pwn 0.5.390 → 0.5.391

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29455d0f44118f016d59ba4370e80b883a189d960697d2ad98f1c6d36b6b953d
-  data.tar.gz: bda5ff363c12e7b054daf8f71936d8d83ccf973c7e927333331e6107ddb9e4df
+  metadata.gz: fbd0402cd8475fd231d37a5face9831c7f6e12151e76422201968eebf6f39180
+  data.tar.gz: 50f372071410a7a0e741b3e938ef7f8e498f5e609b8074ec35d0d2fc8f5d03d9
 SHA512:
-  metadata.gz: 885789f3328900c0e0cfee3c69a868a54851b9b156c61399a32f789daa767e1f33d5a1f4846d197832f76f8916da525cd40e564666691ed2489b495e0e47cc06
-  data.tar.gz: b25394c00e67546058cc7cc0b8da9cdf2b93a1165f4305ed056c5959907273f4b884607be987550095fd9fcae14bdacfd81a58a7e08c6381742cca2be6c947ee
+  metadata.gz: 033d363e5ff734f1f0c404a73d4f777acc529b3631e082be3fe5f6e33b76429199b2deef835d4c5ddc1b24b60a8477ebbdbe66278898ad33db8110ae94c9fc54
+  data.tar.gz: b0d3d7c16af3a0d39441c639de42b9c09eeb492962a6289a967f7f8ce489a3bf519dc97e109ba0bb756655a7d88ff539998cc7f0d6dd5b6ce47603efac5bcda0

data/Gemfile

@@ -69,7 +69,7 @@ gem 'ostruct', '0.6.3'
 gem 'packetfu', '2.0.0'
 gem 'packetgen', '4.1.1'
 gem 'pdf-reader', '2.15.0'
-gem 'pg', '1.6.1'
+gem 'pg', '1.6.2'
 gem 'pry', '0.15.2'
 gem 'pry-doc', '1.6.0'
 gem 'rake', '13.3.0'
@@ -84,7 +84,7 @@ gem 'rspec', '3.13.1'
 gem 'rtesseract', '3.1.4'
 gem 'rubocop', '1.80.1'
 gem 'rubocop-rake', '0.7.1'
-gem 'rubocop-rspec', '3.6.0'
+gem 'rubocop-rspec', '3.7.0'
 gem 'ruby-audio', '1.6.1'
 gem 'ruby-nmap', '1.0.3'
 gem 'ruby-saml', '1.18.1'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.390]:001 >>> PWN.help
+pwn[v0.5.391]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.390]:001 >>> PWN.help
+pwn[v0.5.391]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.390]:001 >>> PWN.help
+pwn[v0.5.391]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_burp_suite_pro_active_rest_api_scan

