pwn 0.5.349 → 0.5.351

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -3
  3. data/lib/pwn/plugins/burp_suite.rb +16 -5
  4. data/lib/pwn/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 44787455b2e00a8fa93b19c8c90822b8555adc8291e3f45126cc424bea5e6549
4
- data.tar.gz: 7e3898ab30e50162b79e78d16525760f2a51b8e6b2f20b9f6231c77208b9bf50
3
+ metadata.gz: 9bb30be67441b28427458dfab64121bf4ed929841daf537e9be1d32c821f4a56
4
+ data.tar.gz: b86d8a385472b4133452eaa74332c2320802f6f2da0035fe843382f6fb332ffc
5
5
  SHA512:
6
- metadata.gz: 6af7f2ed0880f11453da46b67d0cb9bdb4e3e55422c784d4530e174d97ad5f925247d29cfd81deb41c2251e1281ba86e7b2602bbf77a5097a1df80d4afd33bcd
7
- data.tar.gz: ba49fc940c50324702a1ad62a487ea9cc084a2bedac19060bac2070b91b5ed8c32867cf09af494a731370241c540a6f5cdfa209505dc698475bb352e84ec8f38
6
+ metadata.gz: ac5bff9fe638a5a82db943f209b78b8cf8ee8268a74b88f88aaaa0a9a7a528652fc9627615c908917b3d26bf5da64ff5d862ce946c508f5c0ab335c98365e13d
7
+ data.tar.gz: 8f598af14329fa31bf86bd383baa00eebcff9690dde51746a9ba2bcf2ed2334e17ac395b536fafdeb3b65217f1f4bcf3685f54bfa2740d998b5189ef4ae9dc9f
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
37
37
  $ ./install.sh
38
38
  $ ./install.sh ruby-gem
39
39
  $ pwn
40
- pwn[v0.5.349]:001 >>> PWN.help
40
+ pwn[v0.5.351]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.5.349]:001 >>> PWN.help
55
+ pwn[v0.5.351]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
  If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
62
62
  $ rvmsudo gem uninstall --all --executables pwn
63
63
  $ rvmsudo gem install --verbose pwn
64
64
  $ pwn
65
- pwn[v0.5.349]:001 >>> PWN.help
65
+ pwn[v0.5.351]:001 >>> PWN.help
66
66
  ```
67
67
 
68
68
  PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
data/lib/pwn/plugins/burp_suite.rb CHANGED
@@ -204,6 +204,7 @@ module PWN
204
204
  break
205
205
  end
206
206
  end
207
+ print "\n"
207
208
 
208
209
  spider_json.merge!(spider_status_json)
209
210
  rescue StandardError => e
@@ -340,7 +341,7 @@ module PWN
340
341
  openapi_spec = opts[:openapi_spec]
341
342
  raise 'ERROR: openapi_spec parameter not found' unless File.exist?(openapi_spec)
342
343
 
343
- additional_http_headers = opts[:additional_http_headers] || {}
344
+ additional_http_headers = opts[:additional_http_headers] ||= {}
344
345
  raise 'ERROR: additional_http_headers must be a Hash' unless additional_http_headers.is_a?(Hash)
345
346
 
346
347
  highlight = opts[:highlight] ||= 'NONE'
@@ -500,12 +501,12 @@ module PWN
500
501
  param_name = param[:name].to_s
501
502
  case param[:in]
502
503
  when 'path'
503
- # Substitute path parameter with a default value (e.g., 'example')
504
- param_value = param[:schema]&.dig(:example) || 'example'
504
+ # Substitute path parameter with a default value (e.g., 'PLACEHOLDER')
505
+ param_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
505
506
  request_path.gsub!("{#{param_name}}", param_value.to_s)
506
507
  when 'query'
507
508
  # Collect query parameters
508
- param_value = param[:schema]&.dig(:example) || 'example'
509
+ param_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
509
510
  query_params << "#{URI.encode_www_form_component(param_name)}=#{URI.encode_www_form_component(param_value.to_s)}"
510
511
  end
511
512
  end
@@ -518,6 +519,16 @@ module PWN
518
519
  host: host
519
520
  }
520
521
  request_headers.merge!(additional_http_headers)
522
+ # Aggregate remaining HTTP header names from spec,
523
+ # reference as keys, and assign their respective
524
+ # values to the request_headers hash
525
+ operation[:parameters]&.each do |param|
526
+ next unless param.is_a?(Hash) && param[:in] == 'header' && param[:name]
527
+
528
+ header_name = param[:name].to_s.downcase
529
+ header_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
530
+ request_headers[header_name] = header_value.to_s
531
+ end
521
532
 
522
533
  # Construct request lines, including all headers
523
534
  request_lines = [
@@ -526,7 +537,7 @@ module PWN
526
537
  request_headers.each do |key, value|
527
538
  # Capitalize header keys (e.g., 'host' to 'Host', 'authorization' to 'Authorization')
528
539
  header_key = key.to_s.split('-').map(&:capitalize).join('-')
529
- request_lines << "#{header_key}: #{value}"
540
+ request_lines.push("#{header_key}: #{value}")
530
541
  end
531
542
  request_lines << '' << '' # Add blank lines for HTTP request body separation
532
543
 
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.5.349'
4
+ VERSION = '0.5.351'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.349
4
+ version: 0.5.351
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.