pwn 0.5.321 → 0.5.323
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +3 -3
- data/bin/pwn_burp_suite_pro_active_scan +12 -1
- data/lib/pwn/plugins/burp_suite.rb +74 -23
- data/lib/pwn/version.rb +1 -1
- data/packer/provisioners/burpsuite.sh +6 -5
- data/third_party/pwn_rdoc.jsonl +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 489d28655a398392c8563966dfe04887f65edf719b799a767e667b3b0851c033
|
|
4
|
+
data.tar.gz: 1d8e8e536b39b57b82570f87251111996e3882b1ca6f592381227fb09ebf0840
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c2bd7b7a743a9ceea59b67396389314d344cd7d93e04c32eacb33d6ad76b3c72e0f0981ebaa79170c99829f33e8decfa8dec959ede5d71d02afee658c72a2464
|
|
7
|
+
data.tar.gz: da8291ff61704bbd4e0073334817b2ec1bf82b0ec1bb36bdc9d3c3dad9861d3f2fdf195031369bd7545c5e3a304dba18a60ddf6b6610657baf4f188efb38c3b3
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.323]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.323]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.323]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -30,6 +30,10 @@ OptionParser.new do |options|
|
|
|
30
30
|
opts[:navigation_instruct] = i
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
options.on('-iURL', '---in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
|
|
34
|
+
opts[:in_scope] = s
|
|
35
|
+
end
|
|
36
|
+
|
|
33
37
|
options.on('-cFILE', '--target-config=FILE', '<Optional - Path to Target Config JSON File>') do |c|
|
|
34
38
|
opts[:target_config] = c
|
|
35
39
|
end
|
|
@@ -51,6 +55,7 @@ begin
|
|
|
51
55
|
navigation_instruct = opts[:navigation_instruct]
|
|
52
56
|
raise 'Invalid path to browser instructions. Please check your spelling and try again.' unless File.exist?(navigation_instruct)
|
|
53
57
|
|
|
58
|
+
in_scope = opts[:in_scope] ||= target_url
|
|
54
59
|
target_config = opts[:target_config]
|
|
55
60
|
|
|
56
61
|
# ------
|
|
@@ -88,6 +93,12 @@ begin
|
|
|
88
93
|
browser.instance_eval(instruction.to_s.scrub.strip.chomp)
|
|
89
94
|
end
|
|
90
95
|
|
|
96
|
+
# Add URL to Target >> Scope >> Inclue in scope
|
|
97
|
+
PWN::Plugins::BurpSuite.add_to_scope(
|
|
98
|
+
burp_obj: burp_obj,
|
|
99
|
+
target_url: in_scope
|
|
100
|
+
)
|
|
101
|
+
|
|
91
102
|
duration = 9
|
|
92
103
|
print "Waiting #{duration} seconds prior to kicking off active scan..."
|
|
93
104
|
sleep duration # Sleep for now so everything loads the way we expect - blech.
|
|
@@ -107,7 +118,7 @@ begin
|
|
|
107
118
|
|
|
108
119
|
PWN::Plugins::BurpSuite.generate_scan_report(
|
|
109
120
|
burp_obj: burp_obj,
|
|
110
|
-
target_url:
|
|
121
|
+
target_url: in_scope,
|
|
111
122
|
report_type: report_type,
|
|
112
123
|
output_path: this_output_path
|
|
113
124
|
)
|
|
@@ -9,6 +9,37 @@ module PWN
|
|
|
9
9
|
module Plugins
|
|
10
10
|
# This plugin was created to interact w/ Burp Suite Pro in headless mode to kick off spidering/live scanning
|
|
11
11
|
module BurpSuite
|
|
12
|
+
# Supported Method Parameters::
|
|
13
|
+
# uri = PWN::Plugins::BurpSuite.format_uri_from_sitemap_resp(
|
|
14
|
+
# scheme: 'required - scheme of the URI (http|https)',
|
|
15
|
+
# host: 'required - host of the URI',
|
|
16
|
+
# port: 'optional - port of the URI',
|
|
17
|
+
# path: 'optional - path of the URI'
|
|
18
|
+
# )
|
|
19
|
+
private_class_method def self.format_uri_from_sitemap_resp(opts = {})
|
|
20
|
+
scheme = opts[:scheme]
|
|
21
|
+
raise 'ERROR: scheme parameter is required' if scheme.nil?
|
|
22
|
+
|
|
23
|
+
host = opts[:host]
|
|
24
|
+
raise 'ERROR: host parameter is required' if host.nil?
|
|
25
|
+
|
|
26
|
+
port = opts[:port]
|
|
27
|
+
path = opts[:path]
|
|
28
|
+
|
|
29
|
+
implicit_http_ports_arr = [
|
|
30
|
+
80,
|
|
31
|
+
443
|
|
32
|
+
]
|
|
33
|
+
|
|
34
|
+
if implicit_http_ports_arr.include?(port)
|
|
35
|
+
uri = "#{scheme}://#{host}#{path}"
|
|
36
|
+
else
|
|
37
|
+
uri = "#{scheme}://#{host}:#{port}#{path}"
|
|
38
|
+
end
|
|
39
|
+
rescue StandardError => e
|
|
40
|
+
raise e
|
|
41
|
+
end
|
|
42
|
+
|
|
12
43
|
# Supported Method Parameters::
|
|
13
44
|
# burp_obj = PWN::Plugins::BurpSuite.start(
|
|
14
45
|
# burp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
|
|
@@ -166,6 +197,27 @@ module PWN
|
|
|
166
197
|
raise e
|
|
167
198
|
end
|
|
168
199
|
|
|
200
|
+
# Supported Method Parameters::
|
|
201
|
+
# json_in_scope = PWN::Plugins::BurpSuite.add_to_scope(
|
|
202
|
+
# burp_obj: 'required - burp_obj returned by #start method',
|
|
203
|
+
# target_url: 'required - target url to add to scope'
|
|
204
|
+
# )
|
|
205
|
+
|
|
206
|
+
public_class_method def self.add_to_scope(opts = {})
|
|
207
|
+
burp_obj = opts[:burp_obj]
|
|
208
|
+
target_url = opts[:target_url]
|
|
209
|
+
rest_browser = burp_obj[:rest_browser]
|
|
210
|
+
burpbuddy_api = burp_obj[:burpbuddy_api]
|
|
211
|
+
|
|
212
|
+
post_body = { url: target_url }.to_json
|
|
213
|
+
|
|
214
|
+
in_scope = rest_browser.post("http://#{burpbuddy_api}/scope", post_body, content_type: 'application/json; charset=UTF8')
|
|
215
|
+
JSON.parse(in_scope)
|
|
216
|
+
rescue StandardError => e
|
|
217
|
+
stop(burp_obj: burp_obj) unless burp_obj.nil?
|
|
218
|
+
raise e
|
|
219
|
+
end
|
|
220
|
+
|
|
169
221
|
# Supported Method Parameters::
|
|
170
222
|
# active_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(
|
|
171
223
|
# burp_obj: 'required - burp_obj returned by #start method',
|
|
@@ -178,7 +230,7 @@ module PWN
|
|
|
178
230
|
burpbuddy_api = burp_obj[:burpbuddy_api]
|
|
179
231
|
target_url = opts[:target_url].to_s.scrub.strip.chomp
|
|
180
232
|
target_scheme = URI.parse(target_url).scheme
|
|
181
|
-
|
|
233
|
+
target_host = URI.parse(target_url).host
|
|
182
234
|
target_port = URI.parse(target_url).port.to_i
|
|
183
235
|
if target_scheme == 'http'
|
|
184
236
|
use_https = false
|
|
@@ -196,24 +248,25 @@ module PWN
|
|
|
196
248
|
json_port = json_http_svc['port'].to_i
|
|
197
249
|
json_path = json_req['path']
|
|
198
250
|
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
json_uri = "#{json_protocol}://#{json_host}#{json_path}"
|
|
206
|
-
else
|
|
207
|
-
json_uri = "#{json_protocol}://#{json_host}:#{json_port}#{json_path}"
|
|
208
|
-
end
|
|
251
|
+
json_uri = format_uri_from_sitemap_resp(
|
|
252
|
+
scheme: json_protocol,
|
|
253
|
+
host: json_host,
|
|
254
|
+
port: json_port,
|
|
255
|
+
path: json_path
|
|
256
|
+
)
|
|
209
257
|
|
|
210
|
-
next unless json_host ==
|
|
258
|
+
next unless json_host == target_host && json_port == target_port
|
|
211
259
|
|
|
212
260
|
# More info on the BurpBuddy API can be found here:
|
|
213
261
|
# https://github.com/tomsteele/burpbuddy/blob/master/src/main/kotlin/burp/API.kt
|
|
214
262
|
puts "Adding #{json_uri} to Active Scan"
|
|
215
263
|
active_scan_url_arr.push(json_uri)
|
|
216
|
-
post_body =
|
|
264
|
+
post_body = {
|
|
265
|
+
host: json_host,
|
|
266
|
+
port: json_port,
|
|
267
|
+
use_https: use_https,
|
|
268
|
+
request: json_req['raw']
|
|
269
|
+
}.to_json
|
|
217
270
|
# Kick off an active scan for each given page in the json_sitemap results
|
|
218
271
|
rest_browser.post("http://#{burpbuddy_api}/scan/active", post_body, content_type: 'application/json')
|
|
219
272
|
end
|
|
@@ -285,28 +338,26 @@ module PWN
|
|
|
285
338
|
host = URI.parse(target_url).host
|
|
286
339
|
port = URI.parse(target_url).port
|
|
287
340
|
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
if implicit_http_ports_arr.include?(port)
|
|
294
|
-
target_domain = "#{scheme}://#{host}"
|
|
295
|
-
else
|
|
296
|
-
target_domain = "#{scheme}://#{host}:#{port}"
|
|
297
|
-
end
|
|
341
|
+
target_domain = format_uri_from_sitemap_resp(
|
|
342
|
+
scheme: scheme,
|
|
343
|
+
host: host,
|
|
344
|
+
port: port
|
|
345
|
+
)
|
|
298
346
|
|
|
299
347
|
report_url = Base64.strict_encode64(target_domain)
|
|
300
348
|
# Ready scanreport API call in burpbuddy to support HTML & XML report generation
|
|
349
|
+
# This is for the older burpbuddy-3.1.1-SNAPSHOT-all.jar
|
|
301
350
|
report_resp = rest_browser.get(
|
|
302
351
|
"http://#{burpbuddy_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
|
|
303
352
|
)
|
|
353
|
+
# This is for the older burpbuddy-3.1.0-SNAPSHOT-all.jar
|
|
304
354
|
# report_resp = rest_browser.get(
|
|
305
355
|
# "http://#{burpbuddy_api}/scanreport/#{report_url}"
|
|
306
356
|
# )
|
|
307
357
|
File.open(output_path, 'w') do |f|
|
|
308
358
|
f.puts(report_resp.body.gsub("\r\n", "\n"))
|
|
309
359
|
end
|
|
360
|
+
rescue RestClient::Exceptions::NotFound
|
|
310
361
|
rescue StandardError => e
|
|
311
362
|
stop(burp_obj: burp_obj) unless burp_obj.nil?
