pwn 0.4.865 → 0.4.867
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop_todo.yml +0 -6
- data/README.md +2 -2
- data/bin/pwn_shodan_search +0 -4
- data/lib/pwn/plugins/burp_suite.rb +2 -2
- data/lib/pwn/plugins/shodan.rb +16 -28
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www/hacker_one.rb +18 -20
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 145befe33721bfed27906af44b0adecb461cc720998bb2b0e67cec388cd09337
|
4
|
+
data.tar.gz: d2f13d2a283176bc2f27bc7321265e60b17ee9b0e260a0e5e98409c65cefeac1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3a300155409cc978fc05c743d8a5e91261e93d712623c36adb0236d5c7ff718c0279d63e63654b4063ebd04ee4828792b052b5e25f503963142bdb479c2fccc6
|
7
|
+
data.tar.gz: ddfd5e53d6879c2747e5e41b39903ec77cdf67a6d391e79ed6b7e4a59e2d42b2a6d5c28386d5a7395ee84de9cf9ee8f696d72964294d8011fd3bdb9ec99fc349
|
data/.rubocop_todo.yml
CHANGED
@@ -92,12 +92,6 @@ Style/IfUnlessModifier:
|
|
92
92
|
- 'bin/pwn'
|
93
93
|
- 'lib/pwn/plugins/baresip.rb'
|
94
94
|
|
95
|
-
# Offense count: 1
|
96
|
-
# This cop supports safe autocorrection (--autocorrect).
|
97
|
-
Style/RedundantBegin:
|
98
|
-
Exclude:
|
99
|
-
- 'lib/pwn/www/hacker_one.rb'
|
100
|
-
|
101
95
|
# Offense count: 95
|
102
96
|
# This cop supports safe autocorrection (--autocorrect).
|
103
97
|
Style/RedundantCondition:
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.867]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.867]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn_shodan_search
CHANGED
@@ -84,10 +84,6 @@ begin
|
|
84
84
|
end
|
85
85
|
end
|
86
86
|
File.write(raw_query_results_file, JSON.pretty_generate(raw_results_arr))
|
87
|
-
rescue JSON::GeneratorError
|
88
|
-
# Sometimes we get source sequence is illegal/malformed utf-8
|
89
|
-
# errors, so we still attempt to write without pretty_generate
|
90
|
-
File.write(raw_query_results_file, raw_results_arr.to_json)
|
91
87
|
rescue SystemExit, Interrupt
|
92
88
|
puts "\nGoodbye."
|
93
89
|
end
|
@@ -100,7 +100,7 @@ module PWN
|
|
100
100
|
out_of_scope_arr = out_of_scope.select do |os|
|
101
101
|
URI.parse(uri).scheme =~ /#{os[:protocol]}/ &&
|
102
102
|
URI.parse(uri).host =~ /#{os[:host]}/ &&
|
103
|
-
URI.parse(uri).path =~ /#{os[:file]}/
|
103
|
+
(URI.parse(uri).path =~ /#{os[:file]}/ || URI.parse(uri).path == '')
|
104
104
|
end
|
105
105
|
return false unless out_of_scope_arr.empty?
|
106
106
|
|
@@ -108,7 +108,7 @@ module PWN
|
|
108
108
|
in_scope_arr = in_scope.select do |is|
|
109
109
|
URI.parse(uri).scheme =~ /#{is[:protocol]}/ &&
|
110
110
|
URI.parse(uri).host =~ /#{is[:host]}/ &&
|
111
|
-
URI.parse(uri).path =~ /#{is[:file]}/
|
111
|
+
(URI.parse(uri).path =~ /#{is[:file]}/ || URI.parse(uri).path == '')
|
112
112
|
end
|
113
113
|
return false if in_scope_arr.empty?
|
114
114
|
|
data/lib/pwn/plugins/shodan.rb
CHANGED
@@ -104,7 +104,7 @@ module PWN
|
|
104
104
|
else
|
105
105
|
raise @@logger.error("Unsupported HTTP Method #{http_method} for #{self} Plugin")
|
106
106
|
end
|
107
|
-
response
|
107
|
+
JSON.parse(response.scrub, symbolize_names: true)
|
108
108
|
rescue RestClient::TooManyRequests
|
109
109
|
print 'Too many requests. Sleeping 10s...'
