pwn 0.5.199 → 0.5.200
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG_BETWEEN_TAGS.txt +190 -176
- data/Gemfile +4 -4
- data/README.md +3 -3
- data/bin/pwn_sast +2 -0
- data/etc/pwn.yaml.EXAMPLE +3 -0
- data/lib/pwn/plugins/hunter.rb +160 -0
- data/lib/pwn/plugins/repl.rb +3 -0
- data/lib/pwn/plugins/transparent_browser.rb +138 -20
- data/lib/pwn/plugins.rb +1 -0
- data/lib/pwn/sast/local_storage.rb +145 -0
- data/lib/pwn/sast/post_message.rb +144 -0
- data/lib/pwn/sast.rb +2 -0
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn.rb +3 -0
- data/spec/lib/pwn/plugins/hunter_spec.rb +15 -0
- data/spec/lib/pwn/sast/local_storage_spec.rb +25 -0
- data/spec/lib/pwn/sast/post_message_spec.rb +25 -0
- metadata +16 -10
@@ -0,0 +1,144 @@
|
|
1
|
+
# frozen_string_literal: false
|
2
|
+
|
3
|
+
require 'socket'
|
4
|
+
|
5
|
+
module PWN
|
6
|
+
module SAST
|
7
|
+
# SAST Module used to identify any postMessage function/method
|
8
|
+
# declarations within source code in an effort to
|
9
|
+
# determine if XSS is possible
|
10
|
+
module PostMessage
|
11
|
+
@@logger = PWN::Plugins::PWNLogger.create
|
12
|
+
|
13
|
+
# Supported Method Parameters::
|
14
|
+
# PWN::SAST::PostMessage.scan(
|
15
|
+
# dir_path: 'optional path to dir defaults to .'
|
16
|
+
# git_repo_root_uri: 'optional http uri of git repo scanned'
|
17
|
+
# )
|
18
|
+
|
19
|
+
public_class_method def self.scan(opts = {})
|
20
|
+
dir_path = opts[:dir_path]
|
21
|
+
git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
|
22
|
+
result_arr = []
|
23
|
+
logger_results = ''
|
24
|
+
|
25
|
+
PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
|
26
|
+
if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
|
27
|
+
line_no_and_contents_arr = []
|
28
|
+
entry_beautified = false
|
29
|
+
|
30
|
+
if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
|
31
|
+
js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub
|
32
|
+
entry = "#{entry}.JS-BEAUTIFIED"
|
33
|
+
entry_beautified = true
|
34
|
+
end
|
35
|
+
|
36
|
+
test_case_filter = "
|
37
|
+
grep -n \
|
38
|
+
-e 'postMessage(' #{entry}
|
39
|
+
"
|
40
|
+
|
41
|
+
str = `#{test_case_filter}`.to_s.scrub
|
42
|
+
|
43
|
+
if str.to_s.empty?
|
44
|
+
# If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
|
45
|
+
logger_results = "#{logger_results}~" # Catching bugs is good :)
|
46
|
+
else
|
47
|
+
str = "1:Result larger than 64KB -> Size: #{str.to_s.length}. Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
|
48
|
+
|
49
|
+
hash_line = {
|
50
|
+
timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
|
51
|
+
security_references: security_references,
|
52
|
+
filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
|
53
|
+
line_no_and_contents: '',
|
54
|
+
raw_content: str,
|
55
|
+
test_case_filter: test_case_filter
|
56
|
+
}
|
57
|
+
|
58
|
+
# COMMMENT: Must be a better way to implement this (regex is kinda funky)
|
59
|
+
line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
|
60
|
+
line_no_count = line_contents_split.length # This should always be an even number
|
61
|
+
current_count = 0
|
62
|
+
while line_no_count > current_count
|
63
|
+
line_no = line_contents_split[current_count]
|
64
|
+
contents = line_contents_split[current_count + 1]
|
65
|
+
if Dir.exist?("#{dir_path}/.git") ||
|
66
|
+
Dir.exist?('.git')
|
67
|
+
|
68
|
+
repo_root = dir_path
|
69
|
+
repo_root = '.' if Dir.exist?('.git')
|
70
|
+
|
71
|
+
author = PWN::Plugins::Git.get_author(
|
72
|
+
repo_root: repo_root,
|
73
|
+
from_line: line_no,
|
74
|
+
to_line: line_no,
|
75
|
+
target_file: entry,
|
76
|
+
entry_beautified: entry_beautified
|
77
|
+
)
|
78
|
+
else
|
79
|
+
author = 'N/A'
|
80
|
+
end
|
81
|
+
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
82
|
+
line_no: line_no,
|
83
|
+
contents: contents,
|
84
|
+
author: author
|
85
|
+
)
|
86
|
+
|
87
|
+
current_count += 2
|
88
|
+
end
|
89
|
+
result_arr.push(hash_line)
|
90
|
+
logger_results = "#{logger_results}x" # Seeing progress is good :)
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
|
95
|
+
if logger_results.empty?
