pwn 0.5.318 → 0.5.319
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +3 -3
- data/bin/pwn_burp_suite_pro_active_scan +8 -9
- data/lib/pwn/plugins/burp_suite.rb +9 -4
- data/lib/pwn/version.rb +1 -1
- data/third_party/pwn_rdoc.jsonl +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9f2e97579ad9dfed311ca04aa2c0ebc14ae715f503de0cb618eab39fb1224c8a
|
|
4
|
+
data.tar.gz: '081e8e1033d4435f1a583154b49a570ef1bada2fd422a65f2490a7970ecc8d04'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2c9fd3af6414e7b100b56eee560b5ecc6cc9da1163d0692ee06b6ad96005c93ff506bd89c1249eceb7fad94aae030b88d75e88120b92ec52858a50c171735524
|
|
7
|
+
data.tar.gz: bb9071909f4595002bb841a74bcc60c635f69a3f641c7ea4f799c3d76f6bebb88b1fc19fb8e49b02edaf62d6780729703d31f1913eff6dec80b0507cb96e085b
|
data/Gemfile
CHANGED
|
@@ -95,7 +95,7 @@ gem 'selenium-devtools', '0.138.0'
|
|
|
95
95
|
gem 'slack-ruby-client', '2.6.0'
|
|
96
96
|
gem 'socksify', '1.8.0'
|
|
97
97
|
gem 'spreadsheet', '1.3.4'
|
|
98
|
-
gem 'sqlite3', '2.7.
|
|
98
|
+
gem 'sqlite3', '2.7.3'
|
|
99
99
|
gem 'thin', '2.0.1'
|
|
100
100
|
gem 'tty-prompt', '0.23.1'
|
|
101
101
|
gem 'tty-spinner', '0.9.3'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.319]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.319]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.319]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -10,7 +10,7 @@ OptionParser.new do |options|
|
|
|
10
10
|
#{File.basename($PROGRAM_NAME)} [opts]
|
|
11
11
|
"
|
|
12
12
|
|
|
13
|
-
options.on('-bBPATH', '--burp_path=BPATH', '<
|
|
13
|
+
options.on('-bBPATH', '--burp_path=BPATH', '<Optional - Path to Burp Suite Pro Jar File (Defaults to /opt/burpsuite/burpsuite-pro.jar)>') do |b|
|
|
14
14
|
opts[:burp_jar_path] = b
|
|
15
15
|
end
|
|
16
16
|
|
|
@@ -43,7 +43,7 @@ end
|
|
|
43
43
|
begin
|
|
44
44
|
logger = PWN::Plugins::PWNLogger.create
|
|
45
45
|
|
|
46
|
-
burp_jar_path = opts[:burp_jar_path]
|
|
46
|
+
burp_jar_path = opts[:burp_jar_path]
|
|
47
47
|
headless = opts[:headless]
|
|
48
48
|
target_url = opts[:target_url].to_s.scrub
|
|
49
49
|
output_path = opts[:output_path].to_s.scrub
|
|
@@ -92,20 +92,19 @@ begin
|
|
|
92
92
|
print "Waiting #{duration} seconds prior to kicking off active scan..."
|
|
93
93
|
sleep duration # Sleep for now so everything loads the way we expect - blech.
|
|
94
94
|
|
|
95
|
-
|
|
95
|
+
PWN::Plugins::BurpSuite.invoke_active_scan(burp_obj: burp_obj, target_url: target_url)
|
|
96
96
|
|
|
97
97
|
# Dump a list of scan issues from Active Scan result
|
|
98
|
-
# scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(:
|
|
98
|
+
# scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(burp_obj: burp_obj)
|
|
99
99
|
# puts scan_issues
|
|
100
100
|
|
|
101
101
|
# Once DefectDojo begins to support XML report results
|
|
102
102
|
report_types = %i[html xml]
|
|
103
103
|
report_types.each do |report_type|
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
end
|
|
104
|
+
this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.html"
|
|
105
|
+
|
|
106
|
+
this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.xml" if report_type == :xml
|
|
107
|
+
|
|
109
108
|
PWN::Plugins::BurpSuite.generate_scan_report(
|
|
110
109
|
burp_obj: burp_obj,
|
|
111
110
|
target_url: target_url,
|
|
@@ -11,14 +11,14 @@ module PWN
|
|
|
11
11
|
module BurpSuite
|
|
12
12
|
# Supported Method Parameters::
|
|
13
13
|
# burp_obj = PWN::Plugins::BurpSuite.start(
|
|
14
|
-
# burp_jar_path: '
|
|
14
|
+
# burp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
|
|
15
15
|
# headless: 'optional - run burp headless if set to true',
|
|
16
16
|
# browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',
|
|
17
17
|
# target_config: 'optional - path to burp suite pro target config JSON file'
|
|
18
18
|
# )
|
|
19
19
|
|
|
20
20
|
public_class_method def self.start(opts = {})
|
|
21
|
-
burp_jar_path = opts[:burp_jar_path]
|
|
21
|
+
burp_jar_path = opts[:burp_jar_path] ||= '/opt/burpsuite/burpsuite_pro.jar'
|
|
22
22
|
raise 'Invalid path to burp jar file. Please check your spelling and try again.' unless File.exist?(burp_jar_path)
|
|
23
23
|
|
|
24
24
|
burp_root = File.dirname(burp_jar_path)
|
|
@@ -211,7 +211,8 @@ module PWN
|
|
|
211
211
|
|
|
212
212
|
puts "Adding #{json_uri} to Active Scan"
|
|
213
213
|
active_scan_url_arr.push(json_uri)
|
|
214
|
-
post_body = "{ \"host\": \"#{json_host}\", \"port\": \"#{json_port}\", \"useHttps\": #{use_https}, \"request\": \"#{json_req['raw']}\" }"
|
|
214
|
+
