pwn 0.5.351 → 0.5.352
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/pwn/plugins/burp_suite.rb +1 -1
- data/lib/pwn/reports/sast.rb +77 -28
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0ed1ecac3031877ce2727dca9ed321e834c8a864de719923106c0e4630f88f15
|
|
4
|
+
data.tar.gz: ca5dff2fb03d1600932cdc4fad2dafc8ee1f1a4712262306d0a04b52074f552f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5b923dc37f4f57041c2667c1bacf4f7b7cb763fdb0d2528faf647a09c8196793916c1734357f36d69b06afe5daa462103861aab0f81585868b2d10d4bf749a86
|
|
7
|
+
data.tar.gz: 9db9f36b6586bcc58f6f825cd6ef3d4484f981df1666985b9d110a683dd521dac24fd9d23ae86b6210f5d26a77467dfc247eb64a376fd582551c254d72715d61
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.352]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.352]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.352]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -78,8 +78,8 @@ module PWN
|
|
|
78
78
|
word-wrap: break-word !important;
|
|
79
79
|
}
|
|
80
80
|
|
|
81
|
-
.highlighted {
|
|
82
|
-
background-color: #
|
|
81
|
+
tr.highlighted td {
|
|
82
|
+
background-color: #FFF396 !important;
|
|
83
83
|
}
|
|
84
84
|
</style>
|
|
85
85
|
|
|
@@ -98,7 +98,7 @@ module PWN
|
|
|
98
98
|
</h1><br /><br />
|
|
99
99
|
<h2 id="report_name"></h2><br />
|
|
100
100
|
|
|
101
|
-
<div><button type="button" id="button">Rows Selected</button></div><br />
|
|
101
|
+
<div><button type="button" id="button">Rows Selected</button> <button type="button" id="export_selected">Export Selected to JSON</button></div><br />
|
|
102
102
|
<div>
|
|
103
103
|
<b>Toggle Column(s):</b>
|
|
104
104
|
<a class="toggle-vis" data-column="1" href="#">Timestamp</a> |
|
|
@@ -153,17 +153,6 @@ module PWN
|
|
|
153
153
|
$('html,body').animate({scrollTop: targetOffset}, 500);
|
|
154
154
|
oldStart = oSettings._iDisplayStart;
|
|
155
155
|
}
|
|
156
|
-
// Select individual lines in a row
|
|
157
|
-
$('#multi_line_select tbody').on('click', 'tr', function () {
|
|
158
|
-
$(this).toggleClass('highlighted');
|
|
159
|
-
if ($('#multi_line_select tr.highlighted').length > 0) {
|
|
160
|
-
$('#multi_line_select tr td button').attr('disabled', 'disabled');
|
|
161
|
-
// Remove multi-line bug button
|
|
162
|
-
} else {
|
|
163
|
-
$('#multi_line_select tr td button').removeAttr('disabled');
|
|
164
|
-
// Add multi-line bug button
|
|
165
|
-
}
|
|
166
|
-
});
|
|
167
156
|
},
|
|
168
157
|
"ajax": "#{report_name}.json",
|
|
169
158
|
//"deferRender": true,
|
|
@@ -182,7 +171,7 @@ module PWN
|
|
|
182
171
|
var sast_module = data['sast_module'].split('::')[2];
|
|
183
172
|
var sast_test_case = sast_module.replace(/\\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
|
|
184
173
|
|
|
185
|
-
return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">NIST 800-53: ' + htmlEntityEncode(data['section']) + '</a><br /><br /><a href="' + htmlEntityEncode(data['cwe_uri']) + '" target="_blank">CWE:' + htmlEntityEncode(data['cwe_id']) + '</a></td></tr>';
|
|
174
|
+
return '<table class="squish"><tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">NIST 800-53: ' + htmlEntityEncode(data['section']) + '</a><br /><br /><a href="' + htmlEntityEncode(data['cwe_uri']) + '" target="_blank">CWE:' + htmlEntityEncode(data['cwe_id']) + '</a></td></tr></table>';
|
|
186
175
|
}
|
|
187
176
|
},
|
|
188
177
|
{
|
|
@@ -194,13 +183,13 @@ module PWN
|
|
|
194
183
|
|
|
195
184
|
file = htmlEntityEncode(data['entry']);
|
|
196
185
|
|
|
197
|
-
return '<table class="squish"><tr
|
|
186
|
+
return '<table class="squish"><tr><td style="width:150px;" align="left"><a href="' + line_entry_uri + '" target="_blank">' + file + '</a></td></tr></table>';
|
|
198
187
|
}
|
|
199
188
|
},
|
|
200
189
|
{
|
|
201
190
|
"data": "line_no_and_contents",
|
|
202
191
|
"render": function (data, type, row, meta) {
|
|
203
|
-
var pwn_rows = '<
|
|
192
|
+
var pwn_rows = '<table class="multi_line_select squish" style="width: 665px"><tbody>';
|
|
204
193
|
for (var i = 0; i < data.length; i++) {
|
|
205
194
|
var tr_class;
|
|
206
195
|
if (i % 2 == 0) { tr_class = "odd"; } else { tr_class = "even"; }
