create>') do |g|
+    opts[:group_name] = g
+  end
+
+  options.on('-pNAME', '--parent-group=NAME', '<Optional - Black Duck Binary Analysis Parent Group Name to Associate with Group>') do |p|
+    opts[:parent_group_name] = p
+  end
+end.parse!
+
+if opts.empty?
+  puts `#{$PROGRAM_NAME} --help`
+  exit 1
+end
+
+begin
+  pwn_provider = 'ruby-gem'
+  pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
+
+  config = opts[:config]
+  raise "ERROR: BDBA YAML Config File Not Found: #{config}" unless File.exist?(config)
+
+  yaml_config = YAML.load_file(config, symbolize_names: true)
+
+  token = yaml_config[:token]
+  raise "ERROR: BDBA Token Not Found: #{token}" if token.nil?
+
+  group_name = opts[:group_name]
+  raise "ERROR: BDBA Group Name Not Provided: #{group_name}" if group_name.nil?
+
+  parent_group_name = opts[:parent_group_name]
+
+  if parent_group_name
+    groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
+      token: token
+    )
+
+    parent_id = groups_resp[:data].find { |g| g[:name] == parent_group_name }[:id]
+  end
+
+  PWN::Plugins::BlackDuckBinaryAnalysis.create_group(
+    token: token,
+    name: group_name,
+    parent: parent_id
+  )
+rescue SystemExit, Interrupt
+  puts "\nGoodbye."
+rescue StandardError => e
+  raise e
+end

data/bin/pwn_bdba_scan

@@ -0,0 +1,105 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+require 'optparse'
+require 'pwn'
+require 'yaml'
+
+opts = {}
+OptionParser.new do |options|
+  options.banner = "USAGE:
+    #{$PROGRAM_NAME} [opts]
+  "
+
+  options.on('-cCONFIG', '--config=CONFG', '<Required - Black Duck Binary Analysis YAML config>') do |g|
+    opts[:config] = g
+  end
+
+  options.on('-pNAME', '--parent-group=NAME', '<Required - Black Duck Binary Analysis Parent Group Name to Associate with Binary Scan>') do |p|
+    opts[:parent_group_name] = p
+  end
+
+  options.on('-sFILE', '--scan=FILE', '<Required - File to Scan in Black Duck Binary Analysis>') do |f|
+    opts[:target_file] = f
+  end
+
+  options.on('-rPATH', '--report=PATH', '<Required - Path to Save Black Duck Binary Analysis Scan Report>') do |r|
+    opts[:report_path] = r
+  end
+
+  options.on('-tTYPE', '--report-type=TYPE', '<Optional - Black Duck Binary Analysis Scan Report Type csv_libs|csv_vulns|pdf (Default: csv_vulns)>') do |t|
+    opts[:report_type] = t
+  end
+end.parse!
+
+if opts.empty?
+  puts `#{$PROGRAM_NAME} --help`
+  exit 1
+end
+
+begin
+  pwn_provider = 'ruby-gem'
+  pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
+
+  config = opts[:config]
+  raise "ERROR: BDBA YAML Config File Not Found: #{config}" unless File.exist?(config)
+
+  yaml_config = YAML.load_file(config, symbolize_names: true)
+
+  token = yaml_config[:token]
+  raise "ERROR: BDBA Token Not Found: #{token}" if token.nil?
+
+  parent_group_name = opts[:parent_group_name]
+  raise "ERROR: BDBA Parent Group Name Not Provided: #{parent_group_name}" if parent_group_name.nil?
+
+  target_file = opts[:target_file]
+  raise "ERROR: BDBA Target File Not Found: #{target_file}" unless File.exist?(target_file)
+
+  report_path = opts[:report_path]
+  raise "ERROR: BDBA Report Path Not Provided: #{report_path}" if report_path.nil?
+
+  report_type_str = opts[:report_type] ||= 'csv_vulns'
+  report_type = report_type_str.to_s.to_sym
+
+  groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
+    token: token
+  )
+
+  parent_id = groups_resp[:data].find { |g| g[:name] == parent_group_name }[:id]
+
+  PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
+    token: token,
+    file: target_file,
+    group_id: parent_id
+  )
+
+  scan_progress_resp = {}
+  loop do
+    scan_progress_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
+      token: token,
+      group_id: parent_id
+    )
+
+    30.times do
+      print '.'
+      sleep 1
+    end
+
+    break if scan_progress_resp[:products].none? { |p| p[:status] == 'B' }
+  end
+
+  product_id = scan_progress_resp[:products].find { |p| p[:name] == File.basename(target_file) }[:product_id]
+
+  scan_report_resp = PWN::Plugins::BlackDuckBinaryAnalysis.generate_product_report(
+    token: token,
+    product_id: product_id,
+    type: report_type,
+    output_path: report_path
+  )
+
+  puts "Report Saved to: #{report_path}"
+rescue SystemExit, Interrupt
+  puts "\nGoodbye."
+rescue StandardError => e
+  raise e
+end

data/lib/pwn/plugins/black_duck_binary_analysis.rb

@@ -37,7 +37,7 @@ module PWN
           authorization: "Bearer #{token}"
         }
 
-        http_body = opts[:http_body]
+        http_body = opts[:http_body] ||= {}
         base_bd_bin_analysis_api_uri = 'https://protecode-sc.com/api'
 
         browser_obj = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.741'
+  VERSION = '0.4.744'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.741
+  version: 0.4.744
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-16 00:00:00.000000000 Z
+date: 2023-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -66,20 +66,6 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 3.1.0
-- !ruby/object:Gem::Dependency
-  name: bettercap
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.6.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.6.2
 - !ruby/object:Gem::Dependency
   name: brakeman
   requirement: !ruby/object:Gem::Requirement
@@ -156,14 +142,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.8.1
+        version: 1.0.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.8.1
+        version: 1.0.3
 - !ruby/object:Gem::Dependency
   name: credit_card_validations
   requirement: !ruby/object:Gem::Requirement
@@ -1138,6 +1124,8 @@ executables:
 - pwn_android_war_dialer
 - pwn_autoinc_version
 - pwn_aws_describe_resources
+- pwn_bdba_groups
+- pwn_bdba_scan
 - pwn_burp_suite_pro_active_scan
 - pwn_char_base64_encoding
 - pwn_char_dec_encoding
@@ -1203,6 +1191,8 @@ files:
 - bin/pwn_android_war_dialer
 - bin/pwn_autoinc_version
 - bin/pwn_aws_describe_resources
+- bin/pwn_bdba_groups
+- bin/pwn_bdba_scan
 - bin/pwn_burp_suite_pro_active_scan
 - bin/pwn_char_base64_encoding
 - bin/pwn_char_dec_encoding