pwn 0.4.911 → 0.4.912
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG_BETWEEN_TAGS.txt +13 -168
- data/Gemfile +11 -11
- data/README.md +3 -3
- data/bin/pwn_bdba_scan +19 -1
- data/lib/pwn/version.rb +1 -1
- data/packer/provisioners/vim.sh +1 -1
- data/vagrant/provisioners/metasploit.rb +1 -1
- metadata +25 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: baed6325120cef1f9949f64c8b3db9eb4d29848203993f7c054b85a3c0c82cd7
|
4
|
+
data.tar.gz: 402a515d8f3d10e6a7014eed698e3b2f96549bdf181c66dd9594147a9d350681
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7f2212034da2843f9ee0ad9112fb77312ad420f9d36b918e8dd483ae7c2f23e8db378f5e4ce6b836e5d70975a465e2ba6aeecb54656db6094043d126f2f51a3e
|
7
|
+
data.tar.gz: 7557293dd1ff55d37bfcfc5bb18f7fa9bd43437ed601947d1b4ce10a8c6632d7955c934e7192269efe5c814d99cf4b16c2899a1ba2131c15ca46bd60ed3a43bf
|
data/CHANGELOG_BETWEEN_TAGS.txt
CHANGED
@@ -1,168 +1,13 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
946ed64 PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #bugfix
|
15
|
-
2e9c789 PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #bugfix
|
16
|
-
d15459e PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method
|
17
|
-
4279ce0 Merge pull request #423 from ninp0/master
|
18
|
-
67a340a pwn_graphql_introspection_detector Driver - rename to pwn_shodan_graphql_introspection to better reflect its purpose
|
19
|
-
be974d9 Merge pull request #422 from ninp0/master
|
20
|
-
aeac8e7 pwn_graphql_introspection_detector Driver - initial commit
|
21
|
-
ba6ec74 Merge pull request #421 from ninp0/master
|
22
|
-
7c5a237 PWN::Plugins::IPInfo module - prefer specific common key values from cert_obj for this module. If additonal functionality is required, defer to using PWN::Plugins::Sock.get_tls_cert directly
|
23
|
-
a65d92e pwn_www_checkip Driver - JSON.pretty_generate when returning IP information via -i flag
|
24
|
-
63894da PWN::Plugins::IPInfo module - remove redundant cert_txt key from ip_info_resp, preferring a return of cert object which can call #to_text, #subject, #issuer, etc.
|
25
|
-
0733e4b Merge pull request #420 from ninp0/master
|
26
|
-
70baa71 PWN::Plugins::IPInfo module - #bugfix in returned object from #get_tls_cert method
|
27
|
-
068f2d6 PWN::Plugins::IPInfo module - #bugfixes
|
28
|
-
b60a94c PWN::Plugins::IPInfo module - get TLS cert if possible in attempt to obtain valid domain from IP addresses cert info #bugfix when checking for open tls port
|
29
|
-
e055792 PWN::Plugins::Sock module - add #get_tls_cert method
|
30
|
-
0d9bb3f PWN::Plugins::IPInfo module - get TLS cert if possible in attempt to obtain valid domain from IP addresses cert info
|
31
|
-
7f150c6 Merge pull request #419 from ninp0/master
|
32
|
-
647e5f3 pwn_shodan_search Driver - isolate objects in results that are causing JSON::GeneratorError: source sequence is illegal/malformed utf-8 messages when serializing to JSON strings #dont_use_gets
|
33
|
-
9ad051c pwn_shodan_search Driver - isolate objects in results that are causing JSON::GeneratorError: source sequence is illegal/malformed utf-8 messages when serializing to JSON strings #serialization_issue
|
34
|
-
0d166ee pwn_shodan_search Driver - #bugfix in JSON::GeneratorError where invalid UTF-8 sequences prevent writing to JSON file #nope_gotta_revert_that
|
35
|
-
3f84e71 pwn_shodan_search Driver - #bugfix in JSON::GeneratorError where invalid UTF-8 sequences prevent writing to JSON file
|
36
|
-
7721af4 Merge pull request #418 from ninp0/master
|
37
|
-
02b8719 PWN::Plugins::Shodan module - need to return specific hash when JSON::ParserError is resccued (related to invalid UTF-8 sequences) #bugfix
|
38
|
-
34df5ea Merge pull request #417 from ninp0/master
|
39
|
-
ea99612 pwn_shodan_search Driver - add RAW.arr results file containing raw_results_arr object prior to attempting to cast the object as JSON #bugfix / #cast_to_string
|
40
|
-
6104b15 Merge pull request #416 from ninp0/master
|
41
|
-
