pwn 0.5.154 → 0.5.156

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cdc176de7f592b5c19650942854e4efa7d0158c835e89ace9f40af31a5a92f90
-  data.tar.gz: 3f756b2f5deb2589c2e9d30068d13b1e460b0e7091cdeae6a0097fa3947e98ce
+  metadata.gz: 47f160c73c391cf48bd0a847d0031d342ef79b77575e86872153105905072141
+  data.tar.gz: 7c71dc97fd8e8e4e99584ab8bbb97363d46a2edd6786f2bb8e4ee9bd7c0b16cb
 SHA512:
-  metadata.gz: 7a6437ab3cb220bd0c374b9672848646bace31fd6ba283e717a67db97a7826a397a9e8a68d0339f209cffebb55d8e63c918ebd211335b9406961822b2136c715
-  data.tar.gz: 7ece6c1aeb18b7a16d772552717708c0df8b30483547e4080f2f2699173e52b1207b2a2b55ab3856cd077a958e065e89f32bf274d58894799db53b55db6a1939
+  metadata.gz: 55c9643d11b525ef375396f51354e2356363567de4ca1b9e0d9ea9281ff2af58698bd819a38f1e8b0c7212b03012403257c5e4622ae16e7ee018a36e1d66c7e1
+  data.tar.gz: c67b6fe7fbf5966d2630c4a0e99f254e58e6b09a6b15cad13a79897f9ab42c0f2efb7147547c70b4663e0f830af672d72859abc50e64e54b51ad999c4a33220b

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.154]:001 >>> PWN.help
+pwn[v0.5.156]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.154]:001 >>> PWN.help
+pwn[v0.5.156]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.154]:001 >>> PWN.help
+pwn[v0.5.156]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_sast

@@ -117,7 +117,7 @@ begin
       TypeScriptTypeJuggling
       Version
       WindowLocationHash
-    ]
+    ].sort.uniq
   end
 
   if list_test_cases

data/lib/pwn/plugins/ip_info.rb

@@ -46,12 +46,30 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # is_rfc1918 = PWN::Plugins::IPInfo.check_rfc1918(
+      #   ip: 'required - IP to check'
+      # )
+      public_class_method def self.check_rfc1918(opts = {})
+        ip = opts[:ip].to_s.scrub.strip.chomp
+        ip_obj = IPAddress.valid?(ip) ? IPAddress.parse(ip) : nil
+
+        rfc1918_ranges = [
+          IPAddress('10.0.0.0/8'),     # 10.0.0.0 - 10.255.255.255
+          IPAddress('172.16.0.0/12'),  # 172.16.0.0 - 172.31.255.255
+          IPAddress('192.168.0.0/16')  # 192.168.0.0 - 192.168.255.255
+        ]
+
+        rfc1918_ranges.any? { |range| range.include?(ip_obj) }
+      end
+
       # Supported Method Parameters::
       # ip_info_struc = PWN::Plugins::IPInfo.get(
       #   target: 'required - IP or Host to lookup',
       #   proxy: 'optional - use a proxy',
       #   tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
-      #   skip_api: 'optional - skip the API call'
+      #   skip_api: 'optional - skip the API call',
+      #   dns_server: 'optional - DNS server to use for lookup (default: your default DNS server)'
       # )
 
       public_class_method def self.get(opts = {})
@@ -63,19 +81,29 @@ module PWN
         ip_info_resp = []
         ip_resp_hash = {}
         is_ip = IPAddress.valid?(target)
-
-        begin
-          ip_resp_hash[:hostname] = target
-          target = Resolv.getaddress(target) unless is_ip
-        rescue Resolv::ResolvError
-          target = nil
+        hostname = '' if is_ip
+
+        unless is_ip
+          begin
+            hostname = target
+            dns_server = opts[:dns_server]
+            dns_resolver = Resolv::DNS.new(nameserver: [dns_server]) if dns_server
+            dns_resolver ||= Resolv::DNS.new
+            target = dns_resolver.getaddress(target).to_s
+          rescue Resolv::ResolvError
+            target = nil
+          end
         end
 
         ip_resp_hash = ip_info_rest_call(ip: target, proxy: proxy) unless skip_api
+        is_rfc1918 = check_rfc1918(ip: target)
         ip_resp_hash[:ip] = target
+        ip_resp_hash[:is_rfc1918] = is_rfc1918
+        ip_resp_hash[:hostname] = hostname
+
         ip_info_resp.push(ip_resp_hash) unless target.nil?
 
-        if proxy.nil? && is_ip
+        if proxy.nil?
           ip_info_resp.each do |ip_resp|
             tls_port_avail = PWN::Plugins::Sock.check_port_in_use(
               server_ip: target,
@@ -128,7 +156,7 @@ module PWN
       # PWN::Plugins::IPInfo.bruteforce_subdomains(
       #   parent_domain: 'required - Parent Domain to brute force',
       #   dictionary: 'required - Dictionary to use for subdomain brute force',
-      #   max_threads: 'optional - Maximum number of threads to use (default: 10)',
+      #   max_threads: 'optional - Maximum number of threads to use (default: 9)',
       #   proxy: 'optional - use a proxy',
       #   tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
       #   results_file: 'optional - File to write results to (default: /tmp/parent_domain-timestamp-pwn_bruteforce_subdomains.txt)'
@@ -141,15 +169,14 @@ module PWN
         dictionary = opts[:dictionary] ||= default_dictionary
         raise "ERROR: Dictionary file not found: #{dictionary}" unless File.exist?(dictionary)
 
