pwn 0.5.331 → 0.5.332

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5ac40ad5725903ee8da2c282e5819a5af3776a2fc73c64635d56de5f513a2b6e
-  data.tar.gz: 509e65cd59d2f8a7e98c1e5c7b8389ebecea0a3f42ac33f63fb7009bddc30d97
+  metadata.gz: 416b3161579a8f088d76f1de382c47a802945491767e0e9db044e1daaa263a77
+  data.tar.gz: ae3acfd4171b49ae5675047c924f731f654ca705e20bd4213a9bf03ef643f433
 SHA512:
-  metadata.gz: de7079e5a9b79d5303c12e156c02d05f1db4ce950ca4031d85b4ada34818be4fed6cc1f3d55ee17ef451ac61669b40949dd479cbbef35fb8056ae7155dba3ea7
-  data.tar.gz: b55508106c075eb9aee38c583de961584fe7eedb6df7e3b86c7ef8f5b14694105d2532237fca1ad145f48cb692f21833d7121622910b91e7ad9026a8f809d11e
+  metadata.gz: 0374d5fa47a7eae2baca814efebf33f98f265d2824139b28ad6b400567002a00eee847b4d9f039aedbb0df3d737d7b6b1de649aa748e18d8a1d160fbe38d3179
+  data.tar.gz: da79785268a5a8bff16553f29b1473d7e3a4529a1c891736627b19ab1d1d13df1d904f2fac108b729a245b66b305886b7726f85d2854a1cabdaac27f299358b9

data/.rubocop.yml

@@ -18,7 +18,7 @@ Metrics/CyclomaticComplexity:
 Metrics/MethodLength:
   Max: 485
 Metrics/ModuleLength:
-  Max: 495
+  Max: 500
 Metrics/PerceivedComplexity:
   Max: 101
 Style/HashEachMethods:

data/Gemfile

@@ -41,7 +41,7 @@ gem 'htmlentities', '4.3.4'
 gem 'ipaddress', '0.8.3'
 gem 'jenkins_api_client2', '1.9.0'
 gem 'js-beautify', '0.1.8'
-gem 'json', '2.13.1'
+gem 'json', '2.13.2'
 gem 'jsonpath', '1.1.5'
 gem 'jwt', '3.1.2'
 gem 'libusb', '0.7.2'
@@ -68,7 +68,7 @@ gem 'ostruct', '0.6.3'
 gem 'packetfu', '2.0.0'
 gem 'packetgen', '4.1.0'
 gem 'pdf-reader', '2.14.1'
-gem 'pg', '1.5.9'
+gem 'pg', '1.6.0'
 gem 'pry', '0.15.2'
 gem 'pry-doc', '1.6.0'
 gem 'rake', '13.3.0'

data/lib/pwn/plugins/burp_suite.rb

@@ -194,32 +194,100 @@ module PWN
 
       # Supported Method Parameters::
       # json_sitemap = PWN::Plugins::BurpSuite.get_current_sitemap(
-      #   burp_obj: 'required - burp_obj returned by #start method'
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   target_url: 'optional - target URL to filter sitemap results (defaults to entire sitemap)'
       # )
 
       public_class_method def self.get_current_sitemap(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
         pwn_burp_api = burp_obj[:pwn_burp_api]
+        target_url = opts[:target_url]
 
-        sitemap = rest_browser.get("http://#{pwn_burp_api}/sitemap", content_type: 'application/json; charset=UTF8')
-        # json_sitemap = JSON.parse(sitemap, symbolize_names: true)
-        # json_sitemap is an array of hashes.
-        # each hash contains a :request and :response key.
-        # both of these values are Base64 encoded strings.
-        # We want to decode them in an array of hashes.
-        # json_sitemap.map do |site|
-        #   site[:request] = Base64.decode64(site[:request]) if site[:request]
-        #   site[:response] = Base64.decode64(site[:response]) if site[:response]
-        # end
+        sitemap = rest_browser.get(
+          "http://#{pwn_burp_api}/sitemap",
+          content_type: 'application/json; charset=UTF8'
+        )
 
-        # json_sitemap
         JSON.parse(sitemap, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
         raise e
       end
 
