pwn 0.5.310 → 0.5.312

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -3
  3. data/lib/pwn/plugins/transparent_browser.rb +54 -21
  4. data/lib/pwn/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 285a68a2cda6bbdd1ae33ec4a3fd37f5831f27780eb55b1b405ac3d01c14cf9d
4
- data.tar.gz: 145f7a73a322bd700cd0852c1e35349413ab45ff1e2e71e3895f43c8c0e457a1
3
+ metadata.gz: 8e4a35e1ad2a4b56f5f69c9f369dfd037461d1a09a0acbdb4351507e3d2b370d
4
+ data.tar.gz: 240e6eac437aedce128463e88915d4220aa3fac3e239f35d1cb575a9e6e51d11
5
5
  SHA512:
6
- metadata.gz: 212678e418bcf5fe6c4c5d2c6ed9c5ef0ebf31ed526ec72b52a81dacab60d53eff8637631259f0e267c4eb870dbda6de891fa31cf1ed8aca44d44585ec27ac07
7
- data.tar.gz: e7bbae0e1600fa8f712c663eb787cc93edfeced5c8324617d616cb6981d881ac0aad6d41f2510ec340891f46d717c8dcb9ac39317512fa1cf28e37c1f389f8fa
6
+ metadata.gz: 6a1a41815f5ddcb11bd541ffc37db38ef5a12a34724d47c5dc14c32357042741ed76cbd93e9dc0b93653e6e8d1ee060df2fcb2301504132f6a6c90af8aa1b60c
7
+ data.tar.gz: 29467b6565940186c00407b2099de38d290fe33be9f7a0178ba521d44dad5b43d349f67b8e78570bc577db085bdc2db67726c90bfbed4f58681c5b1d9b108b95
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
37
37
  $ ./install.sh
38
38
  $ ./install.sh ruby-gem
39
39
  $ pwn
40
- pwn[v0.5.310]:001 >>> PWN.help
40
+ pwn[v0.5.312]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.5.310]:001 >>> PWN.help
55
+ pwn[v0.5.312]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
  If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
62
62
  $ rvmsudo gem uninstall --all --executables pwn
63
63
  $ rvmsudo gem install --verbose pwn
64
64
  $ pwn
65
- pwn[v0.5.310]:001 >>> PWN.help
65
+ pwn[v0.5.312]:001 >>> PWN.help
66
66
  ```
67
67
 
68
68
  PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
data/lib/pwn/plugins/transparent_browser.rb CHANGED
@@ -504,6 +504,7 @@ module PWN
504
504
  # Supported Method Parameters::
505
505
  # console_resp = PWN::Plugins::TransparentBrowser.view_dom_mutations(
506
506
  # browser_obj: browser_obj1,
507
+ # tab_keyword: 'optional - keyword in title or url to switch to tab (defaults to active tab per list_tabs method)',
507
508
  # target: 'optional - target JavaScript node to observe (defaults to document.body)'
508
509
  # )
509
510
 
@@ -511,6 +512,9 @@ module PWN
511
512
  browser_obj = opts[:browser_obj]
512
513
  verify_devtools_browser(browser_obj: browser_obj)
513
514
 
515
+ tab_keyword = opts[:tab_keyword]
516
+ jmp_tab(browser_obj: browser_obj, keyword: tab_keyword) if tab_keyword
517
+
514
518
  target = opts[:target] ||= 'undefined'
515
519
 
516
520
  jmp_devtools_panel(
@@ -537,16 +541,20 @@ module PWN
537
541
  console.log(`Mutation ${index + 1}:`, mutation.type);
538
542
 
539
543
  if (mutation.type === 'childList') {
540
- // Log added or removed nodes
541
544
  if (mutation.addedNodes.length) {
542
545
  mutation.addedNodes.forEach((node) => {
543
546
  if (node.nodeType === Node.ELEMENT_NODE) {
544
- console.log('Added Element:', {
547
+ let logObj = {
545
548
  tagName: node.tagName,
546
549
  id: node.id || 'N/A',
547
550
  classList: node.className || 'N/A',
548
551
  outerHTML: node.outerHTML,
549
- });
552
+ };
553
+ if (['SCRIPT', 'IFRAME', 'FRAME', 'OBJECT', 'EMBED', 'APPLET'].includes(node.tagName)) {
554
+ console.warn('Potential XSS sink: Added', node.tagName, logObj);
555
+ } else {
556
+ console.log('Added Element:', logObj);
557
+ }
550
558
  } else if (node.nodeType === Node.TEXT_NODE) {
551
559
  console.log('Added Text Node:', {
552
560
  textContent: node.textContent,
@@ -573,23 +581,43 @@ module PWN
573
581
  });
574
582
  }
575
583
  } else if (mutation.type === 'attributes') {
576
- // Log attribute changes
577
- console.log(`Attribute "${mutation.attributeName}" modified on`, {
584
+ let logObj = {
578
585
  element: mutation.target.tagName,
579
586
  id: mutation.target.id || 'N/A',
587
+ attribute: mutation.attributeName,
580
588
  oldValue: mutation.oldValue,
581
589
  newValue: mutation.target.getAttribute(mutation.attributeName),
582
590
  outerHTML: mutation.target.outerHTML,
583
- });
591
+ };
592
+ if (
593
+ (mutation.attributeName === 'src' && ['SCRIPT', 'IFRAME', 'FRAME', 'OBJECT', 'EMBED'].includes(mutation.target.tagName)) ||
594
+ (mutation.attributeName === 'href' && ['A', 'AREA', 'LINK'].includes(mutation.target.tagName)) ||
595
+ (mutation.attributeName === 'action' && mutation.target.tagName === 'FORM') ||
596
+ mutation.attributeName.startsWith('on') ||
597
+ (mutation.attributeName === 'srcdoc' && mutation.target.tagName === 'IFRAME') ||
598
+ (mutation.attributeName === 'data' && mutation.target.tagName === 'OBJECT') ||
