pwn 0.4.878 → 0.4.879
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -2
- data/README.md +2 -2
- data/bin/pwn_www_checkip +6 -1
- data/lib/pwn/plugins/ip_info.rb +36 -9
- data/lib/pwn/plugins/sock.rb +10 -2
- data/lib/pwn/version.rb +1 -1
- metadata +6 -8
- data/bin/pwn_perimeter_recon +0 -326
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5420e18a9f3591fb4a6b3b630569752837738607a572c5bc44a72f158f1e3c1a
|
4
|
+
data.tar.gz: 2528859528b403be16080e0d443b65a884ebc4979887fe0faaae078ea537b6d7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d23d25ff25f48423f9e1cd06f21f86f8c13a78db47c0da27d6d1ff176e830a78809ff3a007f28218366253f66d77fe42be1bc82260a53aafa9fff6dad235c83b
|
7
|
+
data.tar.gz: ef7bcf278c79ea39b59d035d0bf027ba414b050f7a6f487825ed80462f2c6d4d93b20a1b42b5a99081f0e9c0775e46a112cc89c9700261b14eb4bf8eb3646a88
|
data/Gemfile
CHANGED
@@ -83,7 +83,7 @@ gem 'sinatra', '3.1.0'
|
|
83
83
|
gem 'slack-ruby-client', '2.1.0'
|
84
84
|
gem 'socksify', '1.7.1'
|
85
85
|
gem 'spreadsheet', '1.3.0'
|
86
|
-
gem 'sqlite3', '1.6.
|
86
|
+
gem 'sqlite3', '1.6.4'
|
87
87
|
gem 'thin', '1.8.2'
|
88
88
|
gem 'tty-prompt', '0.23.1'
|
89
89
|
gem 'tty-spinner', '0.9.3'
|
@@ -92,4 +92,4 @@ gem 'waveform', '0.1.3'
|
|
92
92
|
gem 'webrick', '1.8.1'
|
93
93
|
gem 'whois', '5.1.0'
|
94
94
|
gem 'whois-parser', '2.0.0'
|
95
|
-
gem 'wicked_pdf', '2.
|
95
|
+
gem 'wicked_pdf', '2.7.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.879]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.879]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn_www_checkip
CHANGED
@@ -47,7 +47,12 @@ begin
|
|
47
47
|
end
|
48
48
|
|
49
49
|
puts "PUBLIC IP: #{public_ip_address}"
|
50
|
-
|
50
|
+
if ipinfo
|
51
|
+
puts PWN::Plugins::IPInfo.get(
|
52
|
+
ip_or_host: public_ip_address,
|
53
|
+
proxy: proxy
|
54
|
+
)
|
55
|
+
end
|
51
56
|
rescue StandardError => e
|
52
57
|
raise e
|
53
58
|
ensure
|
data/lib/pwn/plugins/ip_info.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'ipaddress'
|
4
|
+
require 'openssl'
|
4
5
|
require 'resolv'
