RubyGems - pwn - Versions diffs - 0.5.351 → 0.5.353 - Mend

pwn 0.5.351 → 0.5.353

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

checksums.yaml +4 -4
data/README.md +3 -3
data/bin/pwn_fuzz_net_app_proto +4 -3
data/bin/pwn_phone +1 -2
data/bin/pwn_sast +1 -2
data/bin/pwn_www_uri_buster +1 -2
data/lib/pwn/plugins/burp_suite.rb +15 -18
data/lib/pwn/plugins/git.rb +3 -3
data/lib/pwn/plugins/sock.rb +2 -2
data/lib/pwn/reports/fuzz.rb +69 -24
data/lib/pwn/reports/phone.rb +82 -23
data/lib/pwn/reports/sast.rb +95 -45
data/lib/pwn/reports/uri_buster.rb +79 -23
data/lib/pwn/sast/amqp_connect_as_guest.rb +2 -2
data/lib/pwn/sast/apache_file_system_util_api.rb +2 -2
data/lib/pwn/sast/aws.rb +2 -2
data/lib/pwn/sast/banned_function_calls_c.rb +2 -2
data/lib/pwn/sast/base64.rb +2 -2
data/lib/pwn/sast/beef_hook.rb +2 -2
data/lib/pwn/sast/cmd_execution_java.rb +2 -2
data/lib/pwn/sast/cmd_execution_python.rb +2 -2
data/lib/pwn/sast/cmd_execution_ruby.rb +2 -2
data/lib/pwn/sast/cmd_execution_scala.rb +2 -2
data/lib/pwn/sast/csrf.rb +2 -2
data/lib/pwn/sast/deserial_java.rb +2 -2
data/lib/pwn/sast/emoticon.rb +2 -2
data/lib/pwn/sast/eval.rb +2 -2
data/lib/pwn/sast/factory.rb +2 -2
data/lib/pwn/sast/http_authorization_header.rb +2 -2
data/lib/pwn/sast/inner_html.rb +2 -2
data/lib/pwn/sast/keystore.rb +2 -2
data/lib/pwn/sast/local_storage.rb +2 -2
data/lib/pwn/sast/location_hash.rb +2 -2
data/lib/pwn/sast/log4j.rb +2 -2
data/lib/pwn/sast/logger.rb +2 -2
data/lib/pwn/sast/md5.rb +2 -2
data/lib/pwn/sast/outer_html.rb +2 -2
data/lib/pwn/sast/padding_oracle.rb +2 -2
data/lib/pwn/sast/password.rb +2 -2
data/lib/pwn/sast/php_input_mechanisms.rb +2 -2
data/lib/pwn/sast/php_type_juggling.rb +2 -2
data/lib/pwn/sast/pom_version.rb +2 -2
data/lib/pwn/sast/port.rb +2 -2
data/lib/pwn/sast/post_message.rb +2 -2
data/lib/pwn/sast/private_key.rb +2 -2
data/lib/pwn/sast/redirect.rb +2 -2
data/lib/pwn/sast/redos.rb +2 -2
data/lib/pwn/sast/shell.rb +2 -2
data/lib/pwn/sast/signature.rb +2 -2
data/lib/pwn/sast/sql.rb +2 -2
data/lib/pwn/sast/ssl.rb +2 -2
data/lib/pwn/sast/sudo.rb +2 -2
data/lib/pwn/sast/task_tag.rb +2 -2
data/lib/pwn/sast/throw_errors.rb +3 -2
data/lib/pwn/sast/token.rb +2 -2
data/lib/pwn/sast/type_script_type_juggling.rb +2 -2
data/lib/pwn/sast/version.rb +2 -2
data/lib/pwn/sast/window_location_hash.rb +2 -2
data/lib/pwn/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9bb30be67441b28427458dfab64121bf4ed929841daf537e9be1d32c821f4a56
-  data.tar.gz: b86d8a385472b4133452eaa74332c2320802f6f2da0035fe843382f6fb332ffc
+  metadata.gz: 520c14131726908d9abb9e798087982d6d85e97fee79a4072f57379d71b4ec81
+  data.tar.gz: 7352109003e96f827c4ba7b4a49be75217216d6450c12e8c30067832712c52a5
 SHA512:
-  metadata.gz: ac5bff9fe638a5a82db943f209b78b8cf8ee8268a74b88f88aaaa0a9a7a528652fc9627615c908917b3d26bf5da64ff5d862ce946c508f5c0ab335c98365e13d
-  data.tar.gz: 8f598af14329fa31bf86bd383baa00eebcff9690dde51746a9ba2bcf2ed2334e17ac395b536fafdeb3b65217f1f4bcf3685f54bfa2740d998b5189ef4ae9dc9f
+  metadata.gz: 4d69ceb6ad6da3d4c6534a3a009c8f9a9d3bdd6501f113b7bd5c3b30fb0bb6c2b5b2ad4578976bb3b51ae243a5e9ae006f0d1bfa5ff168a951cf791dd13eb0cb
+  data.tar.gz: 6d505d50654d71114a4c6691e3114229531cd59ff05d6bc047b7ad3df3fb2f650c91a224dd60a90333e1d7ad608c074e73918feebc647fc4c36fe8594e9f7d8e

