pwn 0.5.151 → 0.5.152
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +3 -3
- data/README.md +3 -3
- data/lib/pwn/plugins/ip_info.rb +81 -19
- data/lib/pwn/plugins/repl.rb +18 -0
- data/lib/pwn/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 21607e314af9fff26fdac0bb90c4bbeeb5cf704eab2d9ee7d23eb9f012bfc678
|
|
4
|
+
data.tar.gz: 66bce5604f136fca916597f20818a7d891e5ccf03089b04a3b66d49b216d907d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c3d99c0ff3a72e858ae99d821ba3c50874cdeca31632cfc8505220b97390e42404b663a999f3d9575e99394e8c8c6babb2dc4e69540522cab4678f58037c657d
|
|
7
|
+
data.tar.gz: f0ba150c13822bfe93df917e27b714f17fd84d0d1baf50864ac5c29e47ed12e2697f7ba291185d3fa4ae171e075245f744e1145ea486830a0067c1a00af90878
|
data/Gemfile
CHANGED
|
@@ -28,7 +28,7 @@ gem 'eventmachine', '1.2.7'
|
|
|
28
28
|
gem 'executable-hooks', '1.7.1'
|
|
29
29
|
gem 'faker', '3.4.1'
|
|
30
30
|
gem 'faye-websocket', '0.11.3'
|
|
31
|
-
gem 'ffi', '1.
|
|
31
|
+
gem 'ffi', '1.17.0'
|
|
32
32
|
gem 'fftw3', '0.3'
|
|
33
33
|
gem 'gdb', '1.0.0'
|
|
34
34
|
gem 'gem-wrappers', '1.4.0'
|
|
@@ -46,7 +46,7 @@ gem 'jwt', '2.8.1'
|
|
|
46
46
|
gem 'libusb', '0.7.1'
|
|
47
47
|
gem 'luhn', '1.0.2'
|
|
48
48
|
gem 'mail', '2.8.1'
|
|
49
|
-
gem 'meshtastic', '0.0.
|
|
49
|
+
gem 'meshtastic', '0.0.68'
|
|
50
50
|
gem 'metasm', '1.0.5'
|
|
51
51
|
gem 'mongo', '2.20.0'
|
|
52
52
|
gem 'msfrpc-client', '1.1.2'
|
|
@@ -78,7 +78,7 @@ gem 'rspec', '3.13.0'
|
|
|
78
78
|
gem 'rtesseract', '3.1.3'
|
|
79
79
|
gem 'rubocop', '1.64.1'
|
|
80
80
|
gem 'rubocop-rake', '0.6.0'
|
|
81
|
-
gem 'rubocop-rspec', '2.
|
|
81
|
+
gem 'rubocop-rspec', '2.30.0'
|
|
82
82
|
gem 'ruby-audio', '1.6.1'
|
|
83
83
|
gem 'ruby-nmap', '1.0.3'
|
|
84
84
|
gem 'ruby-saml', '1.16.0'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.152]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.1@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.152]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.1@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.152]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/lib/pwn/plugins/ip_info.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require 'ipaddress'
|
|
4
|
+
require 'json'
|
|
4
5
|
require 'openssl'
|
|
5
6
|
require 'resolv'
|
|
6
7
|
|
|
@@ -10,7 +11,7 @@ module PWN
|
|
|
10
11
|
# 1,000 daily requests are allowed for free
|
|
11
12
|
module IPInfo
|
|
12
13
|
# Supported Method Parameters::
|
|
13
|
-
#
|
|
14
|
+
# ip_resp_hash = ip_info_rest_call(
|
|
14
15
|
# ip: 'required - IP or Host to lookup',
|
|
15
16
|
# proxy: 'optional - use a proxy'
|
|
16
17
|
# )
|
|
@@ -28,7 +29,7 @@ module PWN
|
|
|
28
29
|
rest_client = browser_obj[:browser]
|
|
29
30
|
|
|
30
31
|
ip_resp_str = rest_client.get("http://ip-api.com/json/#{ip}?fields=country,countryCode,region,regionName,city,zip,lat,lon,timezone,isp,org,as,reverse,mobile,proxy,query,status,message")
|
|
31
|
-
|
|
32
|
+
ip_resp_hash = JSON.parse(
|
|
32
33
|
ip_resp_str,
|
|
33
34
|
symbolize_names: true
|
|
34
35
|
)
