pwn 0.4.820 → 0.4.822
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_fuzz_net_app_proto +1 -1
- data/bin/pwn_phone +1 -1
- data/bin/pwn_sast +1 -1
- data/bin/pwn_www_uri_buster +6 -2
- data/lib/pwn/reports/fuzz.rb +2 -2
- data/lib/pwn/reports/phone.rb +2 -2
- data/lib/pwn/reports/sast.rb +14 -14
- data/lib/pwn/reports/uri_buster.rb +2 -2
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f74787e4225e95cfc3678bed3f65ac08eb691ff80ee479df3c55d7dfaf1a26b1
|
|
4
|
+
data.tar.gz: 9b44b5ec18e38cc69eab3db9d05f505149c371c1f701ab5d74c62724e10a6e5b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c8084d62bbe11ca69e1baef76ed1483ee3e3a9488d4d8215f3123097970296e1544177c37d3cf6e44186ad8059fc2d0a5e9d95bbfd6d578b9151edf6cf6148eb
|
|
7
|
+
data.tar.gz: 9da62eb3b1e55dd040d45f8b69225354b9a66c0d155284c5a99d3ac29687476a550a609314e7885b057da31a0d630f1bedc244e129baa8f152b544cd1d43c4f0
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
37
37
|
$ rvm list gemsets
|
|
38
38
|
$ gem install --verbose pwn
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.4.
|
|
40
|
+
pwn[v0.4.822]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.4.
|
|
55
|
+
pwn[v0.4.822]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
|
data/bin/pwn_fuzz_net_app_proto
CHANGED
|
@@ -161,7 +161,7 @@ puts 'complete.'
|
|
|
161
161
|
|
|
162
162
|
# Start Simple HTTP Server (If Requested)
|
|
163
163
|
if start_reporting_server
|
|
164
|
-
listen_port = PWN::Plugins::Sock.get_random_unused_port
|
|
164
|
+
listen_port = PWN::Plugins::Sock.get_random_unused_port.to_s
|
|
165
165
|
if pwn_provider == 'docker'
|
|
166
166
|
listen_ip = '0.0.0.0'
|
|
167
167
|
else
|
data/bin/pwn_phone
CHANGED
|
@@ -114,7 +114,7 @@ begin
|
|
|
114
114
|
|
|
115
115
|
# Start Simple HTTP Server (If Requested)
|
|
116
116
|
if start_reporting_server
|
|
117
|
-
listen_port = PWN::Plugins::Sock.get_random_unused_port
|
|
117
|
+
listen_port = PWN::Plugins::Sock.get_random_unused_port.to_s
|
|
118
118
|
|
|
119
119
|
if pwn_provider == 'docker'
|
|
120
120
|
listen_ip = '0.0.0.0'
|
data/bin/pwn_sast
CHANGED
|
@@ -162,7 +162,7 @@ begin
|
|
|
162
162
|
|
|
163
163
|
# Start Simple HTTP Server (If Requested)
|
|
164
164
|
if start_reporting_server
|
|
165
|
-
listen_port = PWN::Plugins::Sock.get_random_unused_port
|
|
165
|
+
listen_port = PWN::Plugins::Sock.get_random_unused_port.to_s
|
|
166
166
|
|
|
167
167
|
if pwn_provider == 'docker'
|
|
168
168
|
listen_ip = '0.0.0.0'
|
data/bin/pwn_www_uri_buster
CHANGED
|
@@ -109,9 +109,13 @@ def request_path(opts = {})
|
|
|
109
109
|
rescue Errno::ECONNREFUSED
|
|
110
110
|
raise 'ERROR: Connection(s) Refused. Try lowering the --max-threads value.'
