pwn 0.4.802 → 0.4.804

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +5 -5
  3. data/README.md +2 -2
  4. data/bin/pwn_bdba_scan +22 -1
  5. data/lib/pwn/plugins/black_duck_binary_analysis.rb +26 -0
  6. data/lib/pwn/version.rb +1 -1
  7. metadata +12 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5dd6ac362c796433cbdeb21b3f13ebd7e9b72a3bf3995c9fd203d5b6739f2e58
4
- data.tar.gz: c704e7044aeeac624db2bfda416d78022d3cef3a211b8a170625063e0ce397e6
3
+ metadata.gz: '09721e5fe360b1b68f75194406792bf3ce99d8b0d907dbf3ec21e853f34792ba'
4
+ data.tar.gz: 32438ee4f0cfff658da7657c420602d0c4261909dc0d6cb28055ace5fae28252
5
5
  SHA512:
6
- metadata.gz: f99b1bfbbbc00e3acca8eecfea0a57df37c75ec8473936c0ed61397573f12c1347405bbd142a24e1606987aa57a7ed8615379a27d492961cb692724add353032
7
- data.tar.gz: aeb3e52dfd502b296274bc9cfb91acdf1400101dca4452d6da9fc5c45bf8b41cb7c76c1653dd135945b7a069ddb2258f82dcf7cea4605307f045b12ce58c6f59
6
+ metadata.gz: 83c3dcbfce05ac2fcae70a94a88a4431f5191920f6ccc3f1412440609ca6b9a1b04b78107cd24541188e3e2eb80a13ca452b410f838dca8684535d46aa89e8ac
7
+ data.tar.gz: ff0b6e00e2b210d0249eedbcdd55e99bdd91b641dd0a611807e46342b6f91c709257d1b9dbd11e51b6d7bc690f21c3dcd86d29360fd44102093b6a8705a904f1
data/Gemfile CHANGED
@@ -16,7 +16,7 @@ gem 'anemone', '0.7.2'
16
16
  gem 'authy', '3.0.1'
17
17
  gem 'aws-sdk', '3.1.0'
18
18
  # gem 'bettercap', '1.6.2'
19
- gem 'brakeman', '6.0.0'
19
+ gem 'brakeman', '6.0.1'
20
20
  gem 'bson', '4.15.0'
21
21
  gem 'bundler', '>=2.4.17'
22
22
  gem 'bundler-audit', '0.9.1'
@@ -40,7 +40,7 @@ gem 'jsonpath', '1.1.3'
40
40
  gem 'jwt', '2.7.1'
41
41
  gem 'luhn', '1.0.2'
42
42
  gem 'mail', '2.8.1'
43
- gem 'mongo', '2.19.0'
43
+ gem 'mongo', '2.19.1'
44
44
  gem 'msfrpc-client', '1.1.2'
45
45
  gem 'neovim', '0.9.0'
46
46
  gem 'netaddr', '2.0.6'
@@ -64,10 +64,10 @@ gem 'rbvmomi', '3.0.0'
64
64
  gem 'rdoc', '6.5.0'
65
65
  gem 'rest-client', '2.1.0'
66
66
  gem 'rex', '2.0.13'
67
- gem 'rmagick', '5.2.0'
67
+ gem 'rmagick', '5.3.0'
68
68
  gem 'rspec', '3.12.0'
69
69
  gem 'rtesseract', '3.1.2'
70
- gem 'rubocop', '1.54.2'
70
+ gem 'rubocop', '1.55.0'
71
71
  gem 'rubocop-rake', '0.6.0'
72
72
  gem 'rubocop-rspec', '2.22.0'
73
73
  gem 'ruby-audio', '1.6.1'
@@ -75,7 +75,7 @@ gem 'ruby-nmap', '1.0.1'
75
75
  gem 'ruby-saml', '1.15.0'
76
76
  gem 'rvm', '1.11.3.9'
77
77
  gem 'savon', '2.14.0'
78
- gem 'selenium-devtools', '0.114.0'
78
+ gem 'selenium-devtools', '0.115.0'
79
79
  gem 'serialport', '1.3.2'
80
80
  gem 'sinatra', '3.0.6'
81
81
  gem 'slack-ruby-client', '2.1.0'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.802]:001 >>> PWN.help
40
+ pwn[v0.4.804]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.802]:001 >>> PWN.help
55
+ pwn[v0.4.804]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_bdba_scan CHANGED
@@ -35,6 +35,10 @@ OptionParser.new do |options|
35
35
  options.on('-tTYPE', '--report-type=TYPE', '<Optional - Black Duck Binary Analysis Scan Report Type csv_libs|csv_vulns|pdf (Default: csv_vulns)>') do |t|
36
36
  opts[:report_type] = t
37
37
  end
38
+
39
+ options.on('-vVERSION', '--version=VERSION', '<Optional - Version to Associate w/ Specific Scan (Default: nil)>') do |v|
40
+ opts[:version] = v
41
+ end
38
42
  end.parse!
39
43
 
40
44
  if opts.empty?
@@ -68,6 +72,8 @@ begin
68
72
  report_type_str = opts[:report_type] ||= 'csv_vulns'
69
73
  report_type = report_type_str.to_s.to_sym
70
74
 
75
+ version = opts[:version]
76
+
71
77
  groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
72
78
  token: token
73
79
  )
@@ -83,11 +89,13 @@ begin
83
89
  PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
84
90
  token: token,
85
91
  file: target_file,
86
- group_id: parent_id
92
+ group_id: parent_id,
93
+ version: version
87
94
  )
88
95
  end
89
96
 
90
97
  scan_progress_resp = {}
98
+ scan_progress_busy_duration = 0
91
99
  loop do
92
100
  scan_progress_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
93
101
  token: token,
@@ -96,10 +104,23 @@ begin
96
104
 
97
105
  break if scan_progress_resp[:products].none? { |p| p[:status] == 'B' } || report_only
98
106
 
107
+ # Cancel queued scan if it's been queued for more than 90 minutes
108
+ if scan_progress_busy_duration > 5_400
109
+ scan_progress_resp[:products].select { |p| p[:status] == 'B' }.each do |p|
110
+ puts "Abort Queued Scan: #{p[:name]}"
111
+ PWN::Plugins::BlackDuckBinaryAnalysis.abort_product_scan(
112
+ token: token,
113
+ product_id: p[:product_id]
114
+ )
115
+ end
116
+ raise "ERROR: BDBA Scan Queued for More than 90 Minutes: #{target_file}"
117
+ end
118
+
99
119
  10.times do
100
120
  print '.'
101
121
  sleep 1
102
122
  end
123
+ scan_progress_busy_duration += 10
103
124
  end
104
125
 
105
126
  product_id = scan_progress_resp[:products].find { |p| p[:name] == CGI.escape(File.basename(target_file)) }[:product_id]
data/lib/pwn/plugins/black_duck_binary_analysis.rb CHANGED
@@ -209,6 +209,27 @@ module PWN
209
209
  raise e
210
210
  end
211
211
 
212
+ # Supported Method Parameters::
213
+ # response = PWN::Plugins::BlackDuckBinaryAnalysis.abort_product_scan(
214
+ # token: 'required - Bearer token',
215
+ # product_id: 'required - product id'
216
+ # )
217
+
218
+ public_class_method def self.abort_product_scan(opts = {})
219
+ token = opts[:token]
220
+ product_id = opts[:product_id]
221
+
222
+ response = bd_bin_analysis_rest_call(
223
+ http_method: :post,
224
+ token: token,
225
+ rest_call: "product/#{product_id}/abort"
226
+ )
227
+
228
+ JSON.parse(response, symbolize_names: true)
229
+ rescue StandardError => e
230
+ raise e
231
+ end
232
+
212
233
  # Supported Method Parameters::
213
234
  # response = PWN::Plugins::BlackDuckBinaryAnalysis.generate_product_report(
214
235
  # token: 'required - Bearer token',
@@ -584,6 +605,11 @@ module PWN
584
605
  product_id: 'required - product id'
585
606
  )
586
607
 
608
+ response = #{self}.abort_product_scan(
609
+ token: 'required - Bearer token',
610
+ product_id: 'required - product id'
611
+ )
612
+
587
613
  response = #{self}.generate_product_report(
588
614
  token: 'required - Bearer token',
589
615
  product_id: 'required - product id',
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.802'
4
+ VERSION = '0.4.804'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.802
4
+ version: 0.4.804
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-17 00:00:00.000000000 Z
11
+ date: 2023-07-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - '='
74
74
  - !ruby/object:Gem::Version
75
- version: 6.0.0
75
+ version: 6.0.1
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - '='
81
81
  - !ruby/object:Gem::Version
82
- version: 6.0.0
82
+ version: 6.0.1
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: bson
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -408,14 +408,14 @@ dependencies:
408
408
  requirements:
409
409
  - - '='
410
410
  - !ruby/object:Gem::Version
411
- version: 2.19.0
411
+ version: 2.19.1
412
412
  type: :runtime
413
413
  prerelease: false
414
414
  version_requirements: !ruby/object:Gem::Requirement
415
415
  requirements:
416
416
  - - '='
417
417
  - !ruby/object:Gem::Version
418
- version: 2.19.0
418
+ version: 2.19.1
419
419
  - !ruby/object:Gem::Dependency
420
420
  name: msfrpc-client
421
421
  requirement: !ruby/object:Gem::Requirement
@@ -744,14 +744,14 @@ dependencies:
744
744
  requirements:
745
745
  - - '='
746
746
  - !ruby/object:Gem::Version
747
- version: 5.2.0
747
+ version: 5.3.0
748
748
  type: :runtime
749
749
  prerelease: false
750
750
  version_requirements: !ruby/object:Gem::Requirement
751
751
  requirements:
752
752
  - - '='
753
753
  - !ruby/object:Gem::Version
754
- version: 5.2.0
754
+ version: 5.3.0
755
755
  - !ruby/object:Gem::Dependency
756
756
  name: rspec
757
757
  requirement: !ruby/object:Gem::Requirement
@@ -786,14 +786,14 @@ dependencies:
786
786
  requirements:
787
787
  - - '='
788
788
  - !ruby/object:Gem::Version
789
- version: 1.54.2
789
+ version: 1.55.0
790
790
  type: :runtime
791
791
  prerelease: false
792
792
  version_requirements: !ruby/object:Gem::Requirement
793
793
  requirements:
794
794
  - - '='
795
795
  - !ruby/object:Gem::Version
796
- version: 1.54.2
796
+ version: 1.55.0
797
797
  - !ruby/object:Gem::Dependency
798
798
  name: rubocop-rake
799
799
  requirement: !ruby/object:Gem::Requirement
@@ -898,14 +898,14 @@ dependencies:
898
898
  requirements:
899
899
  - - '='
900
900
  - !ruby/object:Gem::Version
901
- version: 0.114.0
901
+ version: 0.115.0
902
902
  type: :runtime
903
903
  prerelease: false
904
904
  version_requirements: !ruby/object:Gem::Requirement
905
905
  requirements:
906
906
  - - '='
907
907
  - !ruby/object:Gem::Version
908
- version: 0.114.0
908
+ version: 0.115.0
909
909
  - !ruby/object:Gem::Dependency
910
910
  name: serialport
911
911
  requirement: !ruby/object:Gem::Requirement