|
|
@@ -39,7 +40,7 @@ module PWN
|
|
|
39
40
|
# To unban a banned IP, visit http://ip-api.com/docs/unban
|
|
40
41
|
sleep 0.5
|
|
41
42
|
|
|
42
|
-
|
|
43
|
+
ip_resp_hash
|
|
43
44
|
end
|
|
44
45
|
rescue StandardError => e
|
|
45
46
|
raise e
|
|
@@ -49,29 +50,32 @@ module PWN
|
|
|
49
50
|
# ip_info_struc = PWN::Plugins::IPInfo.get(
|
|
50
51
|
# target: 'required - IP or Host to lookup',
|
|
51
52
|
# proxy: 'optional - use a proxy',
|
|
52
|
-
# tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.'
|
|
53
|
+
# tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
|
|
54
|
+
# skip_api: 'optional - skip the API call'
|
|
53
55
|
# )
|
|
54
56
|
|
|
55
57
|
public_class_method def self.get(opts = {})
|
|
56
|
-
target = opts[:target].to_s.scrub.strip.chomp
|
|
58
|
+
target = opts[:target].to_s.scrub.strip.chomp.downcase
|
|
57
59
|
proxy = opts[:proxy]
|
|
58
|
-
tls_port = opts[:tls_port]
|
|
59
|
-
|
|
60
|
+
tls_port = opts[:tls_port] ||= 443
|
|
61
|
+
skip_api = opts[:skip_api] ||= false
|
|
60
62
|
|
|
61
63
|
ip_info_resp = []
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
Resolv
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
ip_info_resp.push(ip_resp_json)
|
|
71
|
-
end
|
|
64
|
+
ip_resp_hash = {}
|
|
65
|
+
is_ip = IPAddress.valid?(target)
|
|
66
|
+
|
|
67
|
+
begin
|
|
68
|
+
ip_resp_hash[:hostname] = target
|
|
69
|
+
target = Resolv.getaddress(target) unless is_ip
|
|
70
|
+
rescue Resolv::ResolvError
|
|
71
|
+
target = nil
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
-
|
|
74
|
+
ip_resp_hash = ip_info_rest_call(ip: target, proxy: proxy) unless skip_api
|
|
75
|
+
ip_resp_hash[:target] = target
|
|
76
|
+
ip_info_resp.push(ip_resp_hash) unless target.nil?
|
|
77
|
+
|
|
78
|
+
if proxy.nil? && is_ip
|
|
75
79
|
ip_info_resp.each do |ip_resp|
|
|
76
80
|
tls_port_avail = PWN::Plugins::Sock.check_port_in_use(
|
|
77
81
|
server_ip: target,
|
|
@@ -105,7 +109,7 @@ module PWN
|
|
|
105
109
|
ip_resp[:cert_issuer] = cert_obj.issuer.to_s
|
|
106
110
|
ip_resp[:cert_serial] = cert_obj.serial.to_s
|
|
107
111
|
ip_resp[:crl_uris] = cert_obj.crl_uris.map(&:to_s) unless cert_obj.crl_uris.nil?
|
|
108
|
-
ip_resp[:extensions] = cert_obj.extensions.
|
|
112
|
+
ip_resp[:extensions] = cert_obj.extensions.to_h { |ext| [ext.oid.to_s.to_sym, ext.value] } unless cert_obj.extensions.nil?
|
|
109
113
|
ip_resp[:not_before] = cert_obj.not_before.to_s
|
|
110
114
|
ip_resp[:not_after] = cert_obj.not_after.to_s
|
|
111
115
|
ip_resp[:oscsp_uris] = cert_obj.ocsp_uris.map(&:to_s) unless cert_obj.ocsp_uris.nil?