|
|
111
111
|
rescue Errno::ECONNRESET,
|
|
112
|
+
OpenSSL::SSL::SSLError,
|
|
112
113
|
RestClient::Exceptions::ReadTimeout,
|
|
113
114
|
RestClient::Exceptions::OpenTimeout,
|
|
114
|
-
RestClient::ServerBrokeConnection
|
|
115
|
+
RestClient::ServerBrokeConnection,
|
|
116
|
+
SOCKSError => e
|
|
117
|
+
|
|
118
|
+
# May be best to switch Tor channel if SOCKSError is rescued
|
|
115
119
|
rest_client_resp_hash = {
|
|
116
120
|
request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
|
|
117
121
|
http_uri: http_uri,
|
|
@@ -241,7 +245,7 @@ begin
|
|
|
241
245
|
|
|
242
246
|
# Start Simple HTTP Server (If Requested)
|
|
243
247
|
if start_reporting_server
|
|
244
|
-
listen_port = PWN::Plugins::Sock.get_random_unused_port
|
|
248
|
+
listen_port = PWN::Plugins::Sock.get_random_unused_port.to_s
|
|
245
249
|
|
|
246
250
|
if pwn_provider == 'docker'
|
|
247
251
|
listen_ip = '0.0.0.0'
|
data/lib/pwn/reports/fuzz.rb
CHANGED
|
@@ -32,7 +32,7 @@ module PWN
|
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
# Report All the Bugs!!! \o/
|
|
35
|
-
html_report = %
|
|
35
|
+
html_report = %{<!DOCTYPE HTML>
|
|
36
36
|
<html>
|
|
37
37
|
<head>
|
|
38
38
|
<!-- favicon.ico from https://0dayinc.com -->
|
|
@@ -168,7 +168,7 @@ module PWN
|
|
|
168
168
|
}
|
|
169
169
|
});
|
|
170
170
|
},
|
|
171
|
-
"ajax": "
|
|
171
|
+
"ajax": "#{report_name}.json",
|
|
172
172
|
//"deferRender": true,
|
|
173
173
|
"dom": "fplitfpliS",
|
|
174
174
|
"autoWidth": false,
|
data/lib/pwn/reports/phone.rb
CHANGED
|
@@ -24,7 +24,7 @@ module PWN
|
|
|
24
24
|
JSON.pretty_generate(results_hash)
|
|
25
25
|
)
|
|
26
26
|
|
|
27
|
-
html_report = %
|
|
27
|
+
html_report = %{<!DOCTYPE HTML>
|
|
28
28
|
<html>
|
|
29
29
|
<head>
|
|
30
30
|
<!-- favicon.ico from https://0dayinc.com -->
|
|
@@ -169,7 +169,7 @@ module PWN
|
|
|
169
169
|
}
|
|
170
170
|
});
|
|
171
171
|
},
|
|
172
|
-
"ajax": "
|
|
172
|
+
"ajax": "#{report_name}.json",
|
|
173
173
|
//"deferRender": true,
|
|
174
174
|
"dom": "fplitfpliS",
|
|
175
175
|
"autoWidth": false,
|
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -31,7 +31,7 @@ module PWN
|
|
|
31
31
|
JSON.pretty_generate(results_hash)
|
|
32
32
|
)
|
|
33
33
|
|
|
34
|
-
html_report = %
|
|
34
|
+
html_report = %{<!DOCTYPE HTML>
|
|
35
35
|
<html>
|
|
36
36
|
<head>
|
|
37
37
|
<!-- favicon.ico from https://0dayinc.com -->
|
|
@@ -160,7 +160,7 @@ module PWN
|
|
|
160
160
|
}
|
|
161
161
|
});
|
|
162
162
|
},
|
|
163
|
-
"ajax": "
|
|
163
|
+
"ajax": "#{report_name}.json",
|
|
164
164
|
//"deferRender": true,
|
|
165
165
|
"dom": "fplitfpliS",
|
|
166
166
|
"autoWidth": false,
|
|
@@ -175,7 +175,7 @@ module PWN
|
|
|
175
175
|
"render": function (data, type, row, meta) {
|
|
176
176
|
var sast_dirname = data['sast_module'].split('::')[0].toLowerCase() + '/' + data['sast_module'].split('::')[1].toLowerCase();
|
|
177
177
|
var sast_module = data['sast_module'].split('::')[2];
|
|
178
|
-
var sast_test_case = sast_module.replace(
|
|
178
|
+
var sast_test_case = sast_module.replace(/\\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
|
|
179
179
|
|
|
180
180
|
return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">NIST 800-53: ' + htmlEntityEncode(data['section']) + '</a><br /><br /><a href="' + htmlEntityEncode(data['cwe_uri']) + '" target="_blank">CWE:' + htmlEntityEncode(data['cwe_id']) + '</a></td></tr>';
