pwn 0.4.802 → 0.4.804
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +5 -5
- data/README.md +2 -2
- data/bin/pwn_bdba_scan +22 -1
- data/lib/pwn/plugins/black_duck_binary_analysis.rb +26 -0
- data/lib/pwn/version.rb +1 -1
- metadata +12 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '09721e5fe360b1b68f75194406792bf3ce99d8b0d907dbf3ec21e853f34792ba'
|
4
|
+
data.tar.gz: 32438ee4f0cfff658da7657c420602d0c4261909dc0d6cb28055ace5fae28252
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 83c3dcbfce05ac2fcae70a94a88a4431f5191920f6ccc3f1412440609ca6b9a1b04b78107cd24541188e3e2eb80a13ca452b410f838dca8684535d46aa89e8ac
|
7
|
+
data.tar.gz: ff0b6e00e2b210d0249eedbcdd55e99bdd91b641dd0a611807e46342b6f91c709257d1b9dbd11e51b6d7bc690f21c3dcd86d29360fd44102093b6a8705a904f1
|
data/Gemfile
CHANGED
@@ -16,7 +16,7 @@ gem 'anemone', '0.7.2'
|
|
16
16
|
gem 'authy', '3.0.1'
|
17
17
|
gem 'aws-sdk', '3.1.0'
|
18
18
|
# gem 'bettercap', '1.6.2'
|
19
|
-
gem 'brakeman', '6.0.
|
19
|
+
gem 'brakeman', '6.0.1'
|
20
20
|
gem 'bson', '4.15.0'
|
21
21
|
gem 'bundler', '>=2.4.17'
|
22
22
|
gem 'bundler-audit', '0.9.1'
|
@@ -40,7 +40,7 @@ gem 'jsonpath', '1.1.3'
|
|
40
40
|
gem 'jwt', '2.7.1'
|
41
41
|
gem 'luhn', '1.0.2'
|
42
42
|
gem 'mail', '2.8.1'
|
43
|
-
gem 'mongo', '2.19.
|
43
|
+
gem 'mongo', '2.19.1'
|
44
44
|
gem 'msfrpc-client', '1.1.2'
|
45
45
|
gem 'neovim', '0.9.0'
|
46
46
|
gem 'netaddr', '2.0.6'
|
@@ -64,10 +64,10 @@ gem 'rbvmomi', '3.0.0'
|
|
64
64
|
gem 'rdoc', '6.5.0'
|
65
65
|
gem 'rest-client', '2.1.0'
|
66
66
|
gem 'rex', '2.0.13'
|
67
|
-
gem 'rmagick', '5.
|
67
|
+
gem 'rmagick', '5.3.0'
|
68
68
|
gem 'rspec', '3.12.0'
|
69
69
|
gem 'rtesseract', '3.1.2'
|
70
|
-
gem 'rubocop', '1.
|
70
|
+
gem 'rubocop', '1.55.0'
|
71
71
|
gem 'rubocop-rake', '0.6.0'
|
72
72
|
gem 'rubocop-rspec', '2.22.0'
|
73
73
|
gem 'ruby-audio', '1.6.1'
|
@@ -75,7 +75,7 @@ gem 'ruby-nmap', '1.0.1'
|
|
75
75
|
gem 'ruby-saml', '1.15.0'
|
76
76
|
gem 'rvm', '1.11.3.9'
|
77
77
|
gem 'savon', '2.14.0'
|
78
|
-
gem 'selenium-devtools', '0.
|
78
|
+
gem 'selenium-devtools', '0.115.0'
|
79
79
|
gem 'serialport', '1.3.2'
|
80
80
|
gem 'sinatra', '3.0.6'
|
81
81
|
gem 'slack-ruby-client', '2.1.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.804]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.804]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn_bdba_scan
CHANGED
@@ -35,6 +35,10 @@ OptionParser.new do |options|
|
|
35
35
|
options.on('-tTYPE', '--report-type=TYPE', '<Optional - Black Duck Binary Analysis Scan Report Type csv_libs|csv_vulns|pdf (Default: csv_vulns)>') do |t|
|
36
36
|
opts[:report_type] = t
|
37
37
|
end
|
38
|
+
|
39
|
+
options.on('-vVERSION', '--version=VERSION', '<Optional - Version to Associate w/ Specific Scan (Default: nil)>') do |v|
|
40
|
+
opts[:version] = v
|
41
|
+
end
|
38
42
|
end.parse!