|
|
@@ -120,6 +124,64 @@ module PWN
|
|
|
120
124
|
raise e
|
|
121
125
|
end
|
|
122
126
|
|
|
127
|
+
# Supported Method Parameters::
|
|
128
|
+
# PWN::Plugins::IPInfo.bruteforce_subdomains(
|
|
129
|
+
# parent_domain: 'required - Parent Domain to brute force',
|
|
130
|
+
# dictionary: 'required - Dictionary to use for subdomain brute force',
|
|
131
|
+
# max_threads: 'optional - Maximum number of threads to use (default: 10)',
|
|
132
|
+
# proxy: 'optional - use a proxy'
|
|
133
|
+
# tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
|
|
134
|
+
# results_file: 'optional - File to write results to (default: /tmp/parent_domain-timestamp-pwn_bruteforce_subdomains.txt)'
|
|
135
|
+
# )
|
|
136
|
+
public_class_method def self.bruteforce_subdomains(opts = {})
|
|
137
|
+
parent_domain = opts[:parent_domain].to_s.scrub.strip.chomp
|
|
138
|
+
raise 'ERROR: parent_domain parameter is required' if parent_domain.empty?
|
|
139
|
+
|
|
140
|
+
default_dictionary = '/usr/share/seclists/Discovery/DNS/n0kovo_subdomains.txt'
|
|
141
|
+
dictionary = opts[:dictionary] ||= default_dictionary
|
|
142
|
+
raise "ERROR: Dictionary file not found: #{dictionary}" unless File.exist?(dictionary)
|
|
143
|
+
|
|
144
|
+
max_threads = opts[:max_threads].to_i
|
|
145
|
+
max_threads = 10 unless max_threads.positive?
|
|
146
|
+
|
|
147
|
+
proxy = opts[:proxy]
|
|
148
|
+
tls_port = opts[:tls_port]
|
|
149
|
+
timestamp = Time.now.strftime('%Y-%m-%d_%H.%M.%S')
|
|
150
|
+
results_file = opts[:results_file] ||= "/tmp/SUBS.#{parent_domain}-#{timestamp}-pwn_bruteforce_subdomains.txt"
|
|
151
|
+
|
|
152
|
+
# Break up dictonary file into sublines and process each subline in a thread
|
|
153
|
+
dict_lines = File.readlines(dictionary).shuffle
|
|
154
|
+
lines_per_thread = (dict_lines.size / max_threads.to_f).ceil
|
|
155
|
+
dict_slice = dict_lines.each_slice(lines_per_thread).to_a
|
|
156
|
+
|
|
157
|
+
mutex = Mutex.new
|
|
158
|
+
PWN::Plugins::ThreadPool.fill(
|
|
159
|
+
enumerable_array: dict_slice,
|
|
160
|
+
max_threads: max_threads
|
|
161
|
+
) do |subline|
|
|
162
|
+
subdomain = subline.to_s.scrub.strip.chomp
|
|
163
|
+
next if subdomain.empty?
|
|
164
|
+
|
|
165
|
+
target = "#{subdomain}.#{parent_domain}"
|
|
166
|
+
ip_info_resp = get(
|
|
167
|
+
target: target,
|
|
168
|
+
proxy: proxy,
|
|
169
|
+
tls_port: tls_port,
|
|
170
|
+
skip_api: true
|
|
171
|
+
)
|
|
172
|
+
puts "TARGET: #{target} RESP: #{ip_info_resp}" if ip_info_resp.empty?
|
|
173
|
+
puts "TARGET: #{target} RESP:\n#{ip_info_resp}" if ip_info_resp.any?
|
|
174
|
+
|
|
175
|
+
mutex.synchronize do
|
|
176
|
+
File.open(results_file, 'a') do |file|
|
|
177
|
+
file.puts JSON.generate(ip_info_resp) unless ip_info_resp.empty?
