pwn 0.5.399 → 0.5.400

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e10ec68e7ef2ebf6cce111bacbb8c9fbe95a5f5db4f775f845f1d1829d30f89a
-  data.tar.gz: 0fec666835b27fae7f193a6468d78c5351eec13cffd6293d3e175fec7dcc3891
+  metadata.gz: 50e5c49a707126098497f95cb7a246b862f5a86c58941e4f7d739134b36a1f70
+  data.tar.gz: 24fc54a212c3b38749013f9182a5a5e27ea73cdd23c28df8fdbe3e83fe2dd873
 SHA512:
-  metadata.gz: 69b64372dbe837e9320ad98a1064956b12581f154c1d14e1e77d1f4ba4e2de0530fa5b8ba13c31320fd4f8cbbcaf7db81c62b44f5612ef576355e7c997d685ae
-  data.tar.gz: 0b2fbf6d6c83e491ec54a30e114adddae1a211b063ca66d4aca07388df80da8b8fd2d455cb884523d3bedb31740de4f0a79986ccb5bfd496430087c81a427dd6
+  metadata.gz: de7931e719fa600cbe8e2b6774ce4f48f193cc836e15a9e4b5f5d47ccd3b94a72688fd43a045da2dc0f9ec966df49390b6f2f30ed6b270a1fc0739002571fcd6
+  data.tar.gz: 78aa16d0970eba2d1a711c83dc1ba2869b64e5d7d1cb939adeb9e1667b4bab646423c271040fa22383416c5ac22f72d06d3190f440daeadf28830f54b423779b

data/CHANGELOG_BETWEEN_TAGS.txt

@@ -1,180 +1,181 @@
-22b6ac6 Merge pull request #734 from ninp0/master
-2dd1517 PWN::Plugins::JiraServer module - attachment #bugfixes
-a60f75b Merge pull request #733 from ninp0/master
-303df8c PWN::Plugins::JiraServer module - implement attachment support in #update_issue method, create #get_user method, and update usage in #help method
-d50e2a0 Merge pull request #732 from ninp0/master
-4f43542 PWN::Plugins::JiraServer module - #bugfixes in #rest_call method
-96083c3 Merge pull request #731 from ninp0/master
-9671992 PWN::Plugins::JiraServer module - implement attachment support in #create_issue method and update usage in #help method
-fc201e5 Merge pull request #730 from ninp0/master
-eb14b6c PWN::Plugins::JiraServer module - add #update_issue && #delete_issue methods
-ecb8846 Merge pull request #729 from ninp0/master
-11e0418 PWN::Plugins::JiraServer module - #bugfix in #create_issue method
-3c569a2 Merge pull request #728 from ninp0/master
-d552c7c PWN::Plugins::JiraServer module - #bugfix in #rest_call method
-f670236 Merge pull request #727 from ninp0/master
-d2d9e8f PWN::Plugins::JiraServer module - #bugfix in #create_issue method
-74770c8 Merge pull request #726 from ninp0/master
-b56164e PWN::Plugins::JiraServer module - #bugfixes in #create_issue method
-4870083 Merge pull request #725 from ninp0/master
-4186563 PWN::Plugins::JiraServer module - ensure `additional_fields` parameter contains the `:fields` key for streamlined merging in #create_issue method
-0be22c2 Merge pull request #724 from ninp0/master
-94239bb PWN::Plugins::JiraServer module - #bugfix in #get_all_fields && #create_issue methods
-6f2adcf Merge pull request #723 from ninp0/master
-27b924d PWN::Plugins::JiraServer module - implement #create_issue && #get_all_fields methods
-c361ec5 Merge pull request #722 from ninp0/master
-f82f9ba build_pwn_gem.sh - display funding information at the end of script
-12f4679 Merge pull request #721 from ninp0/master
-4efd4f0 PWN::Plugins::JiraServer module - update example `issue` parameter examples in #get_issue method
-8238c1c Merge pull request #720 from ninp0/master
-bf8eead pwn.gemspec - Add sponsor link to support `bundle fund` command #rubocop_fix
-449792c Merge pull request #719 from ninp0/master
-db5dd43 PWN::Plugins::JiraServer module - update example `base_api_uri` parameter examples in #help method
