pwn 0.5.327 → 0.5.330

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0843f0e4e3ed905cafcb9ca071cedac0f2bd5707f1b087ddb9720d4bbea12bd2'
-  data.tar.gz: 8587c3be1cffbeda6c0f46d2e513a2570bd0339995172bf9d5c0ff0c2c4146c8
+  metadata.gz: c2402a13b3e2cd7cbbdd21760049fce61980dc14871236a6345d51c50dae439b
+  data.tar.gz: e31a43da568d89bea803c9de5985edd089f7fea80db82fd9fa871fcfb524fe73
 SHA512:
-  metadata.gz: 6e1cab51e4759e9409203f465575f9359f1f4baa19d1149bfaf3e5fe57e32f2d03b16d14ceeaee79fdb4a9420dbf409f7084560b5847505dd0623d9fe9b7b6d2
-  data.tar.gz: 50cc81e0012b45ec88821d0b129cefd02dca8123c261f2f88cab3b49ce418ee3b07f47a92bc3ef6255663db1846dba9dc795d48da30ea6b1e16dc7f5d7da8f75
+  metadata.gz: f3e8e3aa9d1b1717768a20531f4e63044587fec15c9952fc406f4a8fd0992432899d3ef77420bbed3f82970da5197916b970bdf5c89fb39489afdd73b5ade671
+  data.tar.gz: f86b6c3356a6f1140ece443001b323062d11cbc2e2e1d2cac544a4a921fe2691ab022d7123aa3c36ad06ec089b7db9e1ab3ca2c72964e10f16e39ff6734d94dc

data/Gemfile

@@ -35,13 +35,13 @@ gem 'gdb', '1.0.0'
 gem 'gem-wrappers', '1.4.0'
 gem 'geocoder', '1.8.5'
 gem 'gist', '6.0.0'
-gem 'gruff', '0.28.0'
+gem 'gruff', '0.29.0'
 # gem 'hidapi', '0.1.9'
 gem 'htmlentities', '4.3.4'
 gem 'ipaddress', '0.8.3'
 gem 'jenkins_api_client2', '1.9.0'
 gem 'js-beautify', '0.1.8'
-gem 'json', '2.13.0'
+gem 'json', '2.13.1'
 gem 'jsonpath', '1.1.5'
 gem 'jwt', '3.1.2'
 gem 'libusb', '0.7.2'
@@ -81,7 +81,7 @@ gem 'rmagick', '6.1.2'
 gem 'rqrcode', '3.1.0'
 gem 'rspec', '3.13.1'
 gem 'rtesseract', '3.1.4'
-gem 'rubocop', '1.78.0'
+gem 'rubocop', '1.79.0'
 gem 'rubocop-rake', '0.7.1'
 gem 'rubocop-rspec', '3.6.0'
 gem 'ruby-audio', '1.6.1'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.327]:001 >>> PWN.help
+pwn[v0.5.330]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.327]:001 >>> PWN.help
+pwn[v0.5.330]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.327]:001 >>> PWN.help
+pwn[v0.5.330]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_burp_suite_pro_active_scan

@@ -33,10 +33,6 @@ OptionParser.new do |options|
   options.on('-iURL', '---in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
     opts[:in_scope] = s
   end
-
-  options.on('-cFILE', '--target-config=FILE', '<Optional - Path to Target Config JSON File>') do |c|
-    opts[:target_config] = c
-  end
 end.parse!
 
 if opts.empty?
@@ -56,7 +52,6 @@ begin
   raise 'Invalid path to browser instructions.  Please check your spelling and try again.' unless File.exist?(navigation_instruct)
 
   in_scope = opts[:in_scope] ||= target_url
-  target_config = opts[:target_config]
 
   # ------
   # Open Burp
@@ -64,14 +59,12 @@ begin
     burp_obj = PWN::Plugins::BurpSuite.start(
       burp_jar_path: burp_jar_path,
       headless: true,
-      browser_type: :headless,
-      target_config: target_config
+      browser_type: :headless
     )
   else
     burp_obj = PWN::Plugins::BurpSuite.start(
       burp_jar_path: burp_jar_path,
-      browser_type: :chrome,
-      target_config: target_config
+      browser_type: :chrome
     )
   end
 

data/lib/pwn/plugins/burp_suite.rb

@@ -31,25 +31,27 @@ module PWN
           443
         ]
 
-        if implicit_http_ports_arr.include?(port)
-          uri = "#{scheme}://#{host}#{path}"
-        else
-          uri = "#{scheme}://#{host}:#{port}#{path}"
-        end
+        uri = "#{scheme}://#{host}:#{port}#{path}"
+        uri = "#{scheme}://#{host}#{path}" if implicit_http_ports_arr.include?(port)
+
+        uri
       rescue StandardError => e
         raise e
       end
 
       # Supported Method Parameters::
       # burp_obj = PWN::Plugins::BurpSuite.start(
-      #   burp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
+      #   burp_jar_path: 'optional - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
       #   headless: 'optional - run burp headless if set to true',
       #   browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',
-      #   target_config: 'optional - path to burp suite pro target config JSON file'
+      #   burp_ip: 'optional - IP address for the Burp proxy (defaults to 127.0.0.1)',
+      #   burp_port: 'optional - port for the Burp proxy (defaults to a random unused port)',
+      #   pwn_burp_ip: 'optional - IP address for the PWN Burp API (defaults to 127.0.0.1)',
+      #   pwn_burp_port: 'optional - port for the PWN Burp API (defaults to a random unused port)'
       # )
 
       public_class_method def self.start(opts = {})
-        burp_jar_path = opts[:burp_jar_path] ||= '/opt/burpsuite/burpsuite_pro.jar'
+        burp_jar_path = opts[:burp_jar_path] ||= '/opt/burpsuite/burpsuite-pro.jar'
         raise 'Invalid path to burp jar file.  Please check your spelling and try again.' unless File.exist?(burp_jar_path)
 
         burp_root = File.dirname(burp_jar_path)
@@ -60,16 +62,20 @@ module PWN
                          opts[:browser_type]
                        end
 
-        target_config = opts[:target_config]
-
-        if opts[:headless]
-          # burp_cmd_string = "java -Xmx4G -Djava.awt.headless=true -classpath #{burp_root}/burpbuddy.jar:#{burp_jar_path} burp.StartBurp"
-          burp_cmd_string = "java -Xmx4G -Djava.awt.headless=true -classpath #{burp_root}/burpbuddy.jar -jar #{burp_jar_path}"
-        else
-          # burp_cmd_string = "java -Xmx4G -classpath #{burp_root}/burpbuddy.jar:#{burp_jar_path} burp.StartBurp"
-          burp_cmd_string = "java -Xmx4G -classpath #{burp_root}/burpbuddy.jar -jar #{burp_jar_path}"
-        end
-        burp_cmd_string = "#{burp_cmd_string} --config-file=#{target_config}" if target_config && File.exist?(target_config)
+        burp_ip = opts[:burp_ip] ||= '127.0.0.1'
+        burp_port = opts[:burp_port] ||= 8080
+        # burp_port = opts[:burp_port] ||= PWN::Plugins::Sock.get_random_unused_port
+        #
+        pwn_burp_ip = opts[:pwn_burp_ip] ||= '127.0.0.1'
+        pwn_burp_port = opts[:pwn_burp_port] ||= 1337
+        # pwn_burp_port = opts[:pwn_burp_port] ||= PWN::Plugins::Sock.get_random_unused_port
+
+        burp_cmd_string = 'java -Xmx4G'
+        # burp_cmd_string = "#{burp_cmd_string} -Dhttp.proxyHost=#{burp_ip} -Dhttp.proxyPort=#{burp_port}"
+        # burp_cmd_string = "#{burp_cmd_string} -Dhttps.proxyHost=#{burp_ip} -Dhttps.proxyPort=#{burp_port}"
+        burp_cmd_string = "#{burp_cmd_string} -Djava.awt.headless=true" if opts[:headless]
+        burp_cmd_string = "#{burp_cmd_string} -Dserver.address=#{pwn_burp_ip} -Dserver.port=#{pwn_burp_port}"
+        burp_cmd_string = "#{burp_cmd_string} -jar #{burp_jar_path}"
 
         # Construct burp_obj
         burp_obj = {}
@@ -77,11 +83,8 @@ module PWN
         browser_obj1 = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
         rest_browser = browser_obj1[:browser]
 
-        # random_mitm_port = PWN::Plugins::Sock.get_random_unused_port
-        # random_bb_port = random_mitm_port
-        # random_bb_port = PWN::Plugins::Sock.get_random_unused_port while random_bb_port == random_mitm_port
-        burp_obj[:mitm_proxy] = '127.0.0.1:8080'
-        burp_obj[:burpbuddy_api] = '127.0.0.1:8001'
+        burp_obj[:mitm_proxy] = "#{burp_ip}:#{burp_port}"
+        burp_obj[:pwn_burp_api] = "#{pwn_burp_ip}:#{pwn_burp_port}"
         burp_obj[:rest_browser] = rest_browser
 
         # Proxy always listens on localhost...use SSH tunneling if remote access is required
@@ -92,9 +95,9 @@ module PWN
 
         burp_obj[:burp_browser] = browser_obj2
 
-        # Wait for TCP 8001 to open prior to returning burp_obj
+        # Wait for pwn_burp_port to open prior to returning burp_obj
         loop do
-          s = TCPSocket.new('127.0.0.1', 8001)
+          s = TCPSocket.new(pwn_burp_ip, pwn_burp_port)
           s.close
           break
         rescue Errno::ECONNREFUSED
@@ -103,6 +106,15 @@ module PWN
           next
         end
 
+        # USE THIS WHEN Updating Proxy Listener settings become
+        # available in the BurpSuite Montoya API
+        # Update proxy listener to use the burp_ip and burp_port
+        # update_proxy_listener(
+        #   burp_obj: burp_obj,
+        #   address: burp_ip,
+        #   port: burp_port
+        # )
+
         burp_obj
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -156,9 +168,9 @@ module PWN
       public_class_method def self.enable_proxy(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        burpbuddy_api = burp_obj[:burpbuddy_api]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
 
-        enable_resp = rest_browser.post("http://#{burpbuddy_api}/proxy/intercept/enable", nil)
+        enable_resp = rest_browser.post("http://#{pwn_burp_api}/proxy/intercept/enable", nil)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
         raise e
@@ -172,9 +184,9 @@ module PWN
       public_class_method def self.disable_proxy(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        burpbuddy_api = burp_obj[:burpbuddy_api]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
 
-        disable_resp = rest_browser.post("http://#{burpbuddy_api}/proxy/intercept/disable", nil)
+        disable_resp = rest_browser.post("http://#{pwn_burp_api}/proxy/intercept/disable", nil)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
         raise e
@@ -188,10 +200,21 @@ module PWN
       public_class_method def self.get_current_sitemap(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        burpbuddy_api = burp_obj[:burpbuddy_api]
-
-        sitemap = rest_browser.get("http://#{burpbuddy_api}/sitemap", content_type: 'application/json; charset=UTF8')
-        JSON.parse(sitemap)
+        pwn_burp_api = burp_obj[:pwn_burp_api]
+
+        sitemap = rest_browser.get("http://#{pwn_burp_api}/sitemap", content_type: 'application/json; charset=UTF8')
+        # json_sitemap = JSON.parse(sitemap, symbolize_names: true)
+        # json_sitemap is an array of hashes.
+        # each hash contains a :request and :response key.
+        # both of these values are Base64 encoded strings.
+        # We want to decode them in an array of hashes.
+        # json_sitemap.map do |site|
+        #   site[:request] = Base64.decode64(site[:request]) if site[:request]
+        #   site[:response] = Base64.decode64(site[:response]) if site[:response]
+        # end
+
+        # json_sitemap
+        JSON.parse(sitemap, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
         raise e
@@ -207,11 +230,11 @@ module PWN
         burp_obj = opts[:burp_obj]
         target_url = opts[:target_url]
         rest_browser = burp_obj[:rest_browser]
-        burpbuddy_api = burp_obj[:burpbuddy_api]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
 
         post_body = { url: target_url }.to_json
 
-        in_scope = rest_browser.post("http://#{burpbuddy_api}/scope", post_body, content_type: 'application/json; charset=UTF8')
+        in_scope = rest_browser.post("http://#{pwn_burp_api}/scope", post_body, content_type: 'application/json; charset=UTF8')
         JSON.parse(in_scope)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -227,26 +250,27 @@ module PWN
       public_class_method def self.invoke_active_scan(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        burpbuddy_api = burp_obj[:burpbuddy_api]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
         target_url = opts[:target_url].to_s.scrub.strip.chomp
         target_scheme = URI.parse(target_url).scheme
         target_host = URI.parse(target_url).host
         target_port = URI.parse(target_url).port.to_i
-        if target_scheme == 'http'
-          use_https = false
-        else
-          use_https = true
-        end
+        # if target_scheme == 'http'
+        #   use_https = false
+        # else
+        #   use_https = true
+        # end
 
         active_scan_url_arr = []
         json_sitemap = get_current_sitemap(burp_obj: burp_obj)
         json_sitemap.each do |site|
-          json_http_svc = site['http_service']
-          json_req = site['request']
-          json_protocol = json_http_svc['protocol']
-          json_host = json_http_svc['host'].to_s.scrub.strip.chomp
-          json_port = json_http_svc['port'].to_i
-          json_path = json_req['path']
+          json_req = site[:request]
+          json_path = json_req[:path]
+          b64_encoded_req = json_req[:raw]
+          json_http_svc = site[:http_service]
+          json_protocol = json_http_svc[:protocol]
+          json_host = json_http_svc[:host].to_s.scrub.strip.chomp
+          json_port = json_http_svc[:port].to_i
 
           json_uri = format_uri_from_sitemap_resp(
             scheme: json_protocol,
@@ -255,30 +279,32 @@ module PWN
             path: json_path
           )
 
+          # TODO: check if the URI is in scope
+          # next unless uri_in_scope(...)
           next unless json_host == target_host && json_port == target_port
 
-          # More info on the BurpBuddy API can be found here:
-          # https://github.com/tomsteele/burpbuddy/blob/master/src/main/kotlin/burp/API.kt
+          use_https = true if json_protocol == 'https'
+
           puts "Adding #{json_uri} to Active Scan"
           active_scan_url_arr.push(json_uri)
           post_body = {
             host: json_host,
             port: json_port,
             use_https: use_https,
-            request: json_req['raw']
+            request: b64_encoded_req
           }.to_json
           # Kick off an active scan for each given page in the json_sitemap results
-          rest_browser.post("http://#{burpbuddy_api}/scan/active", post_body, content_type: 'application/json')
+          rest_browser.post("http://#{pwn_burp_api}/scan/active", post_body, content_type: 'application/json')
         end
 
         # Wait for scan completion
-        scan_queue = rest_browser.get("http://#{burpbuddy_api}/scan/active")
+        scan_queue = rest_browser.get("http://#{pwn_burp_api}/scan/active")
         json_scan_queue = JSON.parse(scan_queue)
         scan_queue_total = json_scan_queue.count
         json_scan_queue.each do |scan_item|
           this_scan_item_id = scan_item['id']
           until scan_item['status'] == 'finished'
-            scan_item_resp = rest_browser.get("http://#{burpbuddy_api}/scan/active/#{this_scan_item_id}")
+            scan_item_resp = rest_browser.get("http://#{pwn_burp_api}/scan/active/#{this_scan_item_id}")
             scan_item = JSON.parse(scan_item_resp)
             scan_status = scan_item['status']
             puts "Target ID ##{this_scan_item_id} of ##{scan_queue_total}| #{scan_status}"
@@ -301,9 +327,9 @@ module PWN
       public_class_method def self.get_scan_issues(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        burpbuddy_api = burp_obj[:burpbuddy_api]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
 
-        scan_issues = rest_browser.get("http://#{burpbuddy_api}/scanissues")
+        scan_issues = rest_browser.get("http://#{pwn_burp_api}/scanissues")
         JSON.parse(scan_issues)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -322,9 +348,9 @@ module PWN
         burp_obj = opts[:burp_obj]
         target_url = opts[:target_url]
         rest_browser = burp_obj[:rest_browser]
-        burpbuddy_api = burp_obj[:burpbuddy_api]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
         report_type = opts[:report_type]
-        # When burpbuddy begins to support XML report generation
+        # When pwn_burp begins to support XML report generation
         valid_report_types_arr = %i[
           html
           xml
@@ -337,27 +363,130 @@ module PWN
         scheme = URI.parse(target_url).scheme
         host = URI.parse(target_url).host
         port = URI.parse(target_url).port
+        path = URI.parse(target_url).path
 
         target_domain = format_uri_from_sitemap_resp(
           scheme: scheme,
           host: host,
-          port: port
+          port: port,
+          path: path
         )
 
