pwn 0.5.152 → 0.5.154
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +3 -3
- data/lib/pwn/plugins/ip_info.rb +30 -13
- data/lib/pwn/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cdc176de7f592b5c19650942854e4efa7d0158c835e89ace9f40af31a5a92f90
|
|
4
|
+
data.tar.gz: 3f756b2f5deb2589c2e9d30068d13b1e460b0e7091cdeae6a0097fa3947e98ce
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7a6437ab3cb220bd0c374b9672848646bace31fd6ba283e717a67db97a7826a397a9e8a68d0339f209cffebb55d8e63c918ebd211335b9406961822b2136c715
|
|
7
|
+
data.tar.gz: 7ece6c1aeb18b7a16d772552717708c0df8b30483547e4080f2f2699173e52b1207b2a2b55ab3856cd077a958e065e89f32bf274d58894799db53b55db6a1939
|
data/Gemfile
CHANGED
|
@@ -11,7 +11,7 @@ gemspec
|
|
|
11
11
|
# In some circumstances custom flags are passed to gems in order
|
|
12
12
|
# to build appropriately. Defer to ./reinstall_pwn_gemset.sh
|
|
13
13
|
# to review these custom flags (e.g. pg, serialport, etc).
|
|
14
|
-
gem 'activesupport', '7.1.3.
|
|
14
|
+
gem 'activesupport', '7.1.3.4'
|
|
15
15
|
gem 'anemone', '0.7.2'
|
|
16
16
|
gem 'authy', '3.0.1'
|
|
17
17
|
gem 'aws-sdk', '3.2.0'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.154]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.1@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.154]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.1@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.154]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/lib/pwn/plugins/ip_info.rb
CHANGED
|
@@ -72,7 +72,7 @@ module PWN
|
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
ip_resp_hash = ip_info_rest_call(ip: target, proxy: proxy) unless skip_api
|
|
75
|
-
ip_resp_hash[:
|
|
75
|
+
ip_resp_hash[:ip] = target
|
|
76
76
|
ip_info_resp.push(ip_resp_hash) unless target.nil?
|
|
77
77
|
|
|
78
78
|
if proxy.nil? && is_ip
|
|
@@ -129,7 +129,7 @@ module PWN
|
|
|
129
129
|
# parent_domain: 'required - Parent Domain to brute force',
|
|
130
130
|
# dictionary: 'required - Dictionary to use for subdomain brute force',
|
|
131
131
|
# max_threads: 'optional - Maximum number of threads to use (default: 10)',
|
|
132
|
-
# proxy: 'optional - use a proxy'
|
|
132
|
+
# proxy: 'optional - use a proxy',
|
|
133
133
|
# tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
|
|
134
134
|
# results_file: 'optional - File to write results to (default: /tmp/parent_domain-timestamp-pwn_bruteforce_subdomains.txt)'
|
|
135
135
|
# )
|
|
@@ -142,26 +142,24 @@ module PWN
|
|
|
142
142
|
raise "ERROR: Dictionary file not found: #{dictionary}" unless File.exist?(dictionary)
|
|
143
143
|
|
|
144
144
|
max_threads = opts[:max_threads].to_i
|
|
145
|
-
max_threads =
|
|
145
|
+
max_threads = 8 unless max_threads.positive?
|
|
146
146
|
|
|
147
147
|
proxy = opts[:proxy]
|
|
148
148
|
tls_port = opts[:tls_port]
|
|
149
149
|
timestamp = Time.now.strftime('%Y-%m-%d_%H.%M.%S')
|
|
150
150
|
results_file = opts[:results_file] ||= "/tmp/SUBS.#{parent_domain}-#{timestamp}-pwn_bruteforce_subdomains.txt"
|
|
151
151
|
|
|
152
|
+
File.write(results_file, '[')
|
|
153
|
+
|
|
152
154
|
# Break up dictonary file into sublines and process each subline in a thread
|
|
153
155
|
dict_lines = File.readlines(dictionary).shuffle
|
|
154
|
-
lines_per_thread = (dict_lines.size / max_threads.to_f).ceil
|
|
155
|
-
dict_slice = dict_lines.each_slice(lines_per_thread).to_a
|
|
156
|
-
|
|
157
156
|
mutex = Mutex.new
|
|
158
157
|
PWN::Plugins::ThreadPool.fill(
|
|
159
|
-
enumerable_array:
|
|
158
|
+
enumerable_array: dict_lines,
|
|
160
159
|
max_threads: max_threads
|
|
161
160
|
) do |subline|
|
|
162
161
|
subdomain = subline.to_s.scrub.strip.chomp
|
|
163
|
-
|
|
164
|
-
|
|
162
|
+
target = parent_domain if subdomain.empty?
|
|
165
163
|
target = "#{subdomain}.#{parent_domain}"
|
|
166
164
|
ip_info_resp = get(
|
|
167
165
|
target: target,
|
|
@@ -169,17 +167,26 @@ module PWN
|
|
|
169
167
|
tls_port: tls_port,
|
|
170
168
|
skip_api: true
|
|
171
169
|
)
|
|
172
|
-
puts "
|
|
173
|
-
puts "
|
|
170
|
+
puts "SUBD: #{target} RESP: #{ip_info_resp}" if ip_info_resp.empty?
|
|
171
|
+
puts "SUBD: #{target} RESP:\n#{ip_info_resp}" if ip_info_resp.any?
|
|
174
172
|
|
|
175
173
|
mutex.synchronize do
|
|
176
174
|
File.open(results_file, 'a') do |file|
|
|
177
|
-
|
|
175
|
+
resp_len = ip_info_resp.length
|
|
176
|
+
next unless resp_len.positive?
|
|
177
|
+
|
|
178
|
+
ip_info_resp.each do |ip_info_hash|
|
|
179
|
+
file.puts "#{JSON.generate(ip_info_hash)},"
|
|
180
|
+
end
|
|
178
181
|
end
|
|
179
182
|
end
|
|
180
183
|
end
|
|
181
184
|
rescue StandardError => e
|
|
182
185
|
raise e
|
|
186
|
+
ensure
|
|
187
|
+
# Strip trailing comma and close JSON array
|
|
188
|
+
File.readlines(results_file)[-1].chomp!(',')
|
|
189
|
+
File.append(results_file, ']')
|
|
183
190
|
end
|
|
184
191
|
|
|
185
192
|
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
@@ -197,7 +204,17 @@ module PWN
|
|
|
197
204
|
ip_info_struc = #{self}.get(
|
|
198
205
|
target: 'required - IP or Host to lookup',
|
|
199
206
|
proxy: 'optional - use a proxy',
|
|
200
|
-
tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.'
|
|
207
|
+
tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
|
|
208
|
+
skip_api: 'optional - skip the API call'
|
|
209
|
+
)
|
|
210
|
+
|
|
211
|
+
#{self}.bruteforce_subdomains(
|
|
212
|
+
parent_domain: 'required - Parent Domain to brute force',
|
|
213
|
+
dictionary: 'required - Dictionary to use for subdomain brute force',
|
|
214
|
+
max_threads: 'optional - Maximum number of threads to use (default: 10)',
|
|
215
|
+
proxy: 'optional - use a proxy',
|
|
216
|
+
tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
|
|
217
|
+
results_file: 'optional - File to write results to (default: /tmp/parent_domain-timestamp-pwn_bruteforce_subdomains.txt)'
|
|
201
218
|
)
|
|
202
219
|
|
|
203
220
|
#{self}.authors
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.154
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 7.1.3.
|
|
19
|
+
version: 7.1.3.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 7.1.3.
|
|
26
|
+
version: 7.1.3.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: anemone
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|