pwn 0.5.352 → 0.5.353

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ed1ecac3031877ce2727dca9ed321e834c8a864de719923106c0e4630f88f15
-  data.tar.gz: ca5dff2fb03d1600932cdc4fad2dafc8ee1f1a4712262306d0a04b52074f552f
+  metadata.gz: 520c14131726908d9abb9e798087982d6d85e97fee79a4072f57379d71b4ec81
+  data.tar.gz: 7352109003e96f827c4ba7b4a49be75217216d6450c12e8c30067832712c52a5
 SHA512:
-  metadata.gz: 5b923dc37f4f57041c2667c1bacf4f7b7cb763fdb0d2528faf647a09c8196793916c1734357f36d69b06afe5daa462103861aab0f81585868b2d10d4bf749a86
-  data.tar.gz: 9db9f36b6586bcc58f6f825cd6ef3d4484f981df1666985b9d110a683dd521dac24fd9d23ae86b6210f5d26a77467dfc247eb64a376fd582551c254d72715d61
+  metadata.gz: 4d69ceb6ad6da3d4c6534a3a009c8f9a9d3bdd6501f113b7bd5c3b30fb0bb6c2b5b2ad4578976bb3b51ae243a5e9ae006f0d1bfa5ff168a951cf791dd13eb0cb
+  data.tar.gz: 6d505d50654d71114a4c6691e3114229531cd59ff05d6bc047b7ad3df3fb2f650c91a224dd60a90333e1d7ad608c074e73918feebc647fc4c36fe8594e9f7d8e

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.352]:001 >>> PWN.help
+pwn[v0.5.353]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.352]:001 >>> PWN.help
+pwn[v0.5.353]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.352]:001 >>> PWN.help
+pwn[v0.5.353]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_fuzz_net_app_proto

@@ -1,9 +1,10 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require 'pwn'
-require 'optparse'
+require 'htmlentities'
 require 'json'
+require 'optparse'
+require 'pwn'
 
 opts = {}
 OptionParser.new do |options|
@@ -93,7 +94,7 @@ else
   raise "PWN_PROVIDER env variable is not set to 'ruby-gem' or 'docker'"
 end
 
-dir_path = opts[:dir_path].to_s.scrub
+dir_path = opts[:dir_path] ||= '.'
 target = opts[:target]
 port = opts[:port]
 protocol = opts[:protocol]

data/bin/pwn_phone

@@ -80,8 +80,7 @@ begin
   seconds_to_record = opts[:seconds_to_record]
   baresip_bin = opts[:baresip_bin]
   sox_bin = opts[:sox_bin]
-  session_root = opts[:session_root]
-  session_root ||= Dir.pwd
+  session_root = opts[:session_root] ||= '.'
 
   # Optional Flag Variables
   randomize = opts[:randomize]

data/bin/pwn_sast

@@ -53,8 +53,7 @@ begin
   green = "\e[32m"
   end_of_color = "\e[0m"
 
-  dir_path = opts[:dir_path]
-  dir_path ||= '.'
+  dir_path = opts[:dir_path] ||= '.'
 
   uri_source_root = opts[:uri_source_root].to_s.scrub
 

data/bin/pwn_www_uri_buster

@@ -259,8 +259,7 @@ begin
 
   raise 'ERROR: Flags --include-response-codes and --exclude-response-codes cannot be used together.' if include_http_response_codes && exclude_http_response_codes
 
-  dir_path = opts[:dir_path]
-  dir_path ||= '.'
+  dir_path = opts[:dir_path] ||= '.'
 
   report_name = opts[:report_name]
   report_name ||= "#{parsed_target_url.host}-#{File.basename(wordlist)}-#{Time.now.strftime('%Y-%m-%d_%H-%M-%S')}"

data/lib/pwn/plugins/burp_suite.rb

@@ -486,6 +486,12 @@ module PWN
                 end
 
                 begin
+                  # Construct HTTP request headers
+                  request_headers = {
+                    host: host
+                  }
+                  request_headers.merge!(additional_http_headers)
+
                   # Combine path-level and operation-level parameters
                   operation_parameters = operation[:parameters].is_a?(Array) ? operation[:parameters] : []
                   all_parameters = path_parameters + operation_parameters
@@ -500,6 +506,13 @@ module PWN
 
                     param_name = param[:name].to_s
                     case param[:in]
+                    when 'header'
+                      # Aggregate remaining HTTP header names from spec,
+                      # reference as keys, and assign their respective
+                      # values to the request_headers hash
+                      param_key = param_name.downcase
+                      param_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
+                      request_headers[param_key] = param_value.to_s
                     when 'path'
                       # Substitute path parameter with a default value (e.g., 'PLACEHOLDER')
                       param_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
@@ -507,29 +520,13 @@ module PWN
                     when 'query'
                       # Collect query parameters
                       param_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
-                      query_params << "#{URI.encode_www_form_component(param_name)}=#{URI.encode_www_form_component(param_value.to_s)}"
+                      query_params.push("#{URI.encode_www_form_component(param_name)}=#{URI.encode_www_form_component(param_value.to_s)}")
                     end
                   end
 