09b0ad9 pwn_shodan_search Driver - add RAW.arr results file containing raw_results_arr object prior to attempting to cast the object as JSON
|
42
|
-
705da0a Merge pull request #415 from ninp0/master
|
43
|
-
e63cee6 pwn_shodan_search Driver - add RAW.arr results file containing raw_results_arr object prior to attempting to cast the object as JSON
|
44
|
-
2e45a04 pwn_shodan_search Driver - strip comments when loading query file #rubocop_fix
|
45
|
-
5f9598a Merge pull request #414 from ninp0/master
|
46
|
-
4dfa34f pwn_shodan_search Driver - strip comments when loading query file
|
47
|
-
217800b Merge pull request #413 from ninp0/master
|
48
|
-
a473732 PWN::WWW::HackerOne module - #rubocop_fix
|
49
|
-
5a9296e Merge pull request #412 from ninp0/master
|
50
|
-
35236cc PWN::Plugins::Shodan module - scrub response.body for malformed UTF-8 characters that would otherwise prevent saving JSON results to file within pwn_shodan_search driver #attemptN
|
51
|
-
cb17de9 Merge pull request #411 from ninp0/master
|
52
|
-
afea697 PWN::Plugins::Shodan module - scrub response.body for malformed UTF-8 characters that would otherwise prevent saving JSON results to file within pwn_shodan_search driver
|
53
|
-
bd7fd57 Merge pull request #410 from ninp0/master
|
54
|
-
ca87dec pwn_shodan_search Driver - rescue JSON::Generator error in rare cases #pretty_generate method cant save out results
|
55
|
-
6babce2 Merge pull request #409 from ninp0/master
|
56
|
-
9675c6d PWN::Plugins::BurpSuite module - add #uri_in_scope method to compare URI to URI regexes in / out of scope per burp suite target scope config JSON file, like those produced by H1 (returns boolean)
|
57
|
-
e20e0ee Merge pull request #408 from ninp0/master
|
58
|
-
12ba09b Merge branch 'master' of ssh://github.com/ninp0/pwn
|
59
|
-
f28066d PWN::WWW::TransparentBrowser module - add #find_element_by_text method #bugfix_again
|
60
|
-
cd8db7a Merge pull request #407 from ninp0/master
|
61
|
-
607e1de PWN::WWW::TransparentBrowser module - add #find_element_by_text method #bugfix
|
62
|
-
b191e1c Merge pull request #406 from ninp0/master
|
63
|
-
3a4d68a PWN::WWW::TransparentBrowser module - add #find_element_by_text method
|
64
|
-
e0e7ecc Merge pull request #405 from ninp0/master
|
65
|
-
adaebc5 PWN::WWW::HackerOne module - #slight_tweak to #save_burp_target_config_file method...replace random user_agent w/ fixed known supported user agent
|
66
|
-
bcc814f Merge pull request #404 from ninp0/master
|
67
|
-
9bd7c1b PWN::WWW::HackerOne module - #slight_tweak to #save_burp_target_config_file method...replace random user_agent w/ fixed known supported user agent
|
68
|
-
8dfff4d PWN::WWW::HackerOne module - #slight_tweak to #save_burp_target_config_file method
|
69
|
-
f2b0a55 Merge pull request #403 from ninp0/master
|
70
|
-
48f47ff PWN::Plugins::BurpSuite module && pwn_burp_suite_pro_active_scan Driver - implement target_config capability to consume Burp Suite Pro Target Scope config JSON file
|
71
|
-
e1b9345 PWN::WWW::HackerOne module - add #save_burp_project_file method
|
72
|
-
b33caa7 Merge pull request #402 from ninp0/master
|
73
|
-
7e7942f PWN::WWW::HackerOne module - add burp_project link to object returned from #get_bounty_programs method #bugfix
|
74
|
-
13d3615 PWN::WWW::HackerOne module - add burp_project link to object returned from #get_bounty_programs method #bugfix
|
75
|
-
049681e PWN::WWW::HackerOne module - add burp_project link to object returned from #get_bounty_programs method
|
76
|
-
2f1e787 PWN::WWW::HackerOne module - add policy, scope, hacktivity, thanks, updates, collaborator links to object returned from #get_bounty_programs method / #minor_bugfix / #rubocop_fixes
|
77
|
-
81bb4c3 Merge pull request #401 from ninp0/master
|
78
|
-
cb7e893 PWN::WWW::HackerOne module - implement min_payouts_enabled parameter for #get_bounty_programs method
|
79
|
-
22cff1b Merge pull request #400 from ninp0/master
|
80
|
-
