RubyGems - pwn - Versions diffs - 0.5.390 → 0.5.392 - Mend

pwn 0.5.390 → 0.5.392

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/Gemfile +3 -3
data/README.md +3 -3
data/bin/pwn_burp_suite_pro_active_rest_api_scan +181 -0
data/bin/pwn_burp_suite_pro_active_scan +5 -2
data/lib/pwn/plugins/open_api.rb +1 -1
data/lib/pwn/reports/html_footer.rb +164 -0
data/lib/pwn/reports/html_header.rb +27 -9
data/lib/pwn/reports/sast.rb +3 -162
data/lib/pwn/reports.rb +1 -0
data/lib/pwn/version.rb +1 -1
data/spec/lib/pwn/reports/html_footer_spec.rb +15 -0
data/third_party/pwn_rdoc.jsonl +5 -0
metadata +11 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29455d0f44118f016d59ba4370e80b883a189d960697d2ad98f1c6d36b6b953d
-  data.tar.gz: bda5ff363c12e7b054daf8f71936d8d83ccf973c7e927333331e6107ddb9e4df
+  metadata.gz: f5187c42fe3f9cc6cafcd3663179230111276cc2305f0c24ed1f7070be21c319
+  data.tar.gz: cf9d12113a23120d0e39ccc840cd23c77330829a7d51af3f2601504499b20468
 SHA512:
-  metadata.gz: 885789f3328900c0e0cfee3c69a868a54851b9b156c61399a32f789daa767e1f33d5a1f4846d197832f76f8916da525cd40e564666691ed2489b495e0e47cc06
-  data.tar.gz: b25394c00e67546058cc7cc0b8da9cdf2b93a1165f4305ed056c5959907273f4b884607be987550095fd9fcae14bdacfd81a58a7e08c6381742cca2be6c947ee
+  metadata.gz: 6605150902b9eb40072585b38674868a4ec507c1b938a4a9a8f63799e5bb4f959238dbeb66dbb4a1a1c2860e4a5ad1396edf59ac0ab130fb3d17eb11f0c115b3
+  data.tar.gz: 91e3fefae884f51df19571dac3f1bd0e3a767ecd6f335d39de9823554583f715bb2b05679e3fef45c70d62166c8aa56aab95cbe6a9f75d48b491f92f9b8e568b

data/Gemfile CHANGED Viewed

@@ -69,7 +69,7 @@ gem 'ostruct', '0.6.3'
 gem 'packetfu', '2.0.0'
 gem 'packetgen', '4.1.1'
 gem 'pdf-reader', '2.15.0'
-gem 'pg', '1.6.1'
+gem 'pg', '1.6.2'
 gem 'pry', '0.15.2'
 gem 'pry-doc', '1.6.0'
 gem 'rake', '13.3.0'
@@ -82,9 +82,9 @@ gem 'rmagick', '6.1.4'
 gem 'rqrcode', '3.1.0'
 gem 'rspec', '3.13.1'
 gem 'rtesseract', '3.1.4'
-gem 'rubocop', '1.80.1'
+gem 'rubocop', '1.80.2'
 gem 'rubocop-rake', '0.7.1'
-gem 'rubocop-rspec', '3.6.0'
+gem 'rubocop-rspec', '3.7.0'
 gem 'ruby-audio', '1.6.1'
 gem 'ruby-nmap', '1.0.3'
 gem 'ruby-saml', '1.18.1'

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.390]:001 >>> PWN.help
+pwn[v0.5.392]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.390]:001 >>> PWN.help
+pwn[v0.5.392]:001 >>> PWN.help
 ```
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.390]:001 >>> PWN.help
+pwn[v0.5.392]:001 >>> PWN.help
 ```
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_burp_suite_pro_active_rest_api_scan ADDED Viewed