-e7c2c20 Merge pull request #718 from ninp0/master
-fab3c3d pwn.gemspec - Add sponsor link to support `bundle fund` command
-e3742fa Merge pull request #717 from ninp0/master
-5ab2f40 PWN::Plugins::JiraServer module - add optional parameter `params` in #manual_call and #get_issue methods
-eb7527b Merge pull request #716 from ninp0/master
-19e80a0 PWN::Plugins::JiraServer module - more descriptive error handling in rescue `RestClient::ExceptionWithResponse`
-0a7167a Merge pull request #715 from ninp0/master
-6a1cdbf #rubocop fixes
-97deda5 PWN::Plugins::JiraServer module - bugfix in rescue within #rest_call method
-13c16a8 Merge pull request #714 from ninp0/master
-b3e8407 PWN::Plugins::VIN module - initial commit
-3543abe Merge pull request #713 from ninp0/master
-8e81734 PWN::Plugins::BlackDuckBinaryAnalysis module - update #help method
-e53e08f Merge pull request #712 from ninp0/master
-4516786 PWN::Plugins::BlackDuckBinaryAnalysis module && pwn_bdba_scan Driver - Support SPDX report type withing #generate_product_report method
-7a4afa9 Merge pull request #711 from ninp0/master
-8c6c270 Gemfile - bump to latest gem versions
-d11c5a1 Merge pull request #710 from ninp0/master
-af14e9f .ruby-version - Bump to ruby-3.4.4
-f864d02 Merge pull request #709 from ninp0/master
-aecb567 All modules within `PWN::SAST` namespace - update NIST 800-53 URI values for `nist_800_53_uri` key in #security_references method #bugfixes
-62414c8 Merge pull request #708 from ninp0/master
-f75da21 All modules within `PWN::SAST` namespace - update NIST 800-53 URI values for `nist_800_53_uri` key in #security_references method
-53fde1c Merge pull request #707 from ninp0/master
-a52bae2 Packer provisioners - #bugfixes in aliases.rb && radare2.sh
-c8e8a39 Merge pull request #706 from ninp0/master
-5317fb2 PWN::Banner::Radare2AI module - initial commmit
-9dee091 Packer aliases.sh provisioner - slight tweak to r2_prompt
-a25de35 Merge pull request #705 from ninp0/master
-cb42884 Packer aliases.sh provisioner - cleaner r2_prompt
-487080c Merge pull request #704 from ninp0/master
-cf54811 Packer provisioner Radare2 - #bugfix in path to r2-pwn-layout
-994de46 Rubocop fixes
-3c97de9 Packer provisioner Radare2 - install decompiler and AI plugins && add r2 alias to aliases.sh
-c30c6b1 Merge pull request #703 from ninp0/master
-f9322b4 Gemfile - bump gem versions to latest
-dacf572 install.sh - add Packer provisioner `bashrc.sh` to `ruby-gem` `pwn_deploy_type`
-f64826a Merge pull request #702 from ninp0/master
-1d25a30 pwn_bdba_scan Driver - #bugfix in `--queue-timeout`, `--scan-attempts`, and `--sleep-between-scan-attempts`
-b7466c0 Merge pull request #701 from ninp0/master
-32c4a79 PWN::Plugins::SonMicroRFID module - #rubocop
-275d477 PWN::Plugins::SonMicroRFID module - change authN in #read_tag method to be optional and false by default
-e7be0e6 Merge pull request #700 from ninp0/master
-e358e3c pwn_serial_son_micro_sm132_rfid Driver - add ability to update a single tag and refactor PWN::Plugins::SonMicroRFID for better stability
-5223320 pwn_serial_msr206 Driver - tweak in menu labels
-2064c4f Merge pull request #699 from ninp0/master
-11230fe pwn_serial_msr206 Driver - add ability to update a single card and refactor PWN::Plugins::MSR206 for better stability
-8d5b33f Merge pull request #698 from ninp0/master
-b06af52 pwn_serial_msr206 - Minor #bugfixes in MSR206 driver
-6b8ab7c Merge pull request #697 from ninp0/master
-7edea37 Rubocop - auto-gen-config and implement fix in PWN::Plugins::XXD module
-6a9c1ea Gemfile - pull in latest gem versions
-520179d Gemfile - pull in latest gem versions per Dependabot alerts
-5d37ba7 Merge pull request #696 from ninp0/master
-68735ea Gemfile - pull in latest gem versions
-6d20ac2 Merge pull request #695 from ninp0/master
-034afc4 Gemfile - pull in latest gem versions
-974a73c Merge pull request #694 from ninp0/master
-c030676 Gemfile - pull in latest gem versions
-bef4609 Gemfile - pull in latest gem versions
-2b3096b Merge pull request #693 from ninp0/master
-1c539f8 Gemfile - pull in latest gem versions
-d36a20b Merge pull request #692 from ninp0/master
-9cb54fc `rubocop --auto-gen-config`
-c331c05 Gemfile - pull in latest gem versions
-a26e739 Merge pull request #691 from ninp0/master
-e4c332f Gemfile - pull in latest gem versions
-8cd388f Merge pull request #690 from ninp0/master
-a048fc2 PWN::WWW::REPL module - #bugfixs in scope details for pwn-irc command (i.e. AI chat env)
-b8ec447 Merge pull request #689 from ninp0/master
-57ce056 PWN::WWW::HackerOne module - return all data from graphql query in #get_scope_details method
-85808bf Merge pull request #688 from ninp0/master
-e803d94 PWN::WWW::HackerOne module - implement #get_hacktivity method
-63ff432 Merge pull request #687 from ninp0/master
-4378666 Gemfile - pull in latest gem versions
-4278027 Merge pull request #686 from ninp0/master
-f9fbec5 Gemfile - pull in latest gem versions
-86641b2 Merge pull request #685 from ninp0/master
-fdede41 Gemfile - pull in latest gem versions
-255909a Merge pull request #684 from ninp0/master
-7f31110 Gemfile - pull in latest gem versions
-a8731f8 Merge pull request #683 from ninp0/master
-3b6cd2e Gemfile - pull in latest gem versions
-df928e0 Merge pull request #682 from ninp0/master
-69f2ed1 pwn_nmap_discover_tcp_udp - #bugfix in `unitialized constant FileUtils (NameError)`
-32b9752 Merge pull request #681 from ninp0/master
-65f69d7 Gemfile - bump version of meshtastic that eliminates conflict w/ wisper binaries and pulls in latest protobuf for meshtastic
-5e86d11 Merge pull request #680 from ninp0/master
-4be100e PWN::Plugins::FlipperZero module - #more_bugfixes
-8b74a2b PWN::Plugins::FlipperZero module - #bugfixes
-e06ba71 PWN::Plugins::FlipperZero module - #tweaks
-af5540e PWN::Plugins::FlipperZero module - Initial commit
-d152d16 Merge pull request #679 from ninp0/master
-2568761 Gemfile && PWN::Plugins::Serial module - #bugfixes / migration #tweaks
-93234f9 Merge pull request #678 from ninp0/master
-ea35d38 Gemfile && PWN::Plugins::Serial module - migrate deprecated serialport gem to uart gem :P
-8ede362 Ruby - bump version to 3.4.1
-8d9597e Merge pull request #677 from ninp0/master
-25354f1 PWN::Banners::Matrix module - add #you? method for fun animation
-353d3ed PWN::Banners::Matrix module - add #you? method for fun animation
-a36646d Merge pull request #676 from ninp0/master
-73a53c6 PWN::Plugins::Vault - update usage for #edit and #help methods to include editor parameter
-2a5554c Merge pull request #675 from ninp0/master
-512ff1d PWN::Plugins::Vault - ensure editor path exists prior to decrypting file.
-9c3ce45 Merge pull request #674 from ninp0/master
-778f3e9 PWN::Plugins::DetectOS module - simplify #arch method
-0fdb24d PWN::Plugins::DetectOS module - add #endian method to simply its use in other modules, drivers, && sub-commands
-ec5ad8b Merge pull request #673 from ninp0/master
-021ba5e pwn-asm sub-command in pwn REPL driver, PWN::Plugins::REPL, && PWN::Plugins::Assembly modules - Unless explicity overridden in pwn.yaml, ensure the pwn-asm subcommand in the pwn REPL driver defaults to the underlying CPU arch / endian values #minor_tweaks
-12628ea pwn-asm sub-command in pwn REPL driver, PWN::Plugins::REPL, && PWN::Plugins::Assembly modules - Unless explicity overridden in pwn.yaml, ensure the pwn-asm subcommand in the pwn REPL driver defaults to the underlying CPU arch / endian values
-5099dec Merge pull request #672 from ninp0/master
-4693f2e pwn-asm sub-command in pwn REPL driver, PWN::Plugins::REPL, && PWN::Plugins::Assembly modules - support manually overriding arch/endian in pwn-asm leveraging pwn.yaml config.  Also add method in PWN::Plugins::Assembly module to list supported archs.
-bf31499 Merge pull request #671 from ninp0/master
-7e8bcb9 PWN::Plugins::OpenAI module - #bugfixes in #create_fine_tune method
-9ac4b03 Merge pull request #670 from ninp0/master
-e4e109e PWN::Plugins::OpenAI module && pwn_rdoc_to_jsonl - update API calls for fine tuning and format of JSONL dataset to upload
-b56cbb8 PWN::Plugins::OpenAI module && pwn_rdoc_to_jsonl - update API calls for fine tuning and format of JSONL dataset to upload
-d5eb2c8 pwn_rdoc_to_jsonl driver - dynamically generate fine-tune JSONL data for training LLMs in AI #ai_pwn #slight_tweak
-4879528 pwn_rdoc_to_jsonl driver - dynamically generate fine-tune JSONL data for training LLMs in AI #ai_pwn
-766b2f6 Merge pull request #669 from ninp0/master
-9eea050 PWN::Plugins::BlackDuckBinaryAnalysis module - update base URI for API
-d4cf53c PWN::Plugins::BlackDuckBinaryAnalysis module - update base URI for API
-439e167 Merge pull request #668 from ninp0/master
-ac98160 PWN::Plugins::DefectDojo module - return all engagements without overloading server via #engagement_list method
-c7218e7 Merge pull request #667 from ninp0/master
-46d8c8f README.md - sync up PWN::VERSION value
-8c81963 Merge pull request #666 from ninp0/master
-11ad596 PWN drivers - ensure all PWN drivers contain "frozen_string_literal: true"
-6cac60b Merge pull request #665 from ninp0/master
-5e42dd8 PWN::Plugins::REPL module - #bugfix in pwn-ai command when API key does not support a given model
-04bbcf8 Merge pull request #664 from ninp0/master
-dd1e5e9 Gemfile - add ostruct gem to suppress warnings that it is no longer included in the standard library
-e23da99 reinstall_pwn_gemset.sh - workaround for serialport gem installation
-abe5ef3 Gemfile - bump versions to latest
-9fcdd41 Gemfile - bump versions to latest
-04c341f PWN::Plugins::OpenAI && PWN::Plugins::REPL modules - Enhance AI capabilities within pwn-ai REPL environment
-dfb5f81 Merge pull request #663 from ninp0/master
-3792cb1 .ruby-version - Bump to 3.3.5
-334ace0 Merge pull request #662 from ninp0/master
-147ca25 pwn_web_cache_deception Driver - Rubocop fix
-6f7e544 PWN::Plugins::OpenAI - update default LLM model to latest gpt-4o model made publicly available
-95e4655 Merge pull request #661 from ninp0/master
-8f3bd25 PWN::Plugins::TransparentBrowser module - reveal "optimized" JavaScript variables when devtools: true when using Firefox
-089fa4c PWN::Plugins::TransparentBrowser module - reveal "optimized" JavaScript variables when devtools: true when isong Firefox
-913a8a4 Merge pull request #660 from ninp0/master
-d2f2e82 pwn.gemspec - #rubocop && PWN::Plugins::OpenAI module - update default model to gpt-4o-2024-05-13
-eca0901 .ruby-version - Bump to 3.3.4
-36718ad Merge pull request #659 from ninp0/master
+0e6a161 Merge pull request #815 from ninp0/master
+cd06863 pwn_burp_*, pwn_zaproxy*, PWN::Plugins::BurpSuite, && PWN::Plugins::Zaproxy - sync dev patterns as closely as possible - iteration 1
+e619eb4 Merge pull request #814 from ninp0/master
+c91ef60 pwn_burp_suite_pro_active_rest_api_scan Driver - location in which the openapi_spec is dropped matters.
+b083176 Merge pull request #813 from ninp0/master
+2dbe8df PWN::Plugins::OpenAPI module - #bugfixes resolving properties $ref attributes when generating openapi spec #slight_tweak
+d98e54b Merge pull request #812 from ninp0/master
+125b69f PWN::Plugins::OpenAPI module - #bugfixes resolving properties $ref attributes when generating openapi spec
+77e110b Merge pull request #811 from ninp0/master
+ac7d1cf PWN::SAST::Logger && PWN::SAST::ThrowErrors modules - refine anti-patterns
+8074714 Merge pull request #810 from ninp0/master
+4db65d9 PWN::Reports::HTMLHeader && PWN::Reports::HTMLFooter modules - remove unncessary require statements
+9350072 PWN::Reports::SAST - slight UI tweaks / change search label value to provide search example
+e080194 Merge pull request #809 from ninp0/master
+4399586 PWN::Reports::SAST - offload reusable footer code into PWN::Reports::HTMLFooter module
+9968e44 Merge pull request #808 from ninp0/master
+0ecc452 pwn_burp_suite_pro_active_rest_api_scan Driver - initial commit
+6b47120 Merge pull request #807 from ninp0/master
+0bc36c9 Gemfile and pwn.gemspec tweaks
+4c969cd pwn_sast Driver && PWN::Reports::SAST module - UI enhancements
+4aa4616 Merge pull request #806 from ninp0/master
+bab13ac pwn_sast Driver && PWN::Reports::SAST module - Enhanced PDF and XLSX report exports, cell formatting fixes, include hyperlinks in reports, slight tweak to UI header
+31960c5 Merge pull request #805 from ninp0/master
+0de729f pwn_sast Driver && PWN::Reports::SAST module - Enhanced PDF and XLSX report exports #slight_tweaks
+13027dd Merge pull request #804 from ninp0/master
+f005e98 pwn_sast Driver && PWN::Reports::SAST module - Enhanced PDF and XLSX report exports
+990fa89 pwn_sast Driver && PWN::Reports::SAST module - UI overhaul, implement export to PDF and XLSX in addition to JSON
+6d40c0b Merge pull request #803 from ninp0/master
+0c8c4b1 pwn_sast Driver - #bugfixes
+78f98d4 pwn_sast Driver - #bugfixes
+39f1853 pwn_sast Driver - #bugfixes
+376f7bc pwn_sast Driver - #bugfixes
+69a5f7f pwn_sast Driver - #bugfixes
+60efd51 PWN::Plugins::FileFu module - create #recurse_in_dir method to support pwn_sast Driver scanning repos that are explicitly passed instead of scanning in current working directory.  Update PWN::SAST::* modules to support this as well.
+2332dc6 Merge pull request #802 from ninp0/master
+a207630 PWN::AI::OpenAI module - update default model to gpt-5-chat-latest in #chat method
+4ca1f58 Merge pull request #801 from ninp0/master
+de7ebe5 pwn_sast Driver && PWN::Reports::SAST module - enhanced progress reporting when generating report.
+abbb0d5 pwn_sast Driver && PWN::Reports::SAST module - implement optional AI analysis of SAST results
+62a6e88 Merge pull request #800 from ninp0/master
+29f8925 Add new namespace, `PWN::AI` and move PWN::Plugins::OpenAI and PWN::Plugins::Ollama modules to the new namespace.  Also new initial commit for `PWN::AI::Grok` module.
+0f427b7 Merge pull request #799 from ninp0/master
+18809bf PWN::Plugins::BurpSuite module - `require "yaml"` for brevity
+9292522 Merge pull request #798 from ninp0/master
+f60a31f PWN::Plugins::BurpSuite module - more robust example handling to reconstuct accurate HTTP requests for #import_openapi_to_sitemap method
+7df2319 Merge pull request #797 from ninp0/master
+2d83e69 PWN::Plugins::BurpSuite module - #bugfix in #add_to_sitemap
+b7af7c3 PWN::Plugins::BurpSuite module - #bugfix in #add_to_sitemap
+99e7070 Merge pull request #796 from ninp0/master
+9f7b78e PWN::Plugins::BurpSuite module - update #import_openapi_to_sitemap method to support YAML for openapi_spec parameter
+6959f27 Merge pull request #795 from ninp0/master
+56db7de PWN::Plugins::BurpSuite module - crank up timeouts for adding requests to sitemap for really slow test envs
+4a6a8f5 PWN::Plugins::BurpSuite module - crank up timeouts for adding requests to sitemap for really slow test envs
+4eb9c03 Merge pull request #794 from ninp0/master
+82a76a1 PWN::Plugins::BurpSuite module - crank up max heap memory constraints and set min heap memory to 4G within #start method
+e9360cd Merge pull request #793 from ninp0/master
+daffbe1 pwn_burp_suite_pro_active_scan Driver - #bugfix change ---in_scope to --in_scope parameter
+f0b4139 Merge pull request #792 from ninp0/master
+4956561 pwn_burp_suite_pro_active_scan Driver && PWN::Plugins::BurpSuite module - implement --exlude-path parameter to avoid scanning URLs that may terminate sessions prematurely
+7e01c8e Merge pull request #791 from ninp0/master
+a5b6b2b PWN::Plugins::BurpSuite module - update #stop method to gracefullly shutdown Burp UI and preserve any Extensions installed during the session
+f49f25f Merge pull request #790 from ninp0/master
+b55870e Nuke burp mock test reports
+c56d5d9 Merge pull request #789 from ninp0/master
+342dd5b PWN::Plugins::BurpSuite module - include query parameter in format_uri_from_sitemap_resp method
+346393a Merge pull request #788 from ninp0/master
+03e9e37 PWN::Reports::* modules - retain original report name for selected lines exported to JSON file
+5c86dcb Merge pull request #787 from ninp0/master
+5fa1cdf PWN::Plugins::BurpSuite module - #enhancements in #import_openapi_to_sitemap method to constuct more accurate http response in the Sitemap
+bae133e Merge pull request #786 from ninp0/master
+b1249c8 PWN::Plugins::BurpSuite module - #bugfix in #import_openapi_to_sitemap method
+1141fdf Merge pull request #785 from ninp0/master
+40d3f72 pwn_burp_suite_pro_active_scan Driver - optimize for both authenticated and unauthenticated scanning
+3129c28 Merge pull request #784 from ninp0/master
+e348a61 Merge branch 'master' of ssh://github.com/ninp0/pwn
+f4cf106 PWN::Plugins::BurpSuite module - cleaner status output to STDOUT when running #invoke_active_scan method #rubocop
+b30e6e1 Merge pull request #783 from ninp0/master
+929d818 PWN::Plugins::BurpSuite module - cleaner status output to STDOUT when running #invoke_active_scan method
+02e0b17 PWN::Plugins::BurpSuite module - implement proxy listener CRUD and allow for concurrent burp active scan sessions
+1890ed8 Merge pull request #782 from ninp0/master
+1d2a495 PWN::Reports::* modules - support multi-line select and exporting selected lines to external JSON file
+1e072e8 pwn_fuzz_net_app_proto Driver - #bugfixes && PWN::Reports::* modules begin extending all reports to support multi-line select and exporting selecting lines to external JSON file
+de63465 Merge pull request #781 from ninp0/master
+d39dd94 PWN::Reports::SAST module - implement multi-line select/highlighting and export highlighted results to JSON file for consumption by tools like DefectDojo
+ccf4692 Merge pull request #780 from ninp0/master