@@ -0,0 +1,181 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'fileutils'
+require 'pwn'
+require 'optparse'
+require 'uri'
+
+opts = {}
+OptionParser.new do |options|
+  options.banner = "USAGE:
+    #{File.basename($PROGRAM_NAME)} [opts]
+  "
+
+  options.on('-tTARGET', '--target_url=TARGET', '<Required - Target URI to Scan>') do |t|
+    opts[:target_url] = t
+  end
+
+  options.on('-oPATH', '--report_output_path=PATH', '<Required - Output Path for Active Scan Issues>') do |o|
+    opts[:output_path] = o
+  end
+
+  options.on('-dSWAGGER', '--swagger_definitions=SWAGGER', '<Required - Comma-delimited list of Swagger JSON/YAML files to import>') do |s|
+    opts[:swagger_definitions] = s
+  end
+
+  options.on('-D', '--[no-]debug', '<Optional - Enable Debug Output and Do Not Delete Temporary OpenAPI Spec>') do |d|
+    opts[:debug] = d
+  end
+
+  options.on('-vVERSION', '--openapi_spec_version=VERSION', '<Optional - OpenAPI/Swagger Specification Version (Defaults to 3.0.3)>') do |o|
+    opts[:openapi_spec_version] = o
+  end
+
+  options.on('-HJSON', '--additional_http_headers=JSON', '<Optional - JSON string of additional HTTP headers to include in requests (e.g. \'{"Header1":"Value1","Header2":"Value2"}\')>') do |h|
+    opts[:additional_http_headers] = h
+  end
+
+  options.on('-cCOLOR', '--highlight-color=COLOR', '<Optional - Highlight Color to use when importing OpenAPI/Swagger definitions  NONE||RED||ORANGE||YELLOW||GREEN||CYAN||BLUE||PINK||MAGENTA||GRAY (Defaults to GREEN)>') do |h|
+    opts[:highlight_color] = h
+  end
+
+  options.on('-nCOMMENTS', '--notes=COMMENTS', '<Optional - Comments to add when importing OpenAPI/Swagger definitions (Defaults to "Imported via <openapi_spec> on <timestamp>")>') do |n|
+    opts[:notes] = n
+  end
+
+  options.on('-eLIST', '--exclude_paths=LIST', '<Optional - Comma-delimited list of paths to exlude from scanning (e.g. "/api/login, /api/logout, /api/etc")>') do |e|
+    opts[:exclude_paths] = e
+  end
+
+  options.on('-bBPATH', '--burp_path=BPATH', '<Optional - Path to Burp Suite Pro Jar File (Defaults to /opt/burpsuite/burpsuite-pro.jar)>') do |b|
+    opts[:burp_jar_path] = b
+  end
+
+  options.on('-h', '--[no-]headless', '<Optional - Run Burp and Browser Headless>') do |h|
+    opts[:headless] = h
+  end
+
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+    opts[:in_scope] = s
+  end
+end.parse!
+
+if opts.empty?
+  puts `#{File.basename($PROGRAM_NAME)} --help`
+  exit 1
+end
+
+begin
+  timestamp = Time.now.strftime('%Y-%m-%d_%H-%M-%S%Z')
+  logger = PWN::Plugins::PWNLogger.create
+
+  burp_jar_path = opts[:burp_jar_path]
+  headless = opts[:headless] || false
+  target_url = opts[:target_url]
+  raise 'ERROR: --target_url is required.' if target_url.nil?
+
+  output_path = opts[:output_path]
+  raise 'ERROR: --report_output_path is required.' if output_path.nil?
+
+  swagger_definitions = opts[:swagger_definitions]
+  raise 'ERROR: --swagger_definitions is required.' if swagger_definitions.nil?
+
+  debug = opts[:debug] || false
+
+  swagger_defs_arr = swagger_definitions.split(',').map(&:strip)
+  scheme = URI.parse(target_url).scheme
+  target_host = URI.parse(target_url).host
+  base_url = "#{scheme}://#{target_host}"
+
+  openapi_spec_version = opts[:openapi_spec_version]
+  openapi_spec = "/tmp/openapi_spec-#{target_host}-#{timestamp}.json"
+
+  PWN::Plugins::OpenAPI.generate_spec(
+    spec_paths: swagger_defs_arr,
+    base_url: base_url,
+    output_json_path: openapi_spec,
+    target_version: openapi_spec_version,
+    debug: debug
+  )
+
+  additional_http_headers = opts[:additional_http_headers]
+  additional_http_headers = JSON.parse(additional_http_headers, symbolize_names: true) if additional_http_headers.is_a?(String)
+
+  highlight_color = opts[:highlight_color] ||= 'GREEN'
+  notes = opts[:notes] ||= "Imported via #{openapi_spec} on #{timestamp}"
+
+  exlude_paths = opts[:exclude_paths]
+  exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
+
+  in_scope = opts[:in_scope] ||= target_url
+
+  # ------
+  # Open Burp
+  if headless
+    burp_obj = PWN::Plugins::BurpSuite.start(
+      burp_jar_path: burp_jar_path,
+      browser_type: :headless
+    )
+  else
+    burp_obj = PWN::Plugins::BurpSuite.start(
+      burp_jar_path: burp_jar_path,
+      browser_type: :chrome
+    )
+  end
+
+  logger.info(burp_obj)
+  # Disable Proxy Intercepting Capabilities for this Driver
+  PWN::Plugins::BurpSuite.disable_proxy(burp_obj: burp_obj)
+
+  # Add URL to Target >> Scope >> Inclue in scope
+  PWN::Plugins::BurpSuite.add_to_scope(
+    burp_obj: burp_obj,
+    target_url: in_scope
+  )
+
+  json_sitemap = PWN::Plugins::BurpSuite.import_openapi_to_sitemap(
+    burp_obj: burp_obj,
+    openapi_spec: openapi_spec,
+    additional_http_headers: additional_http_headers,
+    highlight: highlight_color,
+    comment: notes,
+    debug: debug
+  )
+
+  raise "ERROR: Failed to import OpenAPI/Swagger spec #{openapi_spec} into Burp Suite Pro's Sitemap." if json_sitemap.nil? || json_sitemap.empty?
+
+  PWN::Plugins::BurpSuite.invoke_active_scan(
+    burp_obj: burp_obj,
+    target_url: in_scope,
+    exclude_paths: exlude_paths
+  )
+
+  # Dump a list of scan issues from Active Scan result
+  # scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(burp_obj: burp_obj)
+  # puts scan_issues
+
+  # Once DefectDojo begins to support XML report results
+  report_types = %i[html xml]
+  report_types.each do |report_type|
+    this_output_path = "#{output_path}.html"
+    # this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.html"
+
+    this_output_path = "#{output_path}.xml" if report_type == :xml
+    # this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.xml" if report_type == :xml
+
+    PWN::Plugins::BurpSuite.generate_scan_report(
+      burp_obj: burp_obj,
+      target_url: in_scope,
+      report_type: report_type,
+      output_path: this_output_path
+    )
+  end
+
+  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj)
+rescue StandardError => e
+  raise e
+ensure
+  FileUtils.rm_f(openapi_spec) unless debug
+  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
+end