@@ -0,0 +1,181 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+require 'fileutils'
+require 'pwn'
+require 'optparse'
+require 'uri'
+opts = {}
+OptionParser.new do |options|
+  options.banner = "USAGE:
+    #{File.basename($PROGRAM_NAME)} [opts]
+  "
+  options.on('-tTARGET', '--target_url=TARGET', '<Required - Target URI to Scan>') do |t|
+    opts[:target_url] = t
+  end
+  options.on('-oPATH', '--report_output_path=PATH', '<Required - Output Path for Active Scan Issues>') do |o|
+    opts[:output_path] = o
+  end
+  options.on('-dSWAGGER', '--swagger_definitions=SWAGGER', '<Required - Comma-delimited list of Swagger JSON/YAML files to import>') do |s|
+    opts[:swagger_definitions] = s
+  end
+  options.on('-D', '--[no-]debug', '<Optional - Enable Debug Output and Do Not Delete Temporary OpenAPI Spec>') do |d|
+    opts[:debug] = d
+  end
+  options.on('-vVERSION', '--openapi_spec_version=VERSION', '<Optional - OpenAPI/Swagger Specification Version (Defaults to 3.0.3)>') do |o|
+    opts[:openapi_spec_version] = o
+  end
+  options.on('-HJSON', '--additional_http_headers=JSON', '<Optional - JSON string of additional HTTP headers to include in requests (e.g. \'{"Header1":"Value1","Header2":"Value2"}\')>') do |h|
+    opts[:additional_http_headers] = h
+  end
+  options.on('-cCOLOR', '--highlight-color=COLOR', '<Optional - Highlight Color to use when importing OpenAPI/Swagger definitions  NONE||RED||ORANGE||YELLOW||GREEN||CYAN||BLUE||PINK||MAGENTA||GRAY (Defaults to GREEN)>') do |h|
+    opts[:highlight_color] = h
+  end
+  options.on('-nCOMMENTS', '--notes=COMMENTS', '<Optional - Comments to add when importing OpenAPI/Swagger definitions (Defaults to "Imported via <openapi_spec> on <timestamp>")>') do |n|
+    opts[:notes] = n
+  end
+  options.on('-eLIST', '--exclude_paths=LIST', '<Optional - Comma-delimited list of paths to exlude from scanning (e.g. "/api/login, /api/logout, /api/etc")>') do |e|
+    opts[:exclude_paths] = e
+  end
+  options.on('-bBPATH', '--burp_path=BPATH', '<Optional - Path to Burp Suite Pro Jar File (Defaults to /opt/burpsuite/burpsuite-pro.jar)>') do |b|
+    opts[:burp_jar_path] = b
+  end
+  options.on('-h', '--[no-]headless', '<Optional - Run Burp and Browser Headless>') do |h|
+    opts[:headless] = h
+  end
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+    opts[:in_scope] = s
+  end
+end.parse!
+if opts.empty?
+  puts `#{File.basename($PROGRAM_NAME)} --help`
+  exit 1
+end
+begin
+  timestamp = Time.now.strftime('%Y-%m-%d_%H-%M-%S%Z')
+  logger = PWN::Plugins::PWNLogger.create
+  burp_jar_path = opts[:burp_jar_path]
+  headless = opts[:headless] || false
+  target_url = opts[:target_url]
+  raise 'ERROR: --target_url is required.' if target_url.nil?
+  output_path = opts[:output_path]
+  raise 'ERROR: --report_output_path is required.' if output_path.nil?
+  swagger_definitions = opts[:swagger_definitions]
+  raise 'ERROR: --swagger_definitions is required.' if swagger_definitions.nil?
+  debug = opts[:debug] || false
+  swagger_defs_arr = swagger_definitions.split(',').map(&:strip)
+  scheme = URI.parse(target_url).scheme
+  target_host = URI.parse(target_url).host
+  base_url = "#{scheme}://#{target_host}"
+  openapi_spec_version = opts[:openapi_spec_version]
+  openapi_spec = "/tmp/openapi_spec-#{target_host}-#{timestamp}.json"
+  PWN::Plugins::OpenAPI.generate_spec(
+    spec_paths: swagger_defs_arr,
+    base_url: base_url,
+    output_json_path: openapi_spec,
+    target_version: openapi_spec_version,
+    debug: debug
+  )
+  additional_http_headers = opts[:additional_http_headers]
+  additional_http_headers = JSON.parse(additional_http_headers, symbolize_names: true) if additional_http_headers.is_a?(String)
+  highlight_color = opts[:highlight_color] ||= 'GREEN'
+  notes = opts[:notes] ||= "Imported via #{openapi_spec} on #{timestamp}"
+  exlude_paths = opts[:exclude_paths]
+  exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
+  in_scope = opts[:in_scope] ||= target_url
+  # ------
+  # Open Burp
+  if headless
+    burp_obj = PWN::Plugins::BurpSuite.start(
+      burp_jar_path: burp_jar_path,
+      browser_type: :headless
+    )
+  else
+    burp_obj = PWN::Plugins::BurpSuite.start(
+      burp_jar_path: burp_jar_path,
+      browser_type: :chrome
+    )
+  end
+  logger.info(burp_obj)
+  # Disable Proxy Intercepting Capabilities for this Driver
+  PWN::Plugins::BurpSuite.disable_proxy(burp_obj: burp_obj)
+  # Add URL to Target >> Scope >> Inclue in scope
+  PWN::Plugins::BurpSuite.add_to_scope(
+    burp_obj: burp_obj,
+    target_url: in_scope
+  )
+  json_sitemap = PWN::Plugins::BurpSuite.import_openapi_to_sitemap(
+    burp_obj: burp_obj,
+    openapi_spec: openapi_spec,
+    additional_http_headers: additional_http_headers,
+    highlight: highlight_color,
+    comment: notes,
+    debug: debug
+  )
+  raise "ERROR: Failed to import OpenAPI/Swagger spec #{openapi_spec} into Burp Suite Pro's Sitemap." if json_sitemap.nil? || json_sitemap.empty?
+  PWN::Plugins::BurpSuite.invoke_active_scan(
+    burp_obj: burp_obj,
+    target_url: in_scope,
+    exclude_paths: exlude_paths
+  )
+  # Dump a list of scan issues from Active Scan result
+  # scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(burp_obj: burp_obj)
+  # puts scan_issues
+  # Once DefectDojo begins to support XML report results
+  report_types = %i[html xml]
+  report_types.each do |report_type|
+    this_output_path = "#{output_path}.html"
+    # this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.html"
+    this_output_path = "#{output_path}.xml" if report_type == :xml
+    # this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.xml" if report_type == :xml
+    PWN::Plugins::BurpSuite.generate_scan_report(
+      burp_obj: burp_obj,
+      target_url: in_scope,
+      report_type: report_type,
+      output_path: this_output_path
+    )
+  end
+  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj)
+rescue StandardError => e
+  raise e
+ensure
+  FileUtils.rm_f(openapi_spec) unless debug
+  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
+end