|
5
6
|
|
6
7
|
module PWN
|
@@ -47,13 +48,17 @@ module PWN
|
|
47
48
|
# Supported Method Parameters::
|
48
49
|
# ip_info_struc = PWN::Plugins::IPInfo.get(
|
49
50
|
# ip_or_host: 'required - IP or Host to lookup',
|
50
|
-
# proxy: 'optional - use a proxy'
|
51
|
+
# proxy: 'optional - use a proxy',
|
52
|
+
# tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.'
|
51
53
|
# )
|
52
54
|
|
53
55
|
public_class_method def self.get(opts = {})
|
54
56
|
ip_or_host = opts[:ip_or_host].to_s.scrub.strip.chomp
|
55
57
|
proxy = opts[:proxy]
|
58
|
+
tls_port = opts[:tls_port]
|
59
|
+
tls_port ||= 443
|
56
60
|
|
61
|
+
ip_info_resp = []
|
57
62
|
if IPAddress.valid?(ip_or_host)
|
58
63
|
if proxy
|
59
64
|
ip_resp_json = ip_info_rest_call(ip: ip_or_host, proxy: proxy)
|
@@ -61,18 +66,39 @@ module PWN
|
|
61
66
|
ip_resp_json = ip_info_rest_call(ip: ip_or_host)
|
62
67
|
end
|
63
68
|
|
64
|
-
ip_resp_json
|
69
|
+
ip_info_resp.push(ip_resp_json)
|
65
70
|
else
|
66
|
-
host_resp_json = []
|
67
71
|
Resolv::DNS.new.each_address(ip_or_host) do |ip|
|
68
|
-
|
72
|
+
ip_info_resp.push(ip_info_rest_call(ip: ip))
|
69
73
|
end
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
+
end
|
75
|
+
|
76
|
+
if proxy.nil?
|
77
|
+
ip_info_resp.each do |ip_resp|
|
78
|
+
# TODO: add this block as a method in PWN::Plugins::Sock
|
79
|
+
tls_port_avail = PWN::Plugins::Sock.check_port_in_use(
|
80
|
+
server_ip: ip_or_host,
|
81
|
+
server_port: tls_port
|
82
|
+
)
|
83
|
+
|
84
|
+
ip_resp[:tls_avail] = tls_port_avail
|
85
|
+
next unless tls_port_avail
|
86
|
+
|
87
|
+
tls_sock_obj = PWN::Plugins::Sock.connect(
|
88
|
+
target: ip_or_host,
|
89
|
+
port: tls_port,
|
90
|
+
protocol: :tcp,
|
91
|
+
tls: true
|
92
|
+
)
|
93
|
+
tls_sock_obj.sync_close = true
|
94
|
+
cert = tls_sock.peer_cert
|
95
|
+
ip_resp[:cert_txt] = cert.to_text
|
96
|
+
ip_resp[:cert_obj] = cert
|
97
|
+
PWN::Plugins::Sock.disconnect(sock_obj: tls_sock_obj)
|
74
98
|
end
|
75
99
|
end
|
100
|
+
|
101
|
+
ip_info_resp
|
76
102
|
rescue StandardError => e
|
77
103
|
raise e
|
78
104
|
end
|
@@ -91,7 +117,8 @@ module PWN
|
|
91
117
|
puts "USAGE:
|
92
118
|
ip_info_struc = #{self}.get(
|
93
119
|
ip_or_host: 'required - IP or Host to lookup',
|
94
|
-
proxy: 'optional - use a proxy'
|
120
|
+
proxy: 'optional - use a proxy',
|
121
|
+
tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.'
|
95
122
|
)
|
96
123
|
|
97
124
|
#{self}.authors
|
data/lib/pwn/plugins/sock.rb
CHANGED
@@ -20,8 +20,14 @@ module PWN
|
|
20
20
|
public_class_method def self.connect(opts = {})
|
21
21
|
target = opts[:target].to_s.scrub
|
22
22
|
port = opts[:port].to_i
|
23
|
-
|
24
|
-
opts[:
|
23
|
+
|
24
|
+
protocol = opts[:protocol]
|
25
|
+
protocol ||= :tcp
|
26
|
+
|
27
|
+
# TODO: Add proxy support
|
28
|
+
|
29
|
+
tls = true if opts[:tls]
|
30
|
+
tls ||= false
|
25
31
|
|
26
32
|
case protocol
|
27
33
|
when :tcp
|
@@ -91,6 +97,8 @@ module PWN
|
|
91
97
|
protocol = opts[:protocol]
|
92
98
|
protocol ||= :tcp
|
93
99
|
|
100
|
+
# TODO: Add proxy support
|
101
|
+
|
94
102
|
ct = 1
|
95
103
|
s = Socket.tcp(server_ip, port, connect_timeout: ct) if protocol == :tcp
|
96
104
|
s = Socket.udp(server_ip, port, connect_timeout: ct) if protocol == :udp
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.879
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-08-
|
11
|
+
date: 2023-08-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -1010,14 +1010,14 @@ dependencies:
|
|
1010
1010
|
requirements:
|
1011
1011
|
- - '='
|
1012
1012
|
- !ruby/object:Gem::Version
|
1013
|
-
version: 1.6.
