RubyGems - pwn - Versions diffs - 0.5.155 → 0.5.157 - Mend

pwn 0.5.155 → 0.5.157

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 750d1cd0053f38007697365f5dfbbbb8558623c4ba39230ace21d7ad85f37cad
-  data.tar.gz: e4d657864bb71497616619da64b73e2c2fa782ea11a3ade500cecea53cfae7a7
+  metadata.gz: 6fa5c25714856b9ee7de2118ac2da2e6f27380bcbae0e82d448774e6ad260329
+  data.tar.gz: 841310123fcb027c750b7d94b67851c9b9420ea7f79b3ccfc240347280fb4a04
 SHA512:
-  metadata.gz: '0928635402765a9b79f4d324cc62efafcce43ff7ad5d7ccac30aa98ba34ead97cf3ff8a81b15e2a8faae3f5f59331f56e2c25837900110b3b8766854cad22962'
-  data.tar.gz: 1d48dcb220d837be65cd697e9e78e2cdf53a5f6e0a44365b39ccbfe4e0eacfaee576f9da301ac6b23f4cf4c3f93cd01cb7d3023166a5a674062f81b16cc9073e
+  metadata.gz: 4bfcbdcdd0b987a3f8ac1bb90b4f6a687584d1c1269931aca7027cfe542349088416452069f9882c6c2d3287f12ea88f3bbd34d3f2c3c1623ed74a7619adb0f7
+  data.tar.gz: 017f565735be76fb7a1f9e28bcef3be061b2700da2333df5f92162d268db9f224468672814135302f52bcdf2618efcb8a11054b4d3da7f421da8314b1fc4e4cd

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.155]:001 >>> PWN.help
+pwn[v0.5.157]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.155]:001 >>> PWN.help
+pwn[v0.5.157]:001 >>> PWN.help
 ```
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.155]:001 >>> PWN.help
+pwn[v0.5.157]:001 >>> PWN.help
 ```
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/ip_info.rb CHANGED Viewed

@@ -46,12 +46,30 @@ module PWN
         raise e
       end
+      # Supported Method Parameters::
+      # is_rfc1918 = PWN::Plugins::IPInfo.check_rfc1918(
+      #   ip: 'required - IP to check'
+      # )
+      public_class_method def self.check_rfc1918(opts = {})
+        ip = opts[:ip].to_s.scrub.strip.chomp
+        ip_obj = IPAddress.valid?(ip) ? IPAddress.parse(ip) : nil
+        rfc1918_ranges = [
+          IPAddress('10.0.0.0/8'),     # 10.0.0.0 - 10.255.255.255
+          IPAddress('172.16.0.0/12'),  # 172.16.0.0 - 172.31.255.255
+          IPAddress('192.168.0.0/16')  # 192.168.0.0 - 192.168.255.255
+        ]
+        rfc1918_ranges.any? { |range| range.include?(ip_obj) }
+      end
       # Supported Method Parameters::
       # ip_info_struc = PWN::Plugins::IPInfo.get(
       #   target: 'required - IP or Host to lookup',
       #   proxy: 'optional - use a proxy',
       #   tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
-      #   skip_api: 'optional - skip the API call'
+      #   skip_api: 'optional - skip the API call',
+      #   dns_server: 'optional - DNS server to use for lookup (default: your default DNS server)'
       # )
       public_class_method def self.get(opts = {})
@@ -61,24 +79,37 @@ module PWN
         skip_api = opts[:skip_api] ||= false
         ip_info_resp = []
-        ip_resp_hash = {}
         is_ip = IPAddress.valid?(target)
-        begin
-          ip_resp_hash[:hostname] = target
-          target = Resolv.getaddress(target) unless is_ip
-        rescue Resolv::ResolvError
-          target = nil
+        hostname = '' if is_ip
+        target_arr = [target] if is_ip
+        unless is_ip
+          begin
+            hostname = target
+            dns_server = opts[:dns_server]
+            dns_resolver = Resolv::DNS.new(nameserver: [dns_server]) if dns_server
+            dns_resolver ||= Resolv::DNS.new
+            target_arr = dns_resolver.getaddresses(target).map(&:to_s).uniq
+          rescue Resolv::ResolvError
+            target_arr = nil
+          end
         end
-        ip_resp_hash = ip_info_rest_call(ip: target, proxy: proxy) unless skip_api
-        ip_resp_hash[:ip] = target
-        ip_info_resp.push(ip_resp_hash) unless target.nil?
+        target_arr.each do |this_target|
+          ip_resp_hash = ip_info_rest_call(ip: this_target, proxy: proxy) unless skip_api
+          ip_resp_hash ||= {}
+          is_rfc1918 = check_rfc1918(ip: this_target)
+          ip_resp_hash[:ip] = this_target
+          ip_resp_hash[:is_rfc1918] = is_rfc1918
+          ip_resp_hash[:hostname] = hostname
+          ip_info_resp.push(ip_resp_hash) unless target_arr.nil?
+          next unless proxy.nil?
-        if proxy.nil? && is_ip
           ip_info_resp.each do |ip_resp|
             tls_port_avail = PWN::Plugins::Sock.check_port_in_use(
-              server_ip: target,
+              server_ip: this_target,
               port: tls_port
             )
@@ -98,7 +129,7 @@ module PWN
             next unless tls_port_avail
             cert_obj = PWN::Plugins::Sock.get_tls_cert(
-              target: target,
+              target: this_target,
               port: tls_port
             )
@@ -202,11 +233,16 @@ module PWN
       public_class_method def self.help
         puts "USAGE:
+          is_rfc1918 = #{self}.check_rfc1918(
+            ip: 'required - IP to check'
+          )
           ip_info_struc = #{self}.get(
             target: 'required - IP or Host to lookup',
             proxy: 'optional - use a proxy',
             tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
-            skip_api: 'optional - skip the API call'
+            skip_api: 'optional - skip the API call',
+            dns_server: 'optional - DNS server to use for lookup (default: your default DNS server)'
           )
           #{self}.bruteforce_subdomains(

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.5.155'
+  VERSION = '0.5.157'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.155
+  version: 0.5.157
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-04 00:00:00.000000000 Z
+date: 2024-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport