pwn 0.5.398 → 0.5.400

data/bin/pwn_burp_suite_pro_active_scan

@@ -14,8 +14,8 @@ OptionParser.new do |options|
     opts[:target_url] = t
   end
 
-  options.on('-oPATH', '--report_output_path=PATH', '<Required - Output Path for Active Scan Issues>') do |o|
-    opts[:output_path] = o
+  options.on('-oDIR', '--report_output_dir=DIR', '<Required - Output Directory for Active Scan Report>') do |o|
+    opts[:output_dir] = o
   end
 
   options.on('-eLIST', '--exclude_paths=LIST', '<Optional - Comma-delimited list of paths to exlude from scanning (e.g. "/api/login, /api/logout, /api/etc")>') do |e|
@@ -30,6 +30,10 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to chrome)>') do |b|
+    opts[:browser_type] = b
+  end
+
   options.on('-s', '--[no-]spider', '<Optional - Crawl / Spider Target Prior to Scanning (Defaults to false)>') do |s|
     opts[:spider] = s
   end
@@ -51,20 +55,19 @@ end
 begin
   logger = PWN::Plugins::PWNLogger.create
 
-  burp_jar_path = opts[:burp_jar_path]
-  headless = opts[:headless] || false
-  spider = opts[:spider] || false
   target_url = opts[:target_url]
   raise 'ERROR: --target_url is required.' if target_url.nil?
 
-  output_path = opts[:output_path]
-  raise 'ERROR: --report_output_path is required.' if output_path.nil?
+  output_dir = opts[:output_dir]
+  raise 'ERROR: --report_output_dir is required.' if output_dir.nil?
 
   exlude_paths = opts[:exclude_paths]
   exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
-
+  burp_jar_path = opts[:burp_jar_path]
+  headless = opts[:headless] || false
+  browser_type = opts[:browser_type] ||= :chrome
+  spider = opts[:spider] || false
   navigation_instruct = opts[:navigation_instruct]
-
   in_scope = opts[:in_scope] ||= target_url
 
   # ------
@@ -77,7 +80,7 @@ begin
   else
     burp_obj = PWN::Plugins::BurpSuite.start(
       burp_jar_path: burp_jar_path,
-      browser_type: :chrome
+      browser_type: browser_type
     )
   end
 
@@ -101,7 +104,7 @@ begin
   browser = browser_obj[:browser]
   browser.goto(target_url)
 
-  unless navigation_instruct.nil?
+  if navigation_instruct
     File.read(navigation_instruct).each_line do |instruction|
       # Look for any set method in this instruction and replace its value w/ asterisks
       redact_regex = /\.set\(['"]([^'"]*)['"]\)/
@@ -112,13 +115,7 @@ begin
   end
 
   PWN::Plugins::BurpSuite.spider(burp_obj: burp_obj, target_url: in_scope) if spider
-
-  duration = 9
-  print "Waiting #{duration} seconds prior to kicking off active scan..."
-  sleep duration # Sleep for now so everything loads the way we expect - blech.
-  print "\n"
-
-  PWN::Plugins::BurpSuite.invoke_active_scan(
+  PWN::Plugins::BurpSuite.active_scan(
     burp_obj: burp_obj,
     target_url: in_scope,
     exclude_paths: exlude_paths
@@ -131,17 +128,11 @@ begin
   # Once DefectDojo begins to support XML report results
   report_types = %i[html xml]
   report_types.each do |report_type|
-    this_output_path = "#{output_path}.html"
-    # this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.html"
-
-    this_output_path = "#{output_path}.xml" if report_type == :xml
-    # this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.xml" if report_type == :xml
-
     PWN::Plugins::BurpSuite.generate_scan_report(
       burp_obj: burp_obj,
       target_url: in_scope,
       report_type: report_type,
-      output_path: this_output_path
+      output_dir: output_dir
     )
   end
 

data/bin/pwn_zaproxy_active_rest_api_scan

@@ -0,0 +1,159 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'fileutils'
+require 'pwn'
+require 'optparse'
+require 'uri'
+
+opts = {}
+OptionParser.new do |options|
+  options.banner = "USAGE:
+    #{File.basename($PROGRAM_NAME)} [opts]
+  "
+
+  options.on('-aAPIKEY', '--api_key=APIKEY', '<Required - OWASP Zap API Key (Tools>Options>API)>') do |a|
+    opts[:api_key] = a
+  end
+
+  options.on('-tTARGET', '--target_url=TARGET', '<Required - Target URI to Scan>') do |t|
+    opts[:target_url] = t
+  end
+
+  options.on('-oDIR', '--report_output_dir=DIR', '<Required -  Output Directory for Active Scan Report>') do |o|
+    opts[:output_dir] = o
+  end
+
+  options.on('-dSWAGGER', '--swagger_definitions=SWAGGER', '<Required - Comma-delimited list of Swagger JSON/YAML files to import>') do |s|
+    opts[:swagger_definitions] = s
+  end
+
+  options.on('-zZPATH', '--zap_bin_path=ZPATH', '<Optional - Path to zap.sh>') do |z|
+    opts[:zap_bin_path] = z
+  end
+
+  options.on('-h', '--[no-]headless', '<Optional - Run ZAP and Browser Headless>') do |h|
+    opts[:headless] = h
+  end
+
+  options.on('-D', '--[no-]debug', '<Optional - Enable Debug Output and Do Not Delete Temporary OpenAPI Spec>') do |d|
+    opts[:debug] = d
+  end
+
+  options.on('-vVERSION', '--openapi_spec_version=VERSION', '<Optional - OpenAPI/Swagger Specification Version (Defaults to 3.0.3)>') do |o|
+    opts[:openapi_spec_version] = o
+  end
+
+  options.on('-HJSON', '--additional_http_headers=JSON', '<Optional - JSON string of additional HTTP headers to include in requests (e.g. \'{"Header1":"Value1","Header2":"Value2"}\')>') do |h|
+    opts[:additional_http_headers] = h
+  end
+
+  options.on('-eLIST', '--exclude_paths=LIST', '<Optional - Comma-delimited list of paths to exlude from scanning (e.g. "/api/login, /api/logout, /api/etc")>') do |e|
+    opts[:exclude_paths] = e
+  end
+
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+    opts[:in_scope] = s
+  end
+end.parse!
+
+if opts.empty?
+  puts `#{File.basename($PROGRAM_NAME)} --help`
+  exit 1
+end
+
+begin
+  timestamp = Time.now.strftime('%Y-%m-%d_%H-%M-%S%Z')
+  logger = PWN::Plugins::PWNLogger.create
+
+  api_key = opts[:api_key]
+  raise 'ERROR: --api_key is required.' if api_key.nil?
+
+  target_url = opts[:target_url]
+  raise 'ERROR: --target_url is required.' if target_url.nil?
+
+  output_dir = opts[:output_dir]
+  raise 'ERROR: --report_output_dir is required.' if output_dir.nil?
+
+  swagger_definitions = opts[:swagger_definitions]
+  raise 'ERROR: --swagger_definitions is required.' if swagger_definitions.nil?
+
+  zap_bin_path = opts[:zap_bin_path]
+  headless = opts[:headless] || false
+  debug = opts[:debug] || false
+
+  swagger_defs_arr = swagger_definitions.split(',').map(&:strip)
+  scheme = URI.parse(target_url).scheme
+  target_host = URI.parse(target_url).host
+  base_url = "#{scheme}://#{target_host}"
+
+  openapi_spec_version = opts[:openapi_spec_version]
+  openapi_spec_root = File.dirname(swagger_defs_arr.first)
+  openapi_spec = "#{openapi_spec_root}/openapi_spec-#{target_host}-#{timestamp}.json"
+
+  PWN::Plugins::OpenAPI.generate_spec(
+    spec_paths: swagger_defs_arr,
+    base_url: base_url,
+    output_json_path: openapi_spec,
+    target_version: openapi_spec_version,
+    debug: debug
+  )
+
+  additional_http_headers = opts[:additional_http_headers]
+  additional_http_headers = JSON.parse(additional_http_headers, symbolize_names: true) if additional_http_headers.is_a?(String)
+
+  exlude_paths = opts[:exclude_paths]
+  exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
+
+  in_scope = opts[:in_scope] ||= target_url
+
+  # ------
+  # Open ZAP
+  if headless
+    zap_obj = PWN::Plugins::Zaproxy.start(
+      zap_bin_path: zap_bin_path,
+      headless: headless
+    )
+  else
+    zap_obj = PWN::Plugins::Zaproxy.start(
+      zap_bin_path: zap_bin_path,
+      browser_type: :chrome
+    )
+  end
+
+  logger.info(zap_obj)
+
+  json_sitemap = PWN::Plugins::Zaproxy.import_openapi_to_sitemap(
+    zap_obj: zap_obj,
+    openapi_spec: openapi_spec
+  )
+
+  raise "ERROR: Failed to import OpenAPI/Swagger spec #{openapi_spec} into ZAP's Sitemap." if json_sitemap.nil? || json_sitemap.empty?
+
+  PWN::Plugins::Zaproxy.active_scan(
+    zap_obj: zap_obj,
+    target_url: target_url,
+    exclude_paths: exlude_paths
+  )
+
+  # Dump a list of scan issues from Active Scan result
+  # scan_issues = PWN::Plugins::Zaproxy.get_scan_issues(zap_obj: zap_obj)
+  # puts scan_issues
+
+  # Once DefectDojo begins to support XML report results
+  report_types = %i[html markdown xml]
+  report_types.each do |report_type|
+    PWN::Plugins::Zaproxy.generate_scan_report(
+      zap_obj: zap_obj,
+      target_url: in_scope,
+      report_type: report_type,
+      output_dir: output_dir
+    )
+  end
+
+  zap_obj = PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj)
+rescue StandardError => e
+  raise e
+ensure
+  zap_obj = PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj) unless zap_obj.nil?
+end

data/bin/{pwn_owasp_zap_active_scan → pwn_zaproxy_active_scan}

@@ -22,12 +22,8 @@ OptionParser.new do |options|
     opts[:output_dir] = o
   end
 
-  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to chrome)>') do |b|
-    opts[:browser_type] = b
-  end
-
-  options.on('-IINST', '--navigation_instruct=INST', '<Optional - Path to Navigation Instructions (e.g. Auth w/ Target - see /pwn/etc/owasp_zap/navigation.instruct.EXAMPLE)>') do |i|
-    opts[:navigation_instruct] = i
+  options.on('-eLIST', '--exclude_paths=LIST', '<Optional - Comma-delimited list of paths to exlude from scanning (e.g. "/api/login, /api/logout, /api/etc")>') do |e|
+    opts[:exclude_paths] = e
   end
 
   options.on('-zZPATH', '--zap_bin_path=ZPATH', '<Optional - Path to zap.sh>') do |z|
@@ -38,8 +34,20 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
-  options.on('-pPROXY', '--proxy=PROXY', '<Optional - Change Local Zap Proxy Listener (Default http://127.0.0.1:<Random 1024-65535>)>') do |p|
-    opts[:proxy] = p
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to chrome)>') do |b|
+    opts[:browser_type] = b
+  end
+
+  options.on('-s', '--[no-]spider', '<Optional - Crawl / Spider Target Prior to Scanning (Defaults to false)>') do |s|
+    opts[:spider] = s
+  end
+
+  options.on('-IINST', '--navigation_instruct=INST', '<Optional - Path to Navigation Instructions (e.g. Auth w/ Target - see /pwn/etc/owasp_zap/navigation.instruct.EXAMPLE)>') do |i|
+    opts[:navigation_instruct] = i
+  end
+
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+    opts[:in_scope] = s
   end
 end.parse!
 
@@ -51,7 +59,8 @@ end
 begin
   logger = PWN::Plugins::PWNLogger.create
 
-  api_key = opts[:api_key].to_s.strip.chomp.scrub
+  api_key = opts[:api_key]
+  raise 'ERROR: --api_key is required.' if api_key.nil?
 
   if opts[:browser_type].nil?
     browser_type = :chrome
@@ -59,64 +68,64 @@ begin
     browser_type = opts[:browser_type].to_s.strip.chomp.scrub.to_sym
   end
 
-  target_url = opts[:target_url].to_s.strip.chomp.scrub
-  output_dir = opts[:output_dir].to_s.strip.chomp.scrub
-  navigation_instruct = opts[:navigation_instruct].to_s.strip.chomp.scrub if File.exist?(opts[:navigation_instruct].to_s.strip.chomp.scrub)
+  target_url = opts[:target_url]
+  raise 'ERROR: --target_url is required.' if target_url.nil?
+
+  output_dir = opts[:output_dir]
+  raise 'ERROR: --report_output_dir is required.' if output_dir.nil?
+
+  exlude_paths = opts[:exclude_paths]
+  exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
   zap_bin_path = opts[:zap_bin_path].to_s.strip.chomp.scrub if File.exist?(opts[:zap_bin_path].to_s.strip.chomp.scrub)
-  headless = opts[:headless]
-  proxy = opts[:proxy]
+  headless = opts[:headless] || false
+  browser_type = opts[:browser_type] ||= :chrome
+  spider = opts[:spider] || false
+  navigation_instruct = opts[:navigation_instruct]
+  in_scope = opts[:in_scope] ||= target_url
 
   # ------
   # Dynamically build arguments hash based on flags passed and Open Zap
-  start_args = {}
-  start_args[:api_key] = api_key
-  start_args[:zap_bin_path] = zap_bin_path if zap_bin_path != ''
-  start_args[:headless] = true if headless
-  start_args[:proxy] = proxy
-  zap_obj = PWN::Plugins::OwaspZap.start(start_args)
+  if headless
+    zap_obj = PWN::Plugins::Zaproxy.start(
+      zap_bin_path: zap_bin_path,
+      api_key: api_key,
+      headless: headless,
+      browser_type: :headless
+    )
+  else
+    zap_obj = PWN::Plugins::Zaproxy.start(
+      zap_bin_path: zap_bin_path,
+      api_key: api_key,
+      browser_type: browser_type
+    )
+  end
 
   logger.info(zap_obj)
 
-  browser_obj = PWN::Plugins::TransparentBrowser.open(
-    browser_type: browser_type,
-    proxy: proxy
-  )
+  browser_obj = zap_obj[:zap_browser]
   browser = browser_obj[:browser]
-
-  if browser_type == :rest
-    browser.get(target_url)
-  else
-    browser.goto(target_url)
-  end
+  browser.goto(target_url)
 
   if navigation_instruct
     File.read(navigation_instruct).each_line do |instruction|
+      # Look for any set method in this instruction and replace its value w/ asterisks
+      redact_regex = /\.set\(['"]([^'"]*)['"]\)/
+      redacted_instruction = instruction.gsub(redact_regex, ".set('********')")
+      print "\nExecuting Instruction: #{redacted_instruction}"
       browser.instance_eval(instruction.to_s.scrub.strip.chomp)
     end
   end
 
-  PWN::Plugins::OwaspZap.spider(
+  PWN::Plugins::Zaproxy.spider(zap_obj: zap_obj, target_url: target_url) if spider
+  PWN::Plugins::Zaproxy.active_scan(
     zap_obj: zap_obj,
-    target: target_url
-  )
-
-  PWN::Plugins::OwaspZap.active_scan(
-    zap_obj: zap_obj,
-    target: target_url
+    target_url: target_url
   )
 
   # Generate all Report Types
-  (1..3).each do |report_iteration|
-    case report_iteration
-    when 1
-      report_type = 'html'
-    when 2
-      report_type = 'markdown'
-    when 3
-      report_type = 'xml'
-    end
-
-    report_path = PWN::Plugins::OwaspZap.generate_report(
+  report_types = %i[html markdown xml]
+  report_types.each do |report_type|
+    report_path = PWN::Plugins::Zaproxy.generate_scan_report(
       zap_obj: zap_obj,
       output_dir: output_dir,
       report_type: report_type
@@ -125,10 +134,10 @@ begin
     logger.info("Report can be found here: #{report_path}")
   end
 
