pwn 0.4.820 → 0.4.822
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/bin/pwn_fuzz_net_app_proto +1 -1
- data/bin/pwn_phone +1 -1
- data/bin/pwn_sast +1 -1
- data/bin/pwn_www_uri_buster +6 -2
- data/lib/pwn/reports/fuzz.rb +2 -2
- data/lib/pwn/reports/phone.rb +2 -2
- data/lib/pwn/reports/sast.rb +14 -14
- data/lib/pwn/reports/uri_buster.rb +2 -2
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f74787e4225e95cfc3678bed3f65ac08eb691ff80ee479df3c55d7dfaf1a26b1
|
|
4
|
+
data.tar.gz: 9b44b5ec18e38cc69eab3db9d05f505149c371c1f701ab5d74c62724e10a6e5b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c8084d62bbe11ca69e1baef76ed1483ee3e3a9488d4d8215f3123097970296e1544177c37d3cf6e44186ad8059fc2d0a5e9d95bbfd6d578b9151edf6cf6148eb
|
|
7
|
+
data.tar.gz: 9da62eb3b1e55dd040d45f8b69225354b9a66c0d155284c5a99d3ac29687476a550a609314e7885b057da31a0d630f1bedc244e129baa8f152b544cd1d43c4f0
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
37
37
|
$ rvm list gemsets
|
|
38
38
|
$ gem install --verbose pwn
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.4.
|
|
40
|
+
pwn[v0.4.822]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.4.
|
|
55
|
+
pwn[v0.4.822]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
|
data/bin/pwn_fuzz_net_app_proto
CHANGED
|
@@ -161,7 +161,7 @@ puts 'complete.'
|
|
|
161
161
|
|
|
162
162
|
# Start Simple HTTP Server (If Requested)
|
|
163
163
|
if start_reporting_server
|
|
164
|
-
listen_port = PWN::Plugins::Sock.get_random_unused_port
|
|
164
|
+
listen_port = PWN::Plugins::Sock.get_random_unused_port.to_s
|
|
165
165
|
if pwn_provider == 'docker'
|
|
166
166
|
listen_ip = '0.0.0.0'
|
|
167
167
|
else
|
data/bin/pwn_phone
CHANGED
|
@@ -114,7 +114,7 @@ begin
|
|
|
114
114
|
|
|
115
115
|
# Start Simple HTTP Server (If Requested)
|
|
116
116
|
if start_reporting_server
|
|
117
|
-
listen_port = PWN::Plugins::Sock.get_random_unused_port
|
|
117
|
+
listen_port = PWN::Plugins::Sock.get_random_unused_port.to_s
|
|
118
118
|
|
|
119
119
|
if pwn_provider == 'docker'
|
|
120
120
|
listen_ip = '0.0.0.0'
|
data/bin/pwn_sast
CHANGED
|
@@ -162,7 +162,7 @@ begin
|
|
|
162
162
|
|
|
163
163
|
# Start Simple HTTP Server (If Requested)
|
|
164
164
|
if start_reporting_server
|
|
165
|
-
listen_port = PWN::Plugins::Sock.get_random_unused_port
|
|
165
|
+
listen_port = PWN::Plugins::Sock.get_random_unused_port.to_s
|
|
166
166
|
|
|
167
167
|
if pwn_provider == 'docker'
|
|
168
168
|
listen_ip = '0.0.0.0'
|
data/bin/pwn_www_uri_buster
CHANGED
|
@@ -109,9 +109,13 @@ def request_path(opts = {})
|
|
|
109
109
|
rescue Errno::ECONNREFUSED
|
|
110
110
|
raise 'ERROR: Connection(s) Refused. Try lowering the --max-threads value.'
|
|
111
111
|
rescue Errno::ECONNRESET,
|
|
112
|
+
OpenSSL::SSL::SSLError,
|
|
112
113
|
RestClient::Exceptions::ReadTimeout,
|
|
113
114
|
RestClient::Exceptions::OpenTimeout,
|
|
114
|
-
RestClient::ServerBrokeConnection
|
|
115
|
+
RestClient::ServerBrokeConnection,
|
|
116
|
+
SOCKSError => e
|
|
117
|
+
|
|
118
|
+
# May be best to switch Tor channel if SOCKSError is rescued
|
|
115
119
|
rest_client_resp_hash = {
|
|
116
120
|
request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
|
|
117
121
|
http_uri: http_uri,
|
|
@@ -241,7 +245,7 @@ begin
|
|
|
241
245
|
|
|
242
246
|
# Start Simple HTTP Server (If Requested)
|
|
243
247
|
if start_reporting_server
|
|
244
|
-
listen_port = PWN::Plugins::Sock.get_random_unused_port
|
|
248
|
+
listen_port = PWN::Plugins::Sock.get_random_unused_port.to_s
|
|
245
249
|
|
|
246
250
|
if pwn_provider == 'docker'
|
|
247
251
|
listen_ip = '0.0.0.0'
|
data/lib/pwn/reports/fuzz.rb
CHANGED
|
@@ -32,7 +32,7 @@ module PWN
|
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
# Report All the Bugs!!! \o/
|
|
35
|
-
html_report = %
|
|
35
|
+
html_report = %{<!DOCTYPE HTML>
|
|
36
36
|
<html>
|
|
37
37
|
<head>
|
|
38
38
|
<!-- favicon.ico from https://0dayinc.com -->
|
|
@@ -168,7 +168,7 @@ module PWN
|
|
|
168
168
|
}
|
|
169
169
|
});
|
|
170
170
|
},
|
|
171
|
-
"ajax": "
|
|
171
|
+
"ajax": "#{report_name}.json",
|
|
172
172
|
//"deferRender": true,
|
|
173
173
|
"dom": "fplitfpliS",
|
|
174
174
|
"autoWidth": false,
|
data/lib/pwn/reports/phone.rb
CHANGED
|
@@ -24,7 +24,7 @@ module PWN
|
|
|
24
24
|
JSON.pretty_generate(results_hash)
|
|
25
25
|
)
|
|
26
26
|
|
|
27
|
-
html_report = %
|
|
27
|
+
html_report = %{<!DOCTYPE HTML>
|
|
28
28
|
<html>
|
|
29
29
|
<head>
|
|
30
30
|
<!-- favicon.ico from https://0dayinc.com -->
|
|
@@ -169,7 +169,7 @@ module PWN
|
|
|
169
169
|
}
|
|
170
170
|
});
|
|
171
171
|
},
|
|
172
|
-
"ajax": "
|
|
172
|
+
"ajax": "#{report_name}.json",
|
|
173
173
|
//"deferRender": true,
|
|
174
174
|
"dom": "fplitfpliS",
|
|
175
175
|
"autoWidth": false,
|
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -31,7 +31,7 @@ module PWN
|
|
|
31
31
|
JSON.pretty_generate(results_hash)
|
|
32
32
|
)
|
|
33
33
|
|
|
34
|
-
html_report = %
|
|
34
|
+
html_report = %{<!DOCTYPE HTML>
|
|
35
35
|
<html>
|
|
36
36
|
<head>
|
|
37
37
|
<!-- favicon.ico from https://0dayinc.com -->
|
|
@@ -160,7 +160,7 @@ module PWN
|
|
|
160
160
|
}
|
|
161
161
|
});
|
|
162
162
|
},
|
|
163
|
-
"ajax": "
|
|
163
|
+
"ajax": "#{report_name}.json",
|
|
164
164
|
//"deferRender": true,
|
|
165
165
|
"dom": "fplitfpliS",
|
|
166
166
|
"autoWidth": false,
|
|
@@ -175,7 +175,7 @@ module PWN
|
|
|
175
175
|
"render": function (data, type, row, meta) {
|
|
176
176
|
var sast_dirname = data['sast_module'].split('::')[0].toLowerCase() + '/' + data['sast_module'].split('::')[1].toLowerCase();
|
|
177
177
|
var sast_module = data['sast_module'].split('::')[2];
|
|
178
|
-
var sast_test_case = sast_module.replace(
|
|
178
|
+
var sast_test_case = sast_module.replace(/\\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
|
|
179
179
|
|
|
180
180
|
return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">NIST 800-53: ' + htmlEntityEncode(data['section']) + '</a><br /><br /><a href="' + htmlEntityEncode(data['cwe_uri']) + '" target="_blank">CWE:' + htmlEntityEncode(data['cwe_id']) + '</a></td></tr>';
