pwn 0.5.359 → 0.5.361
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -2
- data/Gemfile +1 -1
- data/README.md +3 -3
- data/lib/pwn/plugins/burp_suite.rb +53 -17
- data/lib/pwn/reports/fuzz.rb +0 -4
- data/lib/pwn/reports/phone.rb +0 -4
- data/lib/pwn/reports/sast.rb +0 -4
- data/lib/pwn/reports/uri_buster.rb +0 -4
- data/lib/pwn/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e88078c5511bf73455ec0e180d74722ae21abde53eabeb9d7d6aa01f789aed0a
|
|
4
|
+
data.tar.gz: 1d5415ee2ab144edf5a2a31b95ced38d942bfc2e9d47608d09107158643eb723
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 93ec2e53152dec0b4402778c8dd003467ec2fb8943c0b3f8ec143062448acbf9b67b430dd329ac1169c556962f92132d56342d434043f13950340ea683449ec8
|
|
7
|
+
data.tar.gz: d5134a5b7fe5de07253ddde38cb884ebad73bc96369963fa8a5c69d00bb58b5d36e24c2ab475fb39322045af007a8a843e96ea514882fd112bcffcd8e0e849ba
|
data/.rubocop.yml
CHANGED
|
@@ -8,13 +8,13 @@ Lint/UselessRescue:
|
|
|
8
8
|
Metrics/AbcSize:
|
|
9
9
|
Max: 537.6
|
|
10
10
|
Metrics/BlockLength:
|
|
11
|
-
Max:
|
|
11
|
+
Max: 220
|
|
12
12
|
Metrics/BlockNesting:
|
|
13
13
|
Max: 5
|
|
14
14
|
Metrics/ClassLength:
|
|
15
15
|
Max: 134
|
|
16
16
|
Metrics/CyclomaticComplexity:
|
|
17
|
-
Max:
|
|
17
|
+
Max: 122
|
|
18
18
|
Metrics/MethodLength:
|
|
19
19
|
Max: 485
|
|
20
20
|
Metrics/ModuleLength:
|
data/Gemfile
CHANGED
|
@@ -90,7 +90,7 @@ gem 'ruby-nmap', '1.0.3'
|
|
|
90
90
|
gem 'ruby-saml', '1.18.1'
|
|
91
91
|
gem 'rvm', '1.11.3.9'
|
|
92
92
|
gem 'savon', '2.15.1'
|
|
93
|
-
gem 'selenium-devtools', '0.
|
|
93
|
+
gem 'selenium-devtools', '0.139.0'
|
|
94
94
|
# gem 'serialport', '1.3.2'
|
|
95
95
|
# gem 'sinatra', '4.0.0'
|
|
96
96
|
gem 'slack-ruby-client', '2.7.0'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.361]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.361]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.361]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -615,15 +615,15 @@ module PWN
|
|
|
615
615
|
# reference as keys, and assign their respective
|
|
616
616
|
# values to the request_headers hash
|
|
617
617
|
param_key = param_name.downcase
|
|
618
|
-
param_value = param[:schema]&.dig(:example) || '
|
|
618
|
+
param_value = param[:schema]&.dig(:example) || 'FUZZ'
|
|
619
619
|
request_headers[param_key] = param_value.to_s
|
|
620
620
|
when 'path'
|
|
621
|
-
# Substitute path parameter with a default value (e.g., '
|
|
622
|
-
param_value = param[:schema]&.dig(:example) || '
|
|
621
|
+
# Substitute path parameter with a default value (e.g., 'FUZZ')
|
|
622
|
+
param_value = param[:schema]&.dig(:example) || 'FUZZ'
|
|
623
623
|
request_path.gsub!("{#{param_name}}", param_value.to_s)
|
|
624
624
|
when 'query'
|
|
625
625
|
# Collect query parameters
|
|
626
|
-
param_value = param[:schema]&.dig(:example) || '
|
|
626
|
+
param_value = param[:schema]&.dig(:example) || 'FUZZ'
|
|
627
627
|
query_params.push("#{URI.encode_www_form_component(param_name)}=#{URI.encode_www_form_component(param_value.to_s)}")
|
|
628
628
|
end
|
|
629
629
|
end
|
|
@@ -648,8 +648,8 @@ module PWN
|
|
|
648
648
|
# Determine response code from operation[:responses].keys
|
|
649
649
|
fallback_response_code = 200
|
|
650
650
|
response_keys = operation[:responses].keys
|
|
651
|
-
|
|
652
|
-
response_code
|
|
651
|
+
response_key = response_keys.find { |key| key.to_s.to_i.between?(100, 599) } || fallback_response_code.to_s
|
|
652
|
+
response_code = response_key.to_s.to_i
|
|
653
653
|
|
|
654
654
|
response_status = case response_code
|
|
655
655
|
when 200 then '200 OK'
|
|
@@ -672,17 +672,53 @@ module PWN
|
|
|
672
672
|
else "#{fallback_response_code} OK"
|
|
673
673
|
end
|
|
674
674
|
|
|
675
|
-
# Construct response body
|
|
676
|
-
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
680
|
-
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
|
|
684
|
-
|
|
685
|
-
|
|
675
|
+
# Construct response body from operation responses schema example, schema $ref example, etc.
|
|
676
|
+
response_obj = operation[:responses][response_key] || {}
|
|
677
|
+
content = response_obj[:content] || {}
|
|
678
|
+
content_type = content.keys.first&.to_s || 'text/plain'
|
|
679
|
+
|
|
680
|
+
response_body = ''
|
|
681
|
+
unless [204, 304].include?(response_code)
|
|
682
|
+
content_obj = content[content_type.to_sym] || {}
|
|
683
|
+
example = content_obj[:example]
|
|
684
|
+
if example.nil? && content_obj[:examples].is_a?(Hash)
|
|
685
|
+
ex_key = content_obj[:examples].keys.first
|
|
686
|
+
example = content_obj[:examples][ex_key][:value] if ex_key
|
|
687
|
+
end
|
|
688
|
+
|
|
689
|
+
if example.nil?