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.351]:001 >>> PWN.help
+pwn[v0.5.353]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.351]:001 >>> PWN.help
+pwn[v0.5.353]:001 >>> PWN.help
 ```
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.351]:001 >>> PWN.help
+pwn[v0.5.353]:001 >>> PWN.help
 ```
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_fuzz_net_app_proto CHANGED Viewed

@@ -1,9 +1,10 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
-require 'pwn'
-require 'optparse'
+require 'htmlentities'
 require 'json'
+require 'optparse'
+require 'pwn'
 opts = {}
 OptionParser.new do |options|
@@ -93,7 +94,7 @@ else
   raise "PWN_PROVIDER env variable is not set to 'ruby-gem' or 'docker'"
 end
-dir_path = opts[:dir_path].to_s.scrub
+dir_path = opts[:dir_path] ||= '.'
 target = opts[:target]
 port = opts[:port]
 protocol = opts[:protocol]

data/bin/pwn_phone CHANGED Viewed

@@ -80,8 +80,7 @@ begin
   seconds_to_record = opts[:seconds_to_record]
   baresip_bin = opts[:baresip_bin]
   sox_bin = opts[:sox_bin]
-  session_root = opts[:session_root]
-  session_root ||= Dir.pwd
+  session_root = opts[:session_root] ||= '.'
   # Optional Flag Variables
   randomize = opts[:randomize]

data/bin/pwn_sast CHANGED Viewed

@@ -53,8 +53,7 @@ begin
   green = "\e[32m"
   end_of_color = "\e[0m"
-  dir_path = opts[:dir_path]
-  dir_path ||= '.'
+  dir_path = opts[:dir_path] ||= '.'
   uri_source_root = opts[:uri_source_root].to_s.scrub

data/bin/pwn_www_uri_buster CHANGED Viewed

@@ -259,8 +259,7 @@ begin
   raise 'ERROR: Flags --include-response-codes and --exclude-response-codes cannot be used together.' if include_http_response_codes && exclude_http_response_codes
-  dir_path = opts[:dir_path]
-  dir_path ||= '.'
+  dir_path = opts[:dir_path] ||= '.'
   report_name = opts[:report_name]
   report_name ||= "#{parsed_target_url.host}-#{File.basename(wordlist)}-#{Time.now.strftime('%Y-%m-%d_%H-%M-%S')}"