|
96
|
+
@@logger.info("#{logger_banner}: No files applicable to this test case.\n")
|
97
|
+
else
|
98
|
+
@@logger.info("#{logger_banner} => #{logger_results}complete.\n")
|
99
|
+
end
|
100
|
+
result_arr
|
101
|
+
rescue StandardError => e
|
102
|
+
raise e
|
103
|
+
end
|
104
|
+
|
105
|
+
# Used primarily to map NIST 800-53 Revision 4 Security Controls
|
106
|
+
# https://web.nvd.nist.gov/view/800-53/Rev4/impact?impactName=HIGH
|
107
|
+
# to PWN Exploit & Static Code Anti-Pattern Matching Modules to
|
108
|
+
# Determine the level of Testing Coverage w/ PWN.
|
109
|
+
|
110
|
+
public_class_method def self.security_references
|
111
|
+
{
|
112
|
+
sast_module: self,
|
113
|
+
section: 'MALICIOUS CODE PROTECTION',
|
114
|
+
nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SI-3',
|
115
|
+
cwe_id: '79',
|
116
|
+
cwe_uri: 'https://cwe.mitre.org/data/definitions/79.html'
|
117
|
+
}
|
118
|
+
rescue StandardError => e
|
119
|
+
raise e
|
120
|
+
end
|
121
|
+
|
122
|
+
# Author(s):: 0day Inc. <support@0dayinc.com>
|
123
|
+
|
124
|
+
public_class_method def self.authors
|
125
|
+
"AUTHOR(S):
|
126
|
+
0day Inc. <support@0dayinc.com>
|
127
|
+
"
|
128
|
+
end
|
129
|
+
|
130
|
+
# Display Usage for this Module
|
131
|
+
|
132
|
+
public_class_method def self.help
|
133
|
+
puts "USAGE:
|
134
|
+
sast_arr = #{self}.scan(
|
135
|
+
dir_path: 'optional path to dir defaults to .',
|
136
|
+
git_repo_root_uri: 'optional http uri of git repo scanned'
|
137
|
+
)
|
138
|
+
|
139
|
+
#{self}.authors
|
140
|
+
"
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
data/lib/pwn/sast.rb
CHANGED
@@ -24,6 +24,7 @@ module PWN
|
|
24
24
|
autoload :HTTPAuthorizationHeader, 'pwn/sast/http_authorization_header'
|
25
25
|
autoload :InnerHTML, 'pwn/sast/inner_html'
|
26
26
|
autoload :Keystore, 'pwn/sast/keystore'
|
27
|
+
autoload :LocalStorage, 'pwn/sast/local_storage'
|
27
28
|
autoload :LocationHash, 'pwn/sast/location_hash'
|
28
29
|
autoload :Log4J, 'pwn/sast/log4j'
|
29
30
|
autoload :Logger, 'pwn/sast/logger'
|
@@ -35,6 +36,7 @@ module PWN
|
|
35
36
|
autoload :PHPTypeJuggling, 'pwn/sast/php_type_juggling'
|
36
37
|
autoload :PomVersion, 'pwn/sast/pom_version'
|
37
38
|
autoload :Port, 'pwn/sast/port'
|
39
|
+
autoload :PostMessage, 'pwn/sast/post_message'
|
38
40
|
autoload :PrivateKey, 'pwn/sast/private_key'
|
39
41
|
autoload :Redirect, 'pwn/sast/redirect'
|
40
42
|
autoload :ReDOS, 'pwn/sast/redos'
|
data/lib/pwn/version.rb
CHANGED
data/lib/pwn.rb
CHANGED
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::Plugins::Hunter do
|
6
|
+
it 'should display information for authors' do
|
7
|
+
authors_response = PWN::Plugins::Hunter
|
8
|
+
expect(authors_response).to respond_to :authors
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for existing help method' do
|
12
|
+
help_response = PWN::Plugins::Hunter
|
13
|
+
expect(help_response).to respond_to :help
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::SAST::LocalStorage do
|
6
|
+
it 'scan method should exist' do
|
7
|
+
scan_response = PWN::SAST::LocalStorage
|
8
|
+
expect(scan_response).to respond_to :scan
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for security_references' do
|
12
|
+
security_references_response = PWN::SAST::LocalStorage
|
13
|
+
