pwn 0.5.320 → 0.5.322
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +3 -3
- data/bin/pwn_burp_suite_pro_active_scan +12 -1
- data/lib/pwn/plugins/burp_suite.rb +77 -28
- data/lib/pwn/version.rb +1 -1
- data/third_party/pwn_rdoc.jsonl +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7eea62d63d5aca2a542137bc5e33843f932593cc739a672402c82011a34f0e12
|
|
4
|
+
data.tar.gz: b386f87050ccb4732458c054f682814ae773b2ac707b0416c066483cde789f84
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 643a5f55c8dcd1c636a60cbe5e6d3ce66a0764a86277f855329a025713271a85bdc94dc423ae5b97346b417ae628c30ff5c4df9310079005cd44fa3a195c6ca1
|
|
7
|
+
data.tar.gz: 5df64318d972e0e265b34047461484b179916c32e9e56034b301bb4077cb6792addb8161e1b25e39ca8a59471c36f6155d3a14bedb8276b972e1c449298656fc
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.322]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.322]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.322]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -30,6 +30,10 @@ OptionParser.new do |options|
|
|
|
30
30
|
opts[:navigation_instruct] = i
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
options.on('-iURL', '---in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
|
|
34
|
+
opts[:in_scope] = s
|
|
35
|
+
end
|
|
36
|
+
|
|
33
37
|
options.on('-cFILE', '--target-config=FILE', '<Optional - Path to Target Config JSON File>') do |c|
|
|
34
38
|
opts[:target_config] = c
|
|
35
39
|
end
|
|
@@ -51,6 +55,7 @@ begin
|
|
|
51
55
|
navigation_instruct = opts[:navigation_instruct]
|
|
52
56
|
raise 'Invalid path to browser instructions. Please check your spelling and try again.' unless File.exist?(navigation_instruct)
|
|
53
57
|
|
|
58
|
+
in_scope = opts[:in_scope] ||= target_url
|
|
54
59
|
target_config = opts[:target_config]
|
|
55
60
|
|
|
56
61
|
# ------
|
|
@@ -88,6 +93,12 @@ begin
|
|
|
88
93
|
browser.instance_eval(instruction.to_s.scrub.strip.chomp)
|
|
89
94
|
end
|
|
90
95
|
|
|
96
|
+
# Add URL to Target >> Scope >> Inclue in scope
|
|
97
|
+
PWN::Plugins::BurpSuite.add_to_scope(
|
|
98
|
+
burp_obj: burp_obj,
|
|
99
|
+
target_url: in_scope
|
|
100
|
+
)
|
|
101
|
+
|
|
91
102
|
duration = 9
|
|
92
103
|
print "Waiting #{duration} seconds prior to kicking off active scan..."
|
|
93
104
|
sleep duration # Sleep for now so everything loads the way we expect - blech.
|
|
@@ -107,7 +118,7 @@ begin
|
|
|
107
118
|
|
|
108
119
|
PWN::Plugins::BurpSuite.generate_scan_report(
|
|
109
120
|
burp_obj: burp_obj,
|
|
110
|
-
target_url:
|
|
121
|
+
target_url: in_scope,
|
|
111
122
|
report_type: report_type,
|
|
112
123
|
output_path: this_output_path
|
|
113
124
|
)
|
|
@@ -9,6 +9,37 @@ module PWN
|
|
|
9
9
|
module Plugins
|
|
10
10
|
# This plugin was created to interact w/ Burp Suite Pro in headless mode to kick off spidering/live scanning
|
|
11
11
|
module BurpSuite
|
|
12
|
+
# Supported Method Parameters::
|
|
13
|
+
# uri = PWN::Plugins::BurpSuite.format_uri_from_sitemap_resp(
|
|
14
|
+
# scheme: 'required - scheme of the URI (http|https)',
|
|
15
|
+
# host: 'required - host of the URI',
|
|
16
|
+
# port: 'optional - port of the URI',
|
|
17
|
+
# path: 'optional - path of the URI'
|
|
18
|
+
# )
|
|
19
|
+
private_class_method def self.format_uri_from_sitemap_resp(opts = {})
|
|
20
|
+
scheme = opts[:scheme]
|
|
21
|
+
raise 'ERROR: scheme parameter is required' if scheme.nil?
|
|
22
|
+
|
|
23
|
+
host = opts[:host]
|
|
24
|
+
raise 'ERROR: host parameter is required' if host.nil?
