pwn 0.5.152 → 0.5.154

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 21607e314af9fff26fdac0bb90c4bbeeb5cf704eab2d9ee7d23eb9f012bfc678
-  data.tar.gz: 66bce5604f136fca916597f20818a7d891e5ccf03089b04a3b66d49b216d907d
+  metadata.gz: cdc176de7f592b5c19650942854e4efa7d0158c835e89ace9f40af31a5a92f90
+  data.tar.gz: 3f756b2f5deb2589c2e9d30068d13b1e460b0e7091cdeae6a0097fa3947e98ce
 SHA512:
-  metadata.gz: c3d99c0ff3a72e858ae99d821ba3c50874cdeca31632cfc8505220b97390e42404b663a999f3d9575e99394e8c8c6babb2dc4e69540522cab4678f58037c657d
-  data.tar.gz: f0ba150c13822bfe93df917e27b714f17fd84d0d1baf50864ac5c29e47ed12e2697f7ba291185d3fa4ae171e075245f744e1145ea486830a0067c1a00af90878
+  metadata.gz: 7a6437ab3cb220bd0c374b9672848646bace31fd6ba283e717a67db97a7826a397a9e8a68d0339f209cffebb55d8e63c918ebd211335b9406961822b2136c715
+  data.tar.gz: 7ece6c1aeb18b7a16d772552717708c0df8b30483547e4080f2f2699173e52b1207b2a2b55ab3856cd077a958e065e89f32bf274d58894799db53b55db6a1939

data/Gemfile

@@ -11,7 +11,7 @@ gemspec
 # In some circumstances custom flags are passed to gems in order
 # to build appropriately.  Defer to ./reinstall_pwn_gemset.sh
 # to review these custom flags (e.g. pg, serialport, etc).
-gem 'activesupport', '7.1.3.3'
+gem 'activesupport', '7.1.3.4'
 gem 'anemone', '0.7.2'
 gem 'authy', '3.0.1'
 gem 'aws-sdk', '3.2.0'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.152]:001 >>> PWN.help
+pwn[v0.5.154]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.152]:001 >>> PWN.help
+pwn[v0.5.154]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.152]:001 >>> PWN.help
+pwn[v0.5.154]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/ip_info.rb

@@ -72,7 +72,7 @@ module PWN
         end
 
         ip_resp_hash = ip_info_rest_call(ip: target, proxy: proxy) unless skip_api
-        ip_resp_hash[:target] = target
+        ip_resp_hash[:ip] = target
         ip_info_resp.push(ip_resp_hash) unless target.nil?
 
         if proxy.nil? && is_ip
@@ -129,7 +129,7 @@ module PWN
       #   parent_domain: 'required - Parent Domain to brute force',
       #   dictionary: 'required - Dictionary to use for subdomain brute force',
       #   max_threads: 'optional - Maximum number of threads to use (default: 10)',
-      #   proxy: 'optional - use a proxy'
+      #   proxy: 'optional - use a proxy',
       #   tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
       #   results_file: 'optional - File to write results to (default: /tmp/parent_domain-timestamp-pwn_bruteforce_subdomains.txt)'
       # )
@@ -142,26 +142,24 @@ module PWN
         raise "ERROR: Dictionary file not found: #{dictionary}" unless File.exist?(dictionary)
 
         max_threads = opts[:max_threads].to_i
-        max_threads = 10 unless max_threads.positive?
+        max_threads = 8 unless max_threads.positive?
 
         proxy = opts[:proxy]
         tls_port = opts[:tls_port]
         timestamp = Time.now.strftime('%Y-%m-%d_%H.%M.%S')
         results_file = opts[:results_file] ||= "/tmp/SUBS.#{parent_domain}-#{timestamp}-pwn_bruteforce_subdomains.txt"
 
+        File.write(results_file, '[')
+
         # Break up dictonary file into sublines and process each subline in a thread
         dict_lines = File.readlines(dictionary).shuffle
-        lines_per_thread = (dict_lines.size / max_threads.to_f).ceil
-        dict_slice = dict_lines.each_slice(lines_per_thread).to_a
-
         mutex = Mutex.new
         PWN::Plugins::ThreadPool.fill(
-          enumerable_array: dict_slice,
+          enumerable_array: dict_lines,
           max_threads: max_threads
         ) do |subline|
           subdomain = subline.to_s.scrub.strip.chomp
-          next if subdomain.empty?
-
+          target = parent_domain if subdomain.empty?
           target = "#{subdomain}.#{parent_domain}"
           ip_info_resp = get(
             target: target,
@@ -169,17 +167,26 @@ module PWN
             tls_port: tls_port,
             skip_api: true
           )
-          puts "TARGET: #{target} RESP: #{ip_info_resp}" if ip_info_resp.empty?
-          puts "TARGET: #{target} RESP:\n#{ip_info_resp}" if ip_info_resp.any?
+          puts "SUBD: #{target} RESP: #{ip_info_resp}" if ip_info_resp.empty?
+          puts "SUBD: #{target} RESP:\n#{ip_info_resp}" if ip_info_resp.any?
 
           mutex.synchronize do
             File.open(results_file, 'a') do |file|
-              file.puts JSON.generate(ip_info_resp) unless ip_info_resp.empty?
+              resp_len = ip_info_resp.length
+              next unless resp_len.positive?
+
+              ip_info_resp.each do |ip_info_hash|
+                file.puts "#{JSON.generate(ip_info_hash)},"
+              end
             end
           end
         end
       rescue StandardError => e
         raise e
+      ensure
+        # Strip trailing comma and close JSON array
+        File.readlines(results_file)[-1].chomp!(',')
+        File.append(results_file, ']')
       end
 
       # Author(s):: 0day Inc. <support@0dayinc.com>
@@ -197,7 +204,17 @@ module PWN
           ip_info_struc = #{self}.get(
             target: 'required - IP or Host to lookup',
             proxy: 'optional - use a proxy',
-            tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.'
+            tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
+            skip_api: 'optional - skip the API call'
+          )
+
+          #{self}.bruteforce_subdomains(
+            parent_domain: 'required - Parent Domain to brute force',
+            dictionary: 'required - Dictionary to use for subdomain brute force',
+            max_threads: 'optional - Maximum number of threads to use (default: 10)',
+            proxy: 'optional - use a proxy',
+            tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
+            results_file: 'optional - File to write results to (default: /tmp/parent_domain-timestamp-pwn_bruteforce_subdomains.txt)'
           )
 
           #{self}.authors

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.152'
+  VERSION = '0.5.154'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.152
+  version: 0.5.154
 platform: ruby
 authors:
 - 0day Inc.
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.1.3.3
+        version: 7.1.3.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.1.3.3
+        version: 7.1.3.4
 - !ruby/object:Gem::Dependency
   name: anemone
   requirement: !ruby/object:Gem::Requirement