RubyGems - pwn - Versions diffs - 0.4.877 → 0.4.879 - Mend

pwn 0.4.877 → 0.4.879

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9940d248fa63034f7159ebbbe6bcc15808acb4fa8a96bcccc248ad466266a64d
-  data.tar.gz: 74720516df1cf002ae010ccd08010cf0af44dc3437284943b19c8d61e67d1809
+  metadata.gz: 5420e18a9f3591fb4a6b3b630569752837738607a572c5bc44a72f158f1e3c1a
+  data.tar.gz: 2528859528b403be16080e0d443b65a884ebc4979887fe0faaae078ea537b6d7
 SHA512:
-  metadata.gz: 4c0b194b22ce4bb6207d588ebf51f9343f6cb98989574afbbaeb0790758e30e6f9210e7a59943470208a5ebbc691a3afa4b17f5af7a7d6b8d7b5bfa91ca230b8
-  data.tar.gz: 0dbf0bdb3209aebef5e334808c16fdfe207a3040b34a3e3db19cec8faffce0527d1533a40cb23e0537130952fe15cb2de56e2a12c97d7b3e0e67d86cefc81188
+  metadata.gz: d23d25ff25f48423f9e1cd06f21f86f8c13a78db47c0da27d6d1ff176e830a78809ff3a007f28218366253f66d77fe42be1bc82260a53aafa9fff6dad235c83b
+  data.tar.gz: ef7bcf278c79ea39b59d035d0bf027ba414b050f7a6f487825ed80462f2c6d4d93b20a1b42b5a99081f0e9c0775e46a112cc89c9700261b14eb4bf8eb3646a88

data/Gemfile CHANGED Viewed

@@ -83,7 +83,7 @@ gem 'sinatra', '3.1.0'
 gem 'slack-ruby-client', '2.1.0'
 gem 'socksify', '1.7.1'
 gem 'spreadsheet', '1.3.0'
-gem 'sqlite3', '1.6.3'
+gem 'sqlite3', '1.6.4'
 gem 'thin', '1.8.2'
 gem 'tty-prompt', '0.23.1'
 gem 'tty-spinner', '0.9.3'
@@ -92,4 +92,4 @@ gem 'waveform', '0.1.3'
 gem 'webrick', '1.8.1'
 gem 'whois', '5.1.0'
 gem 'whois-parser', '2.0.0'
-gem 'wicked_pdf', '2.6.3'
+gem 'wicked_pdf', '2.7.0'

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.877]:001 >>> PWN.help
+pwn[v0.4.879]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.877]:001 >>> PWN.help
+pwn[v0.4.879]:001 >>> PWN.help
 ```

data/bin/pwn_www_checkip CHANGED Viewed

@@ -47,7 +47,12 @@ begin
   end
   puts "PUBLIC IP: #{public_ip_address}"
-  puts PWN::Plugins::IPInfo.get(ip_or_host: public_ip_address) unless ipinfo.nil?
+  if ipinfo
+    puts PWN::Plugins::IPInfo.get(
+      ip_or_host: public_ip_address,
+      proxy: proxy
+    )
+  end
 rescue StandardError => e
   raise e
 ensure

data/lib/pwn/plugins/ip_info.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require 'ipaddress'
+require 'openssl'
 require 'resolv'
 module PWN
@@ -47,13 +48,17 @@ module PWN
       # Supported Method Parameters::
       # ip_info_struc = PWN::Plugins::IPInfo.get(
       #   ip_or_host: 'required - IP or Host to lookup',
-      #   proxy: 'optional - use a proxy'
+      #   proxy: 'optional - use a proxy',
+      #   tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.'
