pwn 0.5.344 → 0.5.345
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +3 -3
- data/lib/pwn/plugins/burp_suite.rb +1 -2
- data/lib/pwn/reports/fuzz.rb +54 -0
- data/lib/pwn/reports/phone.rb +54 -0
- data/lib/pwn/reports/sast.rb +54 -0
- data/lib/pwn/reports/uri_buster.rb +54 -0
- data/lib/pwn/version.rb +1 -1
- data/third_party/pwn_rdoc.jsonl +1 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 96302709830175b8b3c21e6a550bed60708d67d4a52d2655749b815f573d9090
|
|
4
|
+
data.tar.gz: 6d0fc1e8a9075967174962faf40e40163dfe980f1bf0e175b24e26dd430d981c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f1511724aecf7ddc21d39526f5c1f27d72b33615c3533518b765798ca9856df70609dd8acb689fa6160daefbba3cf4be20b8f92bf5add62c997c40de04489151
|
|
7
|
+
data.tar.gz: 4d9cea6428bc3e599ca449efd96f76682e57cb0cc873121d41e8ef77314167ae0904160b2c8d99f68f1a1740f838af596b1eb2cdfaad5d7acd428e135ab140ab
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.345]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.345]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.345]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -631,6 +631,7 @@ module PWN
|
|
|
631
631
|
target_url = opts[:target_url].to_s.scrub.strip.chomp
|
|
632
632
|
target_scheme = URI.parse(target_url).scheme
|
|
633
633
|
target_host = URI.parse(target_url).host
|
|
634
|
+
target_path = URI.parse(target_url).path
|
|
634
635
|
target_port = URI.parse(target_url).port.to_i
|
|
635
636
|
active_scan_url_arr = []
|
|
636
637
|
|
|
@@ -675,7 +676,6 @@ module PWN
|
|
|
675
676
|
use_https: use_https,
|
|
676
677
|
request: json_req
|
|
677
678
|
}.to_json
|
|
678
|
-
puts "POST BODY: #{post_body.inspect}"
|
|
679
679
|
# Kick off an active scan for each given page in the json_sitemap results
|
|
680
680
|
resp = rest_browser.post(
|
|
681
681
|
"http://#{pwn_burp_api}/scan/active",
|
|
@@ -683,7 +683,6 @@ module PWN
|
|
|
683
683
|
content_type: 'application/json'
|
|
684
684
|
)
|
|
685
685
|
puts " => #{resp.code}"
|
|
686
|
-
sleep 0.5 # Sleep to avoid overwhelming the Burp API
|
|
687
686
|
rescue RestClient::ExceptionWithResponse => e
|
|
688
687
|
puts " => #{e.response.code}"
|
|
689
688
|
next
|
data/lib/pwn/reports/fuzz.rb
CHANGED
|
@@ -110,6 +110,10 @@ module PWN
|
|
|
110
110
|
</div>
|
|
111
111
|
<br /><br />
|
|
112
112
|
|
|
113
|
+
<div>
|
|
114
|
+
Search tips: Use space-separated keywords for AND search, prefix with - to exclude (e.g., "security -password"), or enclose in / / for regex (e.g., "/^important.*$/i").
|
|
115
|
+
</div><br />
|
|
116
|
+
|
|
113
117
|
<div>
|
|
114
118
|
<table id="pwn_fuzz_net_app_proto" class="display squish" cellspacing="0">
|
|
115
119
|
<thead>
|
|
@@ -212,6 +216,56 @@ module PWN
|
|
|
212
216
|
}
|
|
213
217
|
],
|
|
214
218
|
});
|
|
219
|
+
|
|
220
|
+
// Custom advanced search handling
|
|
221
|
+
$('.dataTables_filter input').unbind();
|
|
222
|
+
$('.dataTables_filter input').on('keyup', function() {
|
|
223
|
+
var search = $(this).val();
|
|
224
|
+
|
|
225
|
+
var filterFunc;
|
|
226
|
+
if (search.match(/^\\/.*\\/$/)) {
|
|
227
|
+
try {
|
|
228
|
+
var regex = new RegExp(search.slice(1, -1), 'i');
|
|
229
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
230
|
+
var rowData = data.join(' ');
|
|
231
|
+
return regex.test(rowData);
|
|
232
|
+
};
|
|
233
|
+
} catch (e) {
|
|
234
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
235
|
+
return true;
|
|
236
|
+
};
|
|
237
|
+
}
|
|
238
|
+
} else {
|
|
239
|
+
var positives = [];
|
|
240
|
+
var negatives = [];
|
|
241
|
+
var terms = search.split(/\\s+/).filter(function(t) { return t.length > 0; });
|
|
242
|
+
for (var i = 0; i < terms.length; i++) {
|
|
243
|
+
var term = terms[i];
|
|
244
|
+
if (term.startsWith('-')) {
|
|
245
|
+
var cleanTerm = term.substring(1).toLowerCase();
|
|
246
|
+
if (cleanTerm) negatives.push(cleanTerm);
|
|
247
|
+
} else {
|
|
248
|
+
positives.push(term.toLowerCase());
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
252
|
+
var rowData = data.join(' ').toLowerCase();
|
|
253
|
+
for (var j = 0; j < positives.length; j++) {
|
|
254
|
+
if (!rowData.includes(positives[j])) return false;
|
|
255
|
+
}
|
|
256
|
+
for (var k = 0; k < negatives.length; k++) {
|
|
257
|
+
if (rowData.includes(negatives[k])) return false;
|
|
258
|
+
}
|
|
259
|
+
return true;
|
|
260
|
+
};
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
$.fn.dataTable.ext.search.pop();
|
|
264
|
+
$.fn.dataTable.ext.search.push(filterFunc);
|
|
265
|
+
table.search('');
|
|
266
|
+
table.draw();
|
|
267
|
+
});
|
|
268
|
+
|
|
215
269
|
// Toggle Columns
|
|
216
270
|
$('a.toggle-vis').on('click', function (e) {
|
|
217
271
|
e.preventDefault();
|
data/lib/pwn/reports/phone.rb
CHANGED
|
@@ -113,6 +113,10 @@ module PWN
|
|
|
113
113
|
</div>
|
|
114
114
|
<br /><br />
|
|
115
115
|
|
|
116
|
+
<div>
|
|
117
|
+
Search tips: Use space-separated keywords for AND search, prefix with - to exclude (e.g., "security -password"), or enclose in / / for regex (e.g., "/^important.*$/i").
|
|
118
|
+
</div><br />
|
|
119
|
+
|
|
116
120
|
<div>
|
|
117
121
|
<table id="pwn_phone_results" class="display" cellspacing="0">
|
|
118
122
|
<thead>
|
|
@@ -253,6 +257,56 @@ module PWN
|
|
|
253
257
|
}
|
|
254
258
|
]
|
|
255
259
|
});
|
|
260
|
+
|
|
261
|
+
// Custom advanced search handling
|
|
262
|
+
$('.dataTables_filter input').unbind();
|
|
263
|
+
$('.dataTables_filter input').on('keyup', function() {
|
|
264
|
+
var search = $(this).val();
|
|
265
|
+
|
|
266
|
+
var filterFunc;
|
|
267
|
+
if (search.match(/^\\/.*\\/$/)) {
|
|
268
|
+
try {
|
|
269
|
+
var regex = new RegExp(search.slice(1, -1), 'i');
|
|
270
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
271
|
+
var rowData = data.join(' ');
|
|
272
|
+
return regex.test(rowData);
|
|
273
|
+
};
|
|
274
|
+
} catch (e) {
|
|
275
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
276
|
+
return true;
|
|
277
|
+
};
|
|
278
|
+
}
|
|
279
|
+
} else {
|
|
280
|
+
var positives = [];
|
|
281
|
+
var negatives = [];
|
|
282
|
+
var terms = search.split(/\\s+/).filter(function(t) { return t.length > 0; });
|
|
283
|
+
for (var i = 0; i < terms.length; i++) {
|
|
284
|
+
var term = terms[i];
|
|
285
|
+
if (term.startsWith('-')) {
|
|
286
|
+
var cleanTerm = term.substring(1).toLowerCase();
|
|
287
|
+
if (cleanTerm) negatives.push(cleanTerm);
|
|
288
|
+
} else {
|
|
289
|
+
positives.push(term.toLowerCase());
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
293
|
+
var rowData = data.join(' ').toLowerCase();
|
|
294
|
+
for (var j = 0; j < positives.length; j++) {
|
|
295
|
+
if (!rowData.includes(positives[j])) return false;
|
|
296
|
+
}
|
|
297
|
+
for (var k = 0; k < negatives.length; k++) {
|
|
298
|
+
if (rowData.includes(negatives[k])) return false;
|
|
299
|
+
}
|
|
300
|
+
return true;
|
|
301
|
+
};
|
|
302
|
+
}
|
|
303
|
+
|
|
304
|
+
$.fn.dataTable.ext.search.pop();
|
|
305
|
+
$.fn.dataTable.ext.search.push(filterFunc);
|
|
306
|
+
table.search('');
|
|
307
|
+
table.draw();
|
|
308
|
+
});
|
|
309
|
+
|
|
256
310
|
// Toggle Columns
|
|
257
311
|
$('a.toggle-vis').on('click', function (e) {
|
|
258
312
|
e.preventDefault();
|
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -110,6 +110,10 @@ module PWN
|
|
|
110
110
|
</div>
|
|
111
111
|
<br /><br />
|
|
112
112
|
|
|
113
|
+
<div>
|
|
114
|
+
Search tips: Use space-separated keywords for AND search, prefix with - to exclude (e.g., "security -password"), or enclose in / / for regex (e.g., "/^important.*$/i").