|
1013
|
+
version: 1.6.4
|
1014
1014
|
type: :runtime
|
1015
1015
|
prerelease: false
|
1016
1016
|
version_requirements: !ruby/object:Gem::Requirement
|
1017
1017
|
requirements:
|
1018
1018
|
- - '='
|
1019
1019
|
- !ruby/object:Gem::Version
|
1020
|
-
version: 1.6.
|
1020
|
+
version: 1.6.4
|
1021
1021
|
- !ruby/object:Gem::Dependency
|
1022
1022
|
name: thin
|
1023
1023
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1136,14 +1136,14 @@ dependencies:
|
|
1136
1136
|
requirements:
|
1137
1137
|
- - '='
|
1138
1138
|
- !ruby/object:Gem::Version
|
1139
|
-
version: 2.
|
1139
|
+
version: 2.7.0
|
1140
1140
|
type: :runtime
|
1141
1141
|
prerelease: false
|
1142
1142
|
version_requirements: !ruby/object:Gem::Requirement
|
1143
1143
|
requirements:
|
1144
1144
|
- - '='
|
1145
1145
|
- !ruby/object:Gem::Version
|
1146
|
-
version: 2.
|
1146
|
+
version: 2.7.0
|
1147
1147
|
description: https://github.com/0dayinc/pwn/README.md
|
1148
1148
|
email:
|
1149
1149
|
- request.pentest@0dayinc.com
|
@@ -1183,7 +1183,6 @@ executables:
|
|
1183
1183
|
- pwn_openvas_vulnscan
|
1184
1184
|
- pwn_owasp_zap_active_scan
|
1185
1185
|
- pwn_pastebin_sample_filter
|
1186
|
-
- pwn_perimeter_recon
|
1187
1186
|
- pwn_phone
|
1188
1187
|
- pwn_sast
|
1189
1188
|
- pwn_serial_check_voicemail
|
@@ -1250,7 +1249,6 @@ files:
|
|
1250
1249
|
- bin/pwn_openvas_vulnscan
|
1251
1250
|
- bin/pwn_owasp_zap_active_scan
|
1252
1251
|
- bin/pwn_pastebin_sample_filter
|
1253
|
-
- bin/pwn_perimeter_recon
|
1254
1252
|
- bin/pwn_phone
|
1255
1253
|
- bin/pwn_sast
|
1256
1254
|
- bin/pwn_serial_check_voicemail
|
data/bin/pwn_perimeter_recon
DELETED
@@ -1,326 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'pwn'
|
5
|
-
require 'optparse'
|
6
|
-
require 'uri'
|
7
|
-
require 'json'
|
8
|
-
|
9
|
-
opts = {}
|
10
|
-
OptionParser.new do |options|
|
11
|
-
options.banner = "USAGE:
|
12
|
-
#{$PROGRAM_NAME} [opts]
|
13
|
-
"
|
14
|
-
|
15
|
-
options.on('-tDOMAINS', '--targets=DOMAINS', '<Required - Comma-Delimited List of Target Domains>') do |t|
|
16
|
-
opts[:targets] = t
|
17
|
-
end
|
18
|
-
|
19
|
-
options.on('-dDIR', '--output-dir=DIR', '<Required - Directory to Save Results>') do |d|
|
20
|
-
opts[:output_dir] = d
|
21
|
-
end
|
22
|
-
|
23
|
-
options.on('-eEXCLUDE', '--exclude-domains=EXCLUDE', '<Optional - Comma-Delimited List of Domains to Exclude>') do |e|
|
24
|
-
opts[:exclude_domains] = e
|
25
|
-
end
|
26
|
-
|
27
|
-
options.on('-sSUBLIST3R', '--sublist3r-path=SUBLIST3R', '<Optional - Path to Sublist3r>') do |s|
|
28
|
-
opts[:sublist3r_path] = s
|
29
|
-
end
|
30
|
-
|
31
|
-
options.on('-i', '--[no-]ipinfo', '<Optional - Leverage ipinfo.com on Domains (Defaults to false)>') do |i|
|
32
|
-
opts[:ipinfo] = i
|
33
|
-
end
|
34
|
-
|
35
|
-
options.on('-nNMAP', '--nmap-path=NMAP', '<Optional - Path to Nmap>') do |n|
|
36
|
-
opts[:nmap_path] = n
|
37
|
-
end
|
38
|
-
|
39
|
-
options.on('-EWITNESS', '--eyewitness-path=WITNESS', '<Optional - Path to eyewitness/Requires Nmap Flag>') do |w|
|
40
|
-
opts[:eyewitness_path] = w
|
41
|
-
end
|
42
|
-
|
43
|
-
options.on('-bBURP', '--burp-path=BURP', '<Optional - Path to Burp>') do |b|
|
44
|
-
opts[:burp_path] = b
|
45
|
-
end
|
46
|
-
|
47
|
-
options.on('-r', '--[no-]resume-last-scan', '<Optional - Resume Last Scan (Defaults to false)>') do |r|
|
48
|
-
opts[:resume_last_scan] = r
|
49
|
-
end
|
50
|
-
end.parse!