fcafa7e PWN::WWW::HackerOne module - best approarch to snag links after DOM loads #bugfix
|
81
|
-
368a4df PWN::WWW::HackerOne module - best approarch to snag links after DOM loads #again
|
82
|
-
bea57c0 PWN::WWW::HackerOne module - replace brittle sleep with more resilient .div(class: full-width-inner-container).wait_until(&:present?) to snag links after DOM loads #again
|
83
|
-
1617603 PWN::WWW::HackerOne module - replace brittle sleep with more resilient .div(class: full-width-inner-container).wait_until(&:present?) to snag links after DOM loads
|
84
|
-
9386f03 Merge pull request #399 from ninp0/master
|
85
|
-
2058b3c PWN::WWW::HackerOne module - add method to return all bug bounty program links #bugfixes
|
86
|
-
152022c Merge pull request #398 from ninp0/master
|
87
|
-
67fe8a6 PWN::WWW::HackerOne module - add method to return all bug bounty program links #bugfixes
|
88
|
-
a18b5ae PWN::WWW::HackerOne module - add method to return all bug bounty program links #bugfixes
|
89
|
-
a688297 Merge pull request #397 from ninp0/master
|
90
|
-
cff4ad0 PWN::WWW::HackerOne module - add method to return all bug bounty program links #bugfixes
|
91
|
-
a3af8cf Merge pull request #396 from ninp0/master
|
92
|
-
055eccb PWN::WWW::HackerOne module - add method to return all bug bounty program links #bugfixes
|
93
|
-
33b3c82 Merge pull request #395 from ninp0/master
|
94
|
-
3c1837b PWN::WWW::HackerOne module - add method to return all bug bounty program links #bugfixes
|
95
|
-
208c8a4 Merge pull request #394 from ninp0/master
|
96
|
-
773ad2f PWN::WWW::HackerOne module - add method to return all bug bounty program links #rubocop_fixes
|
97
|
-
91252c7 Merge pull request #393 from ninp0/master
|
98
|
-
fb80ad0 PWN::WWW::HackerOne module - add method to return all bug bounty program links #rubocop_fixes
|
99
|
-
598aa2b Merge pull request #392 from ninp0/master
|
100
|
-
cabcb83 PWN::WWW::HackerOne module - add method to return all bug bounty program links
|
101
|
-
662e05f PWN::WWW::HackerOne module - add method to return all bug bounty program links
|
102
|
-
94cf6d0 Merge pull request #391 from ninp0/master
|
103
|
-
22a696e PWN::WWW::HackerOne module - add method to return all bug bounty program links
|
104
|
-
69884d7 Merge pull request #390 from ninp0/master
|
105
|
-
51cbfca PWN::Plugins::Shodan module - add #get_uris method to extract URI strings from search results returned from #search method #bugfixes
|
106
|
-
57c18ee Merge pull request #389 from ninp0/master
|
107
|
-
0161122 PWN::Plugins::Shodan module - add #get_uris method to extract URI strings from search results returned from #search method #bugfixes
|
108
|
-
1f63683 Merge pull request #388 from ninp0/master
|
109
|
-
d6e5e41 PWN::Plugins::Shodan module - add #get_uris method to extract URI strings from search results returned from #search method #bugfixes
|
110
|
-
635d7d2 PWN::Plugins::Shodan module - add #get_uris method to extract URI strings from search results returned from #search method #bugfixes #add_usage
|
111
|
-
2691a6f PWN::Plugins::Shodan module - add #get_uris method to extract URI strings from search results returned from #search method
|
112
|
-
b83eed4 Merge pull request #387 from ninp0/master
|
113
|
-
e0d6850 pwn_shodan_search Driver - change default output-results-file to reside in CWD instead of /tmp
|
114
|
-
f19a02f Merge pull request #386 from ninp0/master
|
115
|
-
04d3f97 pwn_shodan_search Driver - implement a --rate-limit flag to allow for customized rate limiting when API gets grumpy
|
116
|
-
cff4d3c Merge pull request #385 from ninp0/master
|
117
|
-
a949aa6 PWN::Plugins::ScannableCodes module - #bugfix in #help method
|
118
|
-
e4b5a19 Merge pull request #384 from ninp0/master
|
119
|
-
216bb34 PWN::Plugins::ScannableCodes module - initial commit
|
120
|
-
04bc64e PWN::Plugins::ScannableCodes module - initial commit
|
121
|
-
ae9ece4 Merge pull request #383 from ninp0/master
|
122
|
-
594808b pwn_www_uri_buster Driver - JSON.pretty_generate(response.headers) #bugfix, cast hash to pretty JSON string