|
|
@@ -243,7 +232,7 @@ module PWN
|
|
|
243
232
|
|
|
244
233
|
pwn_rows = pwn_rows.concat('<tr class="' + tr_class + '"><td style="width:90px" align="left"><a href="' + htmlEntityEncode(to_line_number) + '" target="_blank">' + htmlEntityEncode(data[i]['line_no']) + '</a>: </td><td style="width:300px" align="left">' + htmlEntityEncode(data[i]['contents']) + '</td><td style="width:200px" align="right"><a href="mailto:' + canned_email + '">' + htmlEntityEncode(data[i]['author']) + '</a></td></tr>');
|
|
245
234
|
}
|
|
246
|
-
pwn_rows = pwn_rows.concat('</tbody></table
|
|
235
|
+
pwn_rows = pwn_rows.concat('</tbody></table>');
|
|
247
236
|
return pwn_rows;
|
|
248
237
|
}
|
|
249
238
|
},
|
|
@@ -255,7 +244,14 @@ module PWN
|
|
|
255
244
|
"data": "test_case_filter",
|
|
256
245
|
"render": $.fn.dataTable.render.text()
|
|
257
246
|
}
|
|
258
|
-
]
|
|
247
|
+
],
|
|
248
|
+
"initComplete": function(settings, json) {
|
|
249
|
+
$('#report_name').text(json.report_name);
|
|
250
|
+
}
|
|
251
|
+
});
|
|
252
|
+
|
|
253
|
+
$('#pwn_scan_git_source_results tbody').on('click', '.multi_line_select tr', function () {
|
|
254
|
+
$(this).toggleClass('highlighted');
|
|
259
255
|
});
|
|
260
256
|
|
|
261
257
|
// Custom advanced search handling
|
|
@@ -318,19 +314,72 @@ module PWN
|
|
|
318
314
|
column.visible( ! column.visible() );
|
|
319
315
|
});
|
|
320
316
|
|
|
321
|
-
// TODO: Open bug for highlighted rows ;)
|
|
322
317
|
$('#button').click( function () {
|
|
323
|
-
alert($('
|
|
318
|
+
alert($('.multi_line_select tr.highlighted').length +' row(s) highlighted');
|
|
324
319
|
});
|
|
325
|
-
});
|
|
326
320
|
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
321
|
+
$('#export_selected').click( function () {
|
|
322
|
+
if ($('.multi_line_select tr.highlighted').length === 0) {
|
|
323
|
+
alert('No rows selected');
|
|
324
|
+
return;
|
|
325
|
+
}
|
|
332
326
|
|
|
333
|
-
|
|
327
|
+
$.getJSON(table.ajax.url(), function(original_json) {
|
|
328
|
+
var selected_results = {};
|
|
329
|
+
|
|
330
|
+
$('.multi_line_select tr.highlighted').each(function() {
|
|
331
|
+
var inner_tr = $(this);
|
|
332
|
+
var main_tr = inner_tr.closest('td').parent();
|
|
333
|
+
var row = table.row(main_tr);
|
|
334
|
+
var row_index = row.index();
|
|
335
|
+
var line_index = inner_tr.index();
|
|
336
|
+
|
|
337
|
+
if (selected_results[row_index] === undefined) {
|
|
338
|
+
selected_results[row_index] = {
|
|
339
|
+
row: row,
|
|
340
|
+
lines: []
|
|
341
|
+
};
|
|
342
|
+
}
|
|
343
|
+
|
|
344
|
+
selected_results[row_index].lines.push(line_index);
|
|
345
|
+
});
|
|
346
|
+
|
|
347
|
+
var new_data = [];
|
|
348
|
+
|
|
349
|
+
Object.keys(selected_results).forEach(function(ri) {
|
|
350
|
+
var sel = selected_results[ri];
|
|
351
|
+
var orig_row_data = sel.row.data();
|
|
352
|
+
var new_row_data = JSON.parse(JSON.stringify(orig_row_data));
|
|
353
|
+
|
|
354
|
+
sel.lines.sort((a, b) => a - b);
|
|
355
|
+
new_row_data.line_no_and_contents = sel.lines.map(function(li) {
|
|
356
|
+
return orig_row_data.line_no_and_contents[li];
|
|
357
|
+
});
|
|
358
|
+
|
|
359
|
+
new_row_data.raw_content = new_row_data.line_no_and_contents.map(l => l.contents).join('\\n');
|
|
360
|
+
|
|
361
|
+
new_data.push(new_row_data);
|
|
362
|
+
});
|
|
363
|
+
|
|
364
|
+
original_json.data = new_data;
|
|
365
|
+
|
|
366
|
+
if (original_json.report_name) {
|
|
367
|
+
original_json.report_name += '_selected';
|
|
368
|
+
}
|
|
369
|
+
|
|
370
|
+
var json_str = JSON.stringify(original_json, null, 2);
|
|
371
|
+
var blob = new Blob([json_str], { type: 'application/json' });
|
|
372
|
+
var url = URL.createObjectURL(blob);
|
|
373
|
+
var a = document.createElement('a');
|
|
374
|
+
a.href = url;
|
|
375
|
+
a.download = (original_json.report_name || 'selected') + '.json';
|
|
376
|
+
document.body.appendChild(a);
|
|
377
|
+
a.click();
|
|
378
|
+
document.body.removeChild(a);
|
|
379
|
+
URL.revokeObjectURL(url);
|
|
380
|
+
});
|
|
381
|
+
});
|
|
382
|
+
});
|
|
334
383
|
</script>
|
|
335
384
|
</body>
|
|
336
385
|
</html>
|
data/lib/pwn/version.rb
CHANGED