|
39
43
|
|
40
44
|
if opts.empty?
|
@@ -68,6 +72,8 @@ begin
|
|
68
72
|
report_type_str = opts[:report_type] ||= 'csv_vulns'
|
69
73
|
report_type = report_type_str.to_s.to_sym
|
70
74
|
|
75
|
+
version = opts[:version]
|
76
|
+
|
71
77
|
groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
|
72
78
|
token: token
|
73
79
|
)
|
@@ -83,11 +89,13 @@ begin
|
|
83
89
|
PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
|
84
90
|
token: token,
|
85
91
|
file: target_file,
|
86
|
-
group_id: parent_id
|
92
|
+
group_id: parent_id,
|
93
|
+
version: version
|
87
94
|
)
|
88
95
|
end
|
89
96
|
|
90
97
|
scan_progress_resp = {}
|
98
|
+
scan_progress_busy_duration = 0
|
91
99
|
loop do
|
92
100
|
scan_progress_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
|
93
101
|
token: token,
|
@@ -96,10 +104,23 @@ begin
|
|
96
104
|
|
97
105
|
break if scan_progress_resp[:products].none? { |p| p[:status] == 'B' } || report_only
|
98
106
|
|
107
|
+
# Cancel queued scan if it's been queued for more than 90 minutes
|
108
|
+
if scan_progress_busy_duration > 5_400
|
109
|
+
scan_progress_resp[:products].select { |p| p[:status] == 'B' }.each do |p|
|
110
|
+
puts "Abort Queued Scan: #{p[:name]}"
|
111
|
+
PWN::Plugins::BlackDuckBinaryAnalysis.abort_product_scan(
|
112
|
+
token: token,
|
113
|
+
product_id: p[:product_id]
|
114
|
+
)
|
115
|
+
end
|
116
|
+
raise "ERROR: BDBA Scan Queued for More than 90 Minutes: #{target_file}"
|
117
|
+
end
|
118
|
+
|
99
119
|
10.times do
|
100
120
|
print '.'
|
101
121
|
sleep 1
|
102
122
|
end
|
123
|
+
scan_progress_busy_duration += 10
|
103
124
|
end
|
104
125
|
|
105
126
|
product_id = scan_progress_resp[:products].find { |p| p[:name] == CGI.escape(File.basename(target_file)) }[:product_id]
|
@@ -209,6 +209,27 @@ module PWN
|
|
209
209
|
raise e
|
210
210
|
end
|
211
211
|
|
212
|
+
# Supported Method Parameters::
|
213
|
+
# response = PWN::Plugins::BlackDuckBinaryAnalysis.abort_product_scan(
|
214
|
+
# token: 'required - Bearer token',
|
215
|
+
# product_id: 'required - product id'
|
216
|
+
# )
|
217
|
+
|
218
|
+
public_class_method def self.abort_product_scan(opts = {})
|
219
|
+
token = opts[:token]
|
220
|
+
product_id = opts[:product_id]
|
221
|
+
|
222
|
+
response = bd_bin_analysis_rest_call(
|
223
|
+
http_method: :post,
|
224
|
+
token: token,
|
225
|
+
rest_call: "product/#{product_id}/abort"
|
226
|
+
)
|
227
|
+
|
228
|
+
JSON.parse(response, symbolize_names: true)
|
229
|
+
rescue StandardError => e
|
230
|
+
raise e
|
231
|
+
end
|
232
|
+
|
212
233
|
# Supported Method Parameters::
|
213
234
|
# response = PWN::Plugins::BlackDuckBinaryAnalysis.generate_product_report(
|
214
235
|
# token: 'required - Bearer token',
|
@@ -584,6 +605,11 @@ module PWN
|
|
584
605
|
product_id: 'required - product id'
|
585
606
|
)
|
586
607
|
|
608
|
+
response = #{self}.abort_product_scan(
|
609
|
+
token: 'required - Bearer token',
|
610
|
+
product_id: 'required - product id'
|
611
|
+
)
|
612
|
+
|
587
613
|
response = #{self}.generate_product_report(
|
588
614
|
token: 'required - Bearer token',
|
589
615
|
product_id: 'required - product id',
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.804
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-07-
|
11
|
+
date: 2023-07-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -72,14 +72,14 @@ dependencies:
|
|
72
72
|
requirements:
|
73
73
|
- - '='
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: 6.0.