|
51
|
-
|
52
|
-
if opts.empty?
|
53
|
-
puts `#{$PROGRAM_NAME} --help`
|
54
|
-
exit 1
|
55
|
-
end
|
56
|
-
|
57
|
-
# Colors!
|
58
|
-
@red = "\e[31m"
|
59
|
-
@green = "\e[32m"
|
60
|
-
@yellow = "\e[33m"
|
61
|
-
@end_of_color = "\e[0m"
|
62
|
-
|
63
|
-
# Required Flag Variables
|
64
|
-
targets = opts[:targets].to_s.scrub.strip.chomp.delete("\s").split(',')
|
65
|
-
output_dir = opts[:output_dir].to_s.scrub.strip.chomp if Dir.exist?(opts[:output_dir].to_s.scrub.strip.chomp)
|
66
|
-
|
67
|
-
if opts[:resume_last_scan]
|
68
|
-
@resume_last_scan = opts[:resume_last_scan]
|
69
|
-
@runtime_timestamp = File.basename(Dir.glob("#{output_dir}/target_domains*")[-1]).split('-')[-6..-1].join('-').split('.txt')[0]
|
70
|
-
target_domains = "#{output_dir}/target_domains-#{@runtime_timestamp}.txt"
|
71
|
-
else
|
72
|
-
@resume_last_scan = nil
|
73
|
-
@runtime_timestamp = Time.now.strftime('%Y-%m-%d-%H-%M-%S')
|
74
|
-
target_domains = "#{output_dir}/target_domains-#{@runtime_timestamp}.txt"
|
75
|
-
File.open(target_domains, 'w') do |f|
|
76
|
-
targets.each do |target|
|
77
|
-
f.puts target
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
exclude_domains = opts[:exclude_domains].to_s.scrub.strip.chomp.delete("\s").split(',')
|
83
|
-
ipinfo = opts[:ipinfo]
|
84
|
-
sublist3r_path = opts[:sublist3r_path].to_s.scrub.strip.chomp
|
85
|
-
burp_path = opts[:burp_path].to_s.scrub.strip.chomp
|
86
|
-
nmap_path = opts[:nmap_path].to_s.scrub.strip.chomp
|
87
|
-
eyewitness_path = opts[:eyewitness_path].to_s.scrub.strip.chomp
|
88
|
-
|
89
|
-
def invoke_burp(opts = {})
|
90
|
-
burp_path = opts[:burp_path]
|
91
|
-
burp_target = opts[:burp_target]
|
92
|
-
port_number = opts[:port_number]
|
93
|
-
port_protocol = opts[:port_protocol]
|
94
|
-
output_dir = opts[:output_dir]
|
95
|
-
use_https = opts[:use_https]
|
96
|
-
target_domain = URI.parse(burp_target).host
|
97
|
-
|
98
|
-
json_results = "#{output_dir}/#{target_domain}-#{port_protocol}-#{port_number}-#{@runtime_timestamp}-burpsuite_activescan.json"
|
99
|
-
html_results = "#{output_dir}/#{target_domain}-#{port_protocol}-#{port_number}-#{@runtime_timestamp}-burpsuite_activescan.html"
|
100
|
-
|
101
|
-
if File.exist?(json_results)
|
102
|
-
puts "#{@yellow}Already Exists: #{json_results}#{@end_of_color}"
|
103
|
-
else
|
104
|
-
burp_obj = PWN::Plugins::BurpSuite.start(
|
105
|
-
burp_jar_path: burp_path,
|
106
|
-
headless: true,
|
107
|
-
browser_type: :headless
|
108
|
-
)
|
109
|
-
|
110
|
-
PWN::Plugins::BurpSuite.disable_proxy(
|
111
|
-
burp_obj: burp_obj