+        puts "Generating #{report_type} report for #{target_domain}..."
         report_url = Base64.strict_encode64(target_domain)
-        # Ready scanreport API call in burpbuddy to support HTML & XML report generation
-        # This is for the older burpbuddy-3.1.1-SNAPSHOT-all.jar
+        # Ready scanreport API call in pwn_burp to support HTML & XML report generation
         report_resp = rest_browser.get(
-          "http://#{burpbuddy_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
+          "http://#{pwn_burp_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
         )
 
-        # This is for the older burpbuddy-3.1.0-SNAPSHOT-all.jar
-        # report_resp = rest_browser.get(
-        #   "http://#{burpbuddy_api}/scanreport/#{report_url}"
-        # )
         File.open(output_path, 'w') do |f|
           f.puts(report_resp.body.gsub("\r\n", "\n"))
         end
+      rescue RestClient::BadRequest => e
+        puts e.response
+      rescue StandardError => e
+        # stop(burp_obj: burp_obj) unless burp_obj.nil?
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # json_proxy_listeners = PWN::Plugins::BurpSuite.get_proxy_listeners(
+      #   burp_obj: 'required - burp_obj returned by #start method'
+      # )
+
+      public_class_method def self.get_proxy_listeners(opts = {})
+        burp_obj = opts[:burp_obj]
+        rest_browser = burp_obj[:rest_browser]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
+
+        listeners = rest_browser.get("http://#{pwn_burp_api}/proxy/listeners", content_type: 'application/json; charset=UTF8')
+        JSON.parse(listeners, symbolize_names: true)
+      rescue StandardError => e
+        stop(burp_obj: burp_obj) unless burp_obj.nil?
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # json_proxy_listener = PWN::Plugins::BurpSuite.add_proxy_listener(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   bind_address: 'required - bind address for the proxy listener (e.g., "127.0.0.1")',
+      #   port: 'required - port for the proxy listener (e.g., 8081)',
+      #   enabled: 'optional - enable the listener (defaults to true)'
+      # )
+
+      public_class_method def self.add_proxy_listener(opts = {})
+        burp_obj = opts[:burp_obj]
+        rest_browser = burp_obj[:rest_browser]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
+        bind_address = opts[:bind_address]
+        raise 'ERROR: bind_address parameter is required' if bind_address.nil?
+
+        port = opts[:port]
+        raise 'ERROR: port parameter is required' if port.nil?
+
+        enabled = opts[:enabled] != false # Default to true if not specified
+
+        post_body = {
+          id: "#{bind_address}:#{port}",
+          bind_address: bind_address,
+          port: port,
+          enabled: enabled
+        }.to_json
+
+        listener = rest_browser.post("http://#{pwn_burp_api}/proxy/listeners", post_body, content_type: 'application/json; charset=UTF8')
+        JSON.parse(listener, symbolize_names: true)
+      rescue StandardError => e
+        stop(burp_obj: burp_obj) unless burp_obj.nil?
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # json_proxy_listener = PWN::Plugins::BurpSuite.update_proxy_listener(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   id: 'optional - ID of the proxy listener (defaults to "127.0.0.1:8080")',
+      #   bind_address: 'optional - bind address for the proxy listener (defaults to "127.0.0.1")',
+      #   port: 'optional - port for the proxy listener (defaults to 8080)',
+      #   enabled: 'optional - enable or disable the listener (defaults to true)'
+      # )
+
+      public_class_method def self.update_proxy_listener(opts = {})
+        burp_obj = opts[:burp_obj]
+        rest_browser = burp_obj[:rest_browser]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
+        id = opts[:id] ||= '127.0.0.1:8080'
+        bind_address = opts[:bind_address] ||= '127.0.0.1'
+        port = opts[:port] ||= 8080
+        enabled = opts[:enabled] != false # Default to true if not specified
+
+        post_body = {
+          id: id,
+          bind_address: bind_address,
+          port: port,
+          enabled: enabled
+        }.to_json
+
+        listener = rest_browser.put("http://#{pwn_burp_api}/proxy/listeners/#{id}", post_body, content_type: 'application/json; charset=UTF8')
+        JSON.parse(listener, symbolize_names: true)
+      rescue StandardError => e
+        stop(burp_obj: burp_obj) unless burp_obj.nil?
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::BurpSuite.delete_proxy_listener(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   id: 'required - ID of the proxy listener (e.g., "127.0.0.1:8080")'
+      # )
+
+      public_class_method def self.delete_proxy_listener(opts = {})
+        burp_obj = opts[:burp_obj]
+        rest_browser = burp_obj[:rest_browser]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
+        id = opts[:id]
+        raise 'ERROR: id parameter is required' if id.nil?
+
+        rest_browser.delete("http://#{pwn_burp_api}/proxy/listeners/#{id}")
+        true # Return true to indicate successful deletion (or error if API fails)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
         raise e
@@ -401,15 +530,10 @@ module PWN
 