                   # Append query parameters to path if any
                   request_path += "?#{query_params.join('&')}" if query_params.any?
 
-                  # Construct HTTP request headers
-                  request_headers = {
-                    host: host
-                  }
-                  request_headers.merge!(additional_http_headers)
-                  # Aggregate remaining HTTP header names from spec,
-                  # reference as keys, and assign their respective
-                  # values to the request_headers hash
-                  operation[:parameters]&.each do |param|
-                    next unless param.is_a?(Hash) && param[:in] == 'header' && param[:name]
-
-                    header_name = param[:name].to_s.downcase
-                    header_value = param[:schema]&.dig(:example) || 'PLACEHOLDER'
-                    request_headers[header_name] = header_value.to_s
-                  end
-
                   # Construct request lines, including all headers
                   request_lines = [
                     "#{method_str.upcase} #{request_path} HTTP/1.1"

data/lib/pwn/plugins/git.rb

@@ -27,7 +27,7 @@ module PWN
           git_entity = `git log --since #{since_date} --stat-width=65535 --graph`.to_s.scrub
         else
           git_pull_output << "<h3>#{git_repo_name}->#{git_repo_branch} Diff Summary Since Last Pull</h3>"
-          git_entity = `git log ORIG_HEAD.. --stat-width=65535 --graph`.to_s.scrub
+          git_entity = `git log ORIG_HEAD.. --stat-width=65535 --graph 2> /dev/null`.to_s.scrub
         end
         # For debugging purposes
         @@logger.info(git_entity)
@@ -60,7 +60,7 @@ module PWN
         target_file.gsub!(%r{^#{repo_root}/}, '')
 
         if File.directory?(repo_root) && File.file?("#{repo_root}/#{target_file}")
-          `git --git-dir="#{Shellwords.escape(repo_root)}/.git" log -L #{from_line},#{to_line}:"#{Shellwords.escape(target_file)}" | grep Author | head -n 1`.to_s.scrub
+          `git --git-dir="#{Shellwords.escape(repo_root)}/.git" log -L #{from_line},#{to_line}:"#{Shellwords.escape(target_file)}" 2> /dev/null | grep Author | head -n 1`.to_s.scrub
         else
           -1
         end
@@ -75,7 +75,7 @@ module PWN
 
       public_class_method def self.dump_all_repo_branches(opts = {})
         git_url = opts[:git_url].to_s.scrub
-        `git ls-remote #{git_url}`.to_s.scrub
+        `git ls-remote #{git_url} 2> /dev/null`.to_s.scrub
       rescue StandardError => e
         raise e
       end

data/lib/pwn/plugins/sock.rb

@@ -13,7 +13,7 @@ module PWN
       # sock_obj = PWN::Plugins::Sock.connect(
       #   target: 'required - target host or ip',
       #   port: 'required - target port',
-      #   protocol: 'optional - :tcp || :udp (defaults to tcp)',
+      #   protocol: 'optional - :tcp || :udp (defaults to :tcp)',
       #   tls: 'optional - boolean connect to target socket using TLS (defaults to false)'
       # )
 
@@ -31,7 +31,7 @@ module PWN
 
         tls_min_version = OpenSSL::SSL::TLS1_VERSION if tls_min_version.nil?
 
-        case protocol
+        case protocol.to_s.to_sym
         when :tcp
           if tls
             sock = TCPSocket.open(target, port)

data/lib/pwn/reports/fuzz.rb

@@ -79,8 +79,8 @@ module PWN
                 word-wrap: break-word !important;
               }
 
-              .highlighted {
-                background-color: #F2F5A9 !important;
+              tr.highlighted td {
+                background-color: #FFF396 !important;
               }
             </style>
 
@@ -98,7 +98,11 @@ module PWN
               &nbsp;~&nbsp;<a href="https://github.com/0dayinc/pwn/tree/master">pwn network fuzzer</a>
             </h1><br /><br />
 