       # )
       public_class_method def self.get(opts = {})
         ip_or_host = opts[:ip_or_host].to_s.scrub.strip.chomp
         proxy = opts[:proxy]
+        tls_port = opts[:tls_port]
+        tls_port ||= 443
+        ip_info_resp = []
         if IPAddress.valid?(ip_or_host)
           if proxy
             ip_resp_json = ip_info_rest_call(ip: ip_or_host, proxy: proxy)
@@ -61,18 +66,39 @@ module PWN
             ip_resp_json = ip_info_rest_call(ip: ip_or_host)
           end
-          ip_resp_json
+          ip_info_resp.push(ip_resp_json)
         else
-          host_resp_json = []
           Resolv::DNS.new.each_address(ip_or_host) do |ip|
-            host_resp_json.push(ip_info_rest_call(ip: ip))
+            ip_info_resp.push(ip_info_rest_call(ip: ip))
           end
-          if host_resp_json.length == 1
-            host_resp_json[0]
-          else
-            host_resp_json
+        end
+        if proxy.nil?
+          ip_info_resp.each do |ip_resp|
+            # TODO: add this block as a method in PWN::Plugins::Sock
+            tls_port_avail = PWN::Plugins::Sock.check_port_in_use(
+              server_ip: ip_or_host,
+              server_port: tls_port
+            )
+            ip_resp[:tls_avail] = tls_port_avail
+            next unless tls_port_avail
+            tls_sock_obj = PWN::Plugins::Sock.connect(
+              target: ip_or_host,
+              port: tls_port,
+              protocol: :tcp,
+              tls: true
+            )
+            tls_sock_obj.sync_close = true
+            cert = tls_sock.peer_cert
+            ip_resp[:cert_txt] = cert.to_text
+            ip_resp[:cert_obj] = cert
+            PWN::Plugins::Sock.disconnect(sock_obj: tls_sock_obj)
           end
         end
+        ip_info_resp
       rescue StandardError => e
         raise e
       end
@@ -91,7 +117,8 @@ module PWN
         puts "USAGE:
           ip_info_struc = #{self}.get(
             ip_or_host: 'required - IP or Host to lookup',
-            proxy: 'optional - use a proxy'
+            proxy: 'optional - use a proxy',
+            tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.'
           )
           #{self}.authors

data/lib/pwn/plugins/sock.rb CHANGED Viewed

@@ -20,8 +20,14 @@ module PWN
       public_class_method def self.connect(opts = {})
         target = opts[:target].to_s.scrub
         port = opts[:port].to_i
-        opts[:protocol].nil? ? protocol = :tcp : protocol = opts[:protocol].to_s.downcase.to_sym
-        opts[:tls].nil? ? tls = false : tls = true
+        protocol = opts[:protocol]
+        protocol ||= :tcp
+        # TODO: Add proxy support
+        tls = true if opts[:tls]
+        tls ||= false
         case protocol
         when :tcp
@@ -91,6 +97,8 @@ module PWN
         protocol = opts[:protocol]
         protocol ||= :tcp
+        # TODO: Add proxy support
         ct = 1
         s = Socket.tcp(server_ip, port, connect_timeout: ct) if protocol == :tcp
         s = Socket.udp(server_ip, port, connect_timeout: ct) if protocol == :udp

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.4.877'
+  VERSION = '0.4.879'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.877
+  version: 0.4.879
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-23 00:00:00.000000000 Z
+date: 2023-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -1010,14 +1010,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.3
+        version: 1.6.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.3
+        version: 1.6.4
