pwn 0.5.364 → 0.5.366
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/bin/pwn_burp_suite_pro_active_scan +9 -2
- data/lib/pwn/plugins/burp_suite.rb +10 -2
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ac6a30a54dae903391f0cee9449ab6315a0ec2c0c7d465c6ee8690ff6e5751a2
|
|
4
|
+
data.tar.gz: 537ddd5286c01931b44a9e77a035c4d29e7431b1a02129961283ca5a5f384428
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9e60f3e426c000b4a47f5c81d4cfc80f971dc4ab622eab194ea45f0ac30102bb50c5e9e3e09691c2527239cf8628be640dedfc5c9198d51f09c527401f891fe0
|
|
7
|
+
data.tar.gz: d6d97a7ad335f8552eb2830b3a4175842a877583f214528d048332e0d698bd834c111f9ff691d9c3f9994b8a0236ddb619476fd9de25012cbc550ca7060421a9
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.366]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.366]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.366]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -18,6 +18,10 @@ OptionParser.new do |options|
|
|
|
18
18
|
opts[:output_path] = o
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
options.on('-eLIST', '--exclude_paths=LIST', '<Optional - Comma-delimited list of paths to exlude from scanning (e.g. "/api/login, /api/logout, /api/etc")>') do |e|
|
|
22
|
+
opts[:exclude_paths] = e
|
|
23
|
+
end
|
|
24
|
+
|
|
21
25
|
options.on('-bBPATH', '--burp_path=BPATH', '<Optional - Path to Burp Suite Pro Jar File (Defaults to /opt/burpsuite/burpsuite-pro.jar)>') do |b|
|
|
22
26
|
opts[:burp_jar_path] = b
|
|
23
27
|
end
|
|
@@ -34,7 +38,7 @@ OptionParser.new do |options|
|
|
|
34
38
|
opts[:navigation_instruct] = i
|
|
35
39
|
end
|
|
36
40
|
|
|
37
|
-
options.on('-iURL', '
|
|
41
|
+
options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
|
|
38
42
|
opts[:in_scope] = s
|
|
39
43
|
end
|
|
40
44
|
end.parse!
|
|
@@ -56,6 +60,9 @@ begin
|
|
|
56
60
|
output_path = opts[:output_path]
|
|
57
61
|
raise 'ERROR: --report_output_path is required.' if output_path.nil?
|
|
58
62
|
|
|
63
|
+
exlude_paths = opts[:exclude_paths]
|
|
64
|
+
exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
|
|
65
|
+
|
|
59
66
|
navigation_instruct = opts[:navigation_instruct]
|
|
60
67
|
|
|
61
68
|
in_scope = opts[:in_scope] ||= target_url
|
|
@@ -112,7 +119,7 @@ begin
|
|
|
112
119
|
sleep duration # Sleep for now so everything loads the way we expect - blech.
|
|
113
120
|
print "\n"
|
|
114
121
|
|
|
115
|
-
PWN::Plugins::BurpSuite.invoke_active_scan(burp_obj: burp_obj, target_url: in_scope)
|
|
122
|
+
PWN::Plugins::BurpSuite.invoke_active_scan(burp_obj: burp_obj, target_url: in_scope, exclude_paths: exlude_paths)
|
|
116
123
|
|
|
117
124
|
# Dump a list of scan issues from Active Scan result
|
|
118
125
|
# scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(burp_obj: burp_obj)
|
|
@@ -771,7 +771,8 @@ module PWN
|
|
|
771
771
|
# Supported Method Parameters::
|
|
772
772
|
# active_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(
|
|
773
773
|
# burp_obj: 'required - burp_obj returned by #start method',
|
|
774
|
-
# target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])'
|
|
774
|
+
# target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',
|
|
775
|
+
# exclude_paths: 'optional - array of paths to exclude from active scan (default: [])'
|
|
775
776
|
# )
|
|
776
777
|
|
|
777
778
|
public_class_method def self.invoke_active_scan(opts = {})
|
|
@@ -779,6 +780,10 @@ module PWN
|
|
|
779
780
|
rest_browser = burp_obj[:rest_browser]
|
|
780
781
|
pwn_burp_api = burp_obj[:pwn_burp_api]
|
|
781
782
|
target_url = opts[:target_url].to_s.scrub.strip.chomp
|
|
783
|
+
raise 'ERROR: target_url parameter is required' if target_url.empty?
|
|
784
|
+
|
|
785
|
+
exclude_paths = opts[:exclude_paths] ||= []
|
|
786
|
+
|
|
782
787
|
target_scheme = URI.parse(target_url).scheme
|
|
783
788
|
target_host = URI.parse(target_url).host
|
|
784
789
|
target_path = URI.parse(target_url).path
|
|
@@ -793,6 +798,8 @@ module PWN
|
|
|
793
798
|
json_req = site[:request]
|
|
794
799
|
b64_decoded_req = Base64.strict_decode64(json_req)
|
|
795
800
|
json_path = b64_decoded_req.split[1].to_s.scrub.strip.chomp
|
|
801
|
+
next if exclude_paths.include?(json_path)
|
|
802
|
+
|
|
796
803
|
json_query = json_path.split('?')[1].to_s.scrub.strip.chomp
|
|
797
804
|
|
|
798
805
|
json_http_svc = site[:http_service]
|
|
@@ -1083,7 +1090,8 @@ module PWN
|
|
|
1083
1090
|
|
|
1084
1091
|
active_scan_url_arr = #{self}.invoke_active_scan(
|
|
1085
1092
|
burp_obj: 'required - burp_obj returned by #start method',
|
|
1086
|
-
target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])'
|
|
1093
|
+
target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',
|
|
1094
|
+
exclude_paths: 'optional - array of paths to exclude from active scan (default: [])'
|
|
1087
1095
|
)
|
|
1088
1096
|
|
|
1089
1097
|
json_scan_issues = #{self}.get_scan_issues(
|
data/lib/pwn/version.rb
CHANGED