+      # Supported Method Parameters::
+      # json_sitemap = PWN::Plugins::BurpSuite.add_to_sitemap(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   url: 'required - URL to add to sitemap',
+      #   method: 'required - HTTP method to use (e.g., GET, POST, PUT, DELETE)',
+      #   req_headers: 'optional - array of headers to include in the request (defaults to [])',
+      #   req_body: 'optional - body of the request (defaults to empty string)',
+      #   highlight: 'optional - highlight color :none|:red|:orange|:yellow|:green|:cyan|:blue|:pink|:magenta|:gray (defaults to :none)',
+      #   status_code: 'optional - HTTP status code to use in the response (defaults to 200)',
+      #   resp_headers: 'optional - array of response headers to include in the response (defaults to [])',
+      #   resp_body: 'optional - body of the response (defaults to empty JSON object "{}")',
+      #   comment: 'optional - comment to add to the sitemap entry (defaults to empty string)'
+      # )
+
+      public_class_method def self.add_to_sitemap(opts = {})
+        burp_obj = opts[:burp_obj]
+        rest_browser = burp_obj[:rest_browser]
+        pwn_burp_api = burp_obj[:pwn_burp_api]
+        url = opts[:url]
+        raise ArgumentError, 'url parameter is required' if url.nil?
+
+        valid_methods = %w[GET POST PUT DELETE PATCH OPTIONS HEAD TRACE CONNECT]
+        method = opts[:method].to_s.upcase
+        raise ArgumentError, "Invalid HTTP method: #{method}" unless valid_methods.include?(method)
+
+        req_headers = opts[:req_headers] ||= []
+        req_body = opts[:body].to_s
+        valid_highlights = %i[none red orange yellow green cyan blue pink magenta gray]
+        highlight = opts[:highlight] ||= :none
+        raise ArgumentError, "Invalid highlight color: #{highlight}" unless valid_highlights.include?(highlight)
+
+        status_code = opts[:status_code] ||= 200
+        resp_headers = opts[:resp_headers] ||= []
+        resp_body = opts[:resp_body] ||= '{}'
+        comment = opts[:comment].to_s
+
+        protocol = URI.parse(url).scheme
+        host = URI.parse(url).host
+        path = URI.parse(url).path
+        port = URI.parse(url).port || (url.start_with?('https') ? 443 : 80)
+
+        sitemap_message = {
+          request: {
+            method: method,
+            url: url,
+            path: path,
+            headers: req_headers,
+            body: req_body
+          },
+          response: {
+            statusCode: status_code.to_i,
+            headers: resp_headers,
+            body: resp_body
+          },
+          http_service: {
+            protocol: protocol,
+            host: host,
+            port: port
+          },
+          highlight: highlight,
+          comment: comment
+        }
+
+        RestClient.post(
+          "#{pwn_burp_api}/sitemap",
+          sitemap_message.to_json,
+          content_type: 'application/json; charset=UTF8'
+        )
+      rescue StandardError => e
+        # stop(burp_obj: burp_obj) unless burp_obj.nil?
+        raise e
+      end
+
       # Supported Method Parameters::
       # json_in_scope = PWN::Plugins::BurpSuite.add_to_scope(
       #   burp_obj: 'required - burp_obj returned by #start method',
@@ -385,7 +453,7 @@ module PWN
       rescue RestClient::BadRequest => e
         puts e.response
       rescue StandardError => e
-        # stop(burp_obj: burp_obj) unless burp_obj.nil?
+        stop(burp_obj: burp_obj) unless burp_obj.nil?
         raise e
       end
 