|
|
115
|
+
</div><br />
|
|
116
|
+
|
|
113
117
|
<div>
|
|
114
118
|
<table id="pwn_scan_git_source_results" class="display" cellspacing="0">
|
|
115
119
|
<thead>
|
|
@@ -253,6 +257,56 @@ module PWN
|
|
|
253
257
|
}
|
|
254
258
|
]
|
|
255
259
|
});
|
|
260
|
+
|
|
261
|
+
// Custom advanced search handling
|
|
262
|
+
$('.dataTables_filter input').unbind();
|
|
263
|
+
$('.dataTables_filter input').on('keyup', function() {
|
|
264
|
+
var search = $(this).val();
|
|
265
|
+
|
|
266
|
+
var filterFunc;
|
|
267
|
+
if (search.match(/^\\/.*\\/$/)) {
|
|
268
|
+
try {
|
|
269
|
+
var regex = new RegExp(search.slice(1, -1), 'i');
|
|
270
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
271
|
+
var rowData = data.join(' ');
|
|
272
|
+
return regex.test(rowData);
|
|
273
|
+
};
|
|
274
|
+
} catch (e) {
|
|
275
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
276
|
+
return true;
|
|
277
|
+
};
|
|
278
|
+
}
|
|
279
|
+
} else {
|
|
280
|
+
var positives = [];
|
|
281
|
+
var negatives = [];
|
|
282
|
+
var terms = search.split(/\\s+/).filter(function(t) { return t.length > 0; });
|
|
283
|
+
for (var i = 0; i < terms.length; i++) {
|
|
284
|
+
var term = terms[i];
|
|
285
|
+
if (term.startsWith('-')) {
|
|
286
|
+
var cleanTerm = term.substring(1).toLowerCase();
|
|
287
|
+
if (cleanTerm) negatives.push(cleanTerm);
|
|
288
|
+
} else {
|
|
289
|
+
positives.push(term.toLowerCase());
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
293
|
+
var rowData = data.join(' ').toLowerCase();
|
|
294
|
+
for (var j = 0; j < positives.length; j++) {
|
|
295
|
+
if (!rowData.includes(positives[j])) return false;
|
|
296
|
+
}
|
|
297
|
+
for (var k = 0; k < negatives.length; k++) {
|
|
298
|
+
if (rowData.includes(negatives[k])) return false;
|
|
299
|
+
}
|
|
300
|
+
return true;
|
|
301
|
+
};
|
|
302
|
+
}
|
|
303
|
+
|
|
304
|
+
$.fn.dataTable.ext.search.pop();
|
|
305
|
+
$.fn.dataTable.ext.search.push(filterFunc);
|
|
306
|
+
table.search('');
|
|
307
|
+
table.draw();
|
|
308
|
+
});
|
|
309
|
+
|
|
256
310
|
// Toggle Columns
|
|
257
311
|
$('a.toggle-vis').on('click', function (e) {
|
|
258
312
|
e.preventDefault();
|
|
@@ -107,6 +107,10 @@ module PWN
|
|
|
107
107
|
</div>
|
|
108
108
|
<br /><br />
|
|
109
109
|
|
|
110
|
+
<div>
|
|
111
|
+
Search tips: Use space-separated keywords for AND search, prefix with - to exclude (e.g., "security -password"), or enclose in / / for regex (e.g., "/^important.*$/i").