data/lib/pwn/plugins/burp_suite.rb CHANGED Viewed

@@ -486,6 +486,12 @@ module PWN
                 end
                 begin
+                  # Construct HTTP request headers
+                  request_headers = {
+                    host: host
+                  }
+                  request_headers.merge!(additional_http_headers)
                   # Combine path-level and operation-level parameters
                   operation_parameters = operation[:parameters].is_a?(Array) ? operation[:parameters] : []
                   all_parameters = path_parameters + operation_parameters
@@ -495,11 +501,18 @@ module PWN
                   request_path = full_path.dup
                   query_params = []
-                  all_parameters.each do |param|
+                  operation.each do |param|
                     next unless param.is_a?(Hash) && param[:name] && param[:in]
                     param_name = param[:name].to_s
                     case param[:in]
+                    when 'header'
+                      # Aggregate remaining HTTP header names from spec,
+                      # reference as keys, and assign their respective
+                      # values to the request_headers hash
+                      param_key = param_name.downcase
+                      param_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
+                      request_headers[param_key] = param_value.to_s
                     when 'path'
                       # Substitute path parameter with a default value (e.g., 'PLACEHOLDER')
                       param_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
@@ -507,29 +520,13 @@ module PWN
                     when 'query'
                       # Collect query parameters
                       param_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
-                      query_params << "#{URI.encode_www_form_component(param_name)}=#{URI.encode_www_form_component(param_value.to_s)}"
+                      query_params.push("#{URI.encode_www_form_component(param_name)}=#{URI.encode_www_form_component(param_value.to_s)}")
                     end
                   end
                   # Append query parameters to path if any
                   request_path += "?#{query_params.join('&')}" if query_params.any?
-                  # Construct HTTP request headers
-                  request_headers = {
-                    host: host
-                  }
-                  request_headers.merge!(additional_http_headers)
-                  # Aggregate remaining HTTP header names from spec,
-                  # reference as keys, and assign their respective
-                  # values to the request_headers hash
-                  operation[:parameters]&.each do |param|
-                    next unless param.is_a?(Hash) && param[:in] == 'header' && param[:name]
-                    header_name = param[:name].to_s.downcase
-                    header_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
-                    request_headers[header_name] = header_value.to_s
-                  end
                   # Construct request lines, including all headers
                   request_lines = [
                     "#{method_str.upcase} #{request_path} HTTP/1.1"

data/lib/pwn/plugins/git.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module PWN
           git_entity = `git log --since #{since_date} --stat-width=65535 --graph`.to_s.scrub
         else
           git_pull_output << "<h3>#{git_repo_name}->#{git_repo_branch} Diff Summary Since Last Pull</h3>"
-          git_entity = `git log ORIG_HEAD.. --stat-width=65535 --graph`.to_s.scrub
+          git_entity = `git log ORIG_HEAD.. --stat-width=65535 --graph 2> /dev/null`.to_s.scrub
         end
         # For debugging purposes
         @@logger.info(git_entity)
@@ -60,7 +60,7 @@ module PWN
         target_file.gsub!(%r{^#{repo_root}/}, '')
         if File.directory?(repo_root) && File.file?("#{repo_root}/#{target_file}")
-          `git --git-dir="#{Shellwords.escape(repo_root)}/.git" log -L #{from_line},#{to_line}:"#{Shellwords.escape(target_file)}" | grep Author | head -n 1`.to_s.scrub
+          `git --git-dir="#{Shellwords.escape(repo_root)}/.git" log -L #{from_line},#{to_line}:"#{Shellwords.escape(target_file)}" 2> /dev/null | grep Author | head -n 1`.to_s.scrub
         else
           -1
         end
@@ -75,7 +75,7 @@ module PWN
       public_class_method def self.dump_all_repo_branches(opts = {})
         git_url = opts[:git_url].to_s.scrub
-        `git ls-remote #{git_url}`.to_s.scrub
+        `git ls-remote #{git_url} 2> /dev/null`.to_s.scrub
       rescue StandardError => e
         raise e
       end

data/lib/pwn/plugins/sock.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module PWN
       # sock_obj = PWN::Plugins::Sock.connect(
       #   target: 'required - target host or ip',
       #   port: 'required - target port',
-      #   protocol: 'optional - :tcp || :udp (defaults to tcp)',
+      #   protocol: 'optional - :tcp || :udp (defaults to :tcp)',
       #   tls: 'optional - boolean connect to target socket using TLS (defaults to false)'
       # )
@@ -31,7 +31,7 @@ module PWN
         tls_min_version = OpenSSL::SSL::TLS1_VERSION if tls_min_version.nil?
-        case protocol
+        case protocol.to_s.to_sym
         when :tcp
           if tls
             sock = TCPSocket.open(target, port)