data/bin/pwn_burp_suite_pro_active_scan CHANGED Viewed

@@ -72,7 +72,6 @@ begin
   if headless
     burp_obj = PWN::Plugins::BurpSuite.start(
       burp_jar_path: burp_jar_path,
-      headless: true,
       browser_type: :headless
     )
   else
@@ -119,7 +118,11 @@ begin
   sleep duration # Sleep for now so everything loads the way we expect - blech.
   print "\n"
-  PWN::Plugins::BurpSuite.invoke_active_scan(burp_obj: burp_obj, target_url: in_scope, exclude_paths: exlude_paths)
+  PWN::Plugins::BurpSuite.invoke_active_scan(
+    burp_obj: burp_obj,
+    target_url: in_scope,
+    exclude_paths: exlude_paths
+  )
   # Dump a list of scan issues from Active Scan result
   # scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(burp_obj: burp_obj)

data/lib/pwn/plugins/open_api.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module PWN
         base_url = opts[:base_url]
         raise ArgumentError, 'base_url is required' if base_url.nil? || base_url.empty?
-        target_version = opts[:target_version] || '3.0.3'
+        target_version = opts[:target_version] ||= '3.0.3'
         raise ArgumentError, "Unsupported OpenAPI version: #{target_version}" unless %w[3.0.0 3.0.1 3.0.2 3.0.3 3.1.0].include?(target_version)
         output_json_path = opts[:output_json_path]

data/lib/pwn/reports/html_footer.rb ADDED Viewed

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+require 'cgi'
+require 'json'
+require 'tty-spinner'
+module PWN
+  module Reports
+    # This plugin generates the HTML header and includes external JS/CSS libraries for PWN reports.
+    module HTMLFooter
+      # Supported Method Parameters::
+      # PWN::Reports::HTMLFooter.generate(
+      #   column_names: 'required - array of column names to use in the report table',
+      #   driver_src_uri: 'required - pwn driver source code uri',
+      # )
+      public_class_method def self.generate
+        %(
+                // Select All and Deselect All
+                function select_deselect_all() {
+                  var visible_multi_line_trs = $('#pwn_results tbody tr:visible .multi_line_select tr');
+                  var highlighted_in_visible = visible_multi_line_trs.filter('.highlighted');
+                  if (highlighted_in_visible.length === visible_multi_line_trs.length) {
+                    highlighted_in_visible.removeClass('highlighted');
+                  } else {
+                    visible_multi_line_trs.filter(':not(.highlighted)').addClass('highlighted');
+                  }
+                }
+                function getExportData(table) {
+                  return new Promise((resolve) => {
+                    $.getJSON(table.ajax.url(), function(original_json) {
+                      let new_data;
+                      if ($('.multi_line_select tr.highlighted').length === 0) {
+                        new_data = original_json.data;
+                      } else {
+                        var selected_results = {};
+                        $('.multi_line_select tr.highlighted').each(function() {
+                          var inner_tr = $(this);
+                          var main_tr = inner_tr.closest('td').parent();
+                          var row = table.row(main_tr);
+                          var row_index = row.index();
+                          var line_index = inner_tr.index();
+                          if (selected_results[row_index] === undefined) {
+                            selected_results[row_index] = {
+                              row: row,
+                              lines: []
+                            };
+                          }
+                          selected_results[row_index].lines.push(line_index);
+                        });
+                        new_data = [];
+                        Object.keys(selected_results).forEach(function(ri) {
+                          var sel = selected_results[ri];
+                          var orig_row_data = sel.row.data();
+                          var new_row_data = JSON.parse(JSON.stringify(orig_row_data));
+                          sel.lines.sort((a, b) => a - b);
+                          new_row_data.line_no_and_contents = sel.lines.map(function(li) {
+                            return orig_row_data.line_no_and_contents[li];
+                          });
+                          new_row_data.raw_content = new_row_data.line_no_and_contents.map(l => l.contents).join('\\n');
+                          new_data.push(new_row_data);
+                        });
+                      }
+                      resolve({data: new_data, report_name: original_json.report_name});
+                    });
+                  });
+                }
+                function export_json(table) {
+                  if ($('.multi_line_select tr.highlighted').length === 0 && !confirm('No lines selected. Export all records?')) {
+                    return;
+                  }
+                  getExportData(table).then(({data, report_name}) => {
+                    var original_json = {report_name: report_name, data: data};
+                    var json_str = JSON.stringify(original_json, null, 2);
+                    var blob = new Blob([json_str], { type: 'application/json' });
+                    var url = URL.createObjectURL(blob);
+                    var a = document.createElement('a');
+                    a.href = url;
+                    a.download = report_name + '.json';
+                    document.body.appendChild(a);
+                    a.click();
+                    document.body.removeChild(a);
+                    URL.revokeObjectURL(url);
+                  });
+                }
+                // Custom advanced search handling
+                $('#dt-search-0').unbind();
+                $('#dt-search-0').on('input', function() {
+                  var table = $('#pwn_results').DataTable();
+                  var searchTerm = this.value;
+                  var isRegex = false;
+                  var isSmart = true;
+                  table.search(searchTerm, isRegex, isSmart).draw();
+                });
+                // Toggle Columns
+                $('a.toggle-vis').on('click', function (e) {
+                  var table = $('#pwn_results').DataTable();
+                  e.preventDefault();
+                  // Get the column API object
+                  var column = table.column( $(this).attr('data-column') );
+                  // Toggle the visibility
+                  column.visible( ! column.visible() );
+                });
+                // Row highlighting for multi-line selection
+                $('#pwn_results').on('click', '.multi_line_select tr', function () {
+                  $(this).toggleClass('highlighted');
+                });
+                // Detect window size changes and recalculate/update scrollY
+                $(window).resize(function() {
+                  var table = $('#pwn_results').DataTable();
+                  var newWindowHeight = $(window).height();
+                  var newScrollYHeight = Math.max(min_scroll_height, newWindowHeight - offset);  // Your offset
+                  $('.dt-scroll-body').css('max-height', newScrollYHeight + 'px')
+                  table.columns.adjust().draw(false);  // Adjust columns first, then redraw without data reload
+                  console.log('Window resized. New scrollY height: ' + newScrollYHeight + 'px');
+                });
+            </script>
+          </body>
+        </html>
+        )
+      rescue StandardError => e
+        raise e
+      end
+      # Author(s):: 0day Inc. <support@0dayinc.com>
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <support@0dayinc.com>
+        "
+      end
+      # Display Usage for this Module
+      public_class_method def self.help
+        puts "USAGE:
+          #{self}.generate(
+            column_names: 'Array of Column Names to use in the report table',
+            driver_src_uri: 're
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/reports/html_header.rb CHANGED Viewed