 - !ruby/object:Gem::Dependency
   name: thin
   requirement: !ruby/object:Gem::Requirement
@@ -1136,14 +1136,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.3
+        version: 2.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.3
+        version: 2.7.0
 description: https://github.com/0dayinc/pwn/README.md
 email:
 - request.pentest@0dayinc.com
@@ -1183,7 +1183,6 @@ executables:
 - pwn_openvas_vulnscan
 - pwn_owasp_zap_active_scan
 - pwn_pastebin_sample_filter
-- pwn_perimeter_recon
 - pwn_phone
 - pwn_sast
 - pwn_serial_check_voicemail
@@ -1250,7 +1249,6 @@ files:
 - bin/pwn_openvas_vulnscan
 - bin/pwn_owasp_zap_active_scan
 - bin/pwn_pastebin_sample_filter
-- bin/pwn_perimeter_recon
 - bin/pwn_phone
 - bin/pwn_sast
 - bin/pwn_serial_check_voicemail

data/bin/pwn_perimeter_recon DELETED Viewed

@@ -1,326 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-require 'pwn'
-require 'optparse'
-require 'uri'
-require 'json'
-opts = {}
-OptionParser.new do |options|
-  options.banner = "USAGE:
-    #{$PROGRAM_NAME} [opts]
-  "
-  options.on('-tDOMAINS', '--targets=DOMAINS', '<Required - Comma-Delimited List of Target Domains>') do |t|
-    opts[:targets] = t
-  end
-  options.on('-dDIR', '--output-dir=DIR', '<Required - Directory to Save Results>') do |d|
-    opts[:output_dir] = d
-  end
-  options.on('-eEXCLUDE', '--exclude-domains=EXCLUDE', '<Optional - Comma-Delimited List of Domains to Exclude>') do |e|
-    opts[:exclude_domains] = e
-  end
-  options.on('-sSUBLIST3R', '--sublist3r-path=SUBLIST3R', '<Optional - Path to Sublist3r>') do |s|
-    opts[:sublist3r_path] = s
-  end
-  options.on('-i', '--[no-]ipinfo', '<Optional - Leverage ipinfo.com on Domains (Defaults to false)>') do |i|
-    opts[:ipinfo] = i
-  end
-  options.on('-nNMAP', '--nmap-path=NMAP', '<Optional - Path to Nmap>') do |n|
-    opts[:nmap_path] = n
-  end
-  options.on('-EWITNESS', '--eyewitness-path=WITNESS', '<Optional - Path to eyewitness/Requires Nmap Flag>') do |w|
-    opts[:eyewitness_path] = w
-  end
-  options.on('-bBURP', '--burp-path=BURP', '<Optional - Path to Burp>') do |b|
-    opts[:burp_path] = b
-  end
-  options.on('-r', '--[no-]resume-last-scan', '<Optional - Resume Last Scan (Defaults to false)>') do |r|
-    opts[:resume_last_scan] = r
-  end
-end.parse!
-if opts.empty?
-  puts `#{$PROGRAM_NAME} --help`
-  exit 1
-end
-# Colors!
-@red = "\e[31m"
-@green = "\e[32m"
-@yellow = "\e[33m"
-@end_of_color = "\e[0m"
-# Required Flag Variables
-targets = opts[:targets].to_s.scrub.strip.chomp.delete("\s").split(',')
-output_dir = opts[:output_dir].to_s.scrub.strip.chomp if Dir.exist?(opts[:output_dir].to_s.scrub.strip.chomp)
-if opts[:resume_last_scan]
-  @resume_last_scan = opts[:resume_last_scan]
-  @runtime_timestamp = File.basename(Dir.glob("#{output_dir}/target_domains*")[-1]).split('-')[-6..-1].join('-').split('.txt')[0]
-  target_domains = "#{output_dir}/target_domains-#{@runtime_timestamp}.txt"
-else
-  @resume_last_scan = nil
-  @runtime_timestamp = Time.now.strftime('%Y-%m-%d-%H-%M-%S')
-  target_domains = "#{output_dir}/target_domains-#{@runtime_timestamp}.txt"
-  File.open(target_domains, 'w') do |f|
-    targets.each do |target|
-      f.puts target
-    end
-  end
-end
-exclude_domains = opts[:exclude_domains].to_s.scrub.strip.chomp.delete("\s").split(',')
-ipinfo = opts[:ipinfo]
-sublist3r_path = opts[:sublist3r_path].to_s.scrub.strip.chomp
-burp_path = opts[:burp_path].to_s.scrub.strip.chomp
-nmap_path = opts[:nmap_path].to_s.scrub.strip.chomp
-eyewitness_path = opts[:eyewitness_path].to_s.scrub.strip.chomp