|
123
|
-
810ee16 Merge pull request #382 from ninp0/master
|
124
|
-
0adff45 pwn_www_uri_buster Driver - incorporate randomized user-agent string in HTTP requests
|
125
|
-
b429bca Merge pull request #381 from ninp0/master
|
126
|
-
8afb64a PWN::Reports::SAST module - #bugfix in escaped newline
|
127
|
-
3ac73eb Merge pull request #380 from ninp0/master
|
128
|
-
54e8fe1 PWN::Reports::* - #bufix in "ajax" key where report_name is now dynamic
|
129
|
-
5fb8eb6 pwn_www_uri_buster Driver - #bugfix in retrieving random available ephemeral port via PWN::Plugins::Sock module in #get_random_unused_port method
|
130
|
-
6c0d1be Merge pull request #379 from ninp0/master
|
131
|
-
c3964c0 pwn_www_uri_buster Driver - include HTTP response headers in results && #bugfix
|
132
|
-
1edc9d7 Merge pull request #378 from ninp0/master
|
133
|
-
4cbd086 pwn_www_uri_buster Driver - include HTTP response headers in results && #bugfix when using tor as proxy
|
134
|
-
1d8a60d Merge pull request #377 from ninp0/master
|
135
|
-
4e0f5be pwn_www_uri_buster - implement tor support #more_bugfixes
|
136
|
-
cf1a932 Merge pull request #376 from ninp0/master
|
137
|
-
c845e1f pwn_www_uri_buster - implement tor support #bugfixes
|
138
|
-
0e88ef7 Merge pull request #375 from ninp0/master
|
139
|
-
e2e1de4 pwn_www_uri_buster - implement tor support
|
140
|
-
5f4c2e3 Merge pull request #374 from ninp0/master
|
141
|
-
720eec2 Custom report names for all reports in PWN::Reports namespace #bugfix
|
142
|
-
7a77a69 Merge pull request #373 from ninp0/master
|
143
|
-
61cc8a9 Custom report names for all reports in PWN::Reports namespace #bugfix
|
144
|
-
e45c36e Merge pull request #372 from ninp0/master
|
145
|
-
35b6623 Custom report names for all reports in PWN::Reports namespace
|
146
|
-
c169f48 Merge pull request #371 from ninp0/master
|
147
|
-
eb6de5e pwn_www_uri_buster Driver - add --append parameter to append pattern to end of entries in wordlist
|
148
|
-
8a05fca pwn_www_uri_buster Driver - add --append parameter to append pattern to end of entries in wordlist
|
149
|
-
5d04eab Merge pull request #370 from ninp0/master
|
150
|
-
491898e PWN::Plugins::DetectOS module - #rubocop_fixes
|
151
|
-
c752179 pwn_nmap_discover_tcp_udp Driver - implement --target-file flag (i.e. you can use either --target-file OR --target-range, not both and not neither) / slight discovery tweaks
|
152
|
-
a320df1 Merge pull request #369 from ninp0/master
|
153
|
-
9e16d30 pwn_bdba_scan && pwn_bdba_groups Drivers - change both drivers to support --parent-group-id flow (i.e. to avoid wrong group association when duplicate group names reside under different search-paths) #bugfix2_revert
|
154
|
-
0bc80c1 Merge pull request #368 from ninp0/master
|
155
|
-
1f92631 pwn_bdba_scan && pwn_bdba_groups Drivers - change both drivers to support --parent-group-id flow (i.e. to avoid wrong group association when duplicate group names reside under different search-paths) #bugfix
|
156
|
-
663f3d9 Merge pull request #367 from ninp0/master
|
157
|
-
50a4c48 pwn_bdba_scan && pwn_bdba_groups Drivers - change both drivers to support --parent-group-id flow (i.e. to avoid wrong group association when duplicate group names reside under different search-paths)
|
158
|
-
02432d4 Merge pull request #366 from ninp0/master
|
159
|
-
6afd3fc pwn_bdba_scan Driver - change --parent-group-name parameter to --parent-group-id to avoid wrong group association when duplicate group names reside under different search-paths
|
160
|
-
9517452 Merge pull request #365 from ninp0/master
|
161
|
-
0c326b8 pwn_bdba_scan Driver - incorporate optional --version parameter
|
162
|
-
e96cb62 Merge pull request #364 from ninp0/master
|
163
|
-
5324605 PWN::Plugins::BlackDuckBinaryAnalysis module && pwn_bdba_scans Driver - implement #abort_product_scan method && abort product scan results if they have been sitting in a queue status for more than 90 minutes.