@@ -73,13 +73,6 @@ module PWN
             <!-- favicon.ico from https://0dayinc.com -->
             <link rel="icon" href="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAABIXAAASFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkAAACJAgAAiSYAAIlbAACJcAAAiX0AAIlmAACJLQAAiQQAAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkAAACJAAAAiS0AAIluAACJdwAAiXgAAIl+AACJeAAAiXQAAIk5AACJAQAAiQAAAAAAAAAAAAAAAAAAAAAAAACJAAAAiRgAAIlvAACJbQAAiXcAAIl7AACJcwAAiXEAAIl1AACJZwAAiR4AAIkAAACJAAAAAAAAAAAAAACJAAAAiQAAAIlEAACJfAAAiXIAAIlyAACJewAAiX4AAIl5AACJdQAAiXcAAIlIAACJAAAAiQAAAAAAAAAAAAAAiQAAAIkJAACJWQAAiXUAAIl9AACJdAAAiYYAAImLAACJdAAAiXkAAImNAACJfQAAiQwAAIkAAAAAAAAAAAAAAIkAAACJFQAAiWsAAIl2AACJfAAAiYIAAImCAACJfwAAiXYAAIl5AACJiQAAiYYAAIkWAACJAAAAAAAAAAAAAACJAAAAiSAAAIl2AACJeQAAiXkAAIl1AACJfwAAiYEAAIl8AACJbwAAiXoAAImBAACJFgAAiQAAAAAAAAAAAAAAiQAAAIkpAACJeAAAiXMAAIl3AACJeQAAiXUAAImAAACJfwAAiWYAAIl4AACJfwAAiR4AAIkAAAAAAAAAAAAAAIkAAACJKAAAiXkAAIlyAACJdQAAiXQAAIluAACJfAAAiXwAAIl3AACJewAAiXwAAIkvAACJAAAAAAAAAAAAAACJAAAAiSMAAIl4AACJdgAAiXsAAIl1AACJcQAAiXcAAIl6AACJeQAAiXoAAIl0AACJKQAAiQAAAAAAAAAAAAAAiQAAAIkXAACJaAAAiXgAAIl3AACJfAAAiXkAAIl3AACJZwAAiXcAAIl0AACJagAAiSgAAIkAAAAAAAAAAAAAAIkAAACJDgAAiV4AAIl5AACJbwAAiW4AAIl9AACJewAAiXcAAIl6AACJfQAAiW8AAIkWAACJAAAAAAAAAAAAAACJAAAAiQ0AAIllAACJewAAiXYAAIl4AACJdQAAiXUAAIl4AACJbQAAiXkAAIlNAACJAwAAiQAAAAAAAAAAAAAAiQAAAIkCAACJPQAAiXMAAIl2AACJeAAAiWgAAIlsAACJfQAAiXsAAIlwAACJGQAAiQAAAIkAAAAAAAAAAAAAAAAAAACJAAAAiQcAAIk4AACJXAAAiXoAAIl7AACJfAAAiYAAAIlsAACJJwAAiQMAAIkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIkAAACJAQAAiSsAAIluAACJewAAiXwAAIluAACJKgAAiQAAAIkAAAAAAAAAAAAAAAAA8A8AAPAHAADgBwAA4AcAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAHAADgBwAA8B8AAA==" type="image/x-icon" />
             <style>
-              body {
-                font-family: Verdana, Geneva, sans-serif;
-                font-size: 11px;
-                background-color: #FFFFFF;
-                color: #084B8A !important;
-              }
               a:link {
                 color: #0174DF;
                 text-decoration: none;
@@ -100,15 +93,27 @@ module PWN
                 text-decoration: underline;
               }
+              body {
+                font-family: Verdana, Geneva, sans-serif;
+                font-size: 11px;
+                background-color: #FFFFFF;
+                color: #084B8A !important;
+                margin: 3px 3px 3px 3px !important;
+                padding: 0px 0px 0px 0px !important;
+                overflow-y: hidden;
+                min-height: 100vh !important;
+                height: 100% !important;
+              }
               div.toggle_col_and_button_group {
                 display: flex; /* Makes the container a flex container */
                 justify-content: none; /* Aligns items along the main axis */
                 align-items: flex-start; /* Aligns items to the start of the cross-axis */
                 width: 1275px !important;
-              }}
+              }
               div.cols_to_toggle {
-                width: 300px !important;
+                width: 855px !important;
                 text-align: left !important;
                 vertical-align: middle !important;
               }
@@ -119,6 +124,8 @@ module PWN
               }
               div.dt-container {
+                min-height: 100vh !important;
+                height: 100% !important;
                 width: 1275px !important;
               }
@@ -129,6 +136,7 @@ module PWN
               span.highlight {
                 background-color: cyan  !important;
               }
               table {
                 width: 100%;
                 border-spacing:0px;
@@ -226,6 +234,16 @@ module PWN
                 <!-- DataTables <tbody> -->
               </table>
             </div>
+            <script>
+              var htmlEntityEncode = $.fn.dataTable.render.text().display;
+              var line_entry_uri = "";
+              var oldStart = 0;
+              var windowHeight = $(window).height();
+              // Calculate scrollY: Subtract an offset for non-table elements
+              var offset = 325;
+              var min_scroll_height = 50;
+              var scrollYHeight = Math.max(min_scroll_height, windowHeight - offset);  // Ensure minimum of 600px
         )
       rescue StandardError => e
         raise e