expect(security_references_response).to respond_to :security_references
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'should display information for authors' do
|
17
|
+
authors_response = PWN::SAST::LocalStorage
|
18
|
+
expect(authors_response).to respond_to :authors
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'should display information for existing help method' do
|
22
|
+
help_response = PWN::SAST::LocalStorage
|
23
|
+
expect(help_response).to respond_to :help
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::SAST::PostMessage do
|
6
|
+
it 'scan method should exist' do
|
7
|
+
scan_response = PWN::SAST::PostMessage
|
8
|
+
expect(scan_response).to respond_to :scan
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for security_references' do
|
12
|
+
security_references_response = PWN::SAST::PostMessage
|
13
|
+
expect(security_references_response).to respond_to :security_references
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'should display information for authors' do
|
17
|
+
authors_response = PWN::SAST::PostMessage
|
18
|
+
expect(authors_response).to respond_to :authors
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'should display information for existing help method' do
|
22
|
+
help_response = PWN::SAST::PostMessage
|
23
|
+
expect(help_response).to respond_to :help
|
24
|
+
end
|
25
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.200
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-07-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -156,14 +156,14 @@ dependencies:
|
|
156
156
|
requirements:
|
157
157
|
- - '='
|
158
158
|
- !ruby/object:Gem::Version
|
159
|
-
version: 2.
|
159
|
+
version: 2.23.0
|
160
160
|
type: :runtime
|
161
161
|
prerelease: false
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
163
163
|
requirements:
|
164
164
|
- - '='
|
165
165
|
- !ruby/object:Gem::Version
|
166
|
-
version: 2.
|
166
|
+
version: 2.23.0
|
167
167
|
- !ruby/object:Gem::Dependency
|
168
168
|
name: colorize
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -492,14 +492,14 @@ dependencies:
|
|
492
492
|
requirements:
|
493
493
|
- - '='
|
494
494
|
- !ruby/object:Gem::Version
|
495
|
-
version: 0.0.
|
495
|
+
version: 0.0.71
|
496
496
|
type: :runtime
|
497
497
|
prerelease: false
|
498
498
|
version_requirements: !ruby/object:Gem::Requirement
|
499
499
|
requirements:
|
500
500
|
- - '='
|
501
501
|
- !ruby/object:Gem::Version
|
502
|
-
version: 0.0.
|
502
|
+
version: 0.0.71
|
503
503
|
- !ruby/object:Gem::Dependency
|
504
504
|
name: metasm
|
505
505
|
requirement: !ruby/object:Gem::Requirement
|
@@ -800,14 +800,14 @@ dependencies:
|
|
800
800
|
requirements:
|
801
801
|
- - '='
|
802
802
|
- !ruby/object:Gem::Version
|
803
|
-
version: 3.
|
803
|
+
version: 3.8.0
|
804
804
|
type: :runtime
|
805
805
|
prerelease: false
|
806
806
|
version_requirements: !ruby/object:Gem::Requirement
|
807
807
|
requirements:
|
808
808
|
- - '='
|
809
809
|
- !ruby/object:Gem::Version
|
810
|
-
version: 3.
|
810
|
+
version: 3.8.0
|
811
811
|
- !ruby/object:Gem::Dependency
|
812
812
|
name: rdoc
|
813
813
|
requirement: !ruby/object:Gem::Requirement
|
@@ -940,14 +940,14 @@ dependencies:
|
|
940
940
|
requirements:
|
941
941
|
- - '='
|
942
942
|
- !ruby/object:Gem::Version
|
943
|
-
version: 3.0.