-  PWN::Plugins::OwaspZap.stop(zap_obj: zap_obj)
+  PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj)
 rescue StandardError => e
   raise e
 ensure
-  PWN::Plugins::OwaspZap.stop(zap_obj: zap_obj) unless zap_obj.nil?
+  PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj) unless zap_obj.nil?
   browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj) unless browser_obj.nil?
 end

data/lib/pwn/plugins/burp_suite.rb

@@ -56,7 +56,7 @@ module PWN
 
       public_class_method def self.start(opts = {})
         burp_jar_path = opts[:burp_jar_path] ||= '/opt/burpsuite/burpsuite-pro.jar'
-        raise 'Invalid path to burp jar file.  Please check your spelling and try again.' unless File.exist?(burp_jar_path)
+        raise "ERROR: #{burp_jar_path} not found." unless File.exist?(burp_jar_path)
 
         raise 'ERROR: /opt/burpsuite/pwn-burp.jar not found.  For more details about installing this extension, checkout https://github.com/0dayinc/pwn_burp' unless File.exist?('/opt/burpsuite/pwn-burp.jar')
 
@@ -879,13 +879,13 @@ module PWN
       end
 
       # Supported Method Parameters::
-      # active_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(
+      # active_scan_url_arr = PWN::Plugins::BurpSuite.active_scan(
       #   burp_obj: 'required - burp_obj returned by #start method',
       #   target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',
       #   exclude_paths: 'optional - array of paths to exclude from active scan (default: [])'
       # )
 
-      public_class_method def self.invoke_active_scan(opts = {})
+      public_class_method def self.active_scan(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
         pwn_burp_api = burp_obj[:pwn_burp_api]
@@ -1016,9 +1016,9 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::BurpSuite.generate_scan_report(
       #   burp_obj: 'required - burp_obj returned by #start method',
-      #   target_url: 'required - target_url passed to #invoke_active_scan method',
-      #   report_type: :html|:xml|:both,
-      #   output_path: 'required - path to save report results'
+      #   target_url: 'required - target_url passed to #active_scan method',
+      #   output_dir: 'required - directory to save the report',
+      #   report_type: required - <:html|:xml>'
       # )
 
       public_class_method def self.generate_scan_report(opts = {})
@@ -1026,16 +1026,20 @@ module PWN
         target_url = opts[:target_url]
         rest_browser = burp_obj[:rest_browser]
         pwn_burp_api = burp_obj[:pwn_burp_api]
+        output_dir = opts[:output_dir]
+        raise "ERROR: #{output_dir} does not exist." unless Dir.exist?(output_dir)
+
         report_type = opts[:report_type]
-        # When pwn_burp begins to support XML report generation
-        valid_report_types_arr = %i[
-          html
-          xml
-        ]
 
-        raise 'INVALID Report Type' unless valid_report_types_arr.include?(report_type)
+        valid_report_types_arr = %i[html xml]
+        raise "ERROR: INVALID Report Type => #{report_type}" unless valid_report_types_arr.include?(report_type)
 
-        output_path = opts[:output_path].to_s.scrub
+        case report_type
+        when :html
+          report_path = "#{output_dir}/burp_active_scan_results.html"
+        when :xml
+          report_path = "#{output_dir}/burp_active_scan_results.xml"
+        end
 
         scheme = URI.parse(target_url).scheme
         host = URI.parse(target_url).host
@@ -1058,7 +1062,7 @@ module PWN
           "http://#{pwn_burp_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
         )
 
-        File.open(output_path, 'w') do |f|
+        File.open(report_path, 'w') do |f|
           f.puts(report_resp.body.gsub("\r\n", "\n"))
         end
       rescue RestClient::BadRequest => e
@@ -1198,7 +1202,7 @@ module PWN
             comment: 'optional - comment for the sitemap entry (default: \"\")',
           )
 
-          active_scan_url_arr = #{self}.invoke_active_scan(
+          active_scan_url_arr = #{self}.active_scan(
             burp_obj: 'required - burp_obj returned by #start method',
             target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',
             exclude_paths: 'optional - array of paths to exclude from active scan (default: [])'
@@ -1210,9 +1214,9 @@ module PWN
 
           #{self}.generate_scan_report(
             burp_obj: 'required - burp_obj returned by #start method',
-            target_url: 'required - target_url passed to #invoke_active_scan method',
-            report_type: :html|:xml,
-            output_path: 'required - path to save report results'
+            target_url: 'required - target_url passed to #active_scan method',
+            output_dir: 'required - directory to save the report',
+            report_type: 'required - <:html|:xml>'
           )
 
           #{self}.stop(