|
112
|
-
)
|
113
|
-
|
114
|
-
browser_obj = burp_obj[:burp_browser]
|
115
|
-
|
116
|
-
puts "#{@green}Navigating to: #{burp_target}#{@end_of_color}"
|
117
|
-
browser_obj.goto(burp_target)
|
118
|
-
|
119
|
-
puts "#{@green}Invoking Active Scan...#{@end_of_color}"
|
120
|
-
json_scan_queue = PWN::Plugins::BurpSuite.invoke_active_scan(
|
121
|
-
burp_obj: burp_obj,
|
122
|
-
target_url: burp_target,
|
123
|
-
use_https: use_https
|
124
|
-
)
|
125
|
-
puts "#{@green}complete.#{@end_of_color}"
|
126
|
-
|
127
|
-
print "#{@green}Generating Burp Suite Active Scan JSON Results...#{@end_of_color}"
|
128
|
-
scan_issues_hash = PWN::Plugins::BurpSuite.get_scan_issues(
|
129
|
-
burp_obj: burp_obj
|
130
|
-
)
|
131
|
-
|
132
|
-
File.open(json_results, 'w') do |f|
|
133
|
-
f.puts JSON.pretty_generate(scan_issues_hash)
|
134
|
-
end
|
135
|
-
puts "#{@green}complete.#{@end_of_color}\n\n\n"
|
136
|
-
|
137
|
-
print "#{@green}Generating Burp Suite Active Scan HTML Results...#{@end_of_color}"
|
138
|
-
PWN::Plugins::BurpSuite.generate_scan_report(
|
139
|
-
burp_obj: burp_obj,
|
140
|
-
report_type: :html,
|
141
|
-
output_path: html_results
|
142
|
-
)
|
143
|
-
|
144
|
-
burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj)
|
145
|
-
puts "#{@green}complete.#{@end_of_color}\n\n\n"
|
146
|
-
end
|
147
|
-
rescue StandardError => e
|
148
|
-
puts "#{@red}#{e}#{@end_of_color}"
|
149
|
-
ensure
|
150
|
-
burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
|
151
|
-
end
|
152
|
-
|
153
|
-
# Run Sublist3r to find as many domains as possible for a given FQDN
|
154
|
-
unless sublist3r_path == ''
|
155
|
-
if @resume_last_scan.nil?
|
156
|
-
sublist3r_target_domains_arr = []
|
157
|
-
File.readlines(target_domains).uniq.each do |s_line|
|
158
|
-
sublist3r_target = s_line.to_s.scrub.strip.chomp
|
159
|
-
sublist3r_results = "#{output_dir}/#{sublist3r_target}-#{@runtime_timestamp}-sublist3r.txt"
|
160
|
-
print "#{@green}Sublist3r Domain Discovery #{sublist3r_target}...#{@end_of_color}"
|
161
|
-
puts `python #{sublist3r_path} -v -d #{sublist3r_target} -o #{sublist3r_results}`
|
162
|
-
File.readlines(sublist3r_results).uniq.each do |sr_line|
|
163
|
-
discovered_domain = sr_line.to_s.scrub.strip.chomp
|
164
|
-
sublist3r_target_domains_arr.push(discovered_domain)
|
165
|
-
end
|
166
|
-
puts "#{@green}complete.#{@end_of_color}"
|
167
|
-
end
|
168
|
-
File.open(target_domains, 'a') do |f|
|
169
|
-
sublist3r_target_domains_arr.uniq do |discovered_domain|
|
170
|
-
if URI.parse(discovered_domain).host.nil?