data/lib/pwn/plugins/open_api.rb

@@ -0,0 +1,410 @@
+# frozen_string_literal: true
+
+require 'yaml'
+require 'json'
+require 'uri'
+require 'fileutils'
+
+module PWN
+  module Plugins
+    # Plugins to interact with OpenAPI specifications,
+    # while automatically resolving schema dependencies.
+    module OpenAPI
+      # Supported Method Parameters:
+      # openapi_spec = PWN::Plugins::OpenAPI.import_spec(
+      #   spec_paths: 'required - array of OpenAPI file paths to merge into a the output_json_path',
+      #   base_url: 'required - base URL for OpenAPI endpoints (e.g., http://fqdn.com)',
+      #   output_json_path: 'optional - path to save the merged OpenAPI JSON file (e.g., /path/to/merged_openapi.json)'
+      # )
+      def self.import_spec(opts = {})
+        spec_paths = opts[:spec_paths] ||= []
+        raise ArgumentError, 'spec_paths must be a non-empty array' if spec_paths.empty?
+
+        base_url = opts[:base_url]
+        raise ArgumentError, 'base_url is required' if base_url.nil? || base_url.empty?
+
+        # Normalize base_url to ensure it's an absolute URL
+        normalized_base_url = normalize_url(base_url)
+        output_json_path = opts[:output_json_path]
+
+        begin
+          # Load and parse all OpenAPI files
+          specs = {}
+          spec_paths.each do |path|
+            raise Errno::ENOENT, "OpenAPI file not found: #{path}" unless File.exist?(path)
+
+            begin
+              case File.extname(path).downcase
+              when '.yaml', '.yml'
+                specs[path] = YAML.load_file(path, permitted_classes: [Symbol, Date, Time])
+              when '.json'
+                specs[path] = JSON.parse(File.read(path))
+              else
+                raise "Unsupported file type: #{path} - only .yaml, .yml, and .json files"
+              end
+            rescue YAML::SyntaxError, JSON::ParserError => e
+              raise "Error parsing OpenAPI file #{path}: #{e.message}"
+            end
+          end
+
+          # Determine dependencies based on $ref
+          dependencies = {}
+          specs.each do |path, spec|
+            dependencies[path] = []
+            refs = extract_refs(spec: spec, spec_paths: spec_paths)
+            refs.each do |ref|
+              dep_path = resolve_ref_path(ref, spec_paths, referencing_file: path)
+              dependencies[path] << dep_path if specs.key?(dep_path) && dep_path != path
+            end
+          end
+
+          # Sort files by dependencies (topological sort with cycle detection)
+          ordered_paths, cycle_info = topological_sort(dependencies: dependencies)
+          if cycle_info
+            puts "Warning: Cyclic dependencies detected: #{cycle_info.join(' -> ')}. Processing files in provided order."
+            ordered_paths = spec_paths
+          end
+
+          # Merge OpenAPI specs into a single specification
+          merged_spec = {
+            'openapi' => '3.0.3', # Default to OpenAPI 3.0.3
+            'info' => {},
+            'servers' => [{ 'url' => normalized_base_url }],
+            'paths' => {},
+            'components' => {},
+            'tags' => [],
+            'security' => []
+          }
+
+          ordered_paths.each do |path|
+            spec = specs[path]
+            unless spec.is_a?(Hash)
+              puts "Skipping #{path}: Invalid OpenAPI specification"
+              next
+            end
+
+            # Resolve external $ref references
+            resolved_spec = resolve_refs(spec: spec, specs: specs, spec_paths: spec_paths, referencing_file: path)
+
+            # Validate and fix path parameters
+            resolved_spec['paths'] = validate_path_parameters(resolved_spec['paths'], path) if resolved_spec['paths'].is_a?(Hash)
+
+            # Merge 'openapi' version
+            merged_spec['openapi'] = resolved_spec['openapi'] if resolved_spec['openapi'] && (resolved_spec['openapi'] > merged_spec['openapi'])
+
+            # Merge 'info'
+            merged_spec['info'] = deep_merge(merged_spec['info'], resolved_spec['info']) if resolved_spec['info'].is_a?(Hash)
+
+            # Merge 'servers'
+            if resolved_spec['servers']