data/lib/pwn/reports/sast.rb CHANGED Viewed

@@ -139,18 +139,7 @@ module PWN
         driver_src_uri = 'https://github.com/0dayinc/pwn/blob/master/bin/pwn_sast'
         html_report = %(#{PWN::Reports::HTMLHeader.generate(column_names: column_names, driver_src_uri: driver_src_uri)}
-            <script>
-              var htmlEntityEncode = $.fn.dataTable.render.text().display;
-              var line_entry_uri = "";
               $(document).ready(function() {
-                var oldStart = 0;
-                var windowHeight = $(window).height();
-                // Calculate scrollY: Subtract an offset for non-table elements
-                var offset = 400;
-                var min_scroll_height = 100;
-                var scrollYHeight = Math.max(min_scroll_height, windowHeight - offset);  // Ensure minimum of 600px
                 var table = $('#pwn_results').DataTable( {
                   "order": [[2, 'asc']],
                   "scrollY": scrollYHeight + "px",
@@ -310,7 +299,7 @@ module PWN
                         {
                           text: 'Export to JSON',
                           action: function () {
-                            export_json();
+                            export_json(table);
                           }
                         },
                         {
@@ -332,151 +321,12 @@ module PWN
                   }
                 });
-                $('#pwn_results tbody').on('click', '.multi_line_select tr', function () {
-                  $(this).toggleClass('highlighted');
-                });
-                // Dynamically create the smart toggle label and input
-                var smartLabel = $('<label for="smart-toggle">Smart Search (e.g., "security !password")</label>');
-                var smartInput = $('<input type="radio" id="smart-toggle" name="searchMode" value="" checked>');
-                smartLabel.prepend(smartInput);  // Prepend input inside label for proper association
-                // Dynamically create the regex toggle label and input
-                var regexLabel = $('<label for="regex-toggle">Regex Search (e.g., "^important.*$")</label>');
-                var regexInput = $('<input type="radio" id="regex-toggle" name="searchMode" value="">');
-                regexLabel.prepend(regexInput);  // Prepend input inside label
-                // Now relocate them as before (insert before the search input)
-                smartLabel.insertBefore('#dt-search-0');
-                regexLabel.insertBefore('#dt-search-0');
-                // Style for inline display and spacing
-                smartLabel.css({ display: 'inline-block', marginRight: '10px' });
-                regexLabel.css({ display: 'inline-block', marginRight: '10px' });
-                // Optional: Hide the default "Search:" label if not needed
-                $('.dt-search label:first-of-type').hide();
-                // Custom advanced search handling
-                $('#dt-search-0').unbind();
-                $('#dt-search-0').on('input', function() {
-                  var table = $('#pwn_results').DataTable();
-                  var searchTerm = this.value;
-                  var isRegex = $('#regex-toggle').prop('checked');
-                  var isSmart = $('#smart-toggle').prop('checked');
-                  table.search(searchTerm, isRegex, isSmart).draw();
-                });
-                // Additionally, reapply search on toggle changes (assuming radios exist in HTML)
-                $('#regex-toggle, #smart-toggle').on('input', function() {
-                  var table = $('#pwn_results').DataTable();
-                  var searchTerm = this.value;
-                  var isRegex = $('#regex-toggle').prop('checked');
-                  var isSmart = $('#smart-toggle').prop('checked');
-                  table.search(searchTerm, isRegex, isSmart).draw();
-                });
-                // Toggle Columns
-                $('a.toggle-vis').on('click', function (e) {
-                  e.preventDefault();
-                  // Get the column API object
-                  var column = table.column( $(this).attr('data-column') );
-                  // Toggle the visibility
-                  column.visible( ! column.visible() );
-                });
-                $('#debug_rows_selected').click( function () {
-                  alert($('.multi_line_select tr.highlighted').length +' row(s) highlighted');
-                });
-                // Select All and Deselect All
-                function select_deselect_all() {
-                  var visible_multi_line_trs = $('#pwn_results tbody tr:visible .multi_line_select tr');
-                  var highlighted_in_visible = visible_multi_line_trs.filter('.highlighted');