-            <div><button type="button" id="button">Rows Selected</button></div><br />
+            <div>
+              <!--<button type="button" id="button">Rows Selected</button>-->
+              <button type="button" id="export_selected">Export Selected to JSON</button>
+            </div><br />
+
             <div>
               <b>Toggle Column(s):</b>&nbsp;
               <a class="toggle-vis" data-column="1" href="#">Timestamp</a>&nbsp;|&nbsp;
@@ -161,23 +165,11 @@ module PWN
                       $('html,body').animate({scrollTop: targetOffset}, 500);
                       oldStart = oSettings._iDisplayStart;
                     }
-                    // Select individual lines in a row
-                    $('#multi_line_select tbody').on('click', 'tr', function () {
-                      $(this).toggleClass('highlighted');
-                      if ($('#multi_line_select tr.highlighted').length > 0) {
-                        $('#multi_line_select tr td button').attr('disabled', 'disabled');
-                        // Remove multi-line bug button
-                      } else {
-                        $('#multi_line_select tr td button').removeAttr('disabled');
-                        // Add multi-line bug button
-                      }
-                    });
                   },
                   "ajax": "#{report_name}.json",
                   //"deferRender": true,
                   "dom": "fplitfpliS",
                   "autoWidth": false,
-                  "fixedColumns": true,
                   "columnDefs": [
                     {
                       targets: 3,
@@ -277,19 +269,72 @@ module PWN
                   column.visible( ! column.visible() );
                 });
 
-                // TODO: Open bug for highlighted rows ;)
                 $('#button').click( function () {
-                  alert($('#multi_line_select tr.highlighted').length +' row(s) highlighted');
+                  alert($('.multi_line_select tr.highlighted').length +' row(s) highlighted');
                 });
-              });
 
-              function multi_line_select() {
-                // Select all lines in a row
-                //$('#pwn_fuzz_net_app_proto tbody').on('click', 'tr', function () {
-                //  $(this).children('td').children('#multi_line_select').children('tbody').children('tr').toggleClass('highlighted');
-                //});
+                $('#export_selected').click( function () {
+                  if ($('.multi_line_select tr.highlighted').length === 0) {
+                    alert('No rows selected');
+                    return;
+                  }
 
-              }
+                  $.getJSON(table.ajax.url(), function(original_json) {
+                    var selected_results = {};
+
+                    $('.multi_line_select tr.highlighted').each(function() {
+                      var inner_tr = $(this);
+                      var main_tr = inner_tr.closest('td').parent();
+                      var row = table.row(main_tr);
+                      var row_index = row.index();
+                      var line_index = inner_tr.index();
+
+                      if (selected_results[row_index] === undefined) {
+                        selected_results[row_index] = {
+                          row: row,
+                          lines: []
+                        };
+                      }
+
+                      selected_results[row_index].lines.push(line_index);
+                    });
+
+                    var new_data = [];
+
+                    Object.keys(selected_results).forEach(function(ri) {
+                      var sel = selected_results[ri];
+                      var orig_row_data = sel.row.data();
+                      var new_row_data = JSON.parse(JSON.stringify(orig_row_data));
+
+                      sel.lines.sort((a, b) => a - b);
+                      new_row_data.line_no_and_contents = sel.lines.map(function(li) {
+                        return orig_row_data.line_no_and_contents[li];
+                      });
+
+                      new_row_data.raw_content = new_row_data.line_no_and_contents.map(l => l.contents).join('\\n');
+
+                      new_data.push(new_row_data);
+                    });
+
+                    original_json.data = new_data;
+
+                    if (original_json.report_name) {
+                      original_json.report_name += '_selected';
+                    }
+
+                    var json_str = JSON.stringify(original_json, null, 2);
+                    var blob = new Blob([json_str], { type: 'application/json' });
+                    var url = URL.createObjectURL(blob);
+                    var a = document.createElement('a');
+                    a.href = url;
+                    a.download = (original_json.report_name || 'selected') + '.json';
+                    document.body.appendChild(a);
+                    a.click();
+                    document.body.removeChild(a);
+                    URL.revokeObjectURL(url);
+                  });
+                });
+              });
             </script>
           </body>
         </html>

data/lib/pwn/reports/phone.rb

@@ -71,8 +71,8 @@ module PWN
                 word-wrap: break-word !important;
               }
 
-              .highlighted {
-                background-color: #F2F5A9 !important;
+              tr.highlighted td {
+                background-color: #FFF396 !important;
               }
             </style>
 
@@ -95,7 +95,11 @@ module PWN
             </h1><br /><br />
             <h2 id="report_name"></h2><br />
 