|
|
690
|
+
schema = content_obj[:schema]
|
|
691
|
+
if schema
|
|
692
|
+
if schema[:$ref]
|
|
693
|
+
ref = schema[:$ref]
|
|
694
|
+
if ref.start_with?('#/')
|
|
695
|
+
parts = ref.sub('#/', '').split('/')
|
|
696
|
+
resolved = openapi
|
|
697
|
+
parts.each do |part|
|
|
698
|
+
resolved = resolved[part.to_sym]
|
|
699
|
+
break unless resolved
|
|
700
|
+
end
|
|
701
|
+
schema = resolved if resolved
|
|
702
|
+
end
|
|
703
|
+
end
|
|
704
|
+
|
|
705
|
+
example = schema[:example]
|
|
706
|
+
if example.nil? && schema[:examples].is_a?(Hash)
|
|
707
|
+
ex_key = schema[:examples].keys.first
|
|
708
|
+
example = schema[:examples][ex_key][:value] if ex_key
|
|
709
|
+
end
|
|
710
|
+
end
|
|
711
|
+
end
|
|
712
|
+
|
|
713
|
+
response_body = example || response_obj[:description] || "INFO: Unable to resolve response body from #{openapi_spec} => { 'http_method': '#{method_str.upcase}', 'path': '#{request_path}', 'response_code': '#{response_code}' }"
|
|
714
|
+
|
|
715
|
+
# Serialize based on content_type
|
|
716
|
+
if content_type =~ /json/i && (response_body.is_a?(Hash) || response_body.is_a?(Array))
|
|
717
|
+
response_body = JSON.generate(response_body)
|
|
718
|
+
else
|
|
719
|
+
response_body = response_body.to_s
|
|
720
|
+
end
|
|
721
|
+
end
|
|
686
722
|
|
|
687
723
|
response_lines = [
|
|
688
724
|
"HTTP/1.1 #{response_status}",
|
data/lib/pwn/reports/fuzz.rb
CHANGED
|
@@ -277,10 +277,6 @@ module PWN
|
|
|
277
277
|
var selected_data = selectedRows.data().toArray();
|
|
278
278
|
original_json.data = selected_data;
|
|
279
279
|
|
|
280
|
-
if (original_json.report_name) {
|
|
281
|
-
original_json.report_name += '_selected';
|
|
282
|
-
}
|
|
283
|
-
|
|
284
280
|
var json_str = JSON.stringify(original_json, null, 2);
|
|
285
281
|
var blob = new Blob([json_str], { type: 'application/json' });
|
|
286
282
|
var url = URL.createObjectURL(blob);
|
data/lib/pwn/reports/phone.rb
CHANGED
|
@@ -334,10 +334,6 @@ module PWN
|
|
|
334
334
|
var selected_data = selectedRows.data().toArray();
|
|
335
335
|
original_json.data = selected_data;
|
|
336
336
|
|
|
337
|
-
if (original_json.report_name) {
|
|
338
|
-
original_json.report_name += '_selected';
|
|
339
|
-
}
|
|
340
|
-
|
|
341
337
|
var json_str = JSON.stringify(original_json, null, 2);
|
|
342
338
|
var blob = new Blob([json_str], { type: 'application/json' });
|
|
343
339
|
var url = URL.createObjectURL(blob);
|
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -364,10 +364,6 @@ module PWN
|
|
|
364
364
|
|
|
365
365
|
original_json.data = new_data;
|
|
366
366
|
|
|
367
|
-
if (original_json.report_name) {
|
|
368
|
-
original_json.report_name += '_selected';
|
|
369
|
-
}
|
|
370
|
-
|
|
371
367
|
var json_str = JSON.stringify(original_json, null, 2);
|
|
372
368
|
var blob = new Blob([json_str], { type: 'application/json' });
|
|
373
369
|
var url = URL.createObjectURL(blob);
|
|
@@ -285,10 +285,6 @@ module PWN
|
|
|
285
285
|
var selected_data = selectedRows.data().toArray();
|
|
286
286
|
original_json.data = selected_data;
|
|
287
287
|
|
|
288
|
-
if (original_json.report_name) {
|
|
289
|
-
original_json.report_name += '_selected';
|
|
290
|
-
}
|
|
291
|
-
|
|
292
288
|
var json_str = JSON.stringify(original_json, null, 2);
|
|
293
289
|
var blob = new Blob([json_str], { type: 'application/json' });
|
|
294
290
|
var url = URL.createObjectURL(blob);
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.361
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -1051,14 +1051,14 @@ dependencies:
|
|
|
1051
1051
|
requirements:
|
|
1052
1052
|
- - '='
|
|
1053
1053
|
- !ruby/object:Gem::Version
|
|
1054
|
-
version: 0.
|
|
1054
|
+
version: 0.139.0
|
|
1055
1055
|
type: :runtime
|
|
1056
1056
|
prerelease: false
|
|
1057
1057
|
version_requirements: !ruby/object:Gem::Requirement
|
|
1058
1058
|
requirements:
|
|
1059
1059
|
- - '='
|
|
1060
1060
|
- !ruby/object:Gem::Version
|
|
1061
|
-
version: 0.
|
|
1061
|
+
version: 0.139.0
|
|
1062
1062
|
- !ruby/object:Gem::Dependency
|
|
1063
1063
|
name: slack-ruby-client
|
|
1064
1064
|
requirement: !ruby/object:Gem::Requirement
|