|
164
|
-
f36af42 Merge pull request #363 from ninp0/master
|
165
|
-
f308dba git_commit_test_reinit_gem.sh - #more_tag_bugfixes
|
166
|
-
31e8c06 Merge pull request #362 from ninp0/master
|
167
|
-
38835e3 git_commit_test_reinit_gem.sh - Address off-by-one tagging #bugfix
|
168
|
-
2f31697 Merge pull request #361 from ninp0/master
|
1
|
+
b4b509b PWN::Plugins::IPInfo module - #bugfixes
|
2
|
+
d89a977 PWN::Plugins::IPInfo module - committing any last minute changes
|
3
|
+
30227da PWN::Plugins::IPInfo module - #bugfixes in cert key:value pairs when values should be arrays
|
4
|
+
6265d2c pwn_www_checkip Driver - add optional --target parameter to provide info on hosts/IPs other than just a given source public IP
|
5
|
+
fab43f7 PWN::Plugins::IPInfo module - add a few more cert attributes in detailed info response
|
6
|
+
3114fa2 PWN::Plugins::Sock module - minor code cleanup #got_it_working
|
7
|
+
aa01f39 PWN::Plugins::Sock module - add hostname to tls_sock object prior to connecting
|
8
|
+
8c78ee4 Merge branch 'master' of ssh://github.com/ninp0/pwn
|
9
|
+
2f3377e PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #ciphers
|
10
|
+
4c792e8 Merge pull request #429 from ninp0/master
|
11
|
+
813780b PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #ciphers
|
12
|
+
997b2d0 PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #ciphers
|
13
|
+
c0a5524 PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #ciphers
|
data/Gemfile
CHANGED
@@ -11,7 +11,7 @@ gemspec
|
|
11
11
|
# In some circumstances custom flags are passed to gems in order
|
12
12
|
# to build appropriately. Defer to ./reinstall_pwn_gemset.sh
|
13
13
|
# to review these custom flags (e.g. pg, serialport, etc).
|
14
|
-
gem 'activesupport', '7.0.
|
14
|
+
gem 'activesupport', '7.0.8'
|
15
15
|
gem 'anemone', '0.7.2'
|
16
16
|
gem 'authy', '3.0.1'
|
17
17
|
gem 'aws-sdk', '3.1.0'
|
@@ -19,7 +19,7 @@ gem 'aws-sdk', '3.1.0'
|
|
19
19
|
gem 'barby', '0.6.8'
|
20
20
|
gem 'brakeman', '6.0.1'
|
21
21
|
gem 'bson', '4.15.0'
|
22
|
-
gem 'bundler', '>=2.4.
|
22
|
+
gem 'bundler', '>=2.4.20'
|
23
23
|
gem 'bundler-audit', '0.9.1'
|
24
24
|
gem 'bunny', '2.22.0'
|
25
25
|
gem 'colorize', '1.1.0'
|
@@ -28,7 +28,7 @@ gem 'eventmachine', '1.2.7'
|
|
28
28
|
gem 'executable-hooks', '1.6.1'
|
29
29
|
gem 'faker', '3.2.1'
|
30
30
|
gem 'faye-websocket', '0.11.3'
|
31
|
-
gem 'ffi', '1.
|
31
|
+
gem 'ffi', '1.16.2'
|
32
32
|
gem 'fftw3', '0.3'
|
33
33
|
gem 'gdb', '1.0.0'
|
34
34
|
gem 'gem-wrappers', '1.4.0'
|
@@ -47,7 +47,7 @@ gem 'msfrpc-client', '1.1.2'
|
|
47
47
|
gem 'netaddr', '2.0.6'
|
48
48
|
gem 'net-ldap', '0.18.0'
|
49
49
|
gem 'net-openvpn', '0.8.7'
|
50
|
-
gem 'net-smtp', '0.
|
50
|
+
gem 'net-smtp', '0.4.0'
|
51
51
|
gem 'nexpose', '7.3.0'
|
52
52
|
gem 'nokogiri', '1.15.4'
|
53
53
|
gem 'nokogiri-diff', '0.2.0'
|
@@ -56,7 +56,7 @@ gem 'open3', '0.1.2'
|
|
56
56
|
gem 'os', '1.1.4'
|
57
57
|
gem 'packetfu', '2.0.0'
|
58
58
|
gem 'pdf-reader', '2.11.0'
|
59
|
-
gem 'pg', '1.5.
|
59
|
+
gem 'pg', '1.5.4'
|
60
60
|
gem 'pry', '0.14.2'
|
61
61
|
gem 'pry-doc', '1.4.0'
|
62
62
|
gem 'rake', '13.0.6'
|
@@ -69,21 +69,21 @@ gem 'rmagick', '5.3.0'
|
|
69
69
|
gem 'rqrcode', '2.2.0'
|
70
70
|
gem 'rspec', '3.12.0'
|
71
71
|
gem 'rtesseract', '3.1.2'
|
72
|
-
gem 'rubocop', '1.56.
|
72
|
+
gem 'rubocop', '1.56.3'
|
73
73
|
gem 'rubocop-rake', '0.6.0'
|
74
|
-
gem 'rubocop-rspec', '2.
|
74
|
+
gem 'rubocop-rspec', '2.24.1'
|
75
75
|
gem 'ruby-audio', '1.6.1'
|
76
|
-
gem 'ruby-nmap', '1.0.
|
76
|
+
gem 'ruby-nmap', '1.0.2'
|
77
77
|
gem 'ruby-saml', '1.15.0'
|
78
78
|
gem 'rvm', '1.11.3.9'
|
79
79
|
gem 'savon', '2.14.0'
|
80
|
-
gem 'selenium-devtools', '0.
|
80
|
+
gem 'selenium-devtools', '0.117.0'
|
81
81
|
gem 'serialport', '1.3.2'
|
82
82
|
gem 'sinatra', '3.1.0'
|
83
|
-
gem 'slack-ruby-client', '2.
|
83
|
+
gem 'slack-ruby-client', '2.2.0'
|
84
84
|
gem 'socksify', '1.7.1'
|
85
85
|
gem 'spreadsheet', '1.3.0'
|
86
|
-
gem 'sqlite3', '1.6.
|
86
|
+
gem 'sqlite3', '1.6.6'
|
87
87
|
gem 'thin', '1.8.2'
|
88
88
|
gem 'tty-prompt', '0.23.1'
|
89
89
|
gem 'tty-spinner', '0.9.3'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.912]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.912]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
@@ -66,7 +66,7 @@ Additional documentation on using PWN can be found on [RubyGems.org](https://www
|
|
66
66
|
I hope you enjoy PWN and remember...ensure you always have permission prior to carrying out any sort of hacktivities. Now - go pwn all the things!
|
67
67
|
|
68
68
|
### **Keep Us Caffeinated** ###
|
69
|
-
If you've found this
|
69
|
+
If you've found this project useful and you're interested in supporting our efforts, we invite you to take a brief moment to keep us caffeinated:
|
70
70
|
|
71
71
|
[![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/0dayinc)
|
72
72
|
|
data/bin/pwn_bdba_scan
CHANGED
@@ -28,6 +28,14 @@ OptionParser.new do |options|
|
|
28
28
|
opts[:report_path] = r
|
29
29
|
end
|
30
30
|
|
31
|
+
options.on('-q', '--queue-timeout', '<Optional - Duration in Seconds for a File to Remain in Queue Prior to Aborting (Default: 5_400)>') do |q|
|
32
|
+
opts[:queue_timeout] = q
|
33
|
+
end
|
34
|
+
|
35
|
+
options.on('-a', '--scan-attempts', '<Optional - Number of Attempts to Scan a File if the Scan was Aborted Due to Queue Timeouts (Default: 3)>') do |a|
|
36
|
+
opts[:scan_attempts] = a
|
37
|
+
end
|
38
|
+
|
31
39
|
options.on('-R', '--report-only', '<Optional - Only Generate a Black Duck Binary Analysis Scan Report for an Existing Scan (Default: false)>') do |o|
|
32
40
|
opts[:report_only] = o
|
33
41
|
end
|
@@ -46,6 +54,7 @@ if opts.empty?
|
|
46
54
|
exit 1
|
47
55
|
end
|
48
56
|
|
57
|
+
abort_total = 0
|
49
58
|
begin
|
50
59
|
pwn_provider = 'ruby-gem'
|
51
60
|
pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
|
@@ -67,6 +76,10 @@ begin
|
|
67
76
|
report_path = opts[:report_path]
|
68
77
|
raise "ERROR: BDBA Report Path Not Provided: #{report_path}" if report_path.nil?
|
69
78
|
|
79
|
+
queue_timeout = opts[:queue_timeout] ||= 5_400
|
80
|
+
|
81
|
+
scan_attempts = opts[:scan_attempts] ||= 3
|
82
|
+
|
70
83
|
report_only = opts[:report_only] ||= false
|
71
84
|
|
72
85
|
report_type_str = opts[:report_type] ||= 'csv_vulns'
|
@@ -95,7 +108,9 @@ begin
|
|
95
108
|
break if scan_progress_resp[:products].none? { |p| p[:status] == 'B' } || report_only
|
96
109
|
|
97
110
|
# Cancel queued scan if it's been queued for more than 90 minutes
|
98
|
-
if scan_progress_busy_duration >
|
111
|
+
if scan_progress_busy_duration > queue_timeout.to_i
|
112
|
+
abort_total += 1
|
113
|
+
puts "Scan Queued for More than #{queue_timeout} Seconds. Aborting and Re-Queuing."