+              servers = resolved_spec['servers'].is_a?(Array) ? resolved_spec['servers'] : [resolved_spec['servers']]
+              servers.each do |server|
+                server_url = server.is_a?(Hash) ? server['url'] : server
+                next unless server_url.is_a?(String)
+
+                absolute_url = normalize_url(server_url, base_url: normalized_base_url)
+                server_obj = server.is_a?(Hash) ? server.merge('url' => absolute_url) : { 'url' => absolute_url }
+                merged_spec['servers'] << server_obj unless merged_spec['servers'].any? { |s| s['url'] == absolute_url }
+              end
+            end
+
+            # Merge 'paths'
+            if resolved_spec['paths'].is_a?(Hash)
+              merged_spec['paths'].merge!(resolved_spec['paths']) do |api_endpoint, _existing, new|
+                puts "Warning: Path '#{api_endpoint}' in #{path} conflicts with existing path. Overwriting."
+                new
+              end
+            end
+
+            # Merge 'components'
+            merged_spec['components'] = deep_merge(merged_spec['components'], resolved_spec['components']) if resolved_spec['components'].is_a?(Hash)
+
+            # Merge 'tags'
+            next unless resolved_spec['tags'].is_a?(Array)
+
+            resolved_spec['tags'].each do |tag|
+              merged_spec['tags'] << tag unless merged_spec['tags'].include?(tag)
+            end
+
+            # Merge 'security'
+            next unless resolved_spec['security'].is_a?(Array)
+
+            resolved_spec['security'].each do |security|
+              merged_spec['security'] << security unless merged_spec['security'].include?(security)
+            end
+          end
+
+          # Ensure at least one valid server URL
+          if merged_spec['servers'].empty?
+            merged_spec['servers'] = [{ 'url' => normalized_base_url }]
+            puts "Warning: No valid server URLs found in specs. Using base_url: #{normalized_base_url}"
+          end
+
+          # Write merged spec to JSON file if provided
+          if output_json_path
+            FileUtils.mkdir_p(File.dirname(output_json_path))
+            File.write(output_json_path, JSON.pretty_generate(merged_spec))
+            puts "Merged OpenAPI specification written to: #{output_json_path}"
+          end
+
+          { individual_specs: specs, merged_spec: merged_spec }
+        rescue Errno::ENOENT => e
+          raise "Error accessing file: #{e.message}"
+        rescue StandardError => e
+          raise "Unexpected error: #{e.message}"
+        end
+      end
+
+      # Validates and fixes path parameters in paths object
+      private_class_method def self.validate_path_parameters(paths, file_path)
+        paths.transform_values do |path_item|
+          next path_item unless path_item.is_a?(Hash)
+
+          # Extract path parameters from the endpoint
+          path_params = path_item['parameters']&.select { |p| p['in'] == 'path' }&.map { |p| p['name'] } || []
+          endpoint = path_item['$ref'] || path_item.keys.join('/')
+          path_item.each_value do |operation|
+            next unless operation.is_a?(Hash)
+
+            # Find path parameters in the endpoint URL
+            required_params = endpoint.scan(/\{([^}]+)\}/).flatten
+            operation_params = operation['parameters']&.select { |p| p['in'] == 'path' }&.map { |p| p['name'] } || []
+
+            # Check for missing path parameters
+            next if (missing_params = required_params - (path_params + operation_params)).empty?
+
+            puts "Warning: In #{file_path}, path '#{endpoint}' has undeclared path parameters: #{missing_params.join(', ')}. Adding default definitions."
+            operation['parameters'] ||= []
+            missing_params.each do |param|
+              operation['parameters'] << {
+                'name' => param,
+                'in' => 'path',
+                'required' => true,
+                'schema' => { 'type' => 'string' }
+              }
+            end
+          end
+          path_item
+        end
+      end
+
+      # Normalizes URLs to absolute form
+      private_class_method def self.normalize_url(url, base_url: nil)
+        return url if url.nil? || url.empty?
+
+        begin
