pwn 0.4.865 → 0.4.867
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop_todo.yml +0 -6
- data/README.md +2 -2
- data/bin/pwn_shodan_search +0 -4
- data/lib/pwn/plugins/burp_suite.rb +2 -2
- data/lib/pwn/plugins/shodan.rb +16 -28
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www/hacker_one.rb +18 -20
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 145befe33721bfed27906af44b0adecb461cc720998bb2b0e67cec388cd09337
|
|
4
|
+
data.tar.gz: d2f13d2a283176bc2f27bc7321265e60b17ee9b0e260a0e5e98409c65cefeac1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3a300155409cc978fc05c743d8a5e91261e93d712623c36adb0236d5c7ff718c0279d63e63654b4063ebd04ee4828792b052b5e25f503963142bdb479c2fccc6
|
|
7
|
+
data.tar.gz: ddfd5e53d6879c2747e5e41b39903ec77cdf67a6d391e79ed6b7e4a59e2d42b2a6d5c28386d5a7395ee84de9cf9ee8f696d72964294d8011fd3bdb9ec99fc349
|
data/.rubocop_todo.yml
CHANGED
|
@@ -92,12 +92,6 @@ Style/IfUnlessModifier:
|
|
|
92
92
|
- 'bin/pwn'
|
|
93
93
|
- 'lib/pwn/plugins/baresip.rb'
|
|
94
94
|
|
|
95
|
-
# Offense count: 1
|
|
96
|
-
# This cop supports safe autocorrection (--autocorrect).
|
|
97
|
-
Style/RedundantBegin:
|
|
98
|
-
Exclude:
|
|
99
|
-
- 'lib/pwn/www/hacker_one.rb'
|
|
100
|
-
|
|
101
95
|
# Offense count: 95
|
|
102
96
|
# This cop supports safe autocorrection (--autocorrect).
|
|
103
97
|
Style/RedundantCondition:
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
37
37
|
$ rvm list gemsets
|
|
38
38
|
$ gem install --verbose pwn
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.4.
|
|
40
|
+
pwn[v0.4.867]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.4.
|
|
55
|
+
pwn[v0.4.867]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
|
data/bin/pwn_shodan_search
CHANGED
|
@@ -84,10 +84,6 @@ begin
|
|
|
84
84
|
end
|
|
85
85
|
end
|
|
86
86
|
File.write(raw_query_results_file, JSON.pretty_generate(raw_results_arr))
|
|
87
|
-
rescue JSON::GeneratorError
|
|
88
|
-
# Sometimes we get source sequence is illegal/malformed utf-8
|
|
89
|
-
# errors, so we still attempt to write without pretty_generate
|
|
90
|
-
File.write(raw_query_results_file, raw_results_arr.to_json)
|
|
91
87
|
rescue SystemExit, Interrupt
|
|
92
88
|
puts "\nGoodbye."
|
|
93
89
|
end
|
|
@@ -100,7 +100,7 @@ module PWN
|
|
|
100
100
|
out_of_scope_arr = out_of_scope.select do |os|
|
|
101
101
|
URI.parse(uri).scheme =~ /#{os[:protocol]}/ &&
|
|
102
102
|
URI.parse(uri).host =~ /#{os[:host]}/ &&
|
|
103
|
-
URI.parse(uri).path =~ /#{os[:file]}/
|
|
103
|
+
(URI.parse(uri).path =~ /#{os[:file]}/ || URI.parse(uri).path == '')
|
|
104
104
|
end
|
|
105
105
|
return false unless out_of_scope_arr.empty?
|
|
106
106
|
|
|
@@ -108,7 +108,7 @@ module PWN
|
|
|
108
108
|
in_scope_arr = in_scope.select do |is|
|
|
109
109
|
URI.parse(uri).scheme =~ /#{is[:protocol]}/ &&
|
|
110
110
|
URI.parse(uri).host =~ /#{is[:host]}/ &&
|
|
111
|
-
URI.parse(uri).path =~ /#{is[:file]}/
|
|
111
|
+
(URI.parse(uri).path =~ /#{is[:file]}/ || URI.parse(uri).path == '')
|
|
112
112
|
end
|
|
113
113
|
return false if in_scope_arr.empty?
|
|
114
114
|
|
data/lib/pwn/plugins/shodan.rb
CHANGED
|
@@ -104,7 +104,7 @@ module PWN
|
|
|
104
104
|
else
|
|
105
105
|
raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
|
|
106
106
|
end
|
|
107
|
-
response
|
|
107
|
+
JSON.parse(response.scrub, symbolize_names: true)
|
|
108
108
|
rescue RestClient::TooManyRequests
|
|
109
109
|
print 'Too many requests. Sleeping 10s...'