|
|
181
181
|
}
|
|
@@ -202,16 +202,16 @@ module PWN
|
|
|
202
202
|
|
|
203
203
|
var filename_link = row.filename;
|
|
204
204
|
|
|
205
|
-
var bug_comment = 'Timestamp: ' + row.timestamp + '
|
|
205
|
+
var bug_comment = 'Timestamp: ' + row.timestamp + '\\n' +
|
|
206
206
|
'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
|
|
207
|
-
row.security_references['sast_module'].replace(/::/g, "/") + '
|
|
208
|
-
'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '
|
|
207
|
+
row.security_references['sast_module'].replace(/::/g, "/") + '\\n' +
|
|
208
|
+
'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
|
|
209
209
|
'Test Case Request:\n' +
|
|
210
|
-
$("<div/>").html(row.test_case_filter.replace(
|
|
211
|
-
'Test Case Response
|
|
212
|
-
'
|
|
210
|
+
$("<div/>").html(row.test_case_filter.replace(/\\s{2,}/g, " ")).text() + '\\n\\n' +
|
|
211
|
+
'Test Case Response:\\n' +
|
|
212
|
+
'\\tCommitted by: ' + $("<div/>").html(data[i]['author']).text() + '\\t' +
|
|
213
213
|
data[i]['line_no'] + ': ' +
|
|
214
|
-
$("<div/>").html(data[i]['contents'].replace(
|
|
214
|
+
$("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
|
|
215
215
|
|
|
216
216
|
var author_and_email_arr = data[i]['author'].split(" ");
|
|
217
217
|
var email = author_and_email_arr[author_and_email_arr.length - 1];
|
|
@@ -220,11 +220,11 @@ module PWN
|
|
|
220
220
|
|
|
221
221
|
var uri = '#uri';
|
|
222
222
|
|
|
223
|
-
var canned_email_results = 'Timestamp: ' + row.timestamp + '
|
|
224
|
-
'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '
|
|
225
|
-
'Source Code in Question
|
|
223
|
+
var canned_email_results = 'Timestamp: ' + row.timestamp + '\\n' +
|
|
224
|
+
'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
|
|
225
|
+
'Source Code in Question:\\n\\n' +
|
|
226
226
|
data[i]['line_no'] + ': ' +
|
|
227
|
-
$("<div/>").html(data[i]['contents'].replace(
|
|
227
|
+
$("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
|
|
228
228
|
|
|
229
229
|
var canned_email = email.replace("<", "").replace(">", "") + '?subject=Potential%20Bug%20within%20Source%20File:%20'+ encodeURIComponent(row.filename) +'&body=Greetings,%0A%0AThe%20following%20information%20likely%20represents%20a%20bug%20discovered%20through%20automated%20security%20testing%20initiatives:%0A%0A' + encodeURIComponent(canned_email_results) + 'Is%20this%20something%20that%20can%20be%20addressed%20immediately%20or%20would%20filing%20a%20bug%20be%20more%20appropriate?%20%20Please%20let%20us%20know%20at%20your%20earliest%20convenience%20to%20ensure%20we%20can%20meet%20security%20expectations%20for%20this%20release.%20%20Thanks%20and%20have%20a%20great%20day!';
|
|
230
230
|
|
|
@@ -24,7 +24,7 @@ module PWN
|
|
|
24
24
|
JSON.pretty_generate(results_hash)
|
|
25
25
|
)
|
|
26
26
|
|
|
27
|
-
html_report = %
|
|
27
|
+
html_report = %{<!DOCTYPE HTML>
|
|
28
28
|
<html>
|
|
29
29
|
<head>
|
|
30
30
|
<!-- favicon.ico from https://0dayinc.com -->
|
|
@@ -156,7 +156,7 @@ module PWN
|
|
|
156
156
|
}
|
|
157
157
|
});
|
|
158
158
|
},
|
|
159
|
-
"ajax": "
|
|
159
|
+
"ajax": "#{report_name}.json",
|
|
160
160
|
//"deferRender": true,
|
|
161
161
|
"dom": "fplitfpliS",
|
|
162
162
|
"autoWidth": false,
|
data/lib/pwn/version.rb
CHANGED