+          uri = URI.parse(url)
+          return uri.to_s if uri.absolute? && uri.scheme && uri.host
+
+          # If no base_url provided, use a default
+          base_uri = if base_url && !base_url.empty?
+                       URI.parse(normalize_url(base_url))
+                     else
+                       URI.parse('http://localhost')
+                     end
+
+          # Handle relative URLs
+          if url.start_with?('/')
+            # Absolute path relative to base_url
+            uri = base_uri.dup
+            uri.path = url
+            uri.query = nil
+            uri.fragment = nil
+          else
+            # Relative path
+            uri = base_uri.merge(url)
+          end
+          uri.to_s
+        rescue URI::InvalidURIError => e
+          puts "Warning: Invalid URL '#{url}' - using base_url or default: #{base_url || 'http://localhost'}"
+          base_url || 'http://localhost'
+        end
+      end
+
+      # Resolves $ref references using spec_paths
+      private_class_method def self.resolve_refs(spec:, specs:, spec_paths:, referencing_file:)
+        case spec
+        when Hash
+          resolved = {}
+          spec.each do |key, value|
+            next resolved[key] = resolve_refs(spec: value, specs: specs, spec_paths: spec_paths, referencing_file: referencing_file) unless key == '$ref' && value.is_a?(String)
+
+            ref_path, json_pointer = value.split('#', 2)
+            json_pointer ||= ''
+            matched_path = resolve_ref_path(ref_path, spec_paths, referencing_file: referencing_file)
+
+            unless specs.key?(matched_path)
+              puts "Warning: Unable to load RELATIVE ref: #{ref_path} from #{referencing_file} (no match in spec_paths)"
+              begin
+                # Attempt to load the file if it exists
+                unless File.exist?(ref_path)
+                  puts "Warning: File #{ref_path} does not exist on filesystem"
+                  return value
+                end
+                case File.extname(ref_path).downcase
+                when '.yaml', '.yml'
+                  specs[ref_path] = YAML.load_file(ref_path, permitted_classes: [Symbol, Date, Time])
+                  spec_paths << ref_path unless spec_paths.include?(ref_path)
+                when '.json'
+                  specs[ref_path] = JSON.parse(File.read(ref_path))
+                  spec_paths << ref_path unless spec_paths.include?(ref_path)
+                else
+                  puts "Warning: Unsupported file type for #{ref_path}"
+                  return value
+                end
+              rescue StandardError => e
+                puts "Warning: Failed to load #{ref_path}: #{e.message}"
+                return value
+              end
+            end
+
+            ref_spec = specs[matched_path]
+            resolved[key] = if json_pointer.empty?
+                              resolve_refs(spec: ref_spec, specs: specs, spec_paths: spec_paths, referencing_file: matched_path)
+                            else
+                              pointer_parts = json_pointer.split('/').reject(&:empty?)
+                              target = ref_spec
+                              pointer_parts.each do |part|
+                                target = target[part] if target.is_a?(Hash) || target.is_a?(Array)
+                                break unless target
+                              end
+                              if target
+                                resolve_refs(spec: target, specs: specs, spec_paths: spec_paths, referencing_file: matched_path)
+                              else
+                                puts "Warning: Invalid JSON pointer #{json_pointer} in #{matched_path} from #{referencing_file}"
+                                value
+                              end
+                            end
+          end
+          resolved
+        when Array
+          spec.map { |item| resolve_refs(spec: item, specs: specs, spec_paths: spec_paths, referencing_file: referencing_file) }
+        else
+          spec
+        end
+      end
+
+      # Resolves a $ref path by matching against spec_paths
+      private_class_method def self.resolve_ref_path(ref, spec_paths, referencing_file:)
