pwn 0.5.155 → 0.5.156

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 750d1cd0053f38007697365f5dfbbbb8558623c4ba39230ace21d7ad85f37cad
-  data.tar.gz: e4d657864bb71497616619da64b73e2c2fa782ea11a3ade500cecea53cfae7a7
+  metadata.gz: 47f160c73c391cf48bd0a847d0031d342ef79b77575e86872153105905072141
+  data.tar.gz: 7c71dc97fd8e8e4e99584ab8bbb97363d46a2edd6786f2bb8e4ee9bd7c0b16cb
 SHA512:
-  metadata.gz: '0928635402765a9b79f4d324cc62efafcce43ff7ad5d7ccac30aa98ba34ead97cf3ff8a81b15e2a8faae3f5f59331f56e2c25837900110b3b8766854cad22962'
-  data.tar.gz: 1d48dcb220d837be65cd697e9e78e2cdf53a5f6e0a44365b39ccbfe4e0eacfaee576f9da301ac6b23f4cf4c3f93cd01cb7d3023166a5a674062f81b16cc9073e
+  metadata.gz: 55c9643d11b525ef375396f51354e2356363567de4ca1b9e0d9ea9281ff2af58698bd819a38f1e8b0c7212b03012403257c5e4622ae16e7ee018a36e1d66c7e1
+  data.tar.gz: c67b6fe7fbf5966d2630c4a0e99f254e58e6b09a6b15cad13a79897f9ab42c0f2efb7147547c70b4663e0f830af672d72859abc50e64e54b51ad999c4a33220b

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.155]:001 >>> PWN.help
+pwn[v0.5.156]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.155]:001 >>> PWN.help
+pwn[v0.5.156]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.155]:001 >>> PWN.help
+pwn[v0.5.156]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/ip_info.rb

@@ -46,12 +46,30 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # is_rfc1918 = PWN::Plugins::IPInfo.check_rfc1918(
+      #   ip: 'required - IP to check'
+      # )
+      public_class_method def self.check_rfc1918(opts = {})
+        ip = opts[:ip].to_s.scrub.strip.chomp
+        ip_obj = IPAddress.valid?(ip) ? IPAddress.parse(ip) : nil
+
+        rfc1918_ranges = [
+          IPAddress('10.0.0.0/8'),     # 10.0.0.0 - 10.255.255.255
+          IPAddress('172.16.0.0/12'),  # 172.16.0.0 - 172.31.255.255
+          IPAddress('192.168.0.0/16')  # 192.168.0.0 - 192.168.255.255
+        ]
+
+        rfc1918_ranges.any? { |range| range.include?(ip_obj) }
+      end
+
       # Supported Method Parameters::
       # ip_info_struc = PWN::Plugins::IPInfo.get(
       #   target: 'required - IP or Host to lookup',
       #   proxy: 'optional - use a proxy',
       #   tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
-      #   skip_api: 'optional - skip the API call'
+      #   skip_api: 'optional - skip the API call',
+      #   dns_server: 'optional - DNS server to use for lookup (default: your default DNS server)'
       # )
 
       public_class_method def self.get(opts = {})
@@ -63,19 +81,29 @@ module PWN
         ip_info_resp = []
         ip_resp_hash = {}
         is_ip = IPAddress.valid?(target)
-
-        begin
-          ip_resp_hash[:hostname] = target
-          target = Resolv.getaddress(target) unless is_ip
-        rescue Resolv::ResolvError
-          target = nil
+        hostname = '' if is_ip
+
+        unless is_ip
+          begin
+            hostname = target
+            dns_server = opts[:dns_server]
+            dns_resolver = Resolv::DNS.new(nameserver: [dns_server]) if dns_server
+            dns_resolver ||= Resolv::DNS.new
+            target = dns_resolver.getaddress(target).to_s
+          rescue Resolv::ResolvError
+            target = nil
+          end
         end
 
         ip_resp_hash = ip_info_rest_call(ip: target, proxy: proxy) unless skip_api
+        is_rfc1918 = check_rfc1918(ip: target)
         ip_resp_hash[:ip] = target
+        ip_resp_hash[:is_rfc1918] = is_rfc1918
+        ip_resp_hash[:hostname] = hostname
+
         ip_info_resp.push(ip_resp_hash) unless target.nil?
 
-        if proxy.nil? && is_ip
+        if proxy.nil?
           ip_info_resp.each do |ip_resp|
             tls_port_avail = PWN::Plugins::Sock.check_port_in_use(
               server_ip: target,
@@ -202,11 +230,16 @@ module PWN
 
       public_class_method def self.help
         puts "USAGE:
+          is_rfc1918 = #{self}.check_rfc1918(
+            ip: 'required - IP to check'
+          )
+
           ip_info_struc = #{self}.get(
             target: 'required - IP or Host to lookup',
             proxy: 'optional - use a proxy',
             tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
-            skip_api: 'optional - skip the API call'
+            skip_api: 'optional - skip the API call',
+            dns_server: 'optional - DNS server to use for lookup (default: your default DNS server)'
           )
 
           #{self}.bruteforce_subdomains(

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.155'
+  VERSION = '0.5.156'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.155
+  version: 0.5.156
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-04 00:00:00.000000000 Z
+date: 2024-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport