pwn 0.5.159 → 0.5.161

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f15b5602a73c8726bfd66d6ed8ec663f5b0d4f9fb6d1b13a5a5ce02563b6e5a
-  data.tar.gz: 19614b0dce31aa5eb46bc81c35ec76940a992f8664510aca1fb2b25788090b79
+  metadata.gz: 0db3c5760e312a8641c11a69259e8c6209ee153135192bd189ae825be98c9eb3
+  data.tar.gz: 890d0193a300e145505db09b43b84946636b7c3f24cccd039f6b259d174ebcd7
 SHA512:
-  metadata.gz: 43a7da7a7938a383d7b9af1f00ebc2e796aed590bf21e5771e1a8b7bb504168a0b62ba50926f0e33f52fd012f34b2e61e959a1b30d0e243cd0c1057099bffcbe
-  data.tar.gz: 272d5f97b39eeee26ac2fe05d58c0dcaa8455eb80c12b457775a727fc5e536995831f23a127289c04afeef250f880ff2b2c4ae281ba76e38ae180c5649b17724
+  metadata.gz: e623634c9531d84a51a0024c742d0e983ffd6da3acd28732455d6c4560ff49f9e7e2b8f7253d6e7165e59fbd161f7950d8777ea672a555e4c1df5b5378c2fdf3
+  data.tar.gz: 3b73a023378f7e1ec769a9cf2244a3af7bee4f4f653152f204242487d853232825597bb2d243b8108911486bc1f6a0a9bfc78785133d68c2b65877e3e79cff19

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.159]:001 >>> PWN.help
+pwn[v0.5.161]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.159]:001 >>> PWN.help
+pwn[v0.5.161]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.159]:001 >>> PWN.help
+pwn[v0.5.161]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_www_uri_buster

@@ -39,8 +39,12 @@ OptionParser.new do |options|
     opts[:http_request_headers] = h
   end
 
-  options.on('-cCODES', '--only-report-response-codes=CODES', '<Optional - Comma-Delimited List of Response Codes to Only Include in Report)>') do |c|
-    opts[:http_response_codes] = c
+  options.on('-ICODES', '--include-response-codes=CODES', '<Optional - Comma-Delimited List of Response Codes to Include in Report)>') do |i|
+    opts[:include_http_response_codes] = i
+  end
+
+  options.on('-ECODES', '--exclude-response-codes=CODES', '<Optional - Comma-Delimited List of Response Codes to Exclude in Report)>') do |e|
+    opts[:exclude_http_response_codes] = e
   end
 
   options.on('-dDIR', '--dir-path=DIR', '<Optional - Report Output Directory (Defaults to ".")>') do |w|
@@ -114,6 +118,7 @@ def request_path(opts = {})
   rescue Errno::ECONNREFUSED
     raise 'ERROR: Connection(s) Refused. Try lowering the --max-threads value.'
   rescue Errno::ECONNRESET,
+         NoMethodError,
          OpenSSL::SSL::SSLError,
          RestClient::Exceptions::ReadTimeout,
          RestClient::Exceptions::OpenTimeout,
@@ -128,7 +133,7 @@ def request_path(opts = {})
       http_resp_code: e.class,
       http_resp_length: 'N/A',
       http_resp_headers: 'N/A',
-      http_resp: e.class
+      http_resp: "ERROR: #{e.message}"
     }
   rescue RestClient::ExceptionWithResponse => e
     if e.respond_to?(:response)
@@ -190,8 +195,14 @@ begin
   max_threads ||= 25
 
   http_request_headers = opts[:http_request_headers]
-  http_response_codes = opts[:http_response_codes]
-  http_response_codes = http_response_codes.delete("\s").split(',') if http_response_codes
+
+  include_http_response_codes = opts[:include_http_response_codes]
+  include_http_response_codes = include_http_response_codes.delete("\s").split(',') if include_http_response_codes
+
+  exclude_http_response_codes = opts[:exclude_http_response_codes]
+  exclude_http_response_codes = exclude_http_response_codes.delete("\s").split(',') if exclude_http_response_codes
+
+  raise 'ERROR: Flags --include-response-codes and --exclude-response-codes cannot be used together.' if include_http_response_codes && exclude_http_response_codes
 
   dir_path = opts[:dir_path]
   dir_path ||= '.'
@@ -219,7 +230,7 @@ begin
 
     next if wordlist_line.match?(/^#/)
 
