pwn 0.4.821 → 0.4.822

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/bin/pwn_www_uri_buster +4 -1
  4. data/lib/pwn/reports/fuzz.rb +2 -2
  5. data/lib/pwn/reports/phone.rb +2 -2
  6. data/lib/pwn/reports/sast.rb +14 -14
  7. data/lib/pwn/reports/uri_buster.rb +2 -2
  8. data/lib/pwn/version.rb +1 -1
  9. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c3ac59fc7a7af44959a91da6100a3897e8ccb88d4903aa47e379a2215869b7f3
4
- data.tar.gz: 0b3430348fd739d3abb05923c9666af5cdb5ae48b0365e1bc0007971ca24c3ac
3
+ metadata.gz: f74787e4225e95cfc3678bed3f65ac08eb691ff80ee479df3c55d7dfaf1a26b1
4
+ data.tar.gz: 9b44b5ec18e38cc69eab3db9d05f505149c371c1f701ab5d74c62724e10a6e5b
5
5
  SHA512:
6
- metadata.gz: 4fec522538dbe120a41397dfe8adfbf6670287d833ba11548f7ffb3f774bad51867fe33aa8071b14f162b22b6e3f23c80c99aa3b399c13188748228c25c6c626
7
- data.tar.gz: 2b1b6882395861c9550f1ec89960ee2ba88d1df670ec5aa76113ec8f7990ba5576e6eaa468fe74b168bc398e83f3a10f4e3af9ea1f225d261ff0a68cbf9739be
6
+ metadata.gz: c8084d62bbe11ca69e1baef76ed1483ee3e3a9488d4d8215f3123097970296e1544177c37d3cf6e44186ad8059fc2d0a5e9d95bbfd6d578b9151edf6cf6148eb
7
+ data.tar.gz: 9da62eb3b1e55dd040d45f8b69225354b9a66c0d155284c5a99d3ac29687476a550a609314e7885b057da31a0d630f1bedc244e129baa8f152b544cd1d43c4f0
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.821]:001 >>> PWN.help
40
+ pwn[v0.4.822]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.821]:001 >>> PWN.help
55
+ pwn[v0.4.822]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_www_uri_buster CHANGED
@@ -109,10 +109,13 @@ def request_path(opts = {})
109
109
  rescue Errno::ECONNREFUSED
110
110
  raise 'ERROR: Connection(s) Refused. Try lowering the --max-threads value.'
111
111
  rescue Errno::ECONNRESET,
112
+ OpenSSL::SSL::SSLError,
112
113
  RestClient::Exceptions::ReadTimeout,
113
114
  RestClient::Exceptions::OpenTimeout,
114
115
  RestClient::ServerBrokeConnection,
115
- OpenSSL::SSL::SSLError => e
116
+ SOCKSError => e
117
+
118
+ # May be best to switch Tor channel if SOCKSError is rescued
116
119
  rest_client_resp_hash = {
117
120
  request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
118
121
  http_uri: http_uri,
data/lib/pwn/reports/fuzz.rb CHANGED
@@ -32,7 +32,7 @@ module PWN
32
32
  end
33
33
 
34
34
  # Report All the Bugs!!! \o/
35
- html_report = %q{<!DOCTYPE HTML>
35
+ html_report = %{<!DOCTYPE HTML>
36
36
  <html>
37
37
  <head>
38
38
  <!-- favicon.ico from https://0dayinc.com -->
@@ -168,7 +168,7 @@ module PWN
168
168
  }
169
169
  });
170
170
  },
171
- "ajax": "pwn_fuzz_net_app_proto.json",
171
+ "ajax": "#{report_name}.json",
172
172
  //"deferRender": true,
173
173
  "dom": "fplitfpliS",
174
174
  "autoWidth": false,
data/lib/pwn/reports/phone.rb CHANGED
@@ -24,7 +24,7 @@ module PWN
24
24
  JSON.pretty_generate(results_hash)
25
25
  )
26
26
 
27
- html_report = %q{<!DOCTYPE HTML>
27
+ html_report = %{<!DOCTYPE HTML>
28
28
  <html>
29
29
  <head>
30
30
  <!-- favicon.ico from https://0dayinc.com -->
@@ -169,7 +169,7 @@ module PWN
169
169
  }
170
170
  });
171
171
  },
172
- "ajax": "pwn_phone.json",
172
+ "ajax": "#{report_name}.json",
173
173
  //"deferRender": true,
174
174
  "dom": "fplitfpliS",
175
175
  "autoWidth": false,
data/lib/pwn/reports/sast.rb CHANGED
@@ -31,7 +31,7 @@ module PWN
31
31
  JSON.pretty_generate(results_hash)
32
32
  )
33
33
 
34
- html_report = %q{<!DOCTYPE HTML>
34
+ html_report = %{<!DOCTYPE HTML>
35
35
  <html>
36
36
  <head>
37
37
  <!-- favicon.ico from https://0dayinc.com -->
@@ -160,7 +160,7 @@ module PWN
160
160
  }
161
161
  });
162
162
  },
163
- "ajax": "pwn_scan_git_source.json",
163
+ "ajax": "#{report_name}.json",
164
164
  //"deferRender": true,
165
165
  "dom": "fplitfpliS",
166
166
  "autoWidth": false,
@@ -175,7 +175,7 @@ module PWN
175
175
  "render": function (data, type, row, meta) {
176
176
  var sast_dirname = data['sast_module'].split('::')[0].toLowerCase() + '/' + data['sast_module'].split('::')[1].toLowerCase();
177
177
  var sast_module = data['sast_module'].split('::')[2];
178
- var sast_test_case = sast_module.replace(/\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
178
+ var sast_test_case = sast_module.replace(/\\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
179
179
 
180
180
  return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">NIST 800-53: ' + htmlEntityEncode(data['section']) + '</a><br /><br /><a href="' + htmlEntityEncode(data['cwe_uri']) + '" target="_blank">CWE:' + htmlEntityEncode(data['cwe_id']) + '</a></td></tr>';
181
181
  }
@@ -202,16 +202,16 @@ module PWN
202
202
 
203
203
  var filename_link = row.filename;
204
204
 
205
- var bug_comment = 'Timestamp: ' + row.timestamp + '\n' +
205
+ var bug_comment = 'Timestamp: ' + row.timestamp + '\\n' +
206
206
  'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
207
- row.security_references['sast_module'].replace(/::/g, "/") + '\n' +
208
- 'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\n\n' +
207
+ row.security_references['sast_module'].replace(/::/g, "/") + '\\n' +
208
+ 'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
209
209
  'Test Case Request:\n' +
210
- $("<div/>").html(row.test_case_filter.replace(/\s{2,}/g, " ")).text() + '\n\n' +
211
- 'Test Case Response:\n' +
212
- '\tCommitted by: ' + $("<div/>").html(data[i]['author']).text() + '\t' +
210
+ $("<div/>").html(row.test_case_filter.replace(/\\s{2,}/g, " ")).text() + '\\n\\n' +
211
+ 'Test Case Response:\\n' +
212
+ '\\tCommitted by: ' + $("<div/>").html(data[i]['author']).text() + '\\t' +
213
213
  data[i]['line_no'] + ': ' +
214
- $("<div/>").html(data[i]['contents'].replace(/\s{2,}/g, " ")).text() + '\n\n';
214
+ $("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
215
215
 
216
216
  var author_and_email_arr = data[i]['author'].split(" ");
217
217
  var email = author_and_email_arr[author_and_email_arr.length - 1];
@@ -220,11 +220,11 @@ module PWN
220
220
 
221
221
  var uri = '#uri';
222
222
 
223
- var canned_email_results = 'Timestamp: ' + row.timestamp + '\n' +
224
- 'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '\n\n' +
225
- 'Source Code in Question:\n\n' +
223
+ var canned_email_results = 'Timestamp: ' + row.timestamp + '\\n' +
224
+ 'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
225
+ 'Source Code in Question:\\n\\n' +
226
226
  data[i]['line_no'] + ': ' +
227
- $("<div/>").html(data[i]['contents'].replace(/\s{2,}/g, " ")).text() + '\n\n';
227
+ $("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
228
228
 
229
229
  var canned_email = email.replace("&lt;", "").replace("&gt;", "") + '?subject=Potential%20Bug%20within%20Source%20File:%20'+ encodeURIComponent(row.filename) +'&body=Greetings,%0A%0AThe%20following%20information%20likely%20represents%20a%20bug%20discovered%20through%20automated%20security%20testing%20initiatives:%0A%0A' + encodeURIComponent(canned_email_results) + 'Is%20this%20something%20that%20can%20be%20addressed%20immediately%20or%20would%20filing%20a%20bug%20be%20more%20appropriate?%20%20Please%20let%20us%20know%20at%20your%20earliest%20convenience%20to%20ensure%20we%20can%20meet%20security%20expectations%20for%20this%20release.%20%20Thanks%20and%20have%20a%20great%20day!';
230
230
 
data/lib/pwn/reports/uri_buster.rb CHANGED
@@ -24,7 +24,7 @@ module PWN
24
24
  JSON.pretty_generate(results_hash)
25
25
  )
26
26
 
27
- html_report = %q{<!DOCTYPE HTML>
27
+ html_report = %{<!DOCTYPE HTML>
28
28
  <html>
29
29
  <head>
30
30
  <!-- favicon.ico from https://0dayinc.com -->
@@ -156,7 +156,7 @@ module PWN
156
156
  }
157
157
  });
158
158
  },
159
- "ajax": "pwn_www_uri_buster.json",
159
+ "ajax": "#{report_name}.json",
160
160
  //"deferRender": true,
161
161
  "dom": "fplitfpliS",
162
162
  "autoWidth": false,
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.821'
4
+ VERSION = '0.4.822'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.821
4
+ version: 0.4.822
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.