|
|
110
110
|
sleep 10
|
|
@@ -136,7 +136,7 @@ module PWN
|
|
|
136
136
|
rest_call: "shodan/host/#{target_ip}",
|
|
137
137
|
params: params
|
|
138
138
|
)
|
|
139
|
-
services_by_ips.push(
|
|
139
|
+
services_by_ips.push(response)
|
|
140
140
|
rescue StandardError => e
|
|
141
141
|
services_by_ips.push(error: e.message)
|
|
142
142
|
next
|
|
@@ -172,12 +172,11 @@ module PWN
|
|
|
172
172
|
}
|
|
173
173
|
end
|
|
174
174
|
|
|
175
|
-
|
|
175
|
+
shodan_rest_call(
|
|
176
176
|
api_key: api_key,
|
|
177
177
|
rest_call: 'shodan/host/count',
|
|
178
178
|
params: params
|
|
179
179
|
)
|
|
180
|
-
JSON.parse(response, symbolize_names: true)
|
|
181
180
|
rescue StandardError => e
|
|
182
181
|
raise e
|
|
183
182
|
end
|
|
@@ -207,12 +206,11 @@ module PWN
|
|
|
207
206
|
}
|
|
208
207
|
end
|
|
209
208
|
|
|
210
|
-
|
|
209
|
+
shodan_rest_call(
|
|
211
210
|
api_key: api_key,
|
|
212
211
|
rest_call: 'shodan/host/search',
|
|
213
212
|
params: params
|
|
214
213
|
)
|
|
215
|
-
JSON.parse(response, symbolize_names: true)
|
|
216
214
|
rescue StandardError => e
|
|
217
215
|
raise e
|
|
218
216
|
end
|
|
@@ -232,12 +230,11 @@ module PWN
|
|
|
232
230
|
query: query
|
|
233
231
|
}
|
|
234
232
|
|
|
235
|
-
|
|
233
|
+
shodan_rest_call(
|
|
236
234
|
api_key: api_key,
|
|
237
235
|
rest_call: 'shodan/host/search/tokens',
|
|
238
236
|
params: params
|
|
239
237
|
)
|
|
240
|
-
JSON.parse(response, symbolize_names: true)
|
|
241
238
|
rescue StandardError => e
|
|
242
239
|
raise e
|
|
243
240
|
end
|
|
@@ -251,12 +248,11 @@ module PWN
|
|
|
251
248
|
api_key = opts[:api_key].to_s.scrub
|
|
252
249
|
|
|
253
250
|
params = { key: api_key }
|
|
254
|
-
|
|
251
|
+
shodan_rest_call(
|
|
255
252
|
api_key: api_key,
|
|
256
253
|
rest_call: 'shodan/ports',
|
|
257
254
|
params: params
|
|
258
255
|
)
|
|
259
|
-
JSON.parse(response, symbolize_names: true)
|
|
260
256
|
rescue StandardError => e
|
|
261
257
|
raise e
|
|
262
258
|
end
|
|
@@ -270,12 +266,11 @@ module PWN
|
|
|
270
266
|
api_key = opts[:api_key].to_s.scrub
|
|
271
267
|
|
|
272
268
|
params = { key: api_key }
|
|
273
|
-
|
|
269
|
+
shodan_rest_call(
|
|
274
270
|
api_key: api_key,
|
|
275
271
|
rest_call: 'shodan/protocols',
|
|
276
272
|
params: params
|
|
277
273
|
)
|
|
278
|
-
JSON.parse(response, symbolize_names: true)
|
|
279
274
|
rescue StandardError => e
|
|
280
275
|
raise e
|
|
281
276
|
end
|
|
@@ -292,14 +287,13 @@ module PWN
|
|
|
292
287
|
|
|
293
288
|
params = { key: api_key }
|
|
294
289
|
http_body = "ips=#{target_ips}"
|
|
295
|
-
|
|
290
|
+
shodan_rest_call(
|
|
296
291
|
http_method: :post,
|
|
297
292
|
api_key: api_key,
|
|
298
293
|
rest_call: 'shodan/scan',
|
|
299
294
|
params: params,
|
|
300
295
|
http_body: http_body
|
|
301
296
|
)
|
|
302
|
-
JSON.parse(response, symbolize_names: true)
|
|
303
297
|
rescue StandardError => e
|
|
304
298
|
raise e
|
|
305
299
|
end
|
|
@@ -318,14 +312,13 @@ module PWN
|
|
|
318
312
|
|
|
319
313
|
params = { key: api_key }
|
|
320
314
|
http_body = "port=#{port}&protocol=#{protocol}"
|
|
321
|
-
|
|
315
|
+
shodan_rest_call(
|
|
322
316
|
http_method: :post,
|
|
323
317
|
api_key: api_key,
|
|
324
318
|
rest_call: 'shodan/scan/internet',
|
|
325
319
|
params: params,
|
|
326
320
|
http_body: http_body
|
|
327
321
|
)
|
|
328
|
-
JSON.parse(response, symbolize_names: true)
|
|
329
322
|
rescue StandardError => e
|
|
330
323
|
raise e
|
|
331
324
|
end
|
|
@@ -344,12 +337,11 @@ module PWN
|
|
|
344
337
|
key: api_key
|
|
345
338
|
}
|
|
346
339
|
|
|
347
|
-
|
|