# post_body = "{ \"host\": \"#{json_host}\", \"port\": \"#{json_port}\", \"useHttps\": #{use_https}, \"request\": \"#{json_req['raw']}\" }"
|
|
215
|
+
post_body = "{ \"host\": \"#{json_host}\", \"port\": \"#{json_port}\", \"useHttps\": \"#{use_https}\", \"request\": \"#{json_req['raw']}\" }"
|
|
215
216
|
# Kick off an active scan for each given page in the json_sitemap results
|
|
216
217
|
rest_browser.post("http://#{burpbuddy_api}/scan/active", post_body, content_type: 'application/json')
|
|
217
218
|
end
|
|
@@ -348,8 +349,12 @@ module PWN
|
|
|
348
349
|
|
|
349
350
|
public_class_method def self.help
|
|
350
351
|
puts "USAGE:
|
|
352
|
+
# PLEASE NOTE: IF RUNNING THIS MODULE THE FIRST TIME, YOU HAVE TO MANUALLY LOAD
|
|
353
|
+
# /opt/burpsuite/burpsuite_pro.jar INTO THE BURP SUITE PRO UI IN ORDER FOR
|
|
354
|
+
# THIS TO WORK PROPERLY MOVING FORWARD. THIS SHOULD ONLY BE NECESSARY TO
|
|
355
|
+
# DO ONCE.
|
|
351
356
|
burp_obj = #{self}.start(
|
|
352
|
-
burp_jar_path: 'required - path of burp suite pro jar file',
|
|
357
|
+
burp_jar_path: 'required - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
|
|
353
358
|
headless: 'optional - run headless if set to true',
|
|
354
359
|
browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',
|
|
355
360
|
target_config: 'optional - path to burp suite pro target config JSON file'
|
data/lib/pwn/version.rb
CHANGED
data/third_party/pwn_rdoc.jsonl
CHANGED
|
@@ -963,7 +963,7 @@
|
|
|
963
963
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.type_as_human Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.type_as_human`: Supported Method Parameters\n\nPWN::Plugins::TransparentBrowser.type_as_human(\n\nstring: 'required - string to type as human',\nrand_sleep_float: 'optional - float timing in between keypress (defaults to 0.09)'\n\n)\n"}]}
|
|
964
964
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.update_about_config Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.update_about_config`: Supported Method Parameters\n\nPWN::Plugins::TransparentBrowser.update_about_config(\n\nbrowser_obj: browser_obj1,\nkey: 'required - key to update in about:config',\nvalue: 'required - value to set for key in about:config'\n\n)\n"}]}
|
|
965
965
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.verify_devtools_browser Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.verify_devtools_browser`: Supported Method Parameters\n\nverify_devtools_browser(\n\nbrowser_obj: 'required - browser_obj returned from #open method',\nsupported: 'optional - array of supported browser types (defaults to [:chrome, :headless_chrome, :firefox, :headless_firefox, :headless])'\n\n)\n"}]}
|
|
966
|
-
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.view_dom_mutations Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.view_dom_mutations`:
|
|
966
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.view_dom_mutations Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.view_dom_mutations`: "}]}
|
|
967
967
|
{"messages":[{"role":"user","content":"PWN::Plugins::TwitterAPI.app_only_login Usage"},{"role":"assistant","content":"`PWN::Plugins::TwitterAPI.app_only_login`: Supported Method Parameters\n\nbearer_token = PWN::Plugins::TwitterAPI.app_only_login(\n\nconsumer_key: 'required - consumer key for app-only authentication',\nconsumer_secret: 'optional - consumer secret (will prompt if nil)'\n\n)\n"}]}
|
|
968
968
|
{"messages":[{"role":"user","content":"PWN::Plugins::TwitterAPI.app_only_logout Usage"},{"role":"assistant","content":"`PWN::Plugins::TwitterAPI.app_only_logout`: Supported Method Parameters\n\nPWN::Plugins::TwitterAPI.logout(\n\nbearer_token: 'required bearer_token returned from #app_only_login method'\n\n)\n"}]}
|
|
969
969
|
{"messages":[{"role":"user","content":"PWN::Plugins::TwitterAPI.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::TwitterAPI.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.319
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -1093,14 +1093,14 @@ dependencies:
|
|
|
1093
1093
|
requirements:
|
|
1094
1094
|
- - '='
|
|
1095
1095
|
- !ruby/object:Gem::Version
|
|
1096
|
-
version: 2.7.
|
|
1096
|
+
version: 2.7.3
|
|
1097
1097
|
type: :runtime
|
|
1098
1098
|
prerelease: false
|
|
1099
1099
|
version_requirements: !ruby/object:Gem::Requirement
|
|
1100
1100
|
requirements:
|
|
1101
1101
|
- - '='
|
|
1102
1102
|
- !ruby/object:Gem::Version
|
|
1103
|
-
version: 2.7.
|
|
1103
|
+
version: 2.7.3
|
|
1104
1104
|
- !ruby/object:Gem::Dependency
|
|
1105
1105
|
name: thin
|
|
1106
1106
|
requirement: !ruby/object:Gem::Requirement
|