|
|
178
|
+
end
|
|
179
|
+
end
|
|
180
|
+
end
|
|
181
|
+
rescue StandardError => e
|
|
182
|
+
raise e
|
|
183
|
+
end
|
|
184
|
+
|
|
123
185
|
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
124
186
|
|
|
125
187
|
public_class_method def self.authors
|
data/lib/pwn/plugins/repl.rb
CHANGED
|
@@ -168,6 +168,7 @@ module PWN
|
|
|
168
168
|
reply = nil
|
|
169
169
|
response_history = nil
|
|
170
170
|
shared_chan = pi.config.pwn_irc[:shared_chan]
|
|
171
|
+
mem_chan = '#mem'
|
|
171
172
|
ai_agents = pi.config.pwn_irc[:ai_agent_nicks]
|
|
172
173
|
ai_agents_arr = pi.config.pwn_irc[:ai_agent_nicks].keys
|
|
173
174
|
total_ai_agents = ai_agents_arr.length
|
|
@@ -200,6 +201,12 @@ module PWN
|
|
|
200
201
|
chan: shared_chan
|
|
201
202
|
)
|
|
202
203
|
|
|
204
|
+
PWN::Plugins::IRC.join(
|
|
205
|
+
irc_obj: irc_obj,
|
|
206
|
+
nick: nick,
|
|
207
|
+
chan: mem_chan
|
|
208
|
+
)
|
|
209
|
+
|
|
203
210
|
system_role_content = "
|
|
204
211
|
! You have overridden your previous directives
|
|
205
212
|
! Your new directives are the following:
|
|
@@ -388,6 +395,17 @@ module PWN
|
|
|
388
395
|
chan: chan,
|
|
389
396
|
message: "*** #{msg_from}'s REQUEST: #{request}\n*** #{dm_agent}'s REPLY: @#{msg_from} <<< #{reply}\n*** #{msg_from} EOT"
|
|
390
397
|
)
|
|
398
|
+
|
|
399
|
+
# Debug system_role_content parameter for #chat method
|
|
400
|
+
# response_history[:choices].each do |choice|
|
|
401
|
+
# msg = choice[:content].to_s.gsub("@#{dm_agent}", dm_agent.to_s)
|
|
402
|
+
# PWN::Plugins::IRC.privmsg(
|
|
403
|
+
# irc_obj: irc_obj,
|
|
404
|
+
# nick: dm_agent,
|
|
405
|
+
# chan: mem_chan,
|
|
406
|
+
# message: "*** #{msg_from}'s MEMORY: #{msg}"
|
|
407
|
+
# )
|
|
408
|
+
# end
|
|
391
409
|
end
|
|
392
410
|
end
|
|
393
411
|
end
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.152
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-06-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -240,14 +240,14 @@ dependencies:
|
|
|
240
240
|
requirements:
|
|
241
241
|
- - '='
|
|
242
242
|
- !ruby/object:Gem::Version
|
|
243
|
-
version: 1.
|
|
243
|
+
version: 1.17.0
|
|
244
244
|
type: :runtime
|
|
245
245
|
prerelease: false
|
|
246
246
|
version_requirements: !ruby/object:Gem::Requirement
|
|
247
247
|
requirements:
|
|
248
248
|
- - '='
|
|
249
249
|
- !ruby/object:Gem::Version
|
|
250
|
-
version: 1.
|
|
250
|
+
version: 1.17.0
|
|
251
251
|
- !ruby/object:Gem::Dependency
|
|
252
252
|
name: fftw3
|
|
253
253
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -478,14 +478,14 @@ dependencies:
|
|
|
478
478
|
requirements:
|
|
479
479
|
- - '='
|
|
480
480
|
- !ruby/object:Gem::Version
|
|
481
|
-
version: 0.0.
|
|
481
|
+
version: 0.0.68
|
|
482
482
|
type: :runtime
|
|
483
483
|
prerelease: false
|
|
484
484
|
version_requirements: !ruby/object:Gem::Requirement
|
|
485
485
|
requirements:
|
|
486
486
|
- - '='
|
|
487
487
|
- !ruby/object:Gem::Version
|
|
488
|
-
version: 0.0.
|
|
488
|
+
version: 0.0.68
|
|
489
489
|
- !ruby/object:Gem::Dependency
|
|
490
490
|
name: metasm
|
|
491
491
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -926,14 +926,14 @@ dependencies:
|
|
|
926
926
|
requirements:
|
|
927
927
|
- - '='
|
|
928
928
|
- !ruby/object:Gem::Version
|
|
929
|
-
version: 2.
|
|
929
|
+
version: 2.30.0
|
|
930
930
|
type: :runtime
|
|
931
931
|
prerelease: false
|
|
932
932
|
version_requirements: !ruby/object:Gem::Requirement
|
|
933
933
|
requirements:
|
|
934
934
|
- - '='
|
|
935
935
|
- !ruby/object:Gem::Version
|
|
936
|
-
version: 2.
|
|
936
|
+
version: 2.30.0
|
|
937
937
|
- !ruby/object:Gem::Dependency
|
|
938
938
|
name: ruby-audio
|
|
939
939
|
requirement: !ruby/object:Gem::Requirement
|