data/lib/pwn/reports/fuzz.rb CHANGED Viewed

@@ -79,8 +79,8 @@ module PWN
                 word-wrap: break-word !important;
               }
-              .highlighted {
-                background-color: #F2F5A9 !important;
+              tr.highlighted td {
+                background-color: #FFF396 !important;
               }
             </style>
@@ -98,7 +98,11 @@ module PWN
               &nbsp;~&nbsp;<a href="https://github.com/0dayinc/pwn/tree/master">pwn network fuzzer</a>
             </h1><br /><br />
-            <div><button type="button" id="button">Rows Selected</button></div><br />
+            <div>
+              <!--<button type="button" id="button">Rows Selected</button>-->
+              <button type="button" id="export_selected">Export Selected to JSON</button>
+            </div><br />
             <div>
               <b>Toggle Column(s):</b>&nbsp;
               <a class="toggle-vis" data-column="1" href="#">Timestamp</a>&nbsp;|&nbsp;
@@ -161,23 +165,11 @@ module PWN
                       $('html,body').animate({scrollTop: targetOffset}, 500);
                       oldStart = oSettings._iDisplayStart;
                     }
-                    // Select individual lines in a row
-                    $('#multi_line_select tbody').on('click', 'tr', function () {
-                      $(this).toggleClass('highlighted');
-                      if ($('#multi_line_select tr.highlighted').length > 0) {
-                        $('#multi_line_select tr td button').attr('disabled', 'disabled');
-                        // Remove multi-line bug button
-                      } else {
-                        $('#multi_line_select tr td button').removeAttr('disabled');
-                        // Add multi-line bug button
-                      }
-                    });
                   },
                   "ajax": "#{report_name}.json",
                   //"deferRender": true,
                   "dom": "fplitfpliS",
                   "autoWidth": false,
-                  "fixedColumns": true,
                   "columnDefs": [
                     {
                       targets: 3,
@@ -277,19 +269,72 @@ module PWN
                   column.visible( ! column.visible() );
                 });
-                // TODO: Open bug for highlighted rows ;)
                 $('#button').click( function () {
-                  alert($('#multi_line_select tr.highlighted').length +' row(s) highlighted');
+                  alert($('.multi_line_select tr.highlighted').length +' row(s) highlighted');
                 });
-              });
-              function multi_line_select() {
-                // Select all lines in a row
-                //$('#pwn_fuzz_net_app_proto tbody').on('click', 'tr', function () {
-                //  $(this).children('td').children('#multi_line_select').children('tbody').children('tr').toggleClass('highlighted');
-                //});
+                $('#export_selected').click( function () {
+                  if ($('.multi_line_select tr.highlighted').length === 0) {
+                    alert('No rows selected');
+                    return;
+                  }
-              }
+                  $.getJSON(table.ajax.url(), function(original_json) {
+                    var selected_results = {};
+                    $('.multi_line_select tr.highlighted').each(function() {
+                      var inner_tr = $(this);
+                      var main_tr = inner_tr.closest('td').parent();
+                      var row = table.row(main_tr);
+                      var row_index = row.index();
+                      var line_index = inner_tr.index();
+                      if (selected_results[row_index] === undefined) {
+                        selected_results[row_index] = {
+                          row: row,
+                          lines: []
+                        };
+                      }
+                      selected_results[row_index].lines.push(line_index);
+                    });
+                    var new_data = [];
+                    Object.keys(selected_results).forEach(function(ri) {
+                      var sel = selected_results[ri];
+                      var orig_row_data = sel.row.data();
+                      var new_row_data = JSON.parse(JSON.stringify(orig_row_data));
+                      sel.lines.sort((a, b) => a - b);
+                      new_row_data.line_no_and_contents = sel.lines.map(function(li) {
+                        return orig_row_data.line_no_and_contents[li];
+                      });
+                      new_row_data.raw_content = new_row_data.line_no_and_contents.map(l => l.contents).join('\\n');
+                      new_data.push(new_row_data);
+                    });
+                    original_json.data = new_data;
+                    if (original_json.report_name) {
+                      original_json.report_name += '_selected';
+                    }
+                    var json_str = JSON.stringify(original_json, null, 2);
+                    var blob = new Blob([json_str], { type: 'application/json' });
+                    var url = URL.createObjectURL(blob);
+                    var a = document.createElement('a');
+                    a.href = url;
+                    a.download = (original_json.report_name || 'selected') + '.json';
+                    document.body.appendChild(a);
+                    a.click();
+                    document.body.removeChild(a);
+                    URL.revokeObjectURL(url);
+                  });
+                });
+              });
             </script>
           </body>
         </html>