|
110
110
|
sleep 10
|
@@ -136,7 +136,7 @@ module PWN
|
|
136
136
|
rest_call: "shodan/host/#{target_ip}",
|
137
137
|
params: params
|
138
138
|
)
|
139
|
-
services_by_ips.push(
|
139
|
+
services_by_ips.push(response)
|
140
140
|
rescue StandardError => e
|
141
141
|
services_by_ips.push(error: e.message)
|
142
142
|
next
|
@@ -172,12 +172,11 @@ module PWN
|
|
172
172
|
}
|
173
173
|
end
|
174
174
|
|
175
|
-
|
175
|
+
shodan_rest_call(
|
176
176
|
api_key: api_key,
|
177
177
|
rest_call: 'shodan/host/count',
|
178
178
|
params: params
|
179
179
|
)
|
180
|
-
JSON.parse(response, symbolize_names: true)
|
181
180
|
rescue StandardError => e
|
182
181
|
raise e
|
183
182
|
end
|
@@ -207,12 +206,11 @@ module PWN
|
|
207
206
|
}
|
208
207
|
end
|
209
208
|
|
210
|
-
|
209
|
+
shodan_rest_call(
|
211
210
|
api_key: api_key,
|
212
211
|
rest_call: 'shodan/host/search',
|
213
212
|
params: params
|
214
213
|
)
|
215
|
-
JSON.parse(response, symbolize_names: true)
|
216
214
|
rescue StandardError => e
|
217
215
|
raise e
|
218
216
|
end
|
@@ -232,12 +230,11 @@ module PWN
|
|
232
230
|
query: query
|
233
231
|
}
|
234
232
|
|
235
|
-
|
233
|
+
shodan_rest_call(
|
236
234
|
api_key: api_key,
|
237
235
|
rest_call: 'shodan/host/search/tokens',
|
238
236
|
params: params
|
239
237
|
)
|
240
|
-
JSON.parse(response, symbolize_names: true)
|
241
238
|
rescue StandardError => e
|
242
239
|
raise e
|
243
240
|
end
|
@@ -251,12 +248,11 @@ module PWN
|
|
251
248
|
api_key = opts[:api_key].to_s.scrub
|
252
249
|
|
253
250
|
params = { key: api_key }
|
254
|
-
|
251
|
+
shodan_rest_call(
|
255
252
|
api_key: api_key,
|
256
253
|
rest_call: 'shodan/ports',
|
257
254
|
params: params
|
258
255
|
)
|
259
|
-
JSON.parse(response, symbolize_names: true)
|
260
256
|
rescue StandardError => e
|
261
257
|
raise e
|
262
258
|
end
|
@@ -270,12 +266,11 @@ module PWN
|
|
270
266
|
api_key = opts[:api_key].to_s.scrub
|
271
267
|
|
272
268
|
params = { key: api_key }
|
273
|
-
|
269
|
+
shodan_rest_call(
|
274
270
|
api_key: api_key,
|
275
271
|
rest_call: 'shodan/protocols',
|
276
272
|
params: params
|
277
273
|
)
|
278
|
-
JSON.parse(response, symbolize_names: true)
|
279
274
|
rescue StandardError => e
|
280
275
|
raise e
|
281
276
|
end
|
@@ -292,14 +287,13 @@ module PWN
|
|
292
287
|
|
293
288
|
params = { key: api_key }
|
294
289
|
http_body = "ips=#{target_ips}"
|
295
|
-
|
290
|
+
shodan_rest_call(
|
296
291
|
http_method: :post,
|
297
292
|
api_key: api_key,
|
298
293
|
rest_call: 'shodan/scan',
|
299
294
|
params: params,
|
300
295
|
http_body: http_body
|
301
296
|
)
|
302
|
-
JSON.parse(response, symbolize_names: true)
|
303
297
|
rescue StandardError => e
|
304
298
|
raise e
|
305
299
|
end
|
@@ -318,14 +312,13 @@ module PWN
|
|
318
312
|
|
319
313
|
params = { key: api_key }
|
320
314
|
http_body = "port=#{port}&protocol=#{protocol}"
|
321
|
-
|
315
|
+
shodan_rest_call(
|
322
316
|
http_method: :post,
|
323
317
|
api_key: api_key,
|
324
318
|
rest_call: 'shodan/scan/internet',
|
325
319
|
params: params,
|
326
320
|
http_body: http_body
|
327
321
|
)
|
328
|
-
JSON.parse(response, symbolize_names: true)
|
329
322
|
rescue StandardError => e
|
330
323
|
raise e
|
331
324
|
end
|
@@ -344,12 +337,11 @@ module PWN
|
|
344
337
|
key: api_key
|
345
338
|
}
|
346
339
|
|
347
|
-
|
340
|
+