-                  if (highlighted_in_visible.length === visible_multi_line_trs.length) {
-                    highlighted_in_visible.removeClass('highlighted');
-                  } else {
-                    visible_multi_line_trs.filter(':not(.highlighted)').addClass('highlighted');
-                  }
-                }
-                function getExportData() {
-                  return new Promise((resolve) => {
-                    $.getJSON(table.ajax.url(), function(original_json) {
-                      let new_data;
-                      if ($('.multi_line_select tr.highlighted').length === 0) {
-                        new_data = original_json.data;
-                      } else {
-                        var selected_results = {};
-                        $('.multi_line_select tr.highlighted').each(function() {
-                          var inner_tr = $(this);
-                          var main_tr = inner_tr.closest('td').parent();
-                          var row = table.row(main_tr);
-                          var row_index = row.index();
-                          var line_index = inner_tr.index();
-                          if (selected_results[row_index] === undefined) {
-                            selected_results[row_index] = {
-                              row: row,
-                              lines: []
-                            };
-                          }
-                          selected_results[row_index].lines.push(line_index);
-                        });
-                        new_data = [];
-                        Object.keys(selected_results).forEach(function(ri) {
-                          var sel = selected_results[ri];
-                          var orig_row_data = sel.row.data();
-                          var new_row_data = JSON.parse(JSON.stringify(orig_row_data));
-                          sel.lines.sort((a, b) => a - b);
-                          new_row_data.line_no_and_contents = sel.lines.map(function(li) {
-                            return orig_row_data.line_no_and_contents[li];
-                          });
-                          new_row_data.raw_content = new_row_data.line_no_and_contents.map(l => l.contents).join('\\n');
-                          new_data.push(new_row_data);
-                        });
-                      }
-                      resolve({data: new_data, report_name: original_json.report_name});
-                    });
-                  });
-                }
-                function export_json() {
-                  if ($('.multi_line_select tr.highlighted').length === 0 && !confirm('No lines selected. Export all records?')) {
-                    return;
-                  }
-                  getExportData().then(({data, report_name}) => {
-                    var original_json = {report_name: report_name, data: data};
-                    var json_str = JSON.stringify(original_json, null, 2);
-                    var blob = new Blob([json_str], { type: 'application/json' });
-                    var url = URL.createObjectURL(blob);
-                    var a = document.createElement('a');
-                    a.href = url;
-                    a.download = report_name + '.json';
-                    document.body.appendChild(a);
-                    a.click();
-                    document.body.removeChild(a);
-                    URL.revokeObjectURL(url);
-                  });
-                }
                 function export_xlsx_or_pdf(type) {
                   if ($('.multi_line_select tr.highlighted').length === 0 && !confirm('No lines selected. Export all records?')) {
                     return;
                   }
-                  getExportData().then(({data, report_name}) => {
+                  getExportData(table).then(({data, report_name}) => {
                     // Flatten data for export
                     var flatData = [];
                     data.forEach(function(row) {
@@ -642,17 +492,8 @@ module PWN
                     }
                   });
                 }
-                // Detect window size changes and recalculate/update scrollY
-                $(window).resize(function() {
-                  var newWindowHeight = $(window).height();
-                  var newScrollYHeight = Math.max(min_scroll_height, newWindowHeight - offset);  // Your offset
-                  $('.dt-scroll-body').css('max-height', newScrollYHeight + 'px')
-                  table.columns.adjust().draw(false);  // Adjust columns first, then redraw without data reload
-                });
               });
-            </script>
-          </body>
-        </html>
+              #{PWN::Reports::HTMLFooter.generate}
         )
         File.open("#{dir_path}/#{report_name}.html", 'w') do |f|