-def invoke_burp(opts = {})
-  burp_path = opts[:burp_path]
-  burp_target = opts[:burp_target]
-  port_number = opts[:port_number]
-  port_protocol = opts[:port_protocol]
-  output_dir = opts[:output_dir]
-  use_https = opts[:use_https]
-  target_domain = URI.parse(burp_target).host
-  json_results = "#{output_dir}/#{target_domain}-#{port_protocol}-#{port_number}-#{@runtime_timestamp}-burpsuite_activescan.json"
-  html_results = "#{output_dir}/#{target_domain}-#{port_protocol}-#{port_number}-#{@runtime_timestamp}-burpsuite_activescan.html"
-  if File.exist?(json_results)
-    puts "#{@yellow}Already Exists: #{json_results}#{@end_of_color}"
-  else
-    burp_obj = PWN::Plugins::BurpSuite.start(
-      burp_jar_path: burp_path,
-      headless: true,
-      browser_type: :headless
-    )
-    PWN::Plugins::BurpSuite.disable_proxy(
-      burp_obj: burp_obj
-    )
-    browser_obj = burp_obj[:burp_browser]
-    puts "#{@green}Navigating to: #{burp_target}#{@end_of_color}"
-    browser_obj.goto(burp_target)
-    puts "#{@green}Invoking Active Scan...#{@end_of_color}"
-    json_scan_queue = PWN::Plugins::BurpSuite.invoke_active_scan(
-      burp_obj: burp_obj,
-      target_url: burp_target,
-      use_https: use_https
-    )
-    puts "#{@green}complete.#{@end_of_color}"
-    print "#{@green}Generating Burp Suite Active Scan JSON Results...#{@end_of_color}"
-    scan_issues_hash = PWN::Plugins::BurpSuite.get_scan_issues(
-      burp_obj: burp_obj
-    )
-    File.open(json_results, 'w') do |f|
-      f.puts JSON.pretty_generate(scan_issues_hash)
-    end
-    puts "#{@green}complete.#{@end_of_color}\n\n\n"
-    print "#{@green}Generating Burp Suite Active Scan HTML Results...#{@end_of_color}"
-    PWN::Plugins::BurpSuite.generate_scan_report(
-      burp_obj: burp_obj,
-      report_type: :html,
-      output_path: html_results
-    )
-    burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj)
-    puts "#{@green}complete.#{@end_of_color}\n\n\n"
-  end
-rescue StandardError => e
-  puts "#{@red}#{e}#{@end_of_color}"
-ensure
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
-end
-# Run Sublist3r to find as many domains as possible for a given FQDN
-unless sublist3r_path == ''
-  if @resume_last_scan.nil?
-    sublist3r_target_domains_arr = []
-    File.readlines(target_domains).uniq.each do |s_line|
-      sublist3r_target = s_line.to_s.scrub.strip.chomp
-      sublist3r_results = "#{output_dir}/#{sublist3r_target}-#{@runtime_timestamp}-sublist3r.txt"
-      print "#{@green}Sublist3r Domain Discovery #{sublist3r_target}...#{@end_of_color}"
-      puts `python #{sublist3r_path} -v -d #{sublist3r_target} -o #{sublist3r_results}`
-      File.readlines(sublist3r_results).uniq.each do |sr_line|
-        discovered_domain = sr_line.to_s.scrub.strip.chomp
-        sublist3r_target_domains_arr.push(discovered_domain)
-      end
-      puts "#{@green}complete.#{@end_of_color}"
-    end
-    File.open(target_domains, 'a') do |f|
-      sublist3r_target_domains_arr.uniq do |discovered_domain|
-        if URI.parse(discovered_domain).host.nil?
-          f.puts discovered_domain unless exclude_domains.include?(discovered_domain)
-        else
-          parsed_domain = URI.parse(discovered_domain).host
-          f.puts parsed_domain unless exclude_domains.include?(parsed_domain)
-        end
-      end
-    end
-  else
-    puts "#{@yellow}Resuming scan from #{target_domains}...#{@end_of_color}"
-  end
-end
-# Obtain additional information about the targeted hosts...
-unless ipinfo.nil?
-  File.readlines(target_domains).uniq.each do |h_line|
-    ipinfo_target = h_line.to_s.scrub.strip.chomp
-    ipinfo_json_results = "#{output_dir}/#{ipinfo_target}-#{@runtime_timestamp}-ipinfo.json"
-    puts "#{@yellow}Already Exists: #{ipinfo_json_results}#{@end_of_color}" if File.exist?(ipinfo_json_results)
-    next if exclude_domains.include?(ipinfo_target) || File.exist?(ipinfo_json_results)
-    ipinfo_struc = PWN::Plugins::IPInfo.get(ip_or_host: ipinfo_target)
-    File.open(ipinfo_json_results, 'w') do |f|
-      f.puts JSON.pretty_generate(ipinfo_struc)
-    end
-  end
-end
-unless nmap_path == ''
-  print "#{@green}Nmap all the things...#{@end_of_color}"
-  File.readlines(target_domains).uniq.each do |n_line|
-    nmap_target = n_line.to_s.scrub.strip.chomp
-    nmap_xml_results = "#{output_dir}/#{nmap_target}-#{@runtime_timestamp}-nmap_default.xml"
-    puts "#{@yellow}Already Exists: #{nmap_xml_results}#{@end_of_color}" if File.exist?(nmap_xml_results)
-    next if exclude_domains.include?(nmap_target)
-    begin
-      unless File.exist?(nmap_xml_results)
-        PWN::Plugins::NmapIt.port_scan do |nmap|
-          nmap.connect_scan = true
-          nmap.service_scan = true
-          nmap.os_fingerprint = true
-          nmap.verbose = true
-          nmap.targets = nmap_target
-          nmap.xml = nmap_xml_results
-        end
-      end
-      # Eyewitness Nmap XML Results
-      unless eyewitness_path == ''
-        print "#{@green}Eyewitness Nmap XML Results...#{@end_of_color}"
-        system(
-          eyewitness_path,
-          '-x',
-          nmap_xml_results,
-          '-d',
-          "#{output_dir}/#{nmap_target}-#{@runtime_timestamp}",
-          '--no-prompt',
-          '--all-protocols'
-        )
-      end
-      PWN::Plugins::NmapIt.parse_xml_results(xml_file: nmap_xml_results) do |xml|
-        xml.each_host do |host|
-          puts "#{@green}#{host.hostname}#{@end_of_color}"
-          host.scripts.each do |name, output|
-            puts name
-            output.each_line { |h_line| puts h_line }
-          end
-          host.each_port do |port|
-            puts "#{@yellow}#{port.number}|#{port.protocol}|#{port.state}|#{port.reason}|#{port.service}#{@end_of_color}"
-            case port.number.to_i
-            when 80
-              burp_target = "http://#{nmap_target}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir,
-                  use_https: false
-                )
-              end
-            when 443
-              burp_target = "https://#{nmap_target}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir,
-                  use_https: true
-                )
-              end
-            when 8080
-              burp_target = "http://#{nmap_target}:#{port.number}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir,
-                  use_https: false
-                )
-              end
-            when 8443
-              burp_target = "https://#{nmap_target}:#{port.number}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir,
-                  use_https: true
-                )
-              end
-            when 8888
-              burp_target = "http://#{nmap_target}:#{port.number}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir
-                )
-              end
-            else
-              puts "Nothing special implemented for #{port.protocol} #{port.number}"
-            end
-            port.scripts.each do |name, output|
-              puts name
-              output.each_line { |p_line| puts p_line }
-            end
-          end
-        end
-      end
-    rescue StandardError => e
-      puts "#{@red}#{e}#{@end_of_color}"
-      next
-    end
-  end
-  puts "#{@green}complete.#{@end_of_color}"
-end