|
|
312
363
|
raise e
|
data/lib/pwn/version.rb
CHANGED
|
@@ -8,12 +8,13 @@ grok_error
|
|
|
8
8
|
$screen_cmd "${apt} install -y libgconf-2-4 ${assess_update_errors}"
|
|
9
9
|
grok_error
|
|
10
10
|
|
|
11
|
-
curl --silent 'https://api.github.com/repos/tomsteele/burpbuddy/releases/latest' > /tmp/latest_burpbuddy.json
|
|
12
|
-
latest_burpbuddy_jar=$(ruby -e "require 'json'; pp JSON.parse(File.read('/tmp/latest_burpbuddy.json'), symbolize_names: true)[:assets][0][:browser_download_url]")
|
|
13
|
-
burpbuddy_jar_url=`echo ${latest_burpbuddy_jar} | sed 's/"//g'`
|
|
14
|
-
wget $burpbuddy_jar_url -P /tmp/
|
|
11
|
+
# curl --silent 'https://api.github.com/repos/tomsteele/burpbuddy/releases/latest' > /tmp/latest_burpbuddy.json
|
|
12
|
+
# latest_burpbuddy_jar=$(ruby -e "require 'json'; pp JSON.parse(File.read('/tmp/latest_burpbuddy.json'), symbolize_names: true)[:assets][0][:browser_download_url]")
|
|
13
|
+
# burpbuddy_jar_url=`echo ${latest_burpbuddy_jar} | sed 's/"//g'`
|
|
14
|
+
# wget $burpbuddy_jar_url -P /tmp/
|
|
15
15
|
burp_root="/opt/burpsuite"
|
|
16
|
-
sudo /bin/bash --login -c "mkdir ${burp_root} && cp /tmp/burpbuddy*.jar ${burp_root} && rm /tmp/latest_burpbuddy.json && rm /tmp/burpbuddy*.jar"
|
|
16
|
+
# sudo /bin/bash --login -c "mkdir ${burp_root} && cp /tmp/burpbuddy*.jar ${burp_root} && rm /tmp/latest_burpbuddy.json && rm /tmp/burpbuddy*.jar"
|
|
17
|
+
sudo cp /opt/pwn/third-party/burpbuddy-3.1.1-SNAPSHOT.jar $burp_root/burpbuddy-3.1.1-SNAPSHOT.jar
|
|
17
18
|
|
|
18
19
|
ls $burp_root/burpbuddy*.jar | while read bb_latest; do
|
|
19
20
|
sudo ln -s $bb_latest $burp_root/burpbuddy.jar
|
data/third_party/pwn_rdoc.jsonl
CHANGED
|
@@ -500,7 +500,7 @@
|
|
|
500
500
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.get_scan_issues Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.get_scan_issues`: Supported Method Parameters\n\njson_scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
|
|
501
501
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.help Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.help`: "}]}
|
|
502
502
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.invoke_active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.invoke_active_scan`: Supported Method Parameters\n\nactive_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])'\n\n)\n"}]}
|
|
503
|
-
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: '
|
|
503
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',\nheadless: 'optional - run burp headless if set to true',\nbrowser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',\ntarget_config: 'optional - path to burp suite pro target config JSON file'\n\n)\n"}]}
|
|
504
504
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.stop Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.stop`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.stop(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
|
|
505
505
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_burp_jar Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_burp_jar`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.update_burp_jar( )\n"}]}
|
|
506
506
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.uri_in_scope Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.uri_in_scope`: Supported Method Parameters\n\nuri_in_scope_bool = PWN::Plugins::BurpSuite.uri_in_scope(\n\ntarget_config: 'required - path to burp suite pro target config JSON file',\nuri: 'required - URI to determine if in scope'\n\n)\n"}]}
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.323
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -99,14 +99,14 @@ dependencies:
|
|
|
99
99
|
requirements:
|
|
100
100
|
- - '='
|
|
101
101
|
- !ruby/object:Gem::Version
|
|
102
|
-
version: 7.0
|
|
102
|
+
version: 7.1.0
|
|
103
103
|
type: :runtime
|
|
104
104
|
prerelease: false
|
|
105
105
|
version_requirements: !ruby/object:Gem::Requirement
|
|
106
106
|
requirements:
|
|
107
107
|
- - '='
|
|
108
108
|
- !ruby/object:Gem::Version
|
|
109
|
-
version: 7.0
|
|
109
|
+
version: 7.1.0
|
|
110
110
|
- !ruby/object:Gem::Dependency
|
|
111
111
|
name: bson
|
|
112
112
|
requirement: !ruby/object:Gem::Requirement
|