data/bin/pwn_burp_suite_pro_active_scan

@@ -72,7 +72,6 @@ begin
   if headless
     burp_obj = PWN::Plugins::BurpSuite.start(
       burp_jar_path: burp_jar_path,
-      headless: true,
       browser_type: :headless
     )
   else
@@ -119,7 +118,11 @@ begin
   sleep duration # Sleep for now so everything loads the way we expect - blech.
   print "\n"
 
-  PWN::Plugins::BurpSuite.invoke_active_scan(burp_obj: burp_obj, target_url: in_scope, exclude_paths: exlude_paths)
+  PWN::Plugins::BurpSuite.invoke_active_scan(
+    burp_obj: burp_obj,
+    target_url: in_scope,
+    exclude_paths: exlude_paths
+  )
 
   # Dump a list of scan issues from Active Scan result
   # scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(burp_obj: burp_obj)

data/lib/pwn/plugins/open_api.rb

@@ -27,7 +27,7 @@ module PWN
         base_url = opts[:base_url]
         raise ArgumentError, 'base_url is required' if base_url.nil? || base_url.empty?
 
-        target_version = opts[:target_version] || '3.0.3'
+        target_version = opts[:target_version] ||= '3.0.3'
         raise ArgumentError, "Unsupported OpenAPI version: #{target_version}" unless %w[3.0.0 3.0.1 3.0.2 3.0.3 3.1.0].include?(target_version)
 
         output_json_path = opts[:output_json_path]

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.390'
+  VERSION = '0.5.391'
 end