data/lib/pwn/reports/phone.rb CHANGED Viewed

@@ -71,8 +71,8 @@ module PWN
                 word-wrap: break-word !important;
               }
-              .highlighted {
-                background-color: #F2F5A9 !important;
+              tr.highlighted td {
+                background-color: #FFF396 !important;
               }
             </style>
@@ -95,7 +95,11 @@ module PWN
             </h1><br /><br />
             <h2 id="report_name"></h2><br />
-            <div><button type="button" id="button">Rows Selected</button></div><br />
+            <div>
+              <!--<button type="button" id="button">Rows Selected</button>-->
+              <button type="button" id="export_selected">Export Selected to JSON</button>
+            </div><br />
             <div>
               <b>Toggle Column(s):</b>&nbsp;
               <a class="toggle-vis" data-column="1" href="#">Call Started</a>&nbsp;|&nbsp;
@@ -136,6 +140,19 @@ module PWN
                     <th>Waveform</th>
                   </tr>
                 </thead>
+                <col width="30px" />
+                <col width="60px" />
+                <col width="60px" />
+                <col width="90px" />
+                <col width="60px" />
+                <col width="30px" />
+                <col width="30px" />
+                <col width="60px" />
+                <col width="300px" />
+                <col width="90px" />
+                <col width="300px" />
+                <col width="300px" />
+                <col width="300px" />
                 <!-- DataTables <tbody> -->
               </table>
             </div>
@@ -162,17 +179,6 @@ module PWN
                       $('html,body').animate({scrollTop: targetOffset}, 500);
                       oldStart = oSettings._iDisplayStart;
                     }
-                    // Select individual lines in a row
-                    $('#multi_line_select tbody').on('click', 'tr', function () {
-                      $(this).toggleClass('highlighted');
-                      if ($('#multi_line_select tr.highlighted').length > 0) {
-                        $('#multi_line_select tr td button').attr('disabled', 'disabled');
-                        // Remove multi-line bug button
-                      } else {
-                        $('#multi_line_select tr td button').removeAttr('disabled');
-                        // Add multi-line bug button
-                      }
-                    });
                   },
                   "ajax": "#{report_name}.json",
                   //"deferRender": true,
@@ -318,19 +324,72 @@ module PWN
                   column.visible( ! column.visible() );
                 });
-                // TODO: Open bug for highlighted rows ;)
                 $('#button').click( function () {
-                  alert($('#multi_line_select tr.highlighted').length +' row(s) highlighted');
+                  alert($('.multi_line_select tr.highlighted').length +' row(s) highlighted');
                 });
-              });
-              function multi_line_select() {
-                // Select all lines in a row
-                //$('#pwn_phone_results tbody').on('click', 'tr', function () {
-                //  $(this).children('td').children('#multi_line_select').children('tbody').children('tr').toggleClass('highlighted');
-                //});
+                $('#export_selected').click( function () {
+                  if ($('.multi_line_select tr.highlighted').length === 0) {
+                    alert('No rows selected');
+                    return;
+                  }
-              }
+                  $.getJSON(table.ajax.url(), function(original_json) {
+                    var selected_results = {};
+                    $('.multi_line_select tr.highlighted').each(function() {
+                      var inner_tr = $(this);
+                      var main_tr = inner_tr.closest('td').parent();
+                      var row = table.row(main_tr);
+                      var row_index = row.index();
+                      var line_index = inner_tr.index();
+                      if (selected_results[row_index] === undefined) {
+                        selected_results[row_index] = {
+                          row: row,
+                          lines: []
+                        };
+                      }
+                      selected_results[row_index].lines.push(line_index);
+                    });
+                    var new_data = [];
+                    Object.keys(selected_results).forEach(function(ri) {
+                      var sel = selected_results[ri];
+                      var orig_row_data = sel.row.data();
+                      var new_row_data = JSON.parse(JSON.stringify(orig_row_data));
+                      sel.lines.sort((a, b) => a - b);
+                      new_row_data.line_no_and_contents = sel.lines.map(function(li) {
+                        return orig_row_data.line_no_and_contents[li];
+                      });
+                      new_row_data.raw_content = new_row_data.line_no_and_contents.map(l => l.contents).join('\\n');
+                      new_data.push(new_row_data);
+                    });
+                    original_json.data = new_data;
+                    if (original_json.report_name) {
+                      original_json.report_name += '_selected';
+                    }
+                    var json_str = JSON.stringify(original_json, null, 2);
+                    var blob = new Blob([json_str], { type: 'application/json' });
+                    var url = URL.createObjectURL(blob);
+                    var a = document.createElement('a');
+                    a.href = url;
+                    a.download = (original_json.report_name || 'selected') + '.json';
+                    document.body.appendChild(a);
+                    a.click();
+                    document.body.removeChild(a);
+                    URL.revokeObjectURL(url);
+                  });
+                });
+              });
             </script>
           </body>
         </html>