pwn 0.4.887 → 0.4.889

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/lib/pwn/plugins/sock.rb +17 -4
  4. data/lib/pwn/version.rb +1 -1
  5. metadata +3 -3
  6. /data/bin/{pwn_graphql_introspection_detector → pwn_shodan_graphql_introspection} +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eba0652465ac3cb7e848a84e78412952875ab79a2c47dbcda39068a65e9f5c5b
4
- data.tar.gz: 2c03fbba16c08c1820d483e744e5e1dd70812081aff632a9f71f0227f582d2a7
3
+ metadata.gz: 69484c812ad4eca31e6d5adbed96aabfb49561bd60488fbac1a3ea0bb78fd49f
4
+ data.tar.gz: ea49ea2042bffe392f99ac3a7af4be3823db59ad502c1f8a42d885ce3e4b743a
5
5
  SHA512:
6
- metadata.gz: c9912c9c682b57c711c1a57e09e7ffad70c7018cf8e2689ecf7ff3a0f8fe3e5de9638588fd85c3475f58aaeb51a4892061e9cd4ceca6d1d3a40e5a2be8e88d31
7
- data.tar.gz: c26189e41c966c8d3ca0e3988d9d901461b420a85e6d49123814b7e9331e8bcb6a7fe2dd2b3fa0d058f8b2b4f3948e3b5131a4ecb21854dc0a018e03f42d9b58
6
+ metadata.gz: e3732f05721c2f8cddf8ffc87f2fdd07106a6cec70bbb721a53e41ae7485efd13598f21f2e77eb70184dea52e8101676da6a406652eb58e6f6bde15c9d3e0f8a
7
+ data.tar.gz: 1f0a843073ada056e110c321747a684269b830823f20586719995f978f5895d8310802c06a2b9e2b68d86ef98e3fda481ba13d42389cc2c31875043da30dd550
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.887]:001 >>> PWN.help
40
+ pwn[v0.4.889]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.887]:001 >>> PWN.help
55
+ pwn[v0.4.889]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/lib/pwn/plugins/sock.rb CHANGED
@@ -26,8 +26,12 @@ module PWN
26
26
 
27
27
  # TODO: Add proxy support
28
28
 
29
- tls = true if opts[:tls]
30
- tls ||= false
29
+ if opts[:tls]
30
+ tls = true
31
+ tls_attempt = 1 unless tls_attempt > 1
32
+ tls_min_version = OpenSSL::SSL::TLS1_VERSION
33
+ end
34
+ tls = false unless opts[:tls]
31
35
 
32
36
  case protocol
33
37
  when :tcp
@@ -35,6 +39,8 @@ module PWN
35
39
  sock = TCPSocket.open(target, port)
36
40
  tls_context = OpenSSL::SSL::SSLContext.new
37
41
  tls_context.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
42
+ tls_context.verify_hostname = false
43
+ tls_context.min_proto_version = tls_min_version
38
44
  tls_sock = OpenSSL::SSL::SSLSocket.new(sock, tls_context)
39
45
  sock_obj = tls_sock.connect
40
46
  else
@@ -48,6 +54,15 @@ module PWN
48
54
  end
49
55
 
50
56
  sock_obj
57
+ rescue OpenSSL::SSL::SSLError
58
+ tls_attempt += 1
59
+
60
+ tls_min_version = OpenSSL::SSL::TLS1_1_VERSION if tls_attempt == 2
61
+ tls_min_version = OpenSSL::SSL::TLS1_2_VERSION if tls_attempt == 3
62
+ tls_min_version = OpenSSL::SSL::TLS1_3_VERSION if tls_attempt == 4
63
+
64
+ retry if tls_attempt < 5
65
+ raise e if tls_attempt > 4
51
66
  rescue StandardError => e
52
67
  sock_obj = disconnect(sock_obj: sock_obj) unless sock_obj.nil?
53
68
  raise e
@@ -188,8 +203,6 @@ module PWN
188
203
  )
189
204
  tls_sock_obj.sync_close = true
190
205
  tls_sock_obj.peer_cert
191
- rescue OpenSSL::SSL::SSLError
192
- false
193
206
  rescue StandardError => e
194
207
  raise e
195
208
  ensure
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.887'
4
+ VERSION = '0.4.889'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.887
4
+ version: 0.4.889
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
@@ -1167,7 +1167,6 @@ executables:
1167
1167
  - pwn_diff_csv_files_w_column_exclude
1168
1168
  - pwn_domain_reversewhois
1169
1169
  - pwn_fuzz_net_app_proto
1170
- - pwn_graphql_introspection_detector
1171
1170
  - pwn_ibm_appscan_enterprise
1172
1171
  - pwn_jenkins_create_job
1173
1172
  - pwn_jenkins_create_view
@@ -1190,6 +1189,7 @@ executables:
1190
1189
  - pwn_serial_msr206
1191
1190
  - pwn_serial_qualcomm_commands
1192
1191
  - pwn_serial_son_micro_sm132_rfid
1192
+ - pwn_shodan_graphql_introspection
1193
1193
  - pwn_shodan_search
1194
1194
  - pwn_simple_http_server
1195
1195
  - pwn_web_cache_deception
@@ -1234,7 +1234,6 @@ files:
1234
1234
  - bin/pwn_diff_csv_files_w_column_exclude
1235
1235
  - bin/pwn_domain_reversewhois
1236
1236
  - bin/pwn_fuzz_net_app_proto
1237
- - bin/pwn_graphql_introspection_detector
1238
1237
  - bin/pwn_ibm_appscan_enterprise
1239
1238
  - bin/pwn_jenkins_create_job
1240
1239
  - bin/pwn_jenkins_create_view
@@ -1257,6 +1256,7 @@ files:
1257
1256
  - bin/pwn_serial_msr206
1258
1257
  - bin/pwn_serial_qualcomm_commands
1259
1258
  - bin/pwn_serial_son_micro_sm132_rfid
1259
+ - bin/pwn_shodan_graphql_introspection
1260
1260
  - bin/pwn_shodan_search
1261
1261
  - bin/pwn_simple_http_server
1262
1262
  - bin/pwn_web_cache_deception