|
99
114
|
scan_progress_resp[:products].select { |p| p[:status] == 'B' }.each do |p|
|
100
115
|
puts "Abort Queued Scan: #{p[:name]}"
|
101
116
|
PWN::Plugins::BlackDuckBinaryAnalysis.abort_product_scan(
|
@@ -103,6 +118,9 @@ begin
|
|
103
118
|
product_id: p[:product_id]
|
104
119
|
)
|
105
120
|
end
|
121
|
+
|
122
|
+
retry if abort_total <= scan_attempts.to_i
|
123
|
+
|
106
124
|
raise "ERROR: BDBA Scan Queued for More than 90 Minutes: #{target_file}"
|
107
125
|
end
|
108
126
|
|
data/lib/pwn/version.rb
CHANGED
data/packer/provisioners/vim.sh
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
print 'Updating Metasploit...'
|
5
|
-
metasploit_root = '/opt/metasploit-framework-dev
|
5
|
+
metasploit_root = '/opt/metasploit-framework-dev'
|
6
6
|
puts `sudo /bin/bash --login -c "cd #{metasploit_root} && rm Gemfile.lock && git pull"`
|
7
7
|
metasploit_ruby_version = File.readlines("#{metasploit_root}/.ruby-version")[0].to_s.scrub.strip.chomp
|
8
8
|
puts `
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.912
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-09-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 7.0.
|
19
|
+
version: 7.0.8
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 7.0.
|
26
|
+
version: 7.0.8
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: anemone
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - ">="
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 2.4.
|
117
|
+
version: 2.4.20
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - ">="
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 2.4.
|
124
|
+
version: 2.4.20
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: bundler-audit
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -240,14 +240,14 @@ dependencies:
|
|
240
240
|
requirements:
|
241
241
|
- - '='
|
242
242
|
- !ruby/object:Gem::Version
|
243
|
-
version: 1.
|
243
|
+
version: 1.16.2
|
244
244
|
type: :runtime
|
245
245
|
prerelease: false
|
246
246
|
version_requirements: !ruby/object:Gem::Requirement
|
247
247
|
requirements:
|
248
248
|
- - '='
|
249
249
|
- !ruby/object:Gem::Version
|
250
|
-
version: 1.
|
250
|
+
version: 1.16.2
|
251
251
|
- !ruby/object:Gem::Dependency
|
252
252
|
name: fftw3
|
253
253
|
requirement: !ruby/object:Gem::Requirement
|
@@ -506,14 +506,14 @@ dependencies:
|
|
506
506
|
requirements:
|
507
507
|
- - '='
|
508
508
|
- !ruby/object:Gem::Version
|
509
|
-
version: 0.
|
509
|
+
version: 0.4.0
|
510
510
|
type: :runtime
|
511
511
|
prerelease: false
|
512
512
|
version_requirements: !ruby/object:Gem::Requirement
|
513
513
|
requirements:
|
514
514
|
- - '='
|
515
515
|
- !ruby/object:Gem::Version
|
516
|
-
version: 0.
|
516
|
+
version: 0.4.0
|
517
517
|
- !ruby/object:Gem::Dependency
|
518
518
|
name: nexpose
|
519
519
|
requirement: !ruby/object:Gem::Requirement
|
@@ -632,14 +632,14 @@ dependencies:
|
|
632
632
|
requirements:
|
633
633
|
- - '='
|
634
634
|
- !ruby/object:Gem::Version
|
635
|
-
version: 1.5.
|
635
|
+
version: 1.5.4
|
636
636
|
type: :runtime
|
637
637
|
prerelease: false
|
638
638
|
version_requirements: !ruby/object:Gem::Requirement
|
639
639
|
requirements:
|
640
640
|
- - '='
|
641
641
|
- !ruby/object:Gem::Version
|
642
|
-
version: 1.5.
|
642
|
+
version: 1.5.4
|
643
643
|
- !ruby/object:Gem::Dependency
|
644
644
|
name: pry
|
645
645
|
requirement: !ruby/object:Gem::Requirement
|
@@ -814,14 +814,14 @@ dependencies:
|
|
814
814
|
requirements:
|
815
815
|
- - '='
|
816
816
|
- !ruby/object:Gem::Version
|
817
|
-
version: 1.56.
|
817
|
+
version: 1.56.3
|
818
818
|
type: :runtime
|
819
819
|
prerelease: false
|
820
820
|
version_requirements: !ruby/object:Gem::Requirement
|
821
821
|
requirements:
|
822
822
|
- - '='
|
823
823
|
- !ruby/object:Gem::Version
|
824
|
-
version: 1.56.
