pwn 0.5.241 → 0.5.243
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/README.md +3 -3
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www/hacker_one.rb +146 -2
- metadata +10 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f239e28f735812c0f63200b5c74a8ce632aa3ff96e946d07ad923f2711349fc5
|
|
4
|
+
data.tar.gz: '0381d788f3cf522a0a0bcab0ea5ff7256b1cd74d3fc000de667b1a8cdb647533'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 84d0b6109b724a7cbbfafe9cef68ba45aa3c7832d327bc78bd6795f801399b7d2593a8ebf86be7723e7778e0bff79fcf820600a8df30bdd8ddd05b50eb6f1d4b
|
|
7
|
+
data.tar.gz: af6312bc650ecd3ace7948ecc67eaf5121452f3bd7e435ce12d0be8828f08205ea945bce8d08dc44c02c5780241fe56fd3903b2261be55583ae9d2143aa6641c
|
data/Gemfile
CHANGED
|
@@ -54,7 +54,7 @@ gem 'msfrpc-client', '1.1.2'
|
|
|
54
54
|
gem 'netaddr', '2.0.6'
|
|
55
55
|
gem 'net-ldap', '0.19.0'
|
|
56
56
|
gem 'net-openvpn', '0.8.7'
|
|
57
|
-
gem 'net-smtp', '0.5.
|
|
57
|
+
gem 'net-smtp', '0.5.1'
|
|
58
58
|
gem 'nexpose', '7.3.0'
|
|
59
59
|
gem 'nokogiri', '1.18.2'
|
|
60
60
|
gem 'nokogiri-diff', '0.3.0'
|
|
@@ -65,21 +65,21 @@ gem 'os', '1.1.4'
|
|
|
65
65
|
gem 'ostruct', '0.6.1'
|
|
66
66
|
gem 'packetfu', '2.0.0'
|
|
67
67
|
gem 'packetgen', '4.0.0'
|
|
68
|
-
gem 'pdf-reader', '2.14.
|
|
68
|
+
gem 'pdf-reader', '2.14.1'
|
|
69
69
|
gem 'pg', '1.5.9'
|
|
70
70
|
gem 'pry', '0.15.2'
|
|
71
71
|
gem 'pry-doc', '1.5.0'
|
|
72
72
|
gem 'rake', '13.2.1'
|
|
73
73
|
gem 'rb-readline', '0.5.5'
|
|
74
74
|
gem 'rbvmomi2', '3.8.0'
|
|
75
|
-
gem 'rdoc', '6.
|
|
75
|
+
gem 'rdoc', '6.12.0'
|
|
76
76
|
gem 'rest-client', '2.1.0'
|
|
77
77
|
gem 'rex', '2.0.13'
|
|
78
78
|
gem 'rmagick', '6.1.1'
|
|
79
79
|
gem 'rqrcode', '2.2.0'
|
|
80
80
|
gem 'rspec', '3.13.0'
|
|
81
81
|
gem 'rtesseract', '3.1.3'
|
|
82
|
-
gem 'rubocop', '1.71.
|
|
82
|
+
gem 'rubocop', '1.71.2'
|
|
83
83
|
gem 'rubocop-rake', '0.6.0'
|
|
84
84
|
gem 'rubocop-rspec', '3.4.0'
|
|
85
85
|
gem 'ruby-audio', '1.6.1'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.243]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.1@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.243]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.1@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.243]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/lib/pwn/version.rb
CHANGED
data/lib/pwn/www/hacker_one.rb
CHANGED
|
@@ -195,7 +195,7 @@ module PWN
|
|
|
195
195
|
|
|
196
196
|
json_resp = {
|
|
197
197
|
name: program_name,
|
|
198
|
-
scope_details: json_resp_hash
|
|
198
|
+
scope_details: json_resp_hash
|
|
199
199
|
}
|
|
200
200
|
rescue RestClient::ExceptionWithResponse => e
|
|
201
201
|
if e.response
|
|
@@ -212,6 +212,145 @@ module PWN
|
|
|
212
212
|
rest_client = nil if rest_client
|
|
213
213
|
rest_request = nil if rest_request
|
|
214
214
|
end
|
|
215
|
+
|
|
216
|
+
# Supported Method Parameters::
|
|
217
|
+
# hacktivity = PWN::WWW::HackerOne.get_hacktivity(
|
|
218
|
+
# program_name: 'required - program name from #get_bounty_programs method',
|
|
219
|
+
# proxy: 'optional - scheme://proxy_host:port || tor'
|
|
220
|
+
# )
|
|
221
|
+
|
|
222
|
+
public_class_method def self.get_hacktivity(opts = {})
|
|
223
|
+
program_name = opts[:program_name]
|
|
224
|
+
proxy = opts[:proxy]
|
|
225
|
+
|
|
226
|
+
browser_obj = PWN::Plugins::TransparentBrowser.open(
|
|
227
|
+
browser_type: :rest,
|
|
228
|
+
proxy: proxy
|
|
229
|
+
)
|
|
230
|
+
rest_client = browser_obj[:browser]
|
|
231
|
+
rest_request = rest_client::Request
|
|
232
|
+
|
|
233
|
+
graphql_endpoint = 'https://hackerone.com/graphql'
|
|
234
|
+
headers = { content_type: 'application/json' }
|
|
235
|
+
# NOTE: If you copy this payload to the pwn REPL
|
|
236
|
+
# the triple dots ... attempt to execute commands
|
|
237
|
+
# <cough>Pry CE</cough>
|
|
238
|
+
payload = {
|
|
239
|
+
operationName: 'HacktivitySearchQuery',
|
|
240
|
+
variables: {
|
|
241
|
+
from: 0,
|
|
242
|
+
product_area: 'other',
|
|
243
|
+
product_feature: 'other',
|
|
244
|
+
queryString: "team:(\"#{program_name}\")",
|
|
245
|
+
size: 100,
|
|
246
|
+
sort: {
|
|
247
|
+
field: 'disclosed_at',
|
|
248
|
+
direction: 'DESC'
|
|
249
|
+
}
|
|
250
|
+
},
|
|
251
|
+
query: 'query HacktivitySearchQuery(
|
|
252
|
+
$queryString: String!,
|
|
253
|
+
$from: Int,
|
|
254
|
+
$size: Int,
|
|
255
|
+
$sort: SortInput!
