pwn 0.4.954 → 0.4.955
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www/hacker_one.rb +134 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 79f511213547613e95b15321c881eb7a7b8a6e423d91b3082a8e03d887dc617b
|
4
|
+
data.tar.gz: c30e67ed860a39ca0d06b55c0054463a743aca7ce6c0ed1b55d58e9d521782e6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ceb5802ae3f13a968f080d75eaf2186bd74ea61a5e3362f832d3e719aa2a4c7dd4c630a8a2ca666089b1584702063ea323daf5c45406977ab3f7b18abcfc2557
|
7
|
+
data.tar.gz: 435995106899a04601ef9140fa998f49fdb4939752ec47d8309c91415c634a5c97d304e6dba650eb6401609eecc508542cbaef56659247aff071f9ce287f8e7a
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
37
37
|
$ ./install.sh
|
38
38
|
$ ./install.sh ruby-gem
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.955]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.955]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
64
64
|
$ pwn
|
65
|
-
pwn[v0.4.
|
65
|
+
pwn[v0.4.955]:001 >>> PWN.help
|
66
66
|
```
|
67
67
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/lib/pwn/version.rb
CHANGED
data/lib/pwn/www/hacker_one.rb
CHANGED
@@ -75,6 +75,135 @@ module PWN
|
|
75
75
|
raise e
|
76
76
|
end
|
77
77
|
|
78
|
+
# Supported Method Parameters::
|
79
|
+
# scope_details = PWN::WWW::HackerOne.get_scope_details(
|
80
|
+
# program_name: 'required - program name from #get_bounty_programs method',
|
81
|
+
# proxy: 'optional - scheme://proxy_host:port || tor'
|
82
|
+
# )
|
83
|
+
|
84
|
+
public_class_method def self.get_scope_details(opts = {})
|
85
|
+
program_name = opts[:program_name]
|
86
|
+
proxy = opts[:proxy]
|
87
|
+
|
88
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(
|
89
|
+
browser_type: :rest,
|
90
|
+
proxy: proxy
|
91
|
+
)
|
92
|
+
rest_client = browser_obj[:browser]
|
93
|
+
rest_request = rest_client::Request
|
94
|
+
|
95
|
+
graphql_endpoint = 'https://hackerone.com/graphql'
|
96
|
+
headers = { content_type: 'application/json' }
|
97
|
+
# NOTE: If you copy this payload to the pwn REPL
|
98
|
+
# the triple dots ... attempt to execute commands
|
99
|
+
# <cough>Pry CE</cough>
|
100
|
+
payload = {
|
101
|
+
operationName: 'PolicySearchStructuredScopesQuery',
|
102
|
+
variables: {
|
103
|
+
handle: program_name,
|
104
|
+
searchString: '',
|
105
|
+
eligibleForSubmission: nil,
|
106
|
+
eligibleForBounty: nil,
|
107
|
+
asmTagIds: [],
|
108
|
+
from: 0,
|
109
|
+
size: 100,
|
110
|
+
sort: {
|
111
|
+
field: 'cvss_score',
|
112
|
+
direction: 'DESC'
|
113
|
+
},
|
114
|
+
product_area: 'h1_assets',
|
115
|
+
product_feature: 'policy_scopes'
|
116
|
+
},
|
117
|
+
query: 'query PolicySearchStructuredScopesQuery(
|
118
|
+
$handle: String!,
|
119
|
+
$searchString: String,
|
120
|
+
$eligibleForSubmission: Boolean,
|
121
|
+
$eligibleForBounty: Boolean,
|
122
|
+
$minSeverityScore: SeverityRatingEnum,
|
123
|
+
$asmTagIds: [Int],
|
124
|
+
$from: Int, $size: Int, $sort: SortInput) {
|
125
|
+
team(handle: $handle) {
|
126
|
+
id
|
127
|
+
structured_scopes_search(
|
128
|
+
search_string: $searchString
|
129
|
+
eligible_for_submission: $eligibleForSubmission