-        max_threads = opts[:max_threads].to_i
-        max_threads = 8 unless max_threads.positive?
+        max_threads = opts[:max_threads]
 
         proxy = opts[:proxy]
         tls_port = opts[:tls_port]
         timestamp = Time.now.strftime('%Y-%m-%d_%H.%M.%S')
         results_file = opts[:results_file] ||= "/tmp/SUBS.#{parent_domain}-#{timestamp}-pwn_bruteforce_subdomains.txt"
 
-        File.write(results_file, '[')
+        File.write(results_file, "[\n")
 
         # Break up dictonary file into sublines and process each subline in a thread
         dict_lines = File.readlines(dictionary).shuffle
@@ -158,17 +185,16 @@ module PWN
           enumerable_array: dict_lines,
           max_threads: max_threads
         ) do |subline|
+          print '.'
           subdomain = subline.to_s.scrub.strip.chomp
           target = parent_domain if subdomain.empty?
-          target = "#{subdomain}.#{parent_domain}"
+          target = "#{subdomain}.#{parent_domain}" unless subdomain.empty?
           ip_info_resp = get(
             target: target,
             proxy: proxy,
             tls_port: tls_port,
             skip_api: true
           )
-          puts "SUBD: #{target} RESP: #{ip_info_resp}" if ip_info_resp.empty?
-          puts "SUBD: #{target} RESP:\n#{ip_info_resp}" if ip_info_resp.any?
 
           mutex.synchronize do
             File.open(results_file, 'a') do |file|
@@ -185,8 +211,11 @@ module PWN
         raise e
       ensure
         # Strip trailing comma and close JSON array
-        File.readlines(results_file)[-1].chomp!(',')
-        File.append(results_file, ']')
+        final_results = File.readlines(results_file)
+        # Strip trailing comma from last line
+        last_line = final_results[-1][0..-2]
+        final_results[-1] = last_line
+        File.write(results_file, "#{final_results.join}\n]")
       end
 
       # Author(s):: 0day Inc. <support@0dayinc.com>
@@ -201,17 +230,22 @@ module PWN
 
       public_class_method def self.help
         puts "USAGE:
+          is_rfc1918 = #{self}.check_rfc1918(
+            ip: 'required - IP to check'
+          )
+
           ip_info_struc = #{self}.get(
             target: 'required - IP or Host to lookup',
             proxy: 'optional - use a proxy',
             tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
-            skip_api: 'optional - skip the API call'
+            skip_api: 'optional - skip the API call',
+            dns_server: 'optional - DNS server to use for lookup (default: your default DNS server)'
           )
 
           #{self}.bruteforce_subdomains(
             parent_domain: 'required - Parent Domain to brute force',
             dictionary: 'required - Dictionary to use for subdomain brute force',
-            max_threads: 'optional - Maximum number of threads to use (default: 10)',
+            max_threads: 'optional - Maximum number of threads to use (default: 9)',
             proxy: 'optional - use a proxy',
             tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
             results_file: 'optional - File to write results to (default: /tmp/parent_domain-timestamp-pwn_bruteforce_subdomains.txt)'

data/lib/pwn/plugins/thread_pool.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'concurrent-ruby'
+
 module PWN
   module Plugins
     # This plugin makes the creation of a thread pool much simpler.
@@ -27,34 +29,54 @@ module PWN
         detach = opts[:detach] ||= false
 
         puts "Initiating Thread Pool of #{max_threads} Worker Threads...."
-        queue = SizedQueue.new(max_threads)
-        threads = Array.new(max_threads) do
-          Thread.new do
-            until (this_thread = queue.pop) == :POOL_EXHAUSTED
-              yield this_thread
-            end
-          end
-        end
-
-        enumerable_array.uniq.sort.each do |this_thread|
-          queue << this_thread
-        end
+        pool = Concurrent::FixedThreadPool.new(max_threads)
 
-        max_threads.times do
-          queue << :POOL_EXHAUSTED
+        enumerable_array.each do |this_thread|
+          pool.post do
+            yield this_thread
+          end
         end
 
-        if detach
-          puts 'Detaching from thread pool...'
-        else
-          threads.each(&:join)
-        end
+        pool.shutdown
+        pool.wait_for_termination unless detach
       rescue Interrupt
         puts "\nGoodbye."
       rescue StandardError => e
+        puts e.backtrace
         raise e
       end
 
+      # public_class_method def self.fill(opts = {})
+      #   enumerable_array = opts[:enumerable_array]
+      #   max_threads = opts[:max_threads].to_i
+      #   max_threads = 9 if max_threads.zero?
+      #   detach = opts[:detach] ||= false
+
+      #   puts "Initiating Thread Pool of #{max_threads} Worker Threads...."
+      #   queue = SizedQueue.new(max_threads)
+      #   threads = Array.new(max_threads) do
+      #     Thread.new do
+      #       until (this_thread = queue.pop) == :POOL_EXHAUSTED
+      #         yield this_thread
+      #       end
+      #     end
+      #   end
+
+      #   enumerable_array.uniq.each do |this_thread|
+      #     queue << this_thread
+      #   end
+
+      #   max_threads.times do
+      #     queue << :POOL_EXHAUSTED
+      #   end
+
+      #   threads.each(&:join) unless detach
+      # rescue Interrupt
+      #   puts "\nGoodbye."
+      # rescue StandardError => e
+      #   raise e
+      # end
+
       # Author(s):: 0day Inc. <support@0dayinc.com>
 
       public_class_method def self.authors

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.154'
+  VERSION = '0.5.156'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.154
+  version: 0.5.156
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-04 00:00:00.000000000 Z
+date: 2024-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport