pwn 0.5.317 → 0.5.319
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/README.md +3 -3
- data/bin/pwn_burp_suite_pro_active_scan +8 -9
- data/lib/pwn/plugins/burp_suite.rb +9 -4
- data/lib/pwn/plugins/transparent_browser.rb +114 -99
- data/lib/pwn/reports/fuzz.rb +1 -0
- data/lib/pwn/reports/phone.rb +1 -0
- data/lib/pwn/reports/sast.rb +1 -0
- data/lib/pwn/reports/uri_buster.rb +1 -0
- data/lib/pwn/version.rb +1 -1
- data/third_party/pwn_rdoc.jsonl +1 -1
- metadata +9 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9f2e97579ad9dfed311ca04aa2c0ebc14ae715f503de0cb618eab39fb1224c8a
|
|
4
|
+
data.tar.gz: '081e8e1033d4435f1a583154b49a570ef1bada2fd422a65f2490a7970ecc8d04'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2c9fd3af6414e7b100b56eee560b5ecc6cc9da1163d0692ee06b6ad96005c93ff506bd89c1249eceb7fad94aae030b88d75e88120b92ec52858a50c171735524
|
|
7
|
+
data.tar.gz: bb9071909f4595002bb841a74bcc60c635f69a3f641c7ea4f799c3d76f6bebb88b1fc19fb8e49b02edaf62d6780729703d31f1913eff6dec80b0507cb96e085b
|
data/Gemfile
CHANGED
|
@@ -41,7 +41,7 @@ gem 'htmlentities', '4.3.4'
|
|
|
41
41
|
gem 'ipaddress', '0.8.3'
|
|
42
42
|
gem 'jenkins_api_client2', '1.9.0'
|
|
43
43
|
gem 'js-beautify', '0.1.8'
|
|
44
|
-
gem 'json', '2.
|
|
44
|
+
gem 'json', '2.13.0'
|
|
45
45
|
gem 'jsonpath', '1.1.5'
|
|
46
46
|
gem 'jwt', '3.1.2'
|
|
47
47
|
gem 'libusb', '0.7.2'
|
|
@@ -64,7 +64,7 @@ gem 'open3', '0.2.1'
|
|
|
64
64
|
# Relies on cargo, which is not available in OpenBSD via pkg_add atm.
|
|
65
65
|
# gem 'openapi3_parser', '0.10.1'
|
|
66
66
|
gem 'os', '1.1.4'
|
|
67
|
-
gem 'ostruct', '0.6.
|
|
67
|
+
gem 'ostruct', '0.6.3'
|
|
68
68
|
gem 'packetfu', '2.0.0'
|
|
69
69
|
gem 'packetgen', '4.1.0'
|
|
70
70
|
gem 'pdf-reader', '2.14.1'
|
|
@@ -93,9 +93,9 @@ gem 'selenium-devtools', '0.138.0'
|
|
|
93
93
|
# gem 'serialport', '1.3.2'
|
|
94
94
|
# gem 'sinatra', '4.0.0'
|
|
95
95
|
gem 'slack-ruby-client', '2.6.0'
|
|
96
|
-
gem 'socksify', '1.
|
|
96
|
+
gem 'socksify', '1.8.0'
|
|
97
97
|
gem 'spreadsheet', '1.3.4'
|
|
98
|
-
gem 'sqlite3', '2.7.
|
|
98
|
+
gem 'sqlite3', '2.7.3'
|
|
99
99
|
gem 'thin', '2.0.1'
|
|
100
100
|
gem 'tty-prompt', '0.23.1'
|
|
101
101
|
gem 'tty-spinner', '0.9.3'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.319]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.319]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.319]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -10,7 +10,7 @@ OptionParser.new do |options|
|
|
|
10
10
|
#{File.basename($PROGRAM_NAME)} [opts]
|
|
11
11
|
"
|
|
12
12
|
|
|
13
|
-
options.on('-bBPATH', '--burp_path=BPATH', '<
|
|
13
|
+
options.on('-bBPATH', '--burp_path=BPATH', '<Optional - Path to Burp Suite Pro Jar File (Defaults to /opt/burpsuite/burpsuite-pro.jar)>') do |b|
|
|
14
14
|
opts[:burp_jar_path] = b
|
|
15
15
|
end
|
|
16
16
|
|
|
@@ -43,7 +43,7 @@ end
|
|
|
43
43
|
begin
|
|
44
44
|
logger = PWN::Plugins::PWNLogger.create
|
|
45
45
|
|
|
46
|
-
burp_jar_path = opts[:burp_jar_path]
|
|
46
|
+
burp_jar_path = opts[:burp_jar_path]
|
|
47
47
|
headless = opts[:headless]
|
|
48
48
|
target_url = opts[:target_url].to_s.scrub
|
|
49
49
|
output_path = opts[:output_path].to_s.scrub
|
|
@@ -92,20 +92,19 @@ begin
|
|
|
92
92
|
print "Waiting #{duration} seconds prior to kicking off active scan..."
|
|
93
93
|
sleep duration # Sleep for now so everything loads the way we expect - blech.
|
|
94
94
|
|
|
95
|
-
|
|
95
|
+
PWN::Plugins::BurpSuite.invoke_active_scan(burp_obj: burp_obj, target_url: target_url)
|
|
96
96
|
|
|
97
97
|
# Dump a list of scan issues from Active Scan result
|
|
98
|
-
# scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(:
|
|
98
|
+
# scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(burp_obj: burp_obj)
|
|
99
99
|
# puts scan_issues
|
|
100
100
|
|
|
101
101
|
# Once DefectDojo begins to support XML report results
|
|
102
102
|
report_types = %i[html xml]
|
|
103
103
|
report_types.each do |report_type|
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
end
|
|
104
|
+
this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.html"
|
|
105
|
+
|
|
106
|
+
this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.xml" if report_type == :xml
|
|
107
|
+
|
|
109
108
|
PWN::Plugins::BurpSuite.generate_scan_report(
|
|
110
109
|
burp_obj: burp_obj,
|
|
111
110
|
target_url: target_url,
|
|
@@ -11,14 +11,14 @@ module PWN
|
|
|
11
11
|
module BurpSuite
|
|
12
12
|
# Supported Method Parameters::
|
|
13
13
|
# burp_obj = PWN::Plugins::BurpSuite.start(
|
|
14
|
-
# burp_jar_path: '
|
|
14
|
+
# burp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
|
|
15
15
|
# headless: 'optional - run burp headless if set to true',
|
|
16
16
|
# browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',
|
|
17
17
|
# target_config: 'optional - path to burp suite pro target config JSON file'
|
|
18
18
|
# )
|
|
19
19
|
|
|
20
20
|
public_class_method def self.start(opts = {})
|
|
21
|
-
burp_jar_path = opts[:burp_jar_path]
|
|
21
|
+
burp_jar_path = opts[:burp_jar_path] ||= '/opt/burpsuite/burpsuite_pro.jar'
|
|
22
22
|
raise 'Invalid path to burp jar file. Please check your spelling and try again.' unless File.exist?(burp_jar_path)
|
|
23
23
|
|
|
24
24
|
burp_root = File.dirname(burp_jar_path)
|
|
@@ -211,7 +211,8 @@ module PWN
|
|
|
211
211
|
|
|
212
212
|
puts "Adding #{json_uri} to Active Scan"
|
|
213
213
|
active_scan_url_arr.push(json_uri)
|
|
214
|
-
post_body = "{ \"host\": \"#{json_host}\", \"port\": \"#{json_port}\", \"useHttps\": #{use_https}, \"request\": \"#{json_req['raw']}\" }"
|
|
214
|
+
# post_body = "{ \"host\": \"#{json_host}\", \"port\": \"#{json_port}\", \"useHttps\": #{use_https}, \"request\": \"#{json_req['raw']}\" }"
|
|
215
|
+
post_body = "{ \"host\": \"#{json_host}\", \"port\": \"#{json_port}\", \"useHttps\": \"#{use_https}\", \"request\": \"#{json_req['raw']}\" }"
|
|
215
216
|
# Kick off an active scan for each given page in the json_sitemap results
|
|
216
217
|
rest_browser.post("http://#{burpbuddy_api}/scan/active", post_body, content_type: 'application/json')
|
|
217
218
|
end
|
|
@@ -348,8 +349,12 @@ module PWN
|
|
|
348
349
|
|
|
349
350
|
public_class_method def self.help
|
|
350
351
|
puts "USAGE:
|
|
352
|
+
# PLEASE NOTE: IF RUNNING THIS MODULE THE FIRST TIME, YOU HAVE TO MANUALLY LOAD
|
|
353
|
+
# /opt/burpsuite/burpsuite_pro.jar INTO THE BURP SUITE PRO UI IN ORDER FOR
|
|
354
|
+
# THIS TO WORK PROPERLY MOVING FORWARD. THIS SHOULD ONLY BE NECESSARY TO
|
|
355
|
+
# DO ONCE.
|
|
351
356
|
burp_obj = #{self}.start(
|
|
352
|
-
burp_jar_path: 'required - path of burp suite pro jar file',
|
|
357
|
+
burp_jar_path: 'required - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
|
|
353
358
|
headless: 'optional - run headless if set to true',
|
|
354
359
|
browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',
|
|
355
360
|
target_config: 'optional - path to burp suite pro target config JSON file'
|
|
@@ -488,11 +488,14 @@ module PWN
|
|
|
488
488
|
raise e
|
|
489
489
|
end
|
|
490
490
|
|
|
491
|
-
# Supported Method Parameters
|
|
491
|
+
# Supported Method Parameters:
|
|
492
492
|
# console_resp = PWN::Plugins::TransparentBrowser.view_dom_mutations(
|
|
493
|
-
# browser_obj:
|
|
493
|
+
# browser_obj: 'required - browser_obj returned from #open method',
|
|
494
494
|
# index: 'optional - index of tab to switch to (defaults to active tab)',
|
|
495
|
-
# target: 'optional - target JavaScript node to observe (defaults to document.body)'
|
|
495
|
+
# target: 'optional - target JavaScript node to observe (defaults to document.body)',
|
|
496
|
+
# observe_clobbering: 'optional - boolean to enable DOM Clobbering detection (defaults to true)',
|
|
497
|
+
# observe_redirects: 'optional - boolean to enable Insecure Redirect detection (defaults to true)',
|
|
498
|
+
# observe_resources: 'optional - boolean to enable resource load monitoring (defaults to true)'
|
|
496
499
|
# )
|
|
497
500
|
|
|
498
501
|
public_class_method def self.view_dom_mutations(opts = {})
|
|
@@ -503,6 +506,9 @@ module PWN
|
|
|
503
506
|
jmp_tab(browser_obj: browser_obj, index: index) if index
|
|
504
507
|
|
|
505
508
|
target = opts[:target] ||= 'undefined'
|
|
509
|
+
observe_clobbering = opts.fetch(:observe_clobbering, true)
|
|
510
|
+
observe_redirects = opts.fetch(:observe_redirects, true)
|
|
511
|
+
observe_resources = opts.fetch(:observe_resources, true)
|
|
506
512
|
|
|
507
513
|
jmp_devtools_panel(
|
|
508
514
|
browser_obj: browser_obj,
|
|
@@ -510,138 +516,147 @@ module PWN
|
|
|
510
516
|
)
|
|
511
517
|
|
|
512
518
|
js = <<~JAVASCRIPT
|
|
513
|
-
// Select the target node to observe (
|
|
519
|
+
// Select the target node to observe (default to document.body)
|
|
514
520
|
const targetNode = document.getElementById(#{target}) || document.body;
|
|
515
521
|
|
|
516
522
|
// Configuration for MutationObserver
|
|
517
523
|
const config = {
|
|
518
|
-
attributes: true,
|
|
519
|
-
childList: true,
|
|
520
|
-
subtree: true,
|
|
521
|
-
characterData: true,
|
|
524
|
+
attributes: true,
|
|
525
|
+
childList: true,
|
|
526
|
+
subtree: true,
|
|
527
|
+
characterData: true,
|
|
528
|
+
attributeOldValue: true
|
|
522
529
|
};
|
|
523
530
|
|
|
531
|
+
// Exhaustive list of elements that can execute scripts or load resources
|
|
532
|
+
const xssElements = [
|
|
533
|
+
'SCRIPT', 'IFRAME', 'FRAME', 'OBJECT', 'EMBED', 'APPLET', 'SVG', 'IMG', 'VIDEO', 'AUDIO', 'LINK', 'META', 'BASE',
|
|
534
|
+
'INPUT', 'SOURCE', 'TRACK', 'FORM', 'BUTTON', 'AREA', 'NOSCRIPT', 'STYLE', 'HTML', 'BODY'
|
|
535
|
+
];
|
|
536
|
+
|
|
537
|
+
// Exhaustive list of attributes that can contain URLs, scripts, or event handlers
|
|
538
|
+
const xssAttributes = [
|
|
539
|
+
'src', 'href', 'action', 'srcdoc', 'data', 'codebase', 'style', 'manifest', 'poster', 'background', 'lowsrc',
|
|
540
|
+
'formaction', 'cite', 'ping', 'icon', 'longdesc', 'usemap', 'content', 'value', 'pattern',
|
|
541
|
+
'onload', 'onerror', 'onclick', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'onchange', 'onsubmit', 'onreset',
|
|
542
|
+
'onselect', 'ondblclick', 'onkeydown', 'onkeypress', 'onkeyup', 'onmousedown', 'onmousemove', 'onmouseup', 'onwheel',
|
|
543
|
+
'oncontextmenu', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onscroll',
|
|
544
|
+
'ontouchstart', 'ontouchmove', 'ontouchend', 'ontouchcancel', 'onanimationstart', 'onanimationend', 'onanimationiteration',
|
|
545
|
+
'ontransitionend'
|
|
546
|
+
];
|
|
547
|
+
|
|
548
|
+
// Attributes that can cause navigation (for insecure redirects)
|
|
549
|
+
const redirectAttributes = ['href', 'action', 'src', 'formaction', 'content'];
|
|
550
|
+
|
|
551
|
+
// Attributes that load resources (for data exfiltration)
|
|
552
|
+
const resourceAttributes = ['src', 'href', 'poster', 'data', 'background', 'lowsrc', 'cite', 'ping', 'icon', 'longdesc'];
|
|
553
|
+
|
|
554
|
+
// Global properties that could be clobbered
|
|
555
|
+
const globalProperties = [
|
|
556
|
+
'document', 'window', 'location', 'navigator', 'history', 'screen', 'console', 'alert', 'confirm', 'prompt',
|
|
557
|
+
'fetch', 'XMLHttpRequest', 'WebSocket', 'localStorage', 'sessionStorage'
|
|
558
|
+
];
|
|
559
|
+
|
|
524
560
|
// Callback function to handle mutations
|
|
525
561
|
const callback = (mutationList, observer) => {
|
|
526
|
-
|
|
527
|
-
mutationList.forEach((mutation, index) => {
|
|
528
|
-
console.log(`Mutation ${index + 1}:`, mutation.type);
|
|
529
|
-
|
|
562
|
+
mutationList.forEach((mutation) => {
|
|
530
563
|
if (mutation.type === 'childList') {
|
|
531
564
|
if (mutation.addedNodes.length) {
|
|
532
565
|
mutation.addedNodes.forEach((node) => {
|
|
533
566
|
if (node.nodeType === Node.ELEMENT_NODE) {
|
|
534
|
-
|
|
535
|
-
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
|
|
567
|
+
const tagName = node.tagName.toUpperCase();
|
|
568
|
+
// Check for XSS sinks
|
|
569
|
+
if (xssElements.includes(tagName)) {
|
|
570
|
+
console.warn('Potential DOM-XSS sink: Added element', {
|
|
571
|
+
tagName: tagName,
|
|
572
|
+
id: node.id || 'N/A',
|
|
573
|
+
classList: node.className || 'N/A',
|
|
574
|
+
outerHTML: node.outerHTML
|
|
575
|
+
});
|
|
576
|
+
}
|
|
577
|
+
// Check for DOM Clobbering
|
|
578
|
+
if (#{observe_clobbering} && (node.id || node.name) && globalProperties.includes(node.id || node.name)) {
|
|
579
|
+
console.warn('Potential DOM Clobbering: Added element with id/name', {
|
|
580
|
+
id: node.id || 'N/A',
|
|
581
|
+
name: node.name || 'N/A',
|
|
582
|
+
tagName: tagName,
|
|
583
|
+
outerHTML: node.outerHTML
|
|
584
|
+
});
|
|
544
585
|
}
|
|
545
|
-
} else if (node.nodeType === Node.TEXT_NODE) {
|
|
546
|
-
console.log('Added Text Node:', {
|
|
547
|
-
textContent: node.textContent,
|
|
548
|
-
parentTag: node.parentElement?.tagName || 'N/A',
|
|
549
|
-
});
|
|
550
|
-
}
|
|
551
|
-
});
|
|
552
|
-
}
|
|
553
|
-
if (mutation.removedNodes.length) {
|
|
554
|
-
mutation.removedNodes.forEach((node) => {
|
|
555
|
-
if (node.nodeType === Node.ELEMENT_NODE) {
|
|
556
|
-
console.log('Removed Element:', {
|
|
557
|
-
tagName: node.tagName,
|
|
558
|
-
id: node.id || 'N/A',
|
|
559
|
-
classList: node.className || 'N/A',
|
|
560
|
-
outerHTML: node.outerHTML,
|
|
561
|
-
});
|
|
562
|
-
} else if (node.nodeType === Node.TEXT_NODE) {
|
|
563
|
-
console.log('Removed Text Node:', {
|
|
564
|
-
textContent: node.textContent,
|
|
565
|
-
parentTag: node.parentElement?.tagName || 'N/A',
|
|
566
|
-
});
|
|
567
586
|
}
|
|
568
587
|
});
|
|
569
588
|
}
|
|
570
589
|
} else if (mutation.type === 'attributes') {
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
|
|
580
|
-
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
mutation.attributeName.startsWith('on') ||
|
|
584
|
-
(mutation.attributeName === 'srcdoc' && mutation.target.tagName === 'IFRAME') ||
|
|
585
|
-
(mutation.attributeName === 'data' && mutation.target.tagName === 'OBJECT') ||
|
|
586
|
-
(mutation.attributeName === 'codebase' && mutation.target.tagName === 'OBJECT')
|
|
587
|
-
) {
|
|
588
|
-
console.warn('Potential XSS sink: Attribute change', logObj);
|
|
589
|
-
} else {
|
|
590
|
-
console.log('Attribute changed:', logObj);
|
|
590
|
+
const attrName = mutation.attributeName.toLowerCase();
|
|
591
|
+
const tagName = mutation.target.tagName.toUpperCase();
|
|
592
|
+
// Check for XSS sinks
|
|
593
|
+
if (xssAttributes.includes(attrName)) {
|
|
594
|
+
console.warn('Potential DOM-XSS sink: Attribute change', {
|
|
595
|
+
element: tagName,
|
|
596
|
+
id: mutation.target.id || 'N/A',
|
|
597
|
+
attribute: attrName,
|
|
598
|
+
oldValue: mutation.oldValue,
|
|
599
|
+
newValue: mutation.target.getAttribute(attrName),
|
|
600
|
+
outerHTML: mutation.target.outerHTML
|
|
601
|
+
});
|
|
591
602
|
}
|
|
592
|
-
|
|
593
|
-
if (
|
|
594
|
-
|
|
595
|
-
|
|
603
|
+
// Check for insecure redirects
|
|
604
|
+
if (#{observe_redirects} && redirectAttributes.includes(attrName) &&
|
|
605
|
+
(tagName === 'A' || tagName === 'FORM' || tagName === 'IFRAME' || tagName === 'BUTTON' || tagName === 'INPUT' ||
|
|
606
|
+
(tagName === 'META' && mutation.target.getAttribute('http-equiv') === 'refresh'))) {
|
|
607
|
+
console.warn('Potential Insecure Redirect: Attribute change', {
|
|
608
|
+
element: tagName,
|
|
609
|
+
id: mutation.target.id || 'N/A',
|
|
610
|
+
attribute: attrName,
|
|
596
611
|
oldValue: mutation.oldValue,
|
|
597
|
-
newValue: mutation.target.
|
|
612
|
+
newValue: mutation.target.getAttribute(attrName),
|
|
613
|
+
outerHTML: mutation.target.outerHTML
|
|
598
614
|
});
|
|
599
|
-
}
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
615
|
+
}
|
|
616
|
+
// Check for resource loads (data exfiltration)
|
|
617
|
+
if (#{observe_resources} && resourceAttributes.includes(attrName)) {
|
|
618
|
+
console.warn('Potential Resource Load (Data Exfiltration): Attribute change', {
|
|
619
|
+
element: tagName,
|
|
620
|
+
id: mutation.target.id || 'N/A',
|
|
621
|
+
attribute: attrName,
|
|
603
622
|
oldValue: mutation.oldValue,
|
|
604
|
-
newValue: mutation.target.
|
|
605
|
-
|
|
623
|
+
newValue: mutation.target.getAttribute(attrName),
|
|
624
|
+
outerHTML: mutation.target.outerHTML
|
|
606
625
|
});
|
|
607
626
|
}
|
|
627
|
+
} else if (mutation.type === 'characterData') {
|
|
628
|
+
if (mutation.target.parentElement) {
|
|
629
|
+
const parentTag = mutation.target.parentElement.tagName.toUpperCase();
|
|
630
|
+
if (parentTag === 'SCRIPT') {
|
|
631
|
+
console.warn('Potential DOM-XSS sink: Script content changed', {
|
|
632
|
+
scriptId: mutation.target.parentElement.id || 'N/A',
|
|
633
|
+
oldValue: mutation.oldValue,
|
|
634
|
+
newValue: mutation.target.textContent
|
|
635
|
+
});
|
|
636
|
+
} else if (parentTag === 'STYLE') {
|
|
637
|
+
console.warn('Potential DOM-XSS sink: Style content changed', {
|
|
638
|
+
styleId: mutation.target.parentElement.id || 'N/A',
|
|
639
|
+
oldValue: mutation.oldValue,
|
|
640
|
+
newValue: mutation.target.textContent
|
|
641
|
+
});
|
|
642
|
+
}
|
|
643
|
+
}
|
|
608
644
|
}
|
|
609
645
|
});
|
|
610
|
-
console.groupEnd();
|
|
611
646
|
};
|
|
612
647
|
|
|
613
648
|
// Create and start the MutationObserver
|
|
614
649
|
const observer = new MutationObserver(callback);
|
|
615
650
|
observer.observe(targetNode, config);
|
|
616
651
|
|
|
617
|
-
//
|
|
618
|
-
const logUserInteraction = (event) => {
|
|
619
|
-
console.group('User Interaction Detected');
|
|
620
|
-
console.log('Event Type:', event.type);
|
|
621
|
-
console.log('Target:', {
|
|
622
|
-
tagName: event.target.tagName,
|
|
623
|
-
id: event.target.id || 'N/A',
|
|
624
|
-
classList: event.target.className || 'N/A',
|
|
625
|
-
value: 'value' in event.target ? event.target.value : 'N/A',
|
|
626
|
-
innerHTML: event.target.innerHTML || 'N/A',
|
|
627
|
-
});
|
|
628
|
-
console.groupEnd();
|
|
629
|
-
};
|
|
630
|
-
|
|
631
|
-
// Attach listeners for keyboard and click events
|
|
632
|
-
document.addEventListener('input', logUserInteraction); // For form inputs, contenteditable
|
|
633
|
-
document.addEventListener('click', logUserInteraction); // For clicks
|
|
634
|
-
|
|
635
|
-
// Function to stop the observer (run in console when needed)
|
|
652
|
+
// Function to stop the observer
|
|
636
653
|
window.hide_dom_mutations = () => {
|
|
637
654
|
observer.disconnect();
|
|
638
|
-
|
|
639
|
-
document.removeEventListener('click', logUserInteraction);
|
|
640
|
-
console.log('MutationObserver and event listeners stopped.');
|
|
655
|
+
console.log('MutationObserver stopped.');
|
|
641
656
|
};
|
|
642
657
|
|
|
643
658
|
// Log instructions to console
|
|
644
|
-
console.log('MutationObserver started. To stop, run: hide_dom_mutations()');
|
|
659
|
+
console.log('MutationObserver started for DOM-based vulnerabilities. To stop, run: hide_dom_mutations()');
|
|
645
660
|
JAVASCRIPT
|
|
646
661
|
|
|
647
662
|
console(browser_obj: browser_obj, js: 'clear();')
|
data/lib/pwn/reports/fuzz.rb
CHANGED
|
@@ -142,6 +142,7 @@ module PWN
|
|
|
142
142
|
var oldStart = 0;
|
|
143
143
|
var table = $('#pwn_fuzz_net_app_proto').DataTable( {
|
|
144
144
|
"paging": true,
|
|
145
|
+
"lengthMenu": [10, 25, 50, 100, 250, 500, 1000, 2500, 5000],
|
|
145
146
|
"pagingType": "full_numbers",
|
|
146
147
|
"fnDrawCallback": function ( oSettings ) {
|
|
147
148
|
/* Need to redo the counters if filtered or sorted */
|
data/lib/pwn/reports/phone.rb
CHANGED
|
@@ -143,6 +143,7 @@ module PWN
|
|
|
143
143
|
var oldStart = 0;
|
|
144
144
|
var table = $('#pwn_phone_results').DataTable( {
|
|
145
145
|
"paging": true,
|
|
146
|
+
"lengthMenu": [10, 25, 50, 100, 250, 500, 1000, 2500, 5000],
|
|
146
147
|
"pagingType": "full_numbers",
|
|
147
148
|
"fnDrawCallback": function ( oSettings ) {
|
|
148
149
|
/* Need to redo the counters if filtered or sorted */
|
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -134,6 +134,7 @@ module PWN
|
|
|
134
134
|
var oldStart = 0;
|
|
135
135
|
var table = $('#pwn_scan_git_source_results').DataTable( {
|
|
136
136
|
"paging": true,
|
|
137
|
+
"lengthMenu": [10, 25, 50, 100, 250, 500, 1000, 2500, 5000],
|
|
137
138
|
"pagingType": "full_numbers",
|
|
138
139
|
"fnDrawCallback": function ( oSettings ) {
|
|
139
140
|
/* Need to redo the counters if filtered or sorted */
|
|
@@ -134,6 +134,7 @@ module PWN
|
|
|
134
134
|
var oldStart = 0;
|
|
135
135
|
var table = $('#pwn_www_uri_buster_results').DataTable( {
|
|
136
136
|
"paging": true,
|
|
137
|
+
"lengthMenu": [10, 25, 50, 100, 250, 500, 1000, 2500, 5000],
|
|
137
138
|
"pagingType": "full_numbers",
|
|
138
139
|
"fnDrawCallback": function ( oSettings ) {
|
|
139
140
|
/* Need to redo the counters if filtered or sorted */
|
data/lib/pwn/version.rb
CHANGED
data/third_party/pwn_rdoc.jsonl
CHANGED
|
@@ -963,7 +963,7 @@
|
|
|
963
963
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.type_as_human Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.type_as_human`: Supported Method Parameters\n\nPWN::Plugins::TransparentBrowser.type_as_human(\n\nstring: 'required - string to type as human',\nrand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'\n\n)\n"}]}
|
|
964
964
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.update_about_config Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.update_about_config`: Supported Method Parameters\n\nPWN::Plugins::TransparentBrowser.update_about_config(\n\nbrowser_obj: browser_obj1,\nkey: 'required - key to update in about:config',\nvalue: 'required - value to set for key in about:config'\n\n)\n"}]}
|
|
965
965
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.verify_devtools_browser Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.verify_devtools_browser`: Supported Method Parameters\n\nverify_devtools_browser(\n\nbrowser_obj: 'required - browser_obj returned from #open method',\nsupported: 'optional - array of supported browser types (defaults to [:chrome, :headless_chrome, :firefox, :headless_firefox, :headless])'\n\n)\n"}]}
|
|
966
|
-
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.view_dom_mutations Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.view_dom_mutations`:
|
|
966
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.view_dom_mutations Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.view_dom_mutations`: "}]}
|
|
967
967
|
{"messages":[{"role":"user","content":"PWN::Plugins::TwitterAPI.app_only_login Usage"},{"role":"assistant","content":"`PWN::Plugins::TwitterAPI.app_only_login`: Supported Method Parameters\n\nbearer_token = PWN::Plugins::TwitterAPI.app_only_login(\n\nconsumer_key: 'required - consumer key for app-only authentication',\nconsumer_secret: 'optional - consumer secret (will prompt if nil)'\n\n)\n"}]}
|
|
968
968
|
{"messages":[{"role":"user","content":"PWN::Plugins::TwitterAPI.app_only_logout Usage"},{"role":"assistant","content":"`PWN::Plugins::TwitterAPI.app_only_logout`: Supported Method Parameters\n\nPWN::Plugins::TwitterAPI.logout(\n\nbearer_token: 'required bearer_token returned from #app_only_login method'\n\n)\n"}]}
|
|
969
969
|
{"messages":[{"role":"user","content":"PWN::Plugins::TwitterAPI.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::TwitterAPI.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.319
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -407,14 +407,14 @@ dependencies:
|
|
|
407
407
|
requirements:
|
|
408
408
|
- - '='
|
|
409
409
|
- !ruby/object:Gem::Version
|
|
410
|
-
version: 2.
|
|
410
|
+
version: 2.13.0
|
|
411
411
|
type: :runtime
|
|
412
412
|
prerelease: false
|
|
413
413
|
version_requirements: !ruby/object:Gem::Requirement
|
|
414
414
|
requirements:
|
|
415
415
|
- - '='
|
|
416
416
|
- !ruby/object:Gem::Version
|
|
417
|
-
version: 2.
|
|
417
|
+
version: 2.13.0
|
|
418
418
|
- !ruby/object:Gem::Dependency
|
|
419
419
|
name: jsonpath
|
|
420
420
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -687,14 +687,14 @@ dependencies:
|
|
|
687
687
|
requirements:
|
|
688
688
|
- - '='
|
|
689
689
|
- !ruby/object:Gem::Version
|
|
690
|
-
version: 0.6.
|
|
690
|
+
version: 0.6.3
|
|
691
691
|
type: :runtime
|
|
692
692
|
prerelease: false
|
|
693
693
|
version_requirements: !ruby/object:Gem::Requirement
|
|
694
694
|
requirements:
|
|
695
695
|
- - '='
|
|
696
696
|
- !ruby/object:Gem::Version
|
|
697
|
-
version: 0.6.
|
|
697
|
+
version: 0.6.3
|
|
698
698
|
- !ruby/object:Gem::Dependency
|
|
699
699
|
name: packetfu
|
|
700
700
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -1065,14 +1065,14 @@ dependencies:
|
|
|
1065
1065
|
requirements:
|
|
1066
1066
|
- - '='
|
|
1067
1067
|
- !ruby/object:Gem::Version
|
|
1068
|
-
version: 1.
|
|
1068
|
+
version: 1.8.0
|
|
1069
1069
|
type: :runtime
|
|
1070
1070
|
prerelease: false
|
|
1071
1071
|
version_requirements: !ruby/object:Gem::Requirement
|
|
1072
1072
|
requirements:
|
|
1073
1073
|
- - '='
|
|
1074
1074
|
- !ruby/object:Gem::Version
|
|
1075
|
-
version: 1.
|
|
1075
|
+
version: 1.8.0
|
|
1076
1076
|
- !ruby/object:Gem::Dependency
|
|
1077
1077
|
name: spreadsheet
|
|
1078
1078
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -1093,14 +1093,14 @@ dependencies:
|
|
|
1093
1093
|
requirements:
|
|
1094
1094
|
- - '='
|
|
1095
1095
|
- !ruby/object:Gem::Version
|
|
1096
|
-
version: 2.7.
|
|
1096
|
+
version: 2.7.3
|
|
1097
1097
|
type: :runtime
|
|
1098
1098
|
prerelease: false
|
|
1099
1099
|
version_requirements: !ruby/object:Gem::Requirement
|
|
1100
1100
|
requirements:
|
|
1101
1101
|
- - '='
|
|
1102
1102
|
- !ruby/object:Gem::Version
|
|
1103
|
-
version: 2.7.
|
|
1103
|
+
version: 2.7.3
|
|
1104
1104
|
- !ruby/object:Gem::Dependency
|
|
1105
1105
|
name: thin
|
|
1106
1106
|
requirement: !ruby/object:Gem::Requirement
|