data/third_party/pwn_rdoc.jsonl

@@ -1050,10 +1050,15 @@
 {"messages":[{"role":"user","content":"PWN::Reports::Fuzz.authors Usage"},{"role":"assistant","content":"`PWN::Reports::Fuzz.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Fuzz.generate Usage"},{"role":"assistant","content":"`PWN::Reports::Fuzz.generate`: Supported Method Parameters\n\nPWN::Reports::Fuzz.generate(\n\ndir_path: dir_path,\nresults_hash: results_hash,\nchar_encoding: 'optional - character encoding returned by PWN::Plugins::Char.list_encoders (defaults to UTF-8)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Fuzz.help Usage"},{"role":"assistant","content":"`PWN::Reports::Fuzz.help`: "}]}
+{"messages":[{"role":"user","content":"PWN::Reports::HTMLHeader.authors Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLHeader.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
+{"messages":[{"role":"user","content":"PWN::Reports::HTMLHeader.generate Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLHeader.generate`: Supported Method Parameters\n\nPWN::Reports::HTMLHeader.generate(\n\ncolumn_names: 'required - array of column names to use in the report table',\ndriver_src_uri: 'required - pwn driver source code uri',\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Reports::HTMLHeader.help Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLHeader.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Phone.authors Usage"},{"role":"assistant","content":"`PWN::Reports::Phone.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Phone.generate Usage"},{"role":"assistant","content":"`PWN::Reports::Phone.generate`: Supported Method Parameters\n\nPWN::Reports::Phone.generate(\n\ndir_path: dir_path,\nresults_hash: results_hash\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Phone.help Usage"},{"role":"assistant","content":"`PWN::Reports::Phone.help`: "}]}
+{"messages":[{"role":"user","content":"PWN::Reports::SAST.authors Usage"},{"role":"assistant","content":"`PWN::Reports::SAST.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::SAST.generate Usage"},{"role":"assistant","content":"`PWN::Reports::SAST.generate`: Supported Method Parameters\n\nPWN::Reports::SAST.generate(\n\ndir_path: 'optional - Directory path to save the report (defaults to .)',\nresults_hash: 'optional - Hash containing the results of the SAST analysis (defaults to empty hash structure)',\nreport_name: 'optional - Name of the report file (defaults to current directory name)',\nai_engine: 'optional - AI engine to use for analysis (:grok, :ollama, or :openai)',\nai_model: 'optionnal - AI Model to Use for Respective AI Engine (e.g., grok-4i-0709, chargpt-4o-latest, llama-3.1, etc.)',\nai_key: 'optional -  AI Key/Token for Respective AI Engine',\nai_fqdn: 'optional -  AI FQDN (Only Required for \"ollama\" AI Engine)',\nai_system_role_content: 'optional - AI System Role Content (Defaults to \"Is this code vulnerable or a false positive?  Valid responses are only: \"VULNERABLE\" or \"FALSE+\". DO NOT PROVIDE ANY OTHER TEXT OR EXPLANATIONS.\")',\nai_temp: 'optional - AI Temperature (Defaults to 0.9)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Reports::SAST.help Usage"},{"role":"assistant","content":"`PWN::Reports::SAST.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Reports::URIBuster.authors Usage"},{"role":"assistant","content":"`PWN::Reports::URIBuster.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::URIBuster.generate Usage"},{"role":"assistant","content":"`PWN::Reports::URIBuster.generate`: Supported Method Parameters\n\nPWN::Reports::URIBuster.generate(\n\ndir_path: dir_path,\nresults_hash: results_hash\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::URIBuster.help Usage"},{"role":"assistant","content":"`PWN::Reports::URIBuster.help`: "}]}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.390
+  version: 0.5.391
 platform: ruby
 authors:
 - 0day Inc.
@@ -757,14 +757,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: 1.6.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: 1.6.2
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -967,14 +967,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.7.0
 - !ruby/object:Gem::Dependency
   name: ruby-audio
   requirement: !ruby/object:Gem::Requirement
@@ -1279,6 +1279,7 @@ executables:
 - pwn_aws_describe_resources
 - pwn_bdba_groups
 - pwn_bdba_scan
+- pwn_burp_suite_pro_active_rest_api_scan
 - pwn_burp_suite_pro_active_scan
 - pwn_char_base64_encoding
 - pwn_char_dec_encoding
@@ -1348,6 +1349,7 @@ files:
 - bin/pwn_aws_describe_resources
 - bin/pwn_bdba_groups
 - bin/pwn_bdba_scan
+- bin/pwn_burp_suite_pro_active_rest_api_scan
 - bin/pwn_burp_suite_pro_active_scan
 - bin/pwn_char_base64_encoding
 - bin/pwn_char_dec_encoding