data/lib/pwn/reports.rb CHANGED Viewed

@@ -9,6 +9,7 @@ module PWN
     # autoload :JSON, 'pwn/reports/json'
     # autoload :PDF, 'pwn/reports/pdf'
     autoload :Fuzz, 'pwn/reports/fuzz'
+    autoload :HTMLFooter, 'pwn/reports/html_footer'
     autoload :HTMLHeader, 'pwn/reports/html_header'
     autoload :Phone, 'pwn/reports/phone'
     autoload :SAST, 'pwn/reports/sast'

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.5.390'
+  VERSION = '0.5.392'
 end

data/spec/lib/pwn/reports/html_footer_spec.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+require 'spec_helper'
+describe PWN::Reports::HTMLFooter do
+  it 'should display information for authors' do
+    authors_response = PWN::Reports::HTMLFooter
+    expect(authors_response).to respond_to :authors
+  end
+  it 'should display information for existing help method' do
+    help_response = PWN::Reports::HTMLFooter
+    expect(help_response).to respond_to :help
+  end
+end

data/third_party/pwn_rdoc.jsonl CHANGED Viewed

@@ -1050,10 +1050,15 @@
 {"messages":[{"role":"user","content":"PWN::Reports::Fuzz.authors Usage"},{"role":"assistant","content":"`PWN::Reports::Fuzz.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Fuzz.generate Usage"},{"role":"assistant","content":"`PWN::Reports::Fuzz.generate`: Supported Method Parameters\n\nPWN::Reports::Fuzz.generate(\n\ndir_path: dir_path,\nresults_hash: results_hash,\nchar_encoding: 'optional - character encoding returned by PWN::Plugins::Char.list_encoders (defaults to UTF-8)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Fuzz.help Usage"},{"role":"assistant","content":"`PWN::Reports::Fuzz.help`: "}]}
+{"messages":[{"role":"user","content":"PWN::Reports::HTMLHeader.authors Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLHeader.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
+{"messages":[{"role":"user","content":"PWN::Reports::HTMLHeader.generate Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLHeader.generate`: Supported Method Parameters\n\nPWN::Reports::HTMLHeader.generate(\n\ncolumn_names: 'required - array of column names to use in the report table',\ndriver_src_uri: 'required - pwn driver source code uri',\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Reports::HTMLHeader.help Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLHeader.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Phone.authors Usage"},{"role":"assistant","content":"`PWN::Reports::Phone.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Phone.generate Usage"},{"role":"assistant","content":"`PWN::Reports::Phone.generate`: Supported Method Parameters\n\nPWN::Reports::Phone.generate(\n\ndir_path: dir_path,\nresults_hash: results_hash\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Phone.help Usage"},{"role":"assistant","content":"`PWN::Reports::Phone.help`: "}]}
+{"messages":[{"role":"user","content":"PWN::Reports::SAST.authors Usage"},{"role":"assistant","content":"`PWN::Reports::SAST.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::SAST.generate Usage"},{"role":"assistant","content":"`PWN::Reports::SAST.generate`: Supported Method Parameters\n\nPWN::Reports::SAST.generate(\n\ndir_path: 'optional - Directory path to save the report (defaults to .)',\nresults_hash: 'optional - Hash containing the results of the SAST analysis (defaults to empty hash structure)',\nreport_name: 'optional - Name of the report file (defaults to current directory name)',\nai_engine: 'optional - AI engine to use for analysis (:grok, :ollama, or :openai)',\nai_model: 'optionnal - AI Model to Use for Respective AI Engine (e.g., grok-4i-0709, chargpt-4o-latest, llama-3.1, etc.)',\nai_key: 'optional -  AI Key/Token for Respective AI Engine',\nai_fqdn: 'optional -  AI FQDN (Only Required for \"ollama\" AI Engine)',\nai_system_role_content: 'optional - AI System Role Content (Defaults to \"Is this code vulnerable or a false positive?  Valid responses are only: \"VULNERABLE\" or \"FALSE+\". DO NOT PROVIDE ANY OTHER TEXT OR EXPLANATIONS.\")',\nai_temp: 'optional - AI Temperature (Defaults to 0.9)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Reports::SAST.help Usage"},{"role":"assistant","content":"`PWN::Reports::SAST.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Reports::URIBuster.authors Usage"},{"role":"assistant","content":"`PWN::Reports::URIBuster.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::URIBuster.generate Usage"},{"role":"assistant","content":"`PWN::Reports::URIBuster.generate`: Supported Method Parameters\n\nPWN::Reports::URIBuster.generate(\n\ndir_path: dir_path,\nresults_hash: results_hash\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::URIBuster.help Usage"},{"role":"assistant","content":"`PWN::Reports::URIBuster.help`: "}]}

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.390
+  version: 0.5.392
 platform: ruby
 authors:
 - 0day Inc.
@@ -757,14 +757,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: 1.6.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: 1.6.2
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -939,14 +939,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.80.1
+        version: 1.80.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.80.1
+        version: 1.80.2
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -967,14 +967,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.7.0
 - !ruby/object:Gem::Dependency
   name: ruby-audio
   requirement: !ruby/object:Gem::Requirement
@@ -1279,6 +1279,7 @@ executables:
 - pwn_aws_describe_resources
 - pwn_bdba_groups
 - pwn_bdba_scan
+- pwn_burp_suite_pro_active_rest_api_scan
 - pwn_burp_suite_pro_active_scan
 - pwn_char_base64_encoding
 - pwn_char_dec_encoding
@@ -1348,6 +1349,7 @@ files:
 - bin/pwn_aws_describe_resources
 - bin/pwn_bdba_groups
 - bin/pwn_bdba_scan
+- bin/pwn_burp_suite_pro_active_rest_api_scan
 - bin/pwn_burp_suite_pro_active_scan
 - bin/pwn_char_base64_encoding
 - bin/pwn_char_dec_encoding
@@ -1900,6 +1902,7 @@ files:
 - lib/pwn/plugins/xxd.rb
 - lib/pwn/reports.rb
 - lib/pwn/reports/fuzz.rb
+- lib/pwn/reports/html_footer.rb
 - lib/pwn/reports/html_header.rb
 - lib/pwn/reports/phone.rb
 - lib/pwn/reports/sast.rb
@@ -2243,6 +2246,7 @@ files:
 - spec/lib/pwn/plugins/xxd_spec.rb
 - spec/lib/pwn/plugins_spec.rb
 - spec/lib/pwn/reports/fuzz_spec.rb
+- spec/lib/pwn/reports/html_footer_spec.rb
 - spec/lib/pwn/reports/html_header_spec.rb
 - spec/lib/pwn/reports/phone_spec.rb
 - spec/lib/pwn/reports/sast_spec.rb