|
|
256
|
+
) {
|
|
257
|
+
me {
|
|
258
|
+
id
|
|
259
|
+
__typename
|
|
260
|
+
}
|
|
261
|
+
search(
|
|
262
|
+
index: CompleteHacktivityReportIndex
|
|
263
|
+
query_string: $queryString
|
|
264
|
+
from: $from
|
|
265
|
+
size: $size
|
|
266
|
+
sort: $sort
|
|
267
|
+
) {
|
|
268
|
+
__typename
|
|
269
|
+
total_count
|
|
270
|
+
nodes {
|
|
271
|
+
__typename
|
|
272
|
+
... on HacktivityDocument {
|
|
273
|
+
id
|
|
274
|
+
_id
|
|
275
|
+
reporter {
|
|
276
|
+
id
|
|
277
|
+
username
|
|
278
|
+
name
|
|
279
|
+
__typename
|
|
280
|
+
}
|
|
281
|
+
cve_ids
|
|
282
|
+
cwe
|
|
283
|
+
severity_rating
|
|
284
|
+
upvoted: upvoted_by_current_user
|
|
285
|
+
public
|
|
286
|
+
report {
|
|
287
|
+
id
|
|
288
|
+
databaseId: _id
|
|
289
|
+
title
|
|
290
|
+
substate
|
|
291
|
+
url
|
|
292
|
+
disclosed_at
|
|
293
|
+
report_generated_content {
|
|
294
|
+
id
|
|
295
|
+
hacktivity_summary
|
|
296
|
+
__typename
|
|
297
|
+
}
|
|
298
|
+
__typename
|
|
299
|
+
}
|
|
300
|
+
votes
|
|
301
|
+
team {
|
|
302
|
+
id
|
|
303
|
+
handle
|
|
304
|
+
name
|
|
305
|
+
medium_profile_picture: profile_picture(size: medium)
|
|
306
|
+
url
|
|
307
|
+
currency
|
|
308
|
+
__typename
|
|
309
|
+
}
|
|
310
|
+
total_awarded_amount
|
|
311
|
+
latest_disclosable_action
|
|
312
|
+
latest_disclosable_activity_at
|
|
313
|
+
submitted_at
|
|
314
|
+
disclosed
|
|
315
|
+
has_collaboration
|
|
316
|
+
__typename
|
|
317
|
+
}
|
|
318
|
+
}
|
|
319
|
+
}
|
|
320
|
+
}
|
|
321
|
+
'
|
|
322
|
+
}
|
|
323
|
+
|
|
324
|
+
rest_response = rest_request.execute(
|
|
325
|
+
method: :post,
|
|
326
|
+
url: graphql_endpoint,
|
|
327
|
+
headers: headers,
|
|
328
|
+
payload: payload.to_json.delete("\n"),
|
|
329
|
+
verify_ssl: false
|
|
330
|
+
)
|
|
331
|
+
|
|
332
|
+
json_resp_hash = JSON.parse(rest_response.body, symbolize_names: true)
|
|
333
|
+
|
|
334
|
+
json_resp = {
|
|
335
|
+
name: program_name,
|
|
336
|
+
hacktivity: json_resp_hash
|
|
337
|
+
}
|
|
338
|
+
rescue RestClient::ExceptionWithResponse => e
|
|
339
|
+
if e.response
|
|
340
|
+
puts "HTTP RESPONSE CODE: #{e.response.code}"
|
|
341
|
+
puts "HTTP RESPONSE HEADERS:\n#{e.response.headers}"
|
|
342
|
+
puts "HTTP RESPONSE BODY:\n#{e.response.body}\n\n\n"
|
|
343
|
+
end
|
|
344
|
+
|
|
345
|
+
raise e
|
|
346
|
+
rescue StandardError => e
|
|
347
|
+
raise e
|
|
348
|
+
ensure
|
|
349
|
+
browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj) if browser_obj
|
|
350
|
+
rest_client = nil if rest_client
|
|
351
|
+
rest_request = nil if rest_request
|
|
352
|
+
end
|
|
353
|
+
|
|
215
354
|
# Supported Method Parameters::
|
|
216
355
|
# PWN::WWW::HackerOne.save_burp_target_config_file(
|
|
217
356
|
# programs_arr: 'required - array of hashes returned from #get_bounty_programs method',
|
|
@@ -367,7 +506,12 @@ module PWN
|
|
|
367
506
|
suppress_progress: 'optional - suppress output (defaults to false)'
|
|
368
507
|
)
|
|
369
508
|
|
|
370
|
-
scope_details =
|
|
509
|
+
scope_details = #{self}.get_scope_details(
|
|
510
|
+
program_name: 'required - program name from #get_bounty_programs method',
|
|
511
|
+
proxy: 'optional - scheme://proxy_host:port || tor'
|
|
512
|
+
)
|
|
513
|
+
|
|
514
|
+
hacktivity = #{self}.get_hacktivity(
|
|
371
515
|
program_name: 'required - program name from #get_bounty_programs method',
|
|
372
516
|
proxy: 'optional - scheme://proxy_host:port || tor'
|
|
373
517
|
)
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.243
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-02-
|
|
10
|
+
date: 2025-02-07 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: activesupport
|
|
@@ -589,14 +589,14 @@ dependencies:
|
|
|
589
589
|
requirements:
|
|
590
590
|
- - '='
|
|
591
591
|
- !ruby/object:Gem::Version
|
|
592
|
-
version: 0.5.
|
|
592
|
+
version: 0.5.1
|
|
593
593
|
type: :runtime
|
|
594
594
|
prerelease: false
|
|
595
595
|
version_requirements: !ruby/object:Gem::Requirement
|
|
596
596
|
requirements:
|
|
597
597
|
- - '='
|
|
598
598
|
- !ruby/object:Gem::Version
|
|
599
|
-
version: 0.5.
|
|
599
|
+
version: 0.5.1
|
|
600
600
|
- !ruby/object:Gem::Dependency
|
|
601
601
|
name: nexpose
|
|
602
602
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -729,14 +729,14 @@ dependencies:
|
|
|
729
729
|
requirements:
|
|
730
730
|
- - '='
|
|
731
731
|
- !ruby/object:Gem::Version
|
|
732
|
-
version: 2.14.
|
|
732
|
+
version: 2.14.1
|
|
733
733
|
type: :runtime
|
|
734
734
|
prerelease: false
|
|
735
735
|
version_requirements: !ruby/object:Gem::Requirement
|
|
736
736
|
requirements:
|
|
737
737
|
- - '='
|
|
738
738
|
- !ruby/object:Gem::Version
|
|
739
|
-
version: 2.14.
|
|
739
|
+
version: 2.14.1
|
|
740
740
|
- !ruby/object:Gem::Dependency
|
|
741
741
|
name: pg
|
|
742
742
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -827,14 +827,14 @@ dependencies:
|
|
|
827
827
|
requirements:
|
|
828
828
|
- - '='
|
|
829
829
|
- !ruby/object:Gem::Version
|
|
830
|
-
version: 6.
|
|
830
|
+
version: 6.12.0
|
|
831
831
|
type: :development
|
|
832
832
|
prerelease: false
|
|
833
833
|
version_requirements: !ruby/object:Gem::Requirement
|
|
834
834
|
requirements:
|
|
835
835
|
- - '='
|
|
836
836
|
- !ruby/object:Gem::Version
|
|
837
|
-
version: 6.
|
|
837
|
+
version: 6.12.0
|
|
838
838
|
- !ruby/object:Gem::Dependency
|
|
839
839
|
name: rest-client
|
|
840
840
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -925,14 +925,14 @@ dependencies:
|
|
|
925
925
|
requirements:
|
|
926
926
|
- - '='
|
|
927
927
|
- !ruby/object:Gem::Version
|
|
928
|
-
version: 1.71.
|
|
928
|
+
version: 1.71.2
|
|
929
929
|
type: :runtime
|
|
930
930
|
prerelease: false
|
|
931
931
|
version_requirements: !ruby/object:Gem::Requirement
|
|
932
932
|
requirements:
|
|
933
933
|
- - '='
|
|
934
934
|
- !ruby/object:Gem::Version
|
|
935
|
-
version: 1.71.
|
|
935
|
+
version: 1.71.2
|
|
936
936
|
- !ruby/object:Gem::Dependency
|
|
937
937
|
name: rubocop-rake
|
|
938
938
|
requirement: !ruby/object:Gem::Requirement
|