|
171
|
-
f.puts discovered_domain unless exclude_domains.include?(discovered_domain)
|
172
|
-
else
|
173
|
-
parsed_domain = URI.parse(discovered_domain).host
|
174
|
-
f.puts parsed_domain unless exclude_domains.include?(parsed_domain)
|
175
|
-
end
|
176
|
-
end
|
177
|
-
end
|
178
|
-
else
|
179
|
-
puts "#{@yellow}Resuming scan from #{target_domains}...#{@end_of_color}"
|
180
|
-
end
|
181
|
-
end
|
182
|
-
|
183
|
-
# Obtain additional information about the targeted hosts...
|
184
|
-
unless ipinfo.nil?
|
185
|
-
File.readlines(target_domains).uniq.each do |h_line|
|
186
|
-
ipinfo_target = h_line.to_s.scrub.strip.chomp
|
187
|
-
ipinfo_json_results = "#{output_dir}/#{ipinfo_target}-#{@runtime_timestamp}-ipinfo.json"
|
188
|
-
puts "#{@yellow}Already Exists: #{ipinfo_json_results}#{@end_of_color}" if File.exist?(ipinfo_json_results)
|
189
|
-
next if exclude_domains.include?(ipinfo_target) || File.exist?(ipinfo_json_results)
|
190
|
-
|
191
|
-
ipinfo_struc = PWN::Plugins::IPInfo.get(ip_or_host: ipinfo_target)
|
192
|
-
File.open(ipinfo_json_results, 'w') do |f|
|
193
|
-
f.puts JSON.pretty_generate(ipinfo_struc)
|
194
|
-
end
|
195
|
-
end
|
196
|
-
end
|
197
|
-
|
198
|
-
unless nmap_path == ''
|
199
|
-
print "#{@green}Nmap all the things...#{@end_of_color}"
|
200
|
-
File.readlines(target_domains).uniq.each do |n_line|
|
201
|
-
nmap_target = n_line.to_s.scrub.strip.chomp
|
202
|
-
nmap_xml_results = "#{output_dir}/#{nmap_target}-#{@runtime_timestamp}-nmap_default.xml"
|
203
|
-
puts "#{@yellow}Already Exists: #{nmap_xml_results}#{@end_of_color}" if File.exist?(nmap_xml_results)
|
204
|
-
next if exclude_domains.include?(nmap_target)
|
205
|
-
|
206
|
-
begin
|
207
|
-
unless File.exist?(nmap_xml_results)
|
208
|
-
PWN::Plugins::NmapIt.port_scan do |nmap|
|
209
|
-
nmap.connect_scan = true
|
210
|
-
nmap.service_scan = true
|
211
|
-
nmap.os_fingerprint = true
|
212
|
-
nmap.verbose = true
|
213
|
-
nmap.targets = nmap_target
|
214
|
-
nmap.xml = nmap_xml_results
|
215
|
-
end
|
216
|
-
end
|
217
|
-
|
218
|
-
# Eyewitness Nmap XML Results
|
219
|
-
unless eyewitness_path == ''
|
220
|
-
print "#{@green}Eyewitness Nmap XML Results...#{@end_of_color}"
|
221
|
-
system(
|
222
|
-
eyewitness_path,
|
223
|
-
'-x',
|
224
|
-
nmap_xml_results,
|
225
|
-
'-d',
|
226
|
-
"#{output_dir}/#{nmap_target}-#{@runtime_timestamp}",
|
227
|
-
'--no-prompt',
|
228
|
-
'--all-protocols'
|
229
|
-
)
|
230
|
-
end
|
231
|
-
|
232
|
-
PWN::Plugins::NmapIt.parse_xml_results(xml_file: nmap_xml_results) do |xml|
|
233
|
-
xml.each_host do |host|
|
234
|
-
puts "#{@green}#{host.hostname}#{@end_of_color}"
|
235
|
-
|
236
|