|
824
|
+
version: 1.56.3
|
825
825
|
- !ruby/object:Gem::Dependency
|
826
826
|
name: rubocop-rake
|
827
827
|
requirement: !ruby/object:Gem::Requirement
|
@@ -842,14 +842,14 @@ dependencies:
|
|
842
842
|
requirements:
|
843
843
|
- - '='
|
844
844
|
- !ruby/object:Gem::Version
|
845
|
-
version: 2.
|
845
|
+
version: 2.24.1
|
846
846
|
type: :runtime
|
847
847
|
prerelease: false
|
848
848
|
version_requirements: !ruby/object:Gem::Requirement
|
849
849
|
requirements:
|
850
850
|
- - '='
|
851
851
|
- !ruby/object:Gem::Version
|
852
|
-
version: 2.
|
852
|
+
version: 2.24.1
|
853
853
|
- !ruby/object:Gem::Dependency
|
854
854
|
name: ruby-audio
|
855
855
|
requirement: !ruby/object:Gem::Requirement
|
@@ -870,14 +870,14 @@ dependencies:
|
|
870
870
|
requirements:
|
871
871
|
- - '='
|
872
872
|
- !ruby/object:Gem::Version
|
873
|
-
version: 1.0.
|
873
|
+
version: 1.0.2
|
874
874
|
type: :runtime
|
875
875
|
prerelease: false
|
876
876
|
version_requirements: !ruby/object:Gem::Requirement
|
877
877
|
requirements:
|
878
878
|
- - '='
|
879
879
|
- !ruby/object:Gem::Version
|
880
|
-
version: 1.0.
|
880
|
+
version: 1.0.2
|
881
881
|
- !ruby/object:Gem::Dependency
|
882
882
|
name: ruby-saml
|
883
883
|
requirement: !ruby/object:Gem::Requirement
|
@@ -926,14 +926,14 @@ dependencies:
|
|
926
926
|
requirements:
|
927
927
|
- - '='
|
928
928
|
- !ruby/object:Gem::Version
|
929
|
-
version: 0.
|
929
|
+
version: 0.117.0
|
930
930
|
type: :runtime
|
931
931
|
prerelease: false
|
932
932
|
version_requirements: !ruby/object:Gem::Requirement
|
933
933
|
requirements:
|
934
934
|
- - '='
|
935
935
|
- !ruby/object:Gem::Version
|
936
|
-
version: 0.
|
936
|
+
version: 0.117.0
|
937
937
|
- !ruby/object:Gem::Dependency
|
938
938
|
name: serialport
|
939
939
|
requirement: !ruby/object:Gem::Requirement
|
@@ -968,14 +968,14 @@ dependencies:
|
|
968
968
|
requirements:
|
969
969
|
- - '='
|
970
970
|
- !ruby/object:Gem::Version
|
971
|
-
version: 2.
|
971
|
+
version: 2.2.0
|
972
972
|
type: :runtime
|
973
973
|
prerelease: false
|
974
974
|
version_requirements: !ruby/object:Gem::Requirement
|
975
975
|
requirements:
|
976
976
|
- - '='
|
977
977
|
- !ruby/object:Gem::Version
|
978
|
-
version: 2.
|
978
|
+
version: 2.2.0
|
979
979
|
- !ruby/object:Gem::Dependency
|
980
980
|
name: socksify
|
981
981
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1010,14 +1010,14 @@ dependencies:
|
|
1010
1010
|
requirements:
|
1011
1011
|
- - '='
|
1012
1012
|
- !ruby/object:Gem::Version
|
1013
|
-
version: 1.6.
|
1013
|
+
version: 1.6.6
|
1014
1014
|
type: :runtime
|
1015
1015
|
prerelease: false
|
1016
1016
|
version_requirements: !ruby/object:Gem::Requirement
|
1017
1017
|
requirements:
|
1018
1018
|
- - '='
|
1019
1019
|
- !ruby/object:Gem::Version
|
1020
|
-
version: 1.6.
|
1020
|
+
version: 1.6.6
|
1021
1021
|
- !ruby/object:Gem::Dependency
|
1022
1022
|
name: thin
|
1023
1023
|
requirement: !ruby/object:Gem::Requirement
|
@@ -2179,7 +2179,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
2179
2179
|
- !ruby/object:Gem::Version
|
2180
2180
|
version: '0'
|
2181
2181
|
requirements: []
|
2182
|
-
rubygems_version: 3.4.
|
2182
|
+
rubygems_version: 3.4.20
|
2183
2183
|
signing_key:
|
2184
2184
|
specification_version: 4
|
2185
2185
|
summary: Automated Security Testing for CI/CD Pipelines & Beyond
|