|
943
|
+
version: 3.0.2
|
944
944
|
type: :runtime
|
945
945
|
prerelease: false
|
946
946
|
version_requirements: !ruby/object:Gem::Requirement
|
947
947
|
requirements:
|
948
948
|
- - '='
|
949
949
|
- !ruby/object:Gem::Version
|
950
|
-
version: 3.0.
|
950
|
+
version: 3.0.2
|
951
951
|
- !ruby/object:Gem::Dependency
|
952
952
|
name: ruby-audio
|
953
953
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1817,6 +1817,7 @@ files:
|
|
1817
1817
|
- lib/pwn/plugins/github.rb
|
1818
1818
|
- lib/pwn/plugins/gqrx.rb
|
1819
1819
|
- lib/pwn/plugins/hacker_one.rb
|
1820
|
+
- lib/pwn/plugins/hunter.rb
|
1820
1821
|
- lib/pwn/plugins/ip_info.rb
|
1821
1822
|
- lib/pwn/plugins/irc.rb
|
1822
1823
|
- lib/pwn/plugins/jenkins.rb
|
@@ -1885,6 +1886,7 @@ files:
|
|
1885
1886
|
- lib/pwn/sast/http_authorization_header.rb
|
1886
1887
|
- lib/pwn/sast/inner_html.rb
|
1887
1888
|
- lib/pwn/sast/keystore.rb
|
1889
|
+
- lib/pwn/sast/local_storage.rb
|
1888
1890
|
- lib/pwn/sast/location_hash.rb
|
1889
1891
|
- lib/pwn/sast/log4j.rb
|
1890
1892
|
- lib/pwn/sast/logger.rb
|
@@ -1896,6 +1898,7 @@ files:
|
|
1896
1898
|
- lib/pwn/sast/php_type_juggling.rb
|
1897
1899
|
- lib/pwn/sast/pom_version.rb
|
1898
1900
|
- lib/pwn/sast/port.rb
|
1901
|
+
- lib/pwn/sast/post_message.rb
|
1899
1902
|
- lib/pwn/sast/private_key.rb
|
1900
1903
|
- lib/pwn/sast/redirect.rb
|
1901
1904
|
- lib/pwn/sast/redos.rb
|
@@ -2149,6 +2152,7 @@ files:
|
|
2149
2152
|
- spec/lib/pwn/plugins/github_spec.rb
|
2150
2153
|
- spec/lib/pwn/plugins/gqrx_spec.rb
|
2151
2154
|
- spec/lib/pwn/plugins/hacker_one_spec.rb
|
2155
|
+
- spec/lib/pwn/plugins/hunter_spec.rb
|
2152
2156
|
- spec/lib/pwn/plugins/ip_info_spec.rb
|
2153
2157
|
- spec/lib/pwn/plugins/irc_spec.rb
|
2154
2158
|
- spec/lib/pwn/plugins/jenkins_spec.rb
|
@@ -2217,6 +2221,7 @@ files:
|
|
2217
2221
|
- spec/lib/pwn/sast/http_authorization_header_spec.rb
|
2218
2222
|
- spec/lib/pwn/sast/inner_html_spec.rb
|
2219
2223
|
- spec/lib/pwn/sast/keystore_spec.rb
|
2224
|
+
- spec/lib/pwn/sast/local_storage_spec.rb
|
2220
2225
|
- spec/lib/pwn/sast/location_hash_spec.rb
|
2221
2226
|
- spec/lib/pwn/sast/log4j_spec.rb
|
2222
2227
|
- spec/lib/pwn/sast/logger_spec.rb
|
@@ -2228,6 +2233,7 @@ files:
|
|
2228
2233
|
- spec/lib/pwn/sast/php_type_juggling_spec.rb
|
2229
2234
|
- spec/lib/pwn/sast/pom_version_spec.rb
|
2230
2235
|
- spec/lib/pwn/sast/port_spec.rb
|
2236
|
+
- spec/lib/pwn/sast/post_message_spec.rb
|
2231
2237
|
- spec/lib/pwn/sast/private_key_spec.rb
|
2232
2238
|
- spec/lib/pwn/sast/redirect_spec.rb
|
2233
2239
|
- spec/lib/pwn/sast/redos_spec.rb
|