-            <div><button type="button" id="button">Rows Selected</button></div><br />
+            <div>
+              <!--<button type="button" id="button">Rows Selected</button>-->
+              <button type="button" id="export_selected">Export Selected to JSON</button>
+            </div><br />
+
             <div>
               <b>Toggle Column(s):</b>&nbsp;
               <a class="toggle-vis" data-column="1" href="#">Call Started</a>&nbsp;|&nbsp;
@@ -136,6 +140,19 @@ module PWN
                     <th>Waveform</th>
                   </tr>
                 </thead>
+                <col width="30px" />
+                <col width="60px" />
+                <col width="60px" />
+                <col width="90px" />
+                <col width="60px" />
+                <col width="30px" />
+                <col width="30px" />
+                <col width="60px" />
+                <col width="300px" />
+                <col width="90px" />
+                <col width="300px" />
+                <col width="300px" />
+                <col width="300px" />
                 <!-- DataTables <tbody> -->
               </table>
             </div>
@@ -162,17 +179,6 @@ module PWN
                       $('html,body').animate({scrollTop: targetOffset}, 500);
                       oldStart = oSettings._iDisplayStart;
                     }
-                    // Select individual lines in a row
-                    $('#multi_line_select tbody').on('click', 'tr', function () {
-                      $(this).toggleClass('highlighted');
-                      if ($('#multi_line_select tr.highlighted').length > 0) {
-                        $('#multi_line_select tr td button').attr('disabled', 'disabled');
-                        // Remove multi-line bug button
-                      } else {
-                        $('#multi_line_select tr td button').removeAttr('disabled');
-                        // Add multi-line bug button
-                      }
-                    });
                   },
                   "ajax": "#{report_name}.json",
                   //"deferRender": true,
@@ -318,19 +324,72 @@ module PWN
                   column.visible( ! column.visible() );
                 });
 
-                // TODO: Open bug for highlighted rows ;)
                 $('#button').click( function () {
-                  alert($('#multi_line_select tr.highlighted').length +' row(s) highlighted');
+                  alert($('.multi_line_select tr.highlighted').length +' row(s) highlighted');
                 });
-              });
 
-              function multi_line_select() {
-                // Select all lines in a row
-                //$('#pwn_phone_results tbody').on('click', 'tr', function () {
-                //  $(this).children('td').children('#multi_line_select').children('tbody').children('tr').toggleClass('highlighted');
-                //});
+                $('#export_selected').click( function () {
+                  if ($('.multi_line_select tr.highlighted').length === 0) {
+                    alert('No rows selected');
+                    return;
+                  }
 
-              }
+                  $.getJSON(table.ajax.url(), function(original_json) {
+                    var selected_results = {};
+
+                    $('.multi_line_select tr.highlighted').each(function() {
+                      var inner_tr = $(this);
+                      var main_tr = inner_tr.closest('td').parent();
+                      var row = table.row(main_tr);
+                      var row_index = row.index();
+                      var line_index = inner_tr.index();
+
+                      if (selected_results[row_index] === undefined) {
+                        selected_results[row_index] = {
+                          row: row,
+                          lines: []
+                        };
+                      }
+
+                      selected_results[row_index].lines.push(line_index);
+                    });
+
+                    var new_data = [];
+
+                    Object.keys(selected_results).forEach(function(ri) {
+                      var sel = selected_results[ri];
+                      var orig_row_data = sel.row.data();
+                      var new_row_data = JSON.parse(JSON.stringify(orig_row_data));
+
+                      sel.lines.sort((a, b) => a - b);
+                      new_row_data.line_no_and_contents = sel.lines.map(function(li) {
+                        return orig_row_data.line_no_and_contents[li];
+                      });
+
+                      new_row_data.raw_content = new_row_data.line_no_and_contents.map(l => l.contents).join('\\n');
+
+                      new_data.push(new_row_data);
+                    });
+
+                    original_json.data = new_data;
+
+                    if (original_json.report_name) {
+                      original_json.report_name += '_selected';
+                    }
+
+                    var json_str = JSON.stringify(original_json, null, 2);
+                    var blob = new Blob([json_str], { type: 'application/json' });
+                    var url = URL.createObjectURL(blob);
+                    var a = document.createElement('a');
+                    a.href = url;
+                    a.download = (original_json.report_name || 'selected') + '.json';
+                    document.body.appendChild(a);
+                    a.click();
+                    document.body.removeChild(a);
+                    URL.revokeObjectURL(url);
+                  });
+                });
+              });
             </script>
           </body>
         </html>

data/lib/pwn/reports/sast.rb

@@ -98,7 +98,11 @@ module PWN
             </h1><br /><br />
             <h2 id="report_name"></h2><br />
 