shodan_rest_call(
|
348
341
|
api_key: api_key,
|
349
342
|
rest_call: "shodan/scan/status/#{scan_id}",
|
350
343
|
params: params
|
351
344
|
)
|
352
|
-
JSON.parse(response, symbolize_names: true)
|
353
345
|
rescue StandardError => e
|
354
346
|
raise e
|
355
347
|
end
|
@@ -363,12 +355,11 @@ module PWN
|
|
363
355
|
api_key = opts[:api_key].to_s.scrub
|
364
356
|
|
365
357
|
params = { key: api_key }
|
366
|
-
|
358
|
+
shodan_rest_call(
|
367
359
|
api_key: api_key,
|
368
360
|
rest_call: 'shodan/services',
|
369
361
|
params: params
|
370
362
|
)
|
371
|
-
JSON.parse(response, symbolize_names: true)
|
372
363
|
rescue StandardError => e
|
373
364
|
raise e
|
374
365
|
end
|
@@ -393,12 +384,12 @@ module PWN
|
|
393
384
|
sort: sort.to_s,
|
394
385
|
order: order.to_s
|
395
386
|
}
|
396
|
-
|
387
|
+
|
388
|
+
shodan_rest_call(
|
397
389
|
api_key: api_key,
|
398
390
|
rest_call: 'shodan/query',
|
399
391
|
params: params
|
400
392
|
)
|
401
|
-
JSON.parse(response, symbolize_names: true)
|
402
393
|
rescue StandardError => e
|
403
394
|
raise e
|
404
395
|
end
|
@@ -422,12 +413,11 @@ module PWN
|
|
422
413
|
params = { key: api_key }
|
423
414
|
end
|
424
415
|
|
425
|
-
|
416
|
+
shodan_rest_call(
|
426
417
|
api_key: api_key,
|
427
418
|
rest_call: 'shodan/query/tags',
|
428
419
|
params: params
|
429
420
|
)
|
430
|
-
JSON.parse(response, symbolize_names: true)
|
431
421
|
rescue StandardError => e
|
432
422
|
raise e
|
433
423
|
end
|
@@ -441,12 +431,11 @@ module PWN
|
|
441
431
|
api_key = opts[:api_key].to_s.scrub
|
442
432
|
|
443
433
|
params = { key: api_key }
|
444
|
-
|
434
|
+
shodan_rest_call(
|
445
435
|
api_key: api_key,
|
446
436
|
rest_call: 'account/profile',
|
447
437
|
params: params
|
448
438
|
)
|
449
|
-
JSON.parse(response, symbolize_names: true)
|
450
439
|
rescue StandardError => e
|
451
440
|
raise e
|
452
441
|
end
|
@@ -478,12 +467,11 @@ module PWN
|
|
478
467
|
api_key = opts[:api_key].to_s.scrub
|
479
468
|
|
480
469
|
params = { key: api_key }
|
481
|
-
|
470
|
+
shodan_rest_call(
|
482
471
|
api_key: api_key,
|
483
472
|
rest_call: 'api-info',
|
484
473
|
params: params
|
485
474
|
)
|
486
|
-
JSON.parse(response, symbolize_names: true)
|
487
475
|
rescue StandardError => e
|
488
476
|
raise e
|
489
477
|
end
|
data/lib/pwn/version.rb
CHANGED
data/lib/pwn/www/hacker_one.rb
CHANGED
@@ -119,26 +119,24 @@ module PWN
|
|
119
119
|
File.write(path, JSON.pretty_generate(json_resp))
|
120
120
|
else
|
121
121
|
programs_arr.each do |program|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
next
|
141
|
-
end
|
122
|
+
name = program[:name]
|
123
|
+
burp_download_link = program[:burp_target_config]
|
124
|
+
path = "./burp_target_config_file-#{name}.json" if opts[:root_dir].nil?
|
125
|
+
path = "#{root_dir}/burp_target_config_file-#{name}.json" unless opts[:root_dir].nil?
|
126
|
+
|
127
|
+
resp = rest_client.execute(
|
128
|
+
method: :get,
|
129
|
+
headers: { user_agent: user_agent },
|
130
|
+
url: burp_download_link
|
131
|
+
)
|
132
|
+
json_resp = JSON.parse(resp.body)
|
133
|
+
|
134
|
+
puts "Saving to: #{path}"
|
135
|
+
File.write(path, JSON.pretty_generate(json_resp))
|
136
|
+
rescue JSON::ParserError,
|
137
|
+
RestClient::NotFound
|
138
|
+
puts '-'
|
139
|
+
next
|
142
140
|
end
|
143
141
|
end
|
144
142
|
puts 'complete.'
|