-    http_methods = %i[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE]
+      http_methods = %i[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE].shuffle
     http_methods.each do |http_method|
       rest_client_resp_hash = request_path(
         target_url: target_url,
@@ -230,9 +241,12 @@ begin
       )
 
       mutex.synchronize do
-        if http_response_codes
+        if include_http_response_codes
+          ret_http_resp_code = rest_client_resp_hash[:http_resp_code].to_s
+          results_hash[:data].push(rest_client_resp_hash) if include_http_response_codes.include?(ret_http_resp_code)
+        elsif exclude_http_response_codes
           ret_http_resp_code = rest_client_resp_hash[:http_resp_code].to_s
-          results_hash[:data].push(rest_client_resp_hash) if http_response_codes.include?(ret_http_resp_code)
+          results_hash[:data].push(rest_client_resp_hash) unless exclude_http_response_codes.include?(ret_http_resp_code)
         else
           results_hash[:data].push(rest_client_resp_hash)
         end

data/lib/pwn/plugins/transparent_browser.rb

@@ -45,6 +45,15 @@ module PWN
         # Let's crank up the default timeout from 30 seconds to 15 min for slow sites
         Watir.default_timeout = 900
 
+        args = []
+        args.push('--start-maximized')
+        args.push('--disable-notifications')
+
+        unless browser_type == :rest
+          logger = Selenium::WebDriver.logger
+          logger.level = :error
+        end
+
         case browser_type
         when :firefox
           this_profile = Selenium::WebDriver::Firefox::Profile.new
@@ -98,10 +107,11 @@ module PWN
             end
           end
 
-          args = []
-
           args.push('--devtools') if with_devtools
-          options = Selenium::WebDriver::Firefox::Options.new(args: args, accept_insecure_certs: true)
+          options = Selenium::WebDriver::Firefox::Options.new(
+            args: args,
+            accept_insecure_certs: true
+          )
           options.profile = this_profile
           # driver = Selenium::WebDriver.for(:firefox, capabilities: options)
           driver = Selenium::WebDriver.for(:firefox, options: options)
@@ -112,22 +122,18 @@ module PWN
           this_profile['download.prompt_for_download'] = false
           this_profile['download.default_directory'] = '~/Downloads'
 
-          switches = []
-          switches.push('--start-maximized')
-          switches.push('--disable-notifications')
-
           if proxy
-            switches.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{tor_obj[:ip]}'") if tor_obj
-            switches.push("--proxy-server=#{proxy}")
+            args.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{tor_obj[:ip]}'") if tor_obj
+            args.push("--proxy-server=#{proxy}")
           end
 
           if with_devtools
-            switches.push('--auto-open-devtools-for-tabs')
-            switches.push('--disable-hang-monitor')
+            args.push('--auto-open-devtools-for-tabs')
+            args.push('--disable-hang-monitor')
           end
 
           options = Selenium::WebDriver::Chrome::Options.new(
-            args: switches,
+            args: args,
             accept_insecure_certs: true
           )
 
@@ -188,7 +194,12 @@ module PWN
             end
           end
 
-          options = Selenium::WebDriver::Firefox::Options.new(args: ['-headless'], accept_insecure_certs: true)
+          args.push('--headless')
+          options = Selenium::WebDriver::Firefox::Options.new(
+            args: args,
+            accept_insecure_certs: true
+          )
+
           options.profile = this_profile
           driver = Selenium::WebDriver.for(:firefox, options: options)
           browser_obj[:browser] = Watir::Browser.new(driver)
@@ -198,18 +209,15 @@ module PWN
           this_profile['download.prompt_for_download'] = false
           this_profile['download.default_directory'] = '~/Downloads'
 
-          switches = []
-          switches.push('--headless')
-          switches.push('--start-maximized')
-          switches.push('--disable-notifications')
+          args.push('--headless')
 
           if proxy
-            switches.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{tor_obj[:ip]}'") if tor_obj
-            switches.push("--proxy-server=#{proxy}")
+            args.push("--host-resolver-rules='MAP * 0.0.0.0 , EXCLUDE #{tor_obj[:ip]}'") if tor_obj
+            args.push("--proxy-server=#{proxy}")
           end
 
           options = Selenium::WebDriver::Chrome::Options.new(
-            args: switches,
+            args: args,
             accept_insecure_certs: true
           )
 

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.159'
+  VERSION = '0.5.161'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.159
+  version: 0.5.161
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-05 00:00:00.000000000 Z
+date: 2024-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport