RubyGems - pwn - Versions diffs - 0.4.878 → 0.4.879 - Mend

pwn 0.4.878 → 0.4.879

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 450271257b289d976f4c1373ba81eac8d8aa226e0f82b4715712fc96d90bc391
-  data.tar.gz: b807c0f1d1821a7edce6130358ab23a7ab7d59d0594ec3fa32f302cc2468453b
+  metadata.gz: 5420e18a9f3591fb4a6b3b630569752837738607a572c5bc44a72f158f1e3c1a
+  data.tar.gz: 2528859528b403be16080e0d443b65a884ebc4979887fe0faaae078ea537b6d7
 SHA512:
-  metadata.gz: 9591a3e82d36c758fc2637893796a2016aa4e5f3a01ef6b06298c2c287386ee9a1a4e4436ad2984e2e421348bd4a64c8000bfac0f178f82a86a1a31781180d05
-  data.tar.gz: aaa220274229a1a38779f9f03975374fe0ee0d61d0b51ae5d5b1422462aa965a802ded38d60f9fe55c2e44b35f10fb717e3c8c0e7a39afab7a84e5d80c3bcb7b
+  metadata.gz: d23d25ff25f48423f9e1cd06f21f86f8c13a78db47c0da27d6d1ff176e830a78809ff3a007f28218366253f66d77fe42be1bc82260a53aafa9fff6dad235c83b
+  data.tar.gz: ef7bcf278c79ea39b59d035d0bf027ba414b050f7a6f487825ed80462f2c6d4d93b20a1b42b5a99081f0e9c0775e46a112cc89c9700261b14eb4bf8eb3646a88

data/Gemfile CHANGED Viewed

@@ -83,7 +83,7 @@ gem 'sinatra', '3.1.0'
 gem 'slack-ruby-client', '2.1.0'
 gem 'socksify', '1.7.1'
 gem 'spreadsheet', '1.3.0'
-gem 'sqlite3', '1.6.3'
+gem 'sqlite3', '1.6.4'
 gem 'thin', '1.8.2'
 gem 'tty-prompt', '0.23.1'
 gem 'tty-spinner', '0.9.3'
@@ -92,4 +92,4 @@ gem 'waveform', '0.1.3'
 gem 'webrick', '1.8.1'
 gem 'whois', '5.1.0'
 gem 'whois-parser', '2.0.0'
-gem 'wicked_pdf', '2.6.3'
+gem 'wicked_pdf', '2.7.0'

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.878]:001 >>> PWN.help
+pwn[v0.4.879]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.878]:001 >>> PWN.help
+pwn[v0.4.879]:001 >>> PWN.help
 ```

data/bin/pwn_www_checkip CHANGED Viewed

@@ -47,7 +47,12 @@ begin
   end
   puts "PUBLIC IP: #{public_ip_address}"
-  puts PWN::Plugins::IPInfo.get(ip_or_host: public_ip_address) unless ipinfo.nil?
+  if ipinfo
+    puts PWN::Plugins::IPInfo.get(
+      ip_or_host: public_ip_address,
+      proxy: proxy
+    )
+  end
 rescue StandardError => e
   raise e
 ensure

data/lib/pwn/plugins/ip_info.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 require 'ipaddress'
+require 'openssl'
 require 'resolv'
 module PWN
@@ -47,13 +48,17 @@ module PWN
       # Supported Method Parameters::
       # ip_info_struc = PWN::Plugins::IPInfo.get(
       #   ip_or_host: 'required - IP or Host to lookup',
-      #   proxy: 'optional - use a proxy'
+      #   proxy: 'optional - use a proxy',
+      #   tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.'
       # )
       public_class_method def self.get(opts = {})
         ip_or_host = opts[:ip_or_host].to_s.scrub.strip.chomp
         proxy = opts[:proxy]
+        tls_port = opts[:tls_port]
+        tls_port ||= 443
+        ip_info_resp = []
         if IPAddress.valid?(ip_or_host)
           if proxy
             ip_resp_json = ip_info_rest_call(ip: ip_or_host, proxy: proxy)
@@ -61,18 +66,39 @@ module PWN
             ip_resp_json = ip_info_rest_call(ip: ip_or_host)
           end
-          ip_resp_json
+          ip_info_resp.push(ip_resp_json)
         else
-          host_resp_json = []
           Resolv::DNS.new.each_address(ip_or_host) do |ip|
-            host_resp_json.push(ip_info_rest_call(ip: ip))
+            ip_info_resp.push(ip_info_rest_call(ip: ip))
           end
-          if host_resp_json.length == 1
-            host_resp_json[0]
-          else
-            host_resp_json
+        end
+        if proxy.nil?
+          ip_info_resp.each do |ip_resp|
+            # TODO: add this block as a method in PWN::Plugins::Sock
+            tls_port_avail = PWN::Plugins::Sock.check_port_in_use(
+              server_ip: ip_or_host,
+              server_port: tls_port
+            )
+            ip_resp[:tls_avail] = tls_port_avail
+            next unless tls_port_avail
+            tls_sock_obj = PWN::Plugins::Sock.connect(
+              target: ip_or_host,
+              port: tls_port,
+              protocol: :tcp,
+              tls: true
+            )
+            tls_sock_obj.sync_close = true
+            cert = tls_sock.peer_cert
+            ip_resp[:cert_txt] = cert.to_text
+            ip_resp[:cert_obj] = cert
+            PWN::Plugins::Sock.disconnect(sock_obj: tls_sock_obj)
           end
         end
+        ip_info_resp
       rescue StandardError => e
         raise e
       end
@@ -91,7 +117,8 @@ module PWN
         puts "USAGE:
           ip_info_struc = #{self}.get(
             ip_or_host: 'required - IP or Host to lookup',
-            proxy: 'optional - use a proxy'
+            proxy: 'optional - use a proxy',
+            tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.'
           )
           #{self}.authors

data/lib/pwn/plugins/sock.rb CHANGED Viewed

@@ -20,8 +20,14 @@ module PWN
       public_class_method def self.connect(opts = {})
         target = opts[:target].to_s.scrub
         port = opts[:port].to_i
-        opts[:protocol].nil? ? protocol = :tcp : protocol = opts[:protocol].to_s.downcase.to_sym
-        opts[:tls].nil? ? tls = false : tls = true
+        protocol = opts[:protocol]
+        protocol ||= :tcp
+        # TODO: Add proxy support
+        tls = true if opts[:tls]
+        tls ||= false
         case protocol
         when :tcp
@@ -91,6 +97,8 @@ module PWN
         protocol = opts[:protocol]
         protocol ||= :tcp
+        # TODO: Add proxy support
         ct = 1
         s = Socket.tcp(server_ip, port, connect_timeout: ct) if protocol == :tcp
         s = Socket.udp(server_ip, port, connect_timeout: ct) if protocol == :udp

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.4.878'
+  VERSION = '0.4.879'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.878
+  version: 0.4.879
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-23 00:00:00.000000000 Z
+date: 2023-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -1010,14 +1010,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.3
+        version: 1.6.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.3
+        version: 1.6.4