+        # Remove 'file://' prefix if present
+        ref = ref.sub('file://', '') if ref.start_with?('file://')
+
+        # If ref is an HTTP/HTTPS URL, return it unchanged
+        return ref if ref.start_with?('http://', 'https://')
+
+        # Normalize ref by removing leading './' or '/' for matching
+        normalized_ref = ref.sub(%r{^\./}, '').sub(%r{^/}, '')
+
+        # Check if ref matches any path in spec_paths
+        spec_paths.each do |path|
+          normalized_path = path.sub(%r{^\./}, '').sub(%r{^/}, '')
+          return path if normalized_path == normalized_ref || File.basename(normalized_path) == File.basename(normalized_ref)
+        end
+
+        # If no match, return the original ref to allow fallback loading
+        puts "Warning: Could not resolve $ref '#{ref}' from #{referencing_file} to any spec_paths entry"
+        ref
+      end
+
+      # Deep merges two hashes
+      private_class_method def self.deep_merge(hash1, hash2)
+        hash1.merge(hash2) do |_key, old_val, new_val|
+          if old_val.is_a?(Hash) && new_val.is_a?(Hash)
+            deep_merge(old_val, new_val)
+          elsif old_val.is_a?(Array) && new_val.is_a?(Array)
+            (old_val + new_val).uniq
+          else
+            new_val || old_val
+          end
+        end
+      end
+
+      # Extracts $ref references and matches against spec_paths
+      private_class_method def self.extract_refs(opts = {})
+        spec = opts[:spec]
+        spec_paths = opts[:spec_paths]
+        refs = opts[:refs] ||= Set.new
+        case spec
+        when Hash
+          spec.each do |key, value|
+            if key == '$ref' && value.is_a?(String)
+              ref_path = value.split('#', 2).first
+              resolved_path = resolve_ref_path(ref_path, spec_paths, referencing_file: nil)
+              refs << resolved_path unless ref_path.start_with?('http://', 'https://')
+            end
+            extract_refs(spec: value, spec_paths: spec_paths, refs: refs)
+          end
+        when Array
+          spec.each { |item| extract_refs(spec: item, spec_paths: spec_paths, refs: refs) }
+        end
+        refs
+      end
+
+      # Depth-first search for topological sort with cycle detection
+      # rubocop:disable Metrics/ParameterLists
+      private_class_method def self.dfs(node, dependencies, visited, temp, result, path)
+        if temp.include?(node)
+          path << node
+          cycle_start = path.index(node)
+          cycle = path[cycle_start..-1]
+          return cycle # Return the cycle path
+        end
+
+        unless visited.include?(node)
+          temp.add(node)
+          path << node
+          dependencies[node]&.each do |dep|
+            cycle = dfs(dep, dependencies, visited, temp, result, path)
+            return cycle if cycle # Propagate cycle if found
+          end
+          visited.add(node)
+          temp.delete(node)
+          result << node
+          path.pop
+        end
+        nil # No cycle found
+      end
+      # rubocop:enable Metrics/ParameterLists
+
+      # Topological sort for dependency resolution
+      private_class_method def self.topological_sort(dependencies:)
+        result = []
+        visited = Set.new
+        temp = Set.new
+        path = []
+
+        cycle = nil
+        dependencies.each_key do |node|
+          next if visited.include?(node)
+
+          cycle = dfs(node, dependencies, visited, temp, result, path)
+          break if cycle
+        end
+
+        if cycle
+          [result.reverse, cycle]
+        else
+          [result.reverse, nil]
+        end
+      end
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <support@0dayinc.com>
+        "
+      end
+
+      public_class_method def self.help
+        puts "USAGE:
+          openapi_spec = #{self}.import_spec(
+            spec_paths: 'required - array of OpenAPI file paths to merge into the output_json_path',
+            base_url: 'required - base URL to use for OpenAPI endpoints (e.g. http://fqdn.com)',
+            output_json_path: 'optional - path to save the merged OpenAPI JSON file (e.g., /path/to/merged_openapi.json)'
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/plugins.rb