-            <div><button type="button" id="button">Rows Selected</button> <button type="button" id="export_selected">Export Selected to JSON</button></div><br />
+            <div>
+              <!--<button type="button" id="button">Rows Selected</button>-->
+              <button type="button" id="export_selected">Export Selected to JSON</button>
+            </div><br />
+
             <div>
               <b>Toggle Column(s):</b>&nbsp;
               <a class="toggle-vis" data-column="1" href="#">Timestamp</a>&nbsp;|&nbsp;
@@ -127,12 +131,20 @@ module PWN
                     <th>Test Case (Anti-Pattern) Filter</th>
                   </tr>
                 </thead>
+                <col width="30px" />
+                <col width="60px" />
+                <col width="300px" />
+                <col width="90px" />
+                <col width="90px" />
+                <col width="300px" />
+                <col width="90px" />
                 <!-- DataTables <tbody> -->
               </table>
             </div>
 
             <script>
               var htmlEntityEncode = $.fn.dataTable.render.text().display;
+
               var line_entry_uri = "";
               $(document).ready(function() {
                 var oldStart = 0;
@@ -196,17 +208,6 @@ module PWN
 
                           var filename_link = row.filename;
 
-                          var bug_comment = 'Timestamp: ' + row.timestamp + '\\n' +
-                                            'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
-                                              row.security_references['sast_module'].replace(/::/g, "/") + '\\n' +
-                                            'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
-                                            'Test Case Request:\\n' +
-                                            $("<div/>").html(row.test_case_filter.replace(/\\s{2,}/g, " ")).text() + '\\n\\n' +
-                                            'Test Case Response:\\n' +
-                                            '\\tCommitted by: ' + $("<div/>").html(data[i]['author']).text() + '\\t' +
-                                              data[i]['line_no'] + ': ' +
-                                              $("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
-
                           var author_and_email_arr = data[i]['author'].split(" ");
                           var email = author_and_email_arr[author_and_email_arr.length - 1];
                           var email_user_arr = email.split("@");
@@ -214,13 +215,13 @@ module PWN
 
                           var uri = '#uri';
 
-                         var canned_email_results = 'Timestamp: ' + row.timestamp + '\\n' +
-                                                    'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
-                                                    'Source Code in Question:\\n\\n' +
-                                                    data[i]['line_no'] + ': ' +
-                                                    $("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
+                          var canned_email_results = 'Timestamp: ' + row.timestamp + '\\n' +
+                                                     'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
+                                                     'Source Code in Question:\\n\\n' +
+                                                     data[i]['line_no'] + ': ' +
+                                                     $("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
 
-                         var canned_email = email.replace("&lt;", "").replace("&gt;", "") + '?subject=Potential%20Bug%20within%20Source%20File:%20'+ encodeURIComponent(row.filename) +'&body=Greetings,%0A%0AThe%20following%20information%20likely%20represents%20a%20bug%20discovered%20through%20automated%20security%20testing%20initiatives:%0A%0A' + encodeURIComponent(canned_email_results) + 'Is%20this%20something%20that%20can%20be%20addressed%20immediately%20or%20would%20filing%20a%20bug%20be%20more%20appropriate?%20%20Please%20let%20us%20know%20at%20your%20earliest%20convenience%20to%20ensure%20we%20can%20meet%20security%20expectations%20for%20this%20release.%20%20Thanks%20and%20have%20a%20great%20day!';
+                          var canned_email = email.replace("&lt;", "").replace("&gt;", "") + '?subject=Potential%20Bug%20within%20Source%20File:%20'+ encodeURIComponent(row.filename) +'&body=Greetings,%0A%0AThe%20following%20information%20likely%20represents%20a%20bug%20discovered%20through%20automated%20security%20testing%20initiatives:%0A%0A' + encodeURIComponent(canned_email_results) + 'Is%20this%20something%20that%20can%20be%20addressed%20immediately%20or%20would%20filing%20a%20bug%20be%20more%20appropriate?%20%20Please%20let%20us%20know%20at%20your%20earliest%20convenience%20to%20ensure%20we%20can%20meet%20security%20expectations%20for%20this%20release.%20%20Thanks%20and%20have%20a%20great%20day!';
 
                           domain = line_entry_uri.replace('http://','').replace('https://','').split(/[/?#]/)[0];
                           if (domain.includes('stash') || domain.includes('bitbucket') || domain.includes('gerrit')) {