|
130
|
+
eligible_for_bounty: $eligibleForBounty
|
131
|
+
min_severity_score: $minSeverityScore
|
132
|
+
asm_tag_ids: $asmTagIds
|
133
|
+
from: $from
|
134
|
+
size: $size
|
135
|
+
sort: $sort
|
136
|
+
) {
|
137
|
+
nodes {
|
138
|
+
... on StructuredScopeDocument {
|
139
|
+
id
|
140
|
+
...PolicyScopeStructuredScopeDocument
|
141
|
+
__typename
|
142
|
+
}
|
143
|
+
__typename
|
144
|
+
}
|
145
|
+
pageInfo {
|
146
|
+
startCursor
|
147
|
+
hasPreviousPage
|
148
|
+
endCursor
|
149
|
+
hasNextPage
|
150
|
+
__typename
|
151
|
+
}
|
152
|
+
total_count
|
153
|
+
__typename
|
154
|
+
}
|
155
|
+
__typename
|
156
|
+
}
|
157
|
+
}
|
158
|
+
|
159
|
+
fragment PolicyScopeStructuredScopeDocument on StructuredScopeDocument {
|
160
|
+
id
|
161
|
+
identifier
|
162
|
+
display_name
|
163
|
+
instruction
|
164
|
+
cvss_score
|
165
|
+
eligible_for_bounty
|
166
|
+
eligible_for_submission
|
167
|
+
asm_system_tags
|
168
|
+
created_at
|
169
|
+
updated_at
|
170
|
+
attachments {
|
171
|
+
id
|
172
|
+
file_name
|
173
|
+
file_size
|
174
|
+
content_type
|
175
|
+
expiring_url
|
176
|
+
__typename
|
177
|
+
}
|
178
|
+
__typename
|
179
|
+
}
|
180
|
+
'
|
181
|
+
}
|
182
|
+
|
183
|
+
rest_response = rest_request.execute(
|
184
|
+
method: :post,
|
185
|
+
url: graphql_endpoint,
|
186
|
+
headers: headers,
|
187
|
+
payload: payload.to_json.delete("\n"),
|
188
|
+
verify_ssl: false
|
189
|
+
)
|
190
|
+
|
191
|
+
JSON.parse(rest_response.body, symbolize_names: true)
|
192
|
+
rescue RestClient::ExceptionWithResponse => e
|
193
|
+
if e.response
|
194
|
+
puts "HTTP RESPONSE CODE: #{e.response.code}"
|
195
|
+
puts "HTTP RESPONSE HEADERS:\n#{e.response.headers}"
|
196
|
+
puts "HTTP RESPONSE BODY:\n#{e.response.body}\n\n\n"
|
197
|
+
end
|
198
|
+
|
199
|
+
raise e
|
200
|
+
rescue StandardError => e
|
201
|
+
raise e
|
202
|
+
ensure
|
203
|
+
browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj) if browser_obj
|
204
|
+
rest_client = nil if rest_client
|
205
|
+
rest_request = nil if rest_request
|
206
|
+
end
|
78
207
|
# Supported Method Parameters::
|
79
208
|
# PWN::WWW::HackerOne.save_burp_target_config_file(
|
80
209
|
# programs_arr: 'required - array of hashes returned from #get_bounty_programs method',
|
@@ -229,6 +358,11 @@ module PWN
|
|
229
358
|
min_payouts_enabled: 'optional - only display programs where payouts are > $0.00 (defaults to false)'
|
230
359
|
)
|
231
360
|
|
361
|
+
scope_details = PWN::WWW::HackerOne.get_scope_details(
|
362
|
+
program_name: 'required - program name from #get_bounty_programs method',
|
363
|
+
proxy: 'optional - scheme://proxy_host:port || tor'
|
364
|
+
)
|
365
|
+
|
232
366
|
#{self}.save_burp_target_config_file(
|
233
367
|
programs_arr: 'required - array of hashes returned from #get_bounty_programs method',
|
234
368
|
browser_opts: 'optional - opts supported by PWN::Plugins::TransparentBrowser.open method',
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.955
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-01-
|
11
|
+
date: 2024-01-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|