599
+ (mutation.attributeName === 'codebase' && mutation.target.tagName === 'OBJECT')
600
+ ) {
601
+ console.warn('Potential XSS sink: Attribute change', logObj);
602
+ } else {
603
+ console.log('Attribute changed:', logObj);
604
+ }
584
605
  } else if (mutation.type === 'characterData') {
585
- // Log text content changes (e.g., from user input in contenteditable or form fields)
586
- console.log('Text Content Changed:', {
587
- element: mutation.target.parentElement?.tagName || 'N/A',
588
- id: mutation.target.parentElement?.id || 'N/A',
589
- oldValue: mutation.oldValue,
590
- newValue: mutation.target.textContent,
591
- innerHTML: mutation.target.parentElement?.innerHTML || 'N/A',
592
- });
606
+ if (mutation.target.parentElement && mutation.target.parentElement.tagName === 'SCRIPT') {
607
+ console.warn('Potential XSS sink: Script content changed', {
608
+ scriptId: mutation.target.parentElement.id || 'N/A',
609
+ oldValue: mutation.oldValue,
610
+ newValue: mutation.target.textContent,
611
+ });
612
+ } else {
613
+ console.log('Text Content Changed:', {
614
+ element: mutation.target.parentElement?.tagName || 'N/A',
615
+ id: mutation.target.parentElement?.id || 'N/A',
616
+ oldValue: mutation.oldValue,
617
+ newValue: mutation.target.textContent,
618
+ innerHTML: mutation.target.parentElement?.innerHTML || 'N/A',
619
+ });
620
+ }
593
621
  }
594
622
  });
595
623
  console.groupEnd();
@@ -618,7 +646,7 @@ module PWN
618
646
  document.addEventListener('click', logUserInteraction); // For clicks
619
647
 
620
648
  // Function to stop the observer (run in console when needed)
621
- window.stopObserving = () => {
649
+ window.hide_dom_mutations = () => {
622
650
  observer.disconnect();
623
651
  document.removeEventListener('input', logUserInteraction);
624
652
  document.removeEventListener('click', logUserInteraction);
@@ -626,7 +654,7 @@ module PWN
626
654
  };
627
655
 
628
656
  // Log instructions to console
629
- console.log('MutationObserver started. To stop, run: stopObserving()');
657
+ console.log('MutationObserver started. To stop, run: hide_dom_mutations()');
630
658
  JAVASCRIPT
631
659
 
632
660
  console(browser_obj: browser_obj, js: 'clear();')
@@ -638,24 +666,28 @@ module PWN
638
666
 
639
667
  # Supported Method Parameters::
640
668
  # console_resp = PWN::Plugins::TransparentBrowser.hide_dom_mutations(
641
- # browser_obj: browser_obj1
669
+ # browser_obj: browser_obj1,
670
+ # tab_keyword: 'optional - keyword in title or url to switch to tab (defaults to active tab per list_tabs method)'
642
671
  # )
643
672
 
644
673
  public_class_method def self.hide_dom_mutations(opts = {})
645
674
  browser_obj = opts[:browser_obj]
646
675
  verify_devtools_browser(browser_obj: browser_obj)
647
676
 
677
+ tab_keyword = opts[:tab_keyword]
678
+ jmp_tab(browser_obj: browser_obj, keyword: tab_keyword) if tab_keyword
679
+
648
680
  jmp_devtools_panel(
649
681
  browser_obj: browser_obj,
650
682
  panel: :console
651
683
  )
652
684
 
653
685
  js = <<~JAVASCRIPT
654
- if (typeof stopObserving === 'function') {
655
- stopObserving();
686
+ if (typeof hide_dom_mutations === 'function') {
687
+ hide_dom_mutations();
656
688
  console.log('DOM mutation observer and event listeners disabled.');
657
689
  } else {
658
- console.log('Error: stopObserving function not found. DOM mutation observer was not active.');
690
+ console.log('Error: hide_dom_mutations function not found. DOM mutation observer was not active.');
659
691
  }
660
692
  JAVASCRIPT
661
693
 
@@ -1255,12 +1287,13 @@ module PWN
1255
1287
 
1256
1288
  console_resp = #{self}.view_dom_mutations(
1257
1289
  browser_obj: 'required - browser_obj returned from #open method)',
1290
+ tab_keyword: 'optional - keyword in title or url to switch to tab (defaults to active tab per list_tabs method)',
1258
1291
  target: 'optional - target JavaScript node to observe (defaults to document.body)'
1259
1292
  )
1260
1293
 
1261
1294
  console_resp = #{self}.hide_dom_mutations(
1262
1295
  browser_obj: 'required - browser_obj returned from #open method)',
1263
- target: 'optional - target JavaScript node to observe (defaults to document.body)'
1296
+ tab_keyword: 'optional - keyword in title or url to switch to tab (defaults to active tab per list_tabs method)'
1264
1297
  )
1265
1298
 
1266
1299
  #{self}.update_about_config(
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.5.310'
4
+ VERSION = '0.5.312'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.310
4
+ version: 0.5.312
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.