 - !ruby/object:Gem::Dependency
   name: thin
   requirement: !ruby/object:Gem::Requirement
@@ -1136,14 +1136,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.3
+        version: 2.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.3
+        version: 2.7.0
 description: https://github.com/0dayinc/pwn/README.md
 email:
 - request.pentest@0dayinc.com
@@ -1183,7 +1183,6 @@ executables:
 - pwn_openvas_vulnscan
 - pwn_owasp_zap_active_scan
 - pwn_pastebin_sample_filter
-- pwn_perimeter_recon
 - pwn_phone
 - pwn_sast
 - pwn_serial_check_voicemail
@@ -1250,7 +1249,6 @@ files:
 - bin/pwn_openvas_vulnscan
 - bin/pwn_owasp_zap_active_scan
 - bin/pwn_pastebin_sample_filter
-- bin/pwn_perimeter_recon
 - bin/pwn_phone
 - bin/pwn_sast
 - bin/pwn_serial_check_voicemail

data/bin/pwn_perimeter_recon DELETED Viewed

@@ -1,326 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-require 'pwn'
-require 'optparse'
-require 'uri'
-require 'json'
-opts = {}
-OptionParser.new do |options|
-  options.banner = "USAGE:
-    #{$PROGRAM_NAME} [opts]
-  "
-  options.on('-tDOMAINS', '--targets=DOMAINS', '<Required - Comma-Delimited List of Target Domains>') do |t|
-    opts[:targets] = t
-  end
-  options.on('-dDIR', '--output-dir=DIR', '<Required - Directory to Save Results>') do |d|
-    opts[:output_dir] = d
-  end
-  options.on('-eEXCLUDE', '--exclude-domains=EXCLUDE', '<Optional - Comma-Delimited List of Domains to Exclude>') do |e|
-    opts[:exclude_domains] = e
-  end
-  options.on('-sSUBLIST3R', '--sublist3r-path=SUBLIST3R', '<Optional - Path to Sublist3r>') do |s|
-    opts[:sublist3r_path] = s
-  end
-  options.on('-i', '--[no-]ipinfo', '<Optional - Leverage ipinfo.com on Domains (Defaults to false)>') do |i|
-    opts[:ipinfo] = i
-  end
-  options.on('-nNMAP', '--nmap-path=NMAP', '<Optional - Path to Nmap>') do |n|
-    opts[:nmap_path] = n
-  end
-  options.on('-EWITNESS', '--eyewitness-path=WITNESS', '<Optional - Path to eyewitness/Requires Nmap Flag>') do |w|
-    opts[:eyewitness_path] = w
-  end
-  options.on('-bBURP', '--burp-path=BURP', '<Optional - Path to Burp>') do |b|
-    opts[:burp_path] = b
-  end
-  options.on('-r', '--[no-]resume-last-scan', '<Optional - Resume Last Scan (Defaults to false)>') do |r|
-    opts[:resume_last_scan] = r
-  end
-end.parse!
-if opts.empty?
-  puts `#{$PROGRAM_NAME} --help`
-  exit 1
-end
-# Colors!
-@red = "\e[31m"
-@green = "\e[32m"
-@yellow = "\e[33m"
-@end_of_color = "\e[0m"
-# Required Flag Variables
-targets = opts[:targets].to_s.scrub.strip.chomp.delete("\s").split(',')
-output_dir = opts[:output_dir].to_s.scrub.strip.chomp if Dir.exist?(opts[:output_dir].to_s.scrub.strip.chomp)
-if opts[:resume_last_scan]
-  @resume_last_scan = opts[:resume_last_scan]
-  @runtime_timestamp = File.basename(Dir.glob("#{output_dir}/target_domains*")[-1]).split('-')[-6..-1].join('-').split('.txt')[0]
-  target_domains = "#{output_dir}/target_domains-#{@runtime_timestamp}.txt"
-else
-  @resume_last_scan = nil
-  @runtime_timestamp = Time.now.strftime('%Y-%m-%d-%H-%M-%S')
-  target_domains = "#{output_dir}/target_domains-#{@runtime_timestamp}.txt"
-  File.open(target_domains, 'w') do |f|
-    targets.each do |target|
-      f.puts target
-    end
-  end
-end
-exclude_domains = opts[:exclude_domains].to_s.scrub.strip.chomp.delete("\s").split(',')
-ipinfo = opts[:ipinfo]
-sublist3r_path = opts[:sublist3r_path].to_s.scrub.strip.chomp
-burp_path = opts[:burp_path].to_s.scrub.strip.chomp
-nmap_path = opts[:nmap_path].to_s.scrub.strip.chomp
-eyewitness_path = opts[:eyewitness_path].to_s.scrub.strip.chomp
-def invoke_burp(opts = {})
-  burp_path = opts[:burp_path]
-  burp_target = opts[:burp_target]
-  port_number = opts[:port_number]
-  port_protocol = opts[:port_protocol]
-  output_dir = opts[:output_dir]
-  use_https = opts[:use_https]
-  target_domain = URI.parse(burp_target).host
-  json_results = "#{output_dir}/#{target_domain}-#{port_protocol}-#{port_number}-#{@runtime_timestamp}-burpsuite_activescan.json"
-  html_results = "#{output_dir}/#{target_domain}-#{port_protocol}-#{port_number}-#{@runtime_timestamp}-burpsuite_activescan.html"
-  if File.exist?(json_results)
-    puts "#{@yellow}Already Exists: #{json_results}#{@end_of_color}"
-  else
-    burp_obj = PWN::Plugins::BurpSuite.start(
-      burp_jar_path: burp_path,
-      headless: true,
-      browser_type: :headless
-    )
-    PWN::Plugins::BurpSuite.disable_proxy(
-      burp_obj: burp_obj
-    )
-    browser_obj = burp_obj[:burp_browser]
-    puts "#{@green}Navigating to: #{burp_target}#{@end_of_color}"
-    browser_obj.goto(burp_target)
-    puts "#{@green}Invoking Active Scan...#{@end_of_color}"
-    json_scan_queue = PWN::Plugins::BurpSuite.invoke_active_scan(
-      burp_obj: burp_obj,
-      target_url: burp_target,
-      use_https: use_https
-    )
-    puts "#{@green}complete.#{@end_of_color}"
-    print "#{@green}Generating Burp Suite Active Scan JSON Results...#{@end_of_color}"
-    scan_issues_hash = PWN::Plugins::BurpSuite.get_scan_issues(
-      burp_obj: burp_obj
-    )
-    File.open(json_results, 'w') do |f|
-      f.puts JSON.pretty_generate(scan_issues_hash)
-    end
-    puts "#{@green}complete.#{@end_of_color}\n\n\n"
-    print "#{@green}Generating Burp Suite Active Scan HTML Results...#{@end_of_color}"
-    PWN::Plugins::BurpSuite.generate_scan_report(
-      burp_obj: burp_obj,
-      report_type: :html,
-      output_path: html_results
-    )
-    burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj)
-    puts "#{@green}complete.#{@end_of_color}\n\n\n"
-  end
-rescue StandardError => e
-  puts "#{@red}#{e}#{@end_of_color}"
-ensure
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
-end
-# Run Sublist3r to find as many domains as possible for a given FQDN
-unless sublist3r_path == ''
-  if @resume_last_scan.nil?
-    sublist3r_target_domains_arr = []
-    File.readlines(target_domains).uniq.each do |s_line|
-      sublist3r_target = s_line.to_s.scrub.strip.chomp
-      sublist3r_results = "#{output_dir}/#{sublist3r_target}-#{@runtime_timestamp}-sublist3r.txt"
-      print "#{@green}Sublist3r Domain Discovery #{sublist3r_target}...#{@end_of_color}"
-      puts `python #{sublist3r_path} -v -d #{sublist3r_target} -o #{sublist3r_results}`
-      File.readlines(sublist3r_results).uniq.each do |sr_line|
-        discovered_domain = sr_line.to_s.scrub.strip.chomp
-        sublist3r_target_domains_arr.push(discovered_domain)
-      end
-      puts "#{@green}complete.#{@end_of_color}"
-    end
-    File.open(target_domains, 'a') do |f|
-      sublist3r_target_domains_arr.uniq do |discovered_domain|
-        if URI.parse(discovered_domain).host.nil?
-          f.puts discovered_domain unless exclude_domains.include?(discovered_domain)
-        else
-          parsed_domain = URI.parse(discovered_domain).host
-          f.puts parsed_domain unless exclude_domains.include?(parsed_domain)
-        end
-      end
-    end
-  else
-    puts "#{@yellow}Resuming scan from #{target_domains}...#{@end_of_color}"
-  end
-end
-# Obtain additional information about the targeted hosts...