       public_class_method def self.help
         puts "USAGE:
-          # PLEASE NOTE: IF RUNNING THIS MODULE THE FIRST TIME, YOU HAVE TO MANUALLY LOAD
-          # /opt/burpsuite/burpsuite_pro.jar INTO THE BURP SUITE PRO UI IN ORDER FOR
-          # THIS TO WORK PROPERLY MOVING FORWARD.  THIS SHOULD ONLY BE NECESSARY TO
-          # DO ONCE.
           burp_obj = #{self}.start(
-            burp_jar_path: 'required - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
+            burp_jar_path: 'optional - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
             headless: 'optional - run headless if set to true',
-            browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',
-            target_config: 'optional - path to burp suite pro target config JSON file'
+            browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types'
           )
 
           uri_in_scope_bool = #{self}.uri_in_scope(
@@ -429,6 +553,30 @@ module PWN
             burp_obj: 'required - burp_obj returned by #start method'
           )
 
+          json_proxy_listeners = #{self}.get_proxy_listeners(
+            burp_obj: 'required - burp_obj returned by #start method'
+          )
+
+          json_proxy_listener = #{self}.add_proxy_listener(
+            burp_obj: 'required - burp_obj returned by #start method',
+            bind_address: 'required - bind address for the proxy listener (e.g., \"127.0.0.1\")',
+            port: 'required - port for the proxy listener (e.g., 8081)',
+            enabled: 'optional - enable the listener (defaults to true)'
+          )
+
+          json_proxy_listener = #{self}.update_proxy_listener(
+            burp_obj: 'required - burp_obj returned by #start method',
+            id: 'required - ID of the proxy listener (e.g., \"127.0.0.1:8080\")',
+            bind_address: 'required - new bind address for the proxy listener',
+            port: 'required - new port for the proxy listener',
+            enabled: 'optional - enable or disable the listener (defaults to true)'
+          )
+
+          #{self}.delete_proxy_listener(
+            burp_obj: 'required - burp_obj returned by #start method',
+            id: 'required - ID of the proxy listener (e.g., \"127.0.0.1:8080\")'
+          )
+
           active_scan_url_arr = #{self}.invoke_active_scan(
             burp_obj: 'required - burp_obj returned by #start method',
             target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])'
@@ -440,7 +588,7 @@ module PWN
 
           #{self}.generate_scan_report(
             burp_obj: 'required - burp_obj returned by #start method',
-            active_scan_url_arr: 'required - active_scan_url_arr returned by #invoke_active_scan method',
+            target_url: 'required - target_url passed to #invoke_active_scan method',
             report_type: :html|:xml,
             output_path: 'required - path to save report results'
           )

data/lib/pwn/plugins/owasp_zap.rb

@@ -426,6 +426,41 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # PWN::Plugins::OwaspZap.import_openapi_spec_file(
+      #   zap_obj: 'required - zap_obj returned from #open method',
+      #   spec: 'required - path to OpenAPI spec file (e.g. /path/to/openapi.yaml)',
+      #   target: 'required - target URL to ovverride the service URL in the OpenAPI spec (e.g. https://fq.dn)',
+      #   context_id: 'optional - ID of the ZAP context (Defaults to first context, if any)',
+      #   user_id: 'optional - ID of the ZAP user (Defaults to first user, if any)'
+      # )
+
+      public_class_method def self.import_openapi_spec_file(opts = {})
+        zap_obj = opts[:zap_obj]
+        api_key = zap_obj[:api_key].to_s.scrub
+        spec = opts[:spec]
+        target = opts[:target]
+        context_id = opts[:context_id]
+        user_id = opts[:user_id]
+
+        params = {
+          apikey: api_key,
+          file: spec,
+          target: target,
+          contextId: context_id,
+          user_id: user_id
+        }
+
+        zap_rest_call(
+          zap_obj: zap_obj,
+          rest_call: "JSON/break/action/openapi/?zapapiformat=JSON&apikey=#{api_key}",
+          params: params
+        )
+      rescue StandardError, SystemExit, Interrupt => e
+        stop(zap_obj) unless zap_obj.nil?
+        raise e
+      end
+
       # Supported Method Parameters::
       # watir_resp = PWN::Plugins::OwaspZap.request(
       #   zap_obj: 'required - zap_obj returned from #open method',