-
host.scripts.each do |name, output|
|
237
|
-
puts name
|
238
|
-
output.each_line { |h_line| puts h_line }
|
239
|
-
end
|
240
|
-
|
241
|
-
host.each_port do |port|
|
242
|
-
puts "#{@yellow}#{port.number}|#{port.protocol}|#{port.state}|#{port.reason}|#{port.service}#{@end_of_color}"
|
243
|
-
|
244
|
-
case port.number.to_i
|
245
|
-
when 80
|
246
|
-
burp_target = "http://#{nmap_target}"
|
247
|
-
unless burp_path == ''
|
248
|
-
invoke_burp(
|
249
|
-
burp_path: burp_path,
|
250
|
-
burp_target: burp_target,
|
251
|
-
port_number: port.number,
|
252
|
-
port_protocol: port.protocol,
|
253
|
-
output_dir: output_dir,
|
254
|
-
use_https: false
|
255
|
-
)
|
256
|
-
end
|
257
|
-
|
258
|
-
when 443
|
259
|
-
burp_target = "https://#{nmap_target}"
|
260
|
-
unless burp_path == ''
|
261
|
-
invoke_burp(
|
262
|
-
burp_path: burp_path,
|
263
|
-
burp_target: burp_target,
|
264
|
-
port_number: port.number,
|
265
|
-
port_protocol: port.protocol,
|
266
|
-
output_dir: output_dir,
|
267
|
-
use_https: true
|
268
|
-
)
|
269
|
-
end
|
270
|
-
|
271
|
-
when 8080
|
272
|
-
burp_target = "http://#{nmap_target}:#{port.number}"
|
273
|
-
unless burp_path == ''
|
274
|
-
invoke_burp(
|
275
|
-
burp_path: burp_path,
|
276
|
-
burp_target: burp_target,
|
277
|
-
port_number: port.number,
|
278
|
-
port_protocol: port.protocol,
|
279
|
-
output_dir: output_dir,
|
280
|
-
use_https: false
|
281
|
-
)
|
282
|
-
end
|
283
|
-
|
284
|
-
when 8443
|
285
|
-
burp_target = "https://#{nmap_target}:#{port.number}"
|
286
|
-
unless burp_path == ''
|
287
|
-
invoke_burp(
|
288
|
-
burp_path: burp_path,
|
289
|
-
burp_target: burp_target,
|
290
|
-
port_number: port.number,
|
291
|
-
port_protocol: port.protocol,
|
292
|
-
output_dir: output_dir,
|
293
|
-
use_https: true
|
294
|
-
)
|
295
|
-
end
|
296
|
-
|
297
|
-
when 8888
|
298
|
-
burp_target = "http://#{nmap_target}:#{port.number}"
|
299
|
-
unless burp_path == ''
|
300
|
-
invoke_burp(
|
301
|
-
burp_path: burp_path,
|
302
|
-
burp_target: burp_target,
|
303
|
-
port_number: port.number,
|
304
|
-
port_protocol: port.protocol,
|
305
|
-
output_dir: output_dir
|
306
|
-
)
|
307
|
-
end
|
308
|
-
|
309
|
-
else
|
310
|
-
puts "Nothing special implemented for #{port.protocol} #{port.number}"
|
311
|
-
end
|
312
|
-
|
313
|
-
port.scripts.each do |name, output|
|
314
|
-
puts name
|
315
|
-
output.each_line { |p_line| puts p_line }
|
316
|
-
end
|
317
|
-
end
|
318
|
-
end
|
319
|
-
end
|
320
|
-
rescue StandardError => e
|
321
|
-
puts "#{@red}#{e}#{@end_of_color}"
|
322
|
-
next
|
323
|
-
end
|
324
|
-
end
|
325
|
-
puts "#{@green}complete.#{@end_of_color}"
|
326
|
-
end
|