-unless ipinfo.nil?
-  File.readlines(target_domains).uniq.each do |h_line|
-    ipinfo_target = h_line.to_s.scrub.strip.chomp
-    ipinfo_json_results = "#{output_dir}/#{ipinfo_target}-#{@runtime_timestamp}-ipinfo.json"
-    puts "#{@yellow}Already Exists: #{ipinfo_json_results}#{@end_of_color}" if File.exist?(ipinfo_json_results)
-    next if exclude_domains.include?(ipinfo_target) || File.exist?(ipinfo_json_results)
-    ipinfo_struc = PWN::Plugins::IPInfo.get(ip_or_host: ipinfo_target)
-    File.open(ipinfo_json_results, 'w') do |f|
-      f.puts JSON.pretty_generate(ipinfo_struc)
-    end
-  end
-end
-unless nmap_path == ''
-  print "#{@green}Nmap all the things...#{@end_of_color}"
-  File.readlines(target_domains).uniq.each do |n_line|
-    nmap_target = n_line.to_s.scrub.strip.chomp
-    nmap_xml_results = "#{output_dir}/#{nmap_target}-#{@runtime_timestamp}-nmap_default.xml"
-    puts "#{@yellow}Already Exists: #{nmap_xml_results}#{@end_of_color}" if File.exist?(nmap_xml_results)
-    next if exclude_domains.include?(nmap_target)
-    begin
-      unless File.exist?(nmap_xml_results)
-        PWN::Plugins::NmapIt.port_scan do |nmap|
-          nmap.connect_scan = true
-          nmap.service_scan = true
-          nmap.os_fingerprint = true
-          nmap.verbose = true
-          nmap.targets = nmap_target
-          nmap.xml = nmap_xml_results
-        end
-      end
-      # Eyewitness Nmap XML Results
-      unless eyewitness_path == ''
-        print "#{@green}Eyewitness Nmap XML Results...#{@end_of_color}"
-        system(
-          eyewitness_path,
-          '-x',
-          nmap_xml_results,
-          '-d',
-          "#{output_dir}/#{nmap_target}-#{@runtime_timestamp}",
-          '--no-prompt',
-          '--all-protocols'
-        )
-      end
-      PWN::Plugins::NmapIt.parse_xml_results(xml_file: nmap_xml_results) do |xml|
-        xml.each_host do |host|
-          puts "#{@green}#{host.hostname}#{@end_of_color}"
-          host.scripts.each do |name, output|
-            puts name
-            output.each_line { |h_line| puts h_line }
-          end
-          host.each_port do |port|
-            puts "#{@yellow}#{port.number}|#{port.protocol}|#{port.state}|#{port.reason}|#{port.service}#{@end_of_color}"
-            case port.number.to_i
-            when 80
-              burp_target = "http://#{nmap_target}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir,
-                  use_https: false
-                )
-              end
-            when 443
-              burp_target = "https://#{nmap_target}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir,
-                  use_https: true
-                )
-              end
-            when 8080
-              burp_target = "http://#{nmap_target}:#{port.number}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir,
-                  use_https: false
-                )
-              end
-            when 8443
-              burp_target = "https://#{nmap_target}:#{port.number}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir,
-                  use_https: true
-                )
-              end
-            when 8888
-              burp_target = "http://#{nmap_target}:#{port.number}"
-              unless burp_path == ''
-                invoke_burp(
-                  burp_path: burp_path,
-                  burp_target: burp_target,
-                  port_number: port.number,
-                  port_protocol: port.protocol,
-                  output_dir: output_dir
-                )
-              end
-            else
-              puts "Nothing special implemented for #{port.protocol} #{port.number}"
-            end
-            port.scripts.each do |name, output|
-              puts name
-              output.each_line { |p_line| puts p_line }
-            end
-          end
-        end
-      end
-    rescue StandardError => e
-      puts "#{@red}#{e}#{@end_of_color}"
-      next
-    end
-  end
-  puts "#{@green}complete.#{@end_of_color}"
-end