340
|
+
shodan_rest_call(
|
|
348
341
|
api_key: api_key,
|
|
349
342
|
rest_call: "shodan/scan/status/#{scan_id}",
|
|
350
343
|
params: params
|
|
351
344
|
)
|
|
352
|
-
JSON.parse(response, symbolize_names: true)
|
|
353
345
|
rescue StandardError => e
|
|
354
346
|
raise e
|
|
355
347
|
end
|
|
@@ -363,12 +355,11 @@ module PWN
|
|
|
363
355
|
api_key = opts[:api_key].to_s.scrub
|
|
364
356
|
|
|
365
357
|
params = { key: api_key }
|
|
366
|
-
|
|
358
|
+
shodan_rest_call(
|
|
367
359
|
api_key: api_key,
|
|
368
360
|
rest_call: 'shodan/services',
|
|
369
361
|
params: params
|
|
370
362
|
)
|
|
371
|
-
JSON.parse(response, symbolize_names: true)
|
|
372
363
|
rescue StandardError => e
|
|
373
364
|
raise e
|
|
374
365
|
end
|
|
@@ -393,12 +384,12 @@ module PWN
|
|
|
393
384
|
sort: sort.to_s,
|
|
394
385
|
order: order.to_s
|
|
395
386
|
}
|
|
396
|
-
|
|
387
|
+
|
|
388
|
+
shodan_rest_call(
|
|
397
389
|
api_key: api_key,
|
|
398
390
|
rest_call: 'shodan/query',
|
|
399
391
|
params: params
|
|
400
392
|
)
|
|
401
|
-
JSON.parse(response, symbolize_names: true)
|
|
402
393
|
rescue StandardError => e
|
|
403
394
|
raise e
|
|
404
395
|
end
|
|
@@ -422,12 +413,11 @@ module PWN
|
|
|
422
413
|
params = { key: api_key }
|
|
423
414
|
end
|
|
424
415
|
|
|
425
|
-
|
|
416
|
+
shodan_rest_call(
|
|
426
417
|
api_key: api_key,
|
|
427
418
|
rest_call: 'shodan/query/tags',
|
|
428
419
|
params: params
|
|
429
420
|
)
|
|
430
|
-
JSON.parse(response, symbolize_names: true)
|
|
431
421
|
rescue StandardError => e
|
|
432
422
|
raise e
|
|
433
423
|
end
|
|
@@ -441,12 +431,11 @@ module PWN
|
|
|
441
431
|
api_key = opts[:api_key].to_s.scrub
|
|
442
432
|
|
|
443
433
|
params = { key: api_key }
|
|
444
|
-
|
|
434
|
+
shodan_rest_call(
|
|
445
435
|
api_key: api_key,
|
|
446
436
|
rest_call: 'account/profile',
|
|
447
437
|
params: params
|
|
448
438
|
)
|
|
449
|
-
JSON.parse(response, symbolize_names: true)
|
|
450
439
|
rescue StandardError => e
|
|
451
440
|
raise e
|
|
452
441
|
end
|
|
@@ -478,12 +467,11 @@ module PWN
|
|
|
478
467
|
api_key = opts[:api_key].to_s.scrub
|
|
479
468
|
|
|
480
469
|
params = { key: api_key }
|
|
481
|
-
|
|
470
|
+
shodan_rest_call(
|
|
482
471
|
api_key: api_key,
|
|
483
472
|
rest_call: 'api-info',
|
|
484
473
|
params: params
|
|
485
474
|
)
|
|
486
|
-
JSON.parse(response, symbolize_names: true)
|
|
487
475
|
rescue StandardError => e
|
|
488
476
|
raise e
|
|
489
477
|
end
|
data/lib/pwn/version.rb
CHANGED
data/lib/pwn/www/hacker_one.rb
CHANGED
|
@@ -119,26 +119,24 @@ module PWN
|
|
|
119
119
|
File.write(path, JSON.pretty_generate(json_resp))
|
|
120
120
|
else
|
|
121
121
|
programs_arr.each do |program|
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
next
|
|
141
|
-
end
|
|
122
|
+
name = program[:name]
|
|
123
|
+
burp_download_link = program[:burp_target_config]
|
|
124
|
+
path = "./burp_target_config_file-#{name}.json" if opts[:root_dir].nil?
|
|
125
|
+
path = "#{root_dir}/burp_target_config_file-#{name}.json" unless opts[:root_dir].nil?
|
|
126
|
+
|
|
127
|
+
resp = rest_client.execute(
|
|
128
|
+
method: :get,
|
|
129
|
+
headers: { user_agent: user_agent },
|
|
130
|
+
url: burp_download_link
|
|
131
|
+
)
|
|
132
|
+
json_resp = JSON.parse(resp.body)
|
|
133
|
+
|
|
134
|
+
puts "Saving to: #{path}"
|
|
135
|
+
File.write(path, JSON.pretty_generate(json_resp))
|
|
136
|
+
rescue JSON::ParserError,
|
|
137
|
+
RestClient::NotFound
|
|
138
|
+
puts '-'
|
|
139
|
+
next
|
|
142
140
|
end
|
|
143
141
|
end
|
|
144
142
|
puts 'complete.'
|