|
|
25
|
+
|
|
26
|
+
port = opts[:port]
|
|
27
|
+
path = opts[:path]
|
|
28
|
+
|
|
29
|
+
implicit_http_ports_arr = [
|
|
30
|
+
80,
|
|
31
|
+
443
|
|
32
|
+
]
|
|
33
|
+
|
|
34
|
+
if implicit_http_ports_arr.include?(port)
|
|
35
|
+
uri = "#{scheme}://#{host}#{path}"
|
|
36
|
+
else
|
|
37
|
+
uri = "#{scheme}://#{host}:#{port}#{path}"
|
|
38
|
+
end
|
|
39
|
+
rescue StandardError => e
|
|
40
|
+
raise e
|
|
41
|
+
end
|
|
42
|
+
|
|
12
43
|
# Supported Method Parameters::
|
|
13
44
|
# burp_obj = PWN::Plugins::BurpSuite.start(
|
|
14
45
|
# burp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
|
|
@@ -166,6 +197,27 @@ module PWN
|
|
|
166
197
|
raise e
|
|
167
198
|
end
|
|
168
199
|
|
|
200
|
+
# Supported Method Parameters::
|
|
201
|
+
# json_in_scope = PWN::Plugins::BurpSuite.add_to_scope(
|
|
202
|
+
# burp_obj: 'required - burp_obj returned by #start method',
|
|
203
|
+
# target_url: 'required - target url to add to scope'
|
|
204
|
+
# )
|
|
205
|
+
|
|
206
|
+
public_class_method def self.add_to_scope(opts = {})
|
|
207
|
+
burp_obj = opts[:burp_obj]
|
|
208
|
+
target_url = opts[:target_url]
|
|
209
|
+
rest_browser = burp_obj[:rest_browser]
|
|
210
|
+
burpbuddy_api = burp_obj[:burpbuddy_api]
|
|
211
|
+
|
|
212
|
+
post_body = { url: target_url }.to_json
|
|
213
|
+
|
|
214
|
+
in_scope = rest_browser.post("http://#{burpbuddy_api}/scope", post_body, content_type: 'application/json; charset=UTF8')
|
|
215
|
+
JSON.parse(in_scope)
|
|
216
|
+
rescue StandardError => e
|
|
217
|
+
stop(burp_obj: burp_obj) unless burp_obj.nil?
|
|
218
|
+
raise e
|
|
219
|
+
end
|
|
220
|
+
|
|
169
221
|
# Supported Method Parameters::
|
|
170
222
|
# active_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(
|
|
171
223
|
# burp_obj: 'required - burp_obj returned by #start method',
|
|
@@ -178,7 +230,7 @@ module PWN
|
|
|
178
230
|
burpbuddy_api = burp_obj[:burpbuddy_api]
|
|
179
231
|
target_url = opts[:target_url].to_s.scrub.strip.chomp
|
|
180
232
|
target_scheme = URI.parse(target_url).scheme
|
|
181
|
-
|
|
233
|
+
target_host = URI.parse(target_url).host
|
|
182
234
|
target_port = URI.parse(target_url).port.to_i
|
|
183
235
|
if target_scheme == 'http'
|
|
184
236
|
use_https = false
|
|
@@ -196,23 +248,25 @@ module PWN
|
|
|
196
248
|
json_port = json_http_svc['port'].to_i
|
|
197
249
|
json_path = json_req['path']
|
|
198
250
|
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
json_uri = "#{json_protocol}://#{json_host}#{json_path}"
|
|
206
|
-
else
|
|
207
|
-
json_uri = "#{json_protocol}://#{json_host}:#{json_port}#{json_path}"
|
|
208
|
-
end
|
|
251
|
+
json_uri = format_uri_from_sitemap_resp(
|
|
252
|
+
scheme: json_protocol,
|
|
253
|
+
host: json_host,
|
|
254
|
+
port: json_port,
|
|
255
|
+
path: json_path
|
|
256
|
+
)
|
|
209
257
|
|
|
210
|
-
next unless json_host ==
|
|
258
|
+
next unless json_host == target_host && json_port == target_port
|
|
211
259
|
|
|
260
|
+
# More info on the BurpBuddy API can be found here:
|
|
261
|
+
# https://github.com/tomsteele/burpbuddy/blob/master/src/main/kotlin/burp/API.kt
|
|
212
262
|
puts "Adding #{json_uri} to Active Scan"
|
|
213
263
|
active_scan_url_arr.push(json_uri)
|
|
214
|
-
|
|
215
|
-
|
|
264
|
+
post_body = {
|
|
265
|
+
host: json_host,
|
|
266
|
+
port: json_port,
|
|
267
|
+
use_https: use_https,
|
|
268
|
+
request: json_req['raw']
|
|
269
|
+
}.to_json
|
|
216
270
|
# Kick off an active scan for each given page in the json_sitemap results
|
|
217
271
|
rest_browser.post("http://#{burpbuddy_api}/scan/active", post_body, content_type: 'application/json')
|
|
218
272
|
end
|
|
@@ -284,25 +338,20 @@ module PWN
|
|
|
284
338
|
host = URI.parse(target_url).host
|
|
285
339
|
port = URI.parse(target_url).port
|
|
286
340
|
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
if implicit_http_ports_arr.include?(port)
|
|
293
|
-
target_domain = "#{scheme}://#{host}"
|
|
294
|
-
else
|
|
295
|
-
target_domain = "#{scheme}://#{host}:#{port}"
|
|
296
|
-
end
|
|
341
|
+
target_domain = format_uri_from_sitemap_resp(
|
|
342
|
+
scheme: scheme,
|
|
343
|
+
host: host,
|
|
344
|
+
port: port
|
|
345
|
+
)
|
|
297
346
|
|
|
298
347
|
report_url = Base64.strict_encode64(target_domain)
|
|
299
348
|
# Ready scanreport API call in burpbuddy to support HTML & XML report generation
|
|
300
|
-
report_resp = rest_browser.get(
|
|
301
|
-
"http://#{burpbuddy_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
|
|
302
|
-
)
|
|
303
349
|
# report_resp = rest_browser.get(
|
|
304
|
-
# "http://#{burpbuddy_api}/scanreport/#{report_url}"
|
|
350
|
+
# "http://#{burpbuddy_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
|
|
305
351
|
# )
|
|
352
|
+
report_resp = rest_browser.get(
|
|
353
|
+
"http://#{burpbuddy_api}/scanreport/#{report_url}"
|
|
354
|
+
)
|
|
306
355
|
File.open(output_path, 'w') do |f|
|
|
307
356
|
f.puts(report_resp.body.gsub("\r\n", "\n"))
|
|
308
357
|
end
|
data/lib/pwn/version.rb
CHANGED
data/third_party/pwn_rdoc.jsonl
CHANGED
|
@@ -500,7 +500,7 @@
|
|
|
500
500
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.get_scan_issues Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.get_scan_issues`: Supported Method Parameters\n\njson_scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
|
|
501
501
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.help Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.help`: "}]}
|
|
502
502
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.invoke_active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.invoke_active_scan`: Supported Method Parameters\n\nactive_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])'\n\n)\n"}]}
|
|
503
|
-
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: '
|
|
503
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',\nheadless: 'optional - run burp headless if set to true',\nbrowser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',\ntarget_config: 'optional - path to burp suite pro target config JSON file'\n\n)\n"}]}
|
|
504
504
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.stop Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.stop`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.stop(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
|
|
505
505
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_burp_jar Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_burp_jar`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.update_burp_jar( )\n"}]}
|
|
506
506
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.uri_in_scope Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.uri_in_scope`: Supported Method Parameters\n\nuri_in_scope_bool = PWN::Plugins::BurpSuite.uri_in_scope(\n\ntarget_config: 'required - path to burp suite pro target config JSON file',\nuri: 'required - URI to determine if in scope'\n\n)\n"}]}
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.322
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -99,14 +99,14 @@ dependencies:
|
|
|
99
99
|
requirements:
|
|
100
100
|
- - '='
|
|
101
101
|
- !ruby/object:Gem::Version
|
|
102
|
-
version: 7.0
|
|
102
|
+
version: 7.1.0
|
|
103
103
|
type: :runtime
|
|
104
104
|
prerelease: false
|
|
105
105
|
version_requirements: !ruby/object:Gem::Requirement
|
|
106
106
|
requirements:
|
|
107
107
|
- - '='
|
|
108
108
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: 7.0
|
|
109
|
+
version: 7.1.0
|
|
110
110
|
- !ruby/object:Gem::Dependency
|
|
111
111
|
name: bson
|
|
112
112
|
requirement: !ruby/object:Gem::Requirement
|