|
75
|
+
version: 6.0.1
|
76
76
|
type: :runtime
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - '='
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: 6.0.
|
82
|
+
version: 6.0.1
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: bson
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -408,14 +408,14 @@ dependencies:
|
|
408
408
|
requirements:
|
409
409
|
- - '='
|
410
410
|
- !ruby/object:Gem::Version
|
411
|
-
version: 2.19.
|
411
|
+
version: 2.19.1
|
412
412
|
type: :runtime
|
413
413
|
prerelease: false
|
414
414
|
version_requirements: !ruby/object:Gem::Requirement
|
415
415
|
requirements:
|
416
416
|
- - '='
|
417
417
|
- !ruby/object:Gem::Version
|
418
|
-
version: 2.19.
|
418
|
+
version: 2.19.1
|
419
419
|
- !ruby/object:Gem::Dependency
|
420
420
|
name: msfrpc-client
|
421
421
|
requirement: !ruby/object:Gem::Requirement
|
@@ -744,14 +744,14 @@ dependencies:
|
|
744
744
|
requirements:
|
745
745
|
- - '='
|
746
746
|
- !ruby/object:Gem::Version
|
747
|
-
version: 5.
|
747
|
+
version: 5.3.0
|
748
748
|
type: :runtime
|
749
749
|
prerelease: false
|
750
750
|
version_requirements: !ruby/object:Gem::Requirement
|
751
751
|
requirements:
|
752
752
|
- - '='
|
753
753
|
- !ruby/object:Gem::Version
|
754
|
-
version: 5.
|
754
|
+
version: 5.3.0
|
755
755
|
- !ruby/object:Gem::Dependency
|
756
756
|
name: rspec
|
757
757
|
requirement: !ruby/object:Gem::Requirement
|
@@ -786,14 +786,14 @@ dependencies:
|
|
786
786
|
requirements:
|
787
787
|
- - '='
|
788
788
|
- !ruby/object:Gem::Version
|
789
|
-
version: 1.
|
789
|
+
version: 1.55.0
|
790
790
|
type: :runtime
|
791
791
|
prerelease: false
|
792
792
|
version_requirements: !ruby/object:Gem::Requirement
|
793
793
|
requirements:
|
794
794
|
- - '='
|
795
795
|
- !ruby/object:Gem::Version
|
796
|
-
version: 1.
|
796
|
+
version: 1.55.0
|
797
797
|
- !ruby/object:Gem::Dependency
|
798
798
|
name: rubocop-rake
|
799
799
|
requirement: !ruby/object:Gem::Requirement
|
@@ -898,14 +898,14 @@ dependencies:
|
|
898
898
|
requirements:
|
899
899
|
- - '='
|
900
900
|
- !ruby/object:Gem::Version
|
901
|
-
version: 0.
|
901
|
+
version: 0.115.0
|
902
902
|
type: :runtime
|
903
903
|
prerelease: false
|
904
904
|
version_requirements: !ruby/object:Gem::Requirement
|
905
905
|
requirements:
|
906
906
|
- - '='
|
907
907
|
- !ruby/object:Gem::Version
|
908
|
-
version: 0.
|
908
|
+
version: 0.115.0
|
909
909
|
- !ruby/object:Gem::Dependency
|
910
910
|
name: serialport
|
911
911
|
requirement: !ruby/object:Gem::Requirement
|