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.327'
+  VERSION = '0.5.330'
 end

data/third_party/pwn_rdoc.jsonl

@@ -502,7 +502,7 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.get_scan_issues Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.get_scan_issues`: Supported Method Parameters\n\njson_scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.help Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.invoke_active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.invoke_active_scan`: Supported Method Parameters\n\nactive_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',\nheadless: 'optional - run burp headless if set to true',\nbrowser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',\ntarget_config: 'optional - path to burp suite pro target config JSON file'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',\nheadless: 'optional - run burp headless if set to true',\nbrowser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.stop Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.stop`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.stop(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_burp_jar Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_burp_jar`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.update_burp_jar( )\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.uri_in_scope Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.uri_in_scope`: Supported Method Parameters\n\nuri_in_scope_bool = PWN::Plugins::BurpSuite.uri_in_scope(\n\ntarget_config: 'required - path to burp suite pro target config JSON file',\nuri: 'required - URI to determine if in scope'\n\n)\n"}]}
@@ -800,6 +800,7 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.breakpoint Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.breakpoint`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.breakpoint(\n\nzap_obj: 'required - zap_obj returned from #open method',\nregex_type: 'required - :url, :request_header, :request_body, :response_header or :response_body',\nregex_pattern: 'required - regex pattern to search for respective regex_type',\nenabled: 'optional - boolean (defaults to true)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.generate_report Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.generate_report`: Supported Method Parameters\n\nreport_path = PWN::Plugins::OwaspZap.generate_report(\n\nzap_obj: 'required - zap_obj returned from #open method',\noutput_dir: 'required - directory to save report',\nreport_type: 'required - <html|markdown|xml>'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.help Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.help`: "}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.import_openapi_spec_file Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.import_openapi_spec_file`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.import_openapi_spec_file(\n\nzap_obj: 'required - zap_obj returned from #open method',\nspec: 'required - path to OpenAPI spec file (e.g. /path/to/openapi.yaml)',\ntarget: 'required - target URL to ovverride the service URL in the OpenAPI spec (e.g. https://fq.dn)',\ncontext_id: 'optional - ID of the ZAP context (Defaults to first context, if any)',\nuser_id: 'optional - ID of the ZAP user (Defaults to first user, if any)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.request Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.request`: Supported Method Parameters\n\nwatir_resp = PWN::Plugins::OwaspZap.request(\n\nzap_obj: 'required - zap_obj returned from #open method',\nbrowser_obj: 'required - browser_obj w/ browser_type: :firefox||:headless returned from #open method',\ninstruction: 'required - watir instruction to make (e.g. button(text: \"Google Search\").click)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.spider Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.spider`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.spider(\n\nzap_obj: 'required - zap_obj returned from #open method',\ntarget: 'required - url to spider'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.start Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.start`: Supported Method Parameters\n\nzap_obj = PWN::Plugins::OwaspZap.start(\n\napi_key: 'required - api key for API authorization',\nzap_bin_path: 'optional - path to zap.sh file'\nheadless: 'optional - run zap headless if set to true',\nproxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:<Random 1024-65535>)',\n\n)\n"}]}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.327
+  version: 0.5.330
 platform: ruby
 authors:
 - 0day Inc.
@@ -337,14 +337,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.28.0
+        version: 0.29.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.28.0
+        version: 0.29.0
 - !ruby/object:Gem::Dependency
   name: htmlentities
   requirement: !ruby/object:Gem::Requirement
@@ -407,14 +407,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.13.0
+        version: 2.13.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.13.0
+        version: 2.13.1
 - !ruby/object:Gem::Dependency
   name: jsonpath
   requirement: !ruby/object:Gem::Requirement
@@ -925,14 +925,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.78.0
+        version: 1.79.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.78.0
+        version: 1.79.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -2298,7 +2298,6 @@ files:
 - spec/lib/pwn_spec.rb
 - spec/spec_helper.rb
 - third_party/.gitkeep
-- third_party/burpbuddy-3.1.1-SNAPSHOT-all.jar
 - third_party/http-request-headers-fields-large.txt
 - third_party/pwn_rdoc.jsonl
 - third_party/r2-pwn-layout