@@ -49,6 +49,7 @@ module PWN
     autoload :OCR, 'pwn/plugins/ocr'
     autoload :Ollama, 'pwn/plugins/ollama'
     autoload :OpenAI, 'pwn/plugins/open_ai'
+    autoload :OpenAPI, 'pwn/plugins/open_api'
     autoload :OpenVAS, 'pwn/plugins/openvas'
     autoload :OwaspZap, 'pwn/plugins/owasp_zap'
     autoload :Packet, 'pwn/plugins/packet'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.331'
+  VERSION = '0.5.332'
 end

data/spec/lib/pwn/plugins/open_api_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Plugins::OpenAPI do
+  it 'should display information for authors' do
+    authors_response = PWN::Plugins::OpenAPI
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Plugins::OpenAPI
+    expect(help_response).to respond_to :help
+  end
+end

data/third_party/pwn_rdoc.jsonl

@@ -492,19 +492,23 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::BlackDuckBinaryAnalysis.get_vulnerabilities Usage"},{"role":"assistant","content":"`PWN::Plugins::BlackDuckBinaryAnalysis.get_vulnerabilities`: Supported Method Parameters\n\nresponse = PWN::Plugins::BlackDuckBinaryAnalysis.get_vulnerabilities(\n\ntoken: 'required - Bearer token'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BlackDuckBinaryAnalysis.help Usage"},{"role":"assistant","content":"`PWN::Plugins::BlackDuckBinaryAnalysis.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BlackDuckBinaryAnalysis.upload_file Usage"},{"role":"assistant","content":"`PWN::Plugins::BlackDuckBinaryAnalysis.upload_file`: Supported Method Parameters\n\nresponse = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(\n\ntoken: 'required - Bearer token',\nfile: 'required - path of file to upload',\ngroup_id: 'optional - group id',\ndelete_binary: 'optional - delete binary after upload (defaults to false)',\nforce_scan: 'optional - force scan (defaults to false)',\ncallback_url: 'optional - callback url',\nscan_infoleak: 'optional - scan infoleak (defaults to true)',\ncode_analysis: 'optional - code analysis (defaults to true)',\nscan_code_familiarity: 'optional - scan code familiarity (defaults to false)',\nversion: 'optional - version',\nproduct_id: 'optional - product id'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_proxy_listener`: Supported Method Parameters\n\njson_proxy_listener = PWN::Plugins::BurpSuite.add_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\nbind_address: 'required - bind address for the proxy listener (e.g., \"127.0.0.1\")',\nport: 'required - port for the proxy listener (e.g., 8081)',\nenabled: 'optional - enable the listener (defaults to true)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_to_scope Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_to_scope`: Supported Method Parameters\n\njson_in_scope = PWN::Plugins::BurpSuite.add_to_scope(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to add to scope'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.delete_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.delete_proxy_listener`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.delete_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\nid: 'required - ID of the proxy listener (e.g., \"127.0.0.1:8080\")'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.disable_proxy Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.disable_proxy`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.disable_proxy(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.enable_proxy Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.enable_proxy`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.enable_proxy(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.format_uri_from_sitemap_resp Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.format_uri_from_sitemap_resp`: Supported Method Parameters\n\nuri = PWN::Plugins::BurpSuite.format_uri_from_sitemap_resp(\n\nscheme: 'required - scheme of the URI (http|https)',\nhost: 'required - host of the URI',\nport: 'optional - port of the URI',\npath: 'optional - path of the URI'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.generate_scan_report Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.generate_scan_report`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.generate_scan_report(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target_url passed to #invoke_active_scan method',\nreport_type: :html|:xml|:both,\noutput_path: 'required - path to save report results'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.get_current_sitemap Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.get_current_sitemap`: Supported Method Parameters\n\njson_sitemap = PWN::Plugins::BurpSuite.get_current_sitemap(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.get_proxy_listeners Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.get_proxy_listeners`: Supported Method Parameters\n\njson_proxy_listeners = PWN::Plugins::BurpSuite.get_proxy_listeners(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.get_scan_issues Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.get_scan_issues`: Supported Method Parameters\n\njson_scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.help Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.invoke_active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.invoke_active_scan`: Supported Method Parameters\n\nactive_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: 'options - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',\nheadless: 'optional - run burp headless if set to true',\nbrowser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',\ntarget_config: 'optional - path to burp suite pro target config JSON file'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: 'optional - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',\nheadless: 'optional - run burp headless if set to true',\nbrowser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',\nburp_ip: 'optional - IP address for the Burp proxy (defaults to 127.0.0.1)',\nburp_port: 'optional - port for the Burp proxy (defaults to a random unused port)',\npwn_burp_ip: 'optional - IP address for the PWN Burp API (defaults to 127.0.0.1)',\npwn_burp_port: 'optional - port for the PWN Burp API (defaults to a random unused port)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.stop Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.stop`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.stop(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_burp_jar Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_burp_jar`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.update_burp_jar( )\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_proxy_listener`: Supported Method Parameters\n\njson_proxy_listener = PWN::Plugins::BurpSuite.update_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\nid: 'optional - ID of the proxy listener (defaults to \"127.0.0.1:8080\")',\nbind_address: 'optional - bind address for the proxy listener (defaults to \"127.0.0.1\")',\nport: 'optional - port for the proxy listener (defaults to 8080)',\nenabled: 'optional - enable or disable the listener (defaults to true)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.uri_in_scope Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.uri_in_scope`: Supported Method Parameters\n\nuri_in_scope_bool = PWN::Plugins::BurpSuite.uri_in_scope(\n\ntarget_config: 'required - path to burp suite pro target config JSON file',\nuri: 'required - URI to determine if in scope'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BusPirate.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::BusPirate.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BusPirate.connect Usage"},{"role":"assistant","content":"`PWN::Plugins::BusPirate.connect`: Supported Method Parameters\n\nbus_pirate_obj = PWN::Plugins::BusPirate.connect(\n\nblock_dev: 'optional serial block device path (defaults to /dev/ttyUSB0)',\nbaud: 'optional (defaults to 9600)',\ndata_bits: 'optional (defaults to 8)',\nstop_bits: 'optional (defaults to 1)',\nparity: 'optional (defaults to SerialPort::NONE)',\nflow_control: 'optional (defaults to SerialPort::HARD) SerialPort::NONE|SerialPort::SOFT|SerialPort::HARD'\n\n)\n"}]}
@@ -800,6 +804,7 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.breakpoint Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.breakpoint`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.breakpoint(\n\nzap_obj: 'required - zap_obj returned from #open method',\nregex_type: 'required - :url, :request_header, :request_body, :response_header or :response_body',\nregex_pattern: 'required - regex pattern to search for respective regex_type',\nenabled: 'optional - boolean (defaults to true)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.generate_report Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.generate_report`: Supported Method Parameters\n\nreport_path = PWN::Plugins::OwaspZap.generate_report(\n\nzap_obj: 'required - zap_obj returned from #open method',\noutput_dir: 'required - directory to save report',\nreport_type: 'required - <html|markdown|xml>'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.help Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.help`: "}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.import_openapi_spec_file Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.import_openapi_spec_file`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.import_openapi_spec_file(\n\nzap_obj: 'required - zap_obj returned from #open method',\nspec: 'required - path to OpenAPI spec file (e.g. /path/to/openapi.yaml)',\ntarget: 'required - target URL to ovverride the service URL in the OpenAPI spec (e.g. https://fq.dn)',\ncontext_id: 'optional - ID of the ZAP context (Defaults to first context, if any)',\nuser_id: 'optional - ID of the ZAP user (Defaults to first user, if any)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.request Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.request`: Supported Method Parameters\n\nwatir_resp = PWN::Plugins::OwaspZap.request(\n\nzap_obj: 'required - zap_obj returned from #open method',\nbrowser_obj: 'required - browser_obj w/ browser_type: :firefox||:headless returned from #open method',\ninstruction: 'required - watir instruction to make (e.g. button(text: \"Google Search\").click)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.spider Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.spider`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.spider(\n\nzap_obj: 'required - zap_obj returned from #open method',\ntarget: 'required - url to spider'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.start Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.start`: Supported Method Parameters\n\nzap_obj = PWN::Plugins::OwaspZap.start(\n\napi_key: 'required - api key for API authorization',\nzap_bin_path: 'optional - path to zap.sh file'\nheadless: 'optional - run zap headless if set to true',\nproxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:<Random 1024-65535>)',\n\n)\n"}]}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.331
+  version: 0.5.332
 platform: ruby
 authors:
 - 0day Inc.
@@ -407,14 +407,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.13.1
+        version: 2.13.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.13.1
+        version: 2.13.2
 - !ruby/object:Gem::Dependency
   name: jsonpath
   requirement: !ruby/object:Gem::Requirement
@@ -743,14 +743,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.9
+        version: 1.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.9
+        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -1853,6 +1853,7 @@ files:
 - lib/pwn/plugins/ocr.rb
 - lib/pwn/plugins/ollama.rb
 - lib/pwn/plugins/open_ai.rb
+- lib/pwn/plugins/open_api.rb
 - lib/pwn/plugins/openvas.rb
 - lib/pwn/plugins/owasp_zap.rb
 - lib/pwn/plugins/packet.rb
@@ -2192,6 +2193,7 @@ files:
 - spec/lib/pwn/plugins/ocr_spec.rb
 - spec/lib/pwn/plugins/ollama_spec.rb
 - spec/lib/pwn/plugins/open_ai_spec.rb
+- spec/lib/pwn/plugins/open_api_spec.rb
 - spec/lib/pwn/plugins/openvas_spec.rb
 - spec/lib/pwn/plugins/owasp_zap_spec.rb
 - spec/lib/pwn/plugins/packet_spec.rb