|
|
112
|
+
</div><br />
|
|
113
|
+
|
|
110
114
|
<div>
|
|
111
115
|
<table id="pwn_www_uri_buster_results" class="display" cellspacing="0">
|
|
112
116
|
<thead>
|
|
@@ -207,6 +211,56 @@ module PWN
|
|
|
207
211
|
}
|
|
208
212
|
]
|
|
209
213
|
});
|
|
214
|
+
|
|
215
|
+
// Custom advanced search handling
|
|
216
|
+
$('.dataTables_filter input').unbind();
|
|
217
|
+
$('.dataTables_filter input').on('keyup', function() {
|
|
218
|
+
var search = $(this).val();
|
|
219
|
+
|
|
220
|
+
var filterFunc;
|
|
221
|
+
if (search.match(/^\\/.*\\/$/)) {
|
|
222
|
+
try {
|
|
223
|
+
var regex = new RegExp(search.slice(1, -1), 'i');
|
|
224
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
225
|
+
var rowData = data.join(' ');
|
|
226
|
+
return regex.test(rowData);
|
|
227
|
+
};
|
|
228
|
+
} catch (e) {
|
|
229
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
230
|
+
return true;
|
|
231
|
+
};
|
|
232
|
+
}
|
|
233
|
+
} else {
|
|
234
|
+
var positives = [];
|
|
235
|
+
var negatives = [];
|
|
236
|
+
var terms = search.split(/\\s+/).filter(function(t) { return t.length > 0; });
|
|
237
|
+
for (var i = 0; i < terms.length; i++) {
|
|
238
|
+
var term = terms[i];
|
|
239
|
+
if (term.startsWith('-')) {
|
|
240
|
+
var cleanTerm = term.substring(1).toLowerCase();
|
|
241
|
+
if (cleanTerm) negatives.push(cleanTerm);
|
|
242
|
+
} else {
|
|
243
|
+
positives.push(term.toLowerCase());
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
filterFunc = function(settings, data, dataIndex) {
|
|
247
|
+
var rowData = data.join(' ').toLowerCase();
|
|
248
|
+
for (var j = 0; j < positives.length; j++) {
|
|
249
|
+
if (!rowData.includes(positives[j])) return false;
|
|
250
|
+
}
|
|
251
|
+
for (var k = 0; k < negatives.length; k++) {
|
|
252
|
+
if (rowData.includes(negatives[k])) return false;
|
|
253
|
+
}
|
|
254
|
+
return true;
|
|
255
|
+
};
|
|
256
|
+
}
|
|
257
|
+
|
|
258
|
+
$.fn.dataTable.ext.search.pop();
|
|
259
|
+
$.fn.dataTable.ext.search.push(filterFunc);
|
|
260
|
+
table.search('');
|
|
261
|
+
table.draw();
|
|
262
|
+
});
|
|
263
|
+
|
|
210
264
|
// Toggle Columns
|
|
211
265
|
$('a.toggle-vis').on('click', function (e) {
|
|
212
266
|
e.preventDefault();
|
data/lib/pwn/version.rb
CHANGED
data/third_party/pwn_rdoc.jsonl
CHANGED
|
@@ -508,6 +508,7 @@
|
|
|
508
508
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.import_openapi_to_sitemap Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.import_openapi_to_sitemap`: "}]}
|
|
509
509
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.in_scope Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.in_scope`: Supported Method Parameters\n\nuri_in_scope = PWN::Plugins::BurpSuite.in_scope(\n\nburp_obj: 'required - burp_obj returned by #start method',\nuri: 'required - URI to determine if in scope'\n\n)\n"}]}
|
|
510
510
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.invoke_active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.invoke_active_scan`: Supported Method Parameters\n\nactive_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])'\n\n)\n"}]}
|
|
511
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.spider Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.spider`: Supported Method Parameters\n\njson_in_scope = PWN::Plugins::BurpSuite.spider(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to add to crawl / spider'\n\n)\n"}]}
|
|
511
512
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: 'optional - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',\nheadless: 'optional - run burp headless if set to true',\nbrowser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',\nburp_ip: 'optional - IP address for the Burp proxy (defaults to 127.0.0.1)',\nburp_port: 'optional - port for the Burp proxy (defaults to a random unused port)',\npwn_burp_ip: 'optional - IP address for the PWN Burp API (defaults to 127.0.0.1)',\npwn_burp_port: 'optional - port for the PWN Burp API (defaults to a random unused port)'\n\n)\n"}]}
|
|
512
513
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.stop Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.stop`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.stop(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
|
|
513
514
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_burp_jar Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_burp_jar`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.update_burp_jar( )\n"}]}
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.345
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -939,14 +939,14 @@ dependencies:
|
|
|
939
939
|
requirements:
|
|
940
940
|
- - '='
|
|
941
941
|
- !ruby/object:Gem::Version
|
|
942
|
-
version: 1.79.
|
|
942
|
+
version: 1.79.2
|
|
943
943
|
type: :runtime
|
|
944
944
|
prerelease: false
|
|
945
945
|
version_requirements: !ruby/object:Gem::Requirement
|
|
946
946
|
requirements:
|
|
947
947
|
- - '='
|
|
948
948
|
- !ruby/object:Gem::Version
|
|
949
|
-
version: 1.79.
|
|
949
|
+
version: 1.79.2
|
|
950
950
|
- !ruby/object:Gem::Dependency
|
|
951
951
|
name: rubocop-rake
|
|
952
952
|
requirement: !ruby/object:Gem::Requirement
|