|
|
181
181
|
}
|
|
@@ -202,16 +202,16 @@ module PWN
|
|
|
202
202
|
|
|
203
203
|
var filename_link = row.filename;
|
|
204
204
|
|
|
205
|
-
var bug_comment = 'Timestamp: ' + row.timestamp + '
|
|
205
|
+
var bug_comment = 'Timestamp: ' + row.timestamp + '\\n' +
|
|
206
206
|
'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
|
|
207
|
-
row.security_references['sast_module'].replace(/::/g, "/") + '
|
|
208
|
-
'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '
|
|
207
|
+
row.security_references['sast_module'].replace(/::/g, "/") + '\\n' +
|
|
208
|
+
'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
|
|
209
209
|
'Test Case Request:\n' +
|
|
210
|
-
$("<div/>").html(row.test_case_filter.replace(
|
|
211
|
-
'Test Case Response
|
|
212
|
-
'
|
|
210
|
+
$("<div/>").html(row.test_case_filter.replace(/\\s{2,}/g, " ")).text() + '\\n\\n' +
|
|
211
|
+
'Test Case Response:\\n' +
|
|
212
|
+
'\\tCommitted by: ' + $("<div/>").html(data[i]['author']).text() + '\\t' +
|
|
213
213
|
data[i]['line_no'] + ': ' +
|
|
214
|
-
$("<div/>").html(data[i]['contents'].replace(
|
|
214
|
+
$("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
|
|
215
215
|
|
|
216
216
|
var author_and_email_arr = data[i]['author'].split(" ");
|
|
217
217
|
var email = author_and_email_arr[author_and_email_arr.length - 1];
|
|
@@ -220,11 +220,11 @@ module PWN
|
|
|
220
220
|
|
|
221
221
|
var uri = '#uri';
|
|
222
222
|
|
|
223
|
-
var canned_email_results = 'Timestamp: ' + row.timestamp + '
|
|
224
|
-
'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '
|
|
225
|
-
'Source Code in Question
|
|
223
|
+
var canned_email_results = 'Timestamp: ' + row.timestamp + '\\n' +
|
|
224
|
+
'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
|
|
225
|
+
'Source Code in Question:\\n\\n' +
|
|
226
226
|
data[i]['line_no'] + ': ' +
|
|
227
|
-
$("<div/>").html(data[i]['contents'].replace(
|
|
227
|
+
$("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
|
|
228
228
|
|
|
229
229
|
var canned_email = email.replace("<", "").replace(">", "") + '?subject=Potential%20Bug%20within%20Source%20File:%20'+ encodeURIComponent(row.filename) +'&body=Greetings,%0A%0AThe%20following%20information%20likely%20represents%20a%20bug%20discovered%20through%20automated%20security%20testing%20initiatives:%0A%0A' + encodeURIComponent(canned_email_results) + 'Is%20this%20something%20that%20can%20be%20addressed%20immediately%20or%20would%20filing%20a%20bug%20be%20more%20appropriate?%20%20Please%20let%20us%20know%20at%20your%20earliest%20convenience%20to%20ensure%20we%20can%20meet%20security%20expectations%20for%20this%20release.%20%20Thanks%20and%20have%20a%20great%20day!';
|
|
230
230
|
|
|
@@ -24,7 +24,7 @@ module PWN
|
|
|
24
24
|
JSON.pretty_generate(results_hash)
|
|
25
25
|
)
|
|
26
26
|
|
|
27
|
-
html_report = %
|
|
27
|
+
html_report = %{<!DOCTYPE HTML>
|
|
28
28
|
<html>
|
|
29
29
|
<head>
|
|
30
30
|
<!-- favicon.ico from https://0dayinc.com -->
|
|
@@ -156,7 +156,7 @@ module PWN
|
|
|
156
156
|
}
|
|
157
157
|
});
|
|
158
158
|
},
|
|
159
|
-
"ajax": "
|
|
159
|
+
"ajax": "#{report_name}.json",
|
|
160
160
|
//"deferRender": true,
|
|
161
161
|
"dom": "fplitfpliS",
|
|
162
162
|
"autoWidth": false,
|
data/lib/pwn/version.rb
CHANGED