+5b08c3b PWN::Plugins::BurpSuite module - update #import_openapi_to_sitemap method to aggregate remaining HTTP header names from spec, reference as keys, and assign their respective values to the request_headers hash
+1fe2155 Merge pull request #779 from ninp0/master
+2afb327 PWN::Plugins::BurpSuite module - update #import_openapi_to_sitemap method to include more obvious placeholders when schema examples cannot be found in the spec
+a2e3ff5 Merge pull request #778 from ninp0/master
+d5673d4 PWN::Plugins::OpenAPI module - suppoort aliases when parsing YAML documents
+0411777 Merge pull request #777 from ninp0/master
+70b6ceb PWN::Plugins::BurpSuite module - update usage in #help method && prettier STDOUT in pwn_burp_suite_pro_active_scan Driver
+8f28ff1 Merge pull request #776 from ninp0/master
+1917900 PWN::Plugins::BurpSuite module - #bugfix remove #stop method from #in_scope method
+1431ad9 Merge pull request #775 from ninp0/master
+cec08c6 PWN::Plugins::BurpSuite module - #bugfix remove #stop method from #in_scope method
+a490ed7 Merge pull request #774 from ninp0/master
+5d8ecfb PWN::Plugins::BurpSuite module - more debugging in #invoke_active_scan method && Enhanced search capabilities for PWN::Reports::* modules
+3447154 Merge pull request #773 from ninp0/master
+226d7df PWN::Plugins::BurpSuite module - more debugging in #invoke_active_scan method
+cb8d237 Merge pull request #772 from ninp0/master
+9245fe1 Merge branch 'master' of ssh://github.com/ninp0/pwn
+5ef6539 Merge pull request #771 from ninp0/master
+11c6bac PWN::Plugins::BurpSuite module - more debugging in #invoke_active_scan method
+94d17f9 PWN::Plugins::BurpSuite module - more debugging in #invoke_active_scan method
+fa54fe9 Merge pull request #770 from ninp0/master
+f4a32fe PWN::Plugins::BurpSuite module - #bugfix in #spider method
+9007671 Merge pull request #769 from ninp0/master
+574301b PWN::Plugins::BurpSuite module - temporarily remove stop in ensure block for #invoke_active_scan method
+3fc144b Merge pull request #768 from ninp0/master
+47f2828 PWN::Plugins::BurpSuite module - begin working towards supporting proxy listener settings within #start method
+857cab9 PWN::Plugins::BurpSuite module - implement a #spider method and include this feature as an option within the pwn_burp_suite_pro_active_scan Driver. #enhancements
+663c25d Merge pull request #767 from ninp0/master
+0f3c593 PWN::Plugins::BurpSuite module - implement a #spider method and include this feature as an option within the pwn_burp_suite_pro_active_scan Driver.
+f302712 Merge pull request #766 from ninp0/master
+83812a4 PWN::Plugins::BurpSuite module - #bugfix when attempting to scan URI that responds w code other than 200 #keepitmoving
+70fea2b PWN::Plugins::BurpSuite module - #bugfix when attempting to scan URI that responds w code other than 200 #keepitmoving
+1eedf4b Merge pull request #765 from ninp0/master
+0f72609 PWN::Plugins::BurpSuite module - #bugfix when attempting to scan URI that responds w code other than 200 #keepitmoving
+4d8469b Merge pull request #764 from ninp0/master
+4942a7b PWN::Plugins::BurpSuite module - a lot of integrations for pwn-burp.jar Burp Extension && PWN::Plugins::OpenAPI module - oh buddy...
+4126d2f Merge pull request #763 from ninp0/master
+72f8a5a PWN::Plugins::OpenAPI module - initial commit
+da3de9e Merge pull request #762 from ninp0/master
+ed0272c VERSION.rb - bump version to align w/ rubygems
+a4d508d third_party/*.jar - remove burp extensions
+1cd05db Merge pull request #761 from ninp0/master
+9fdd26f third party - replace BurpSuite extension, BurpBuddy w/ PWNBurpRestAPI
+1a97d75 Merge pull request #760 from ninp0/master
+806e5a2 pwn_burp_suite_pro_active_scan Driver - output each instruction to STDOUT while redacting sensitive data. #slight_tweak
+87984b9 Merge pull request #759 from ninp0/master
+ad0db78 pwn_burp_suite_pro_active_scan Driver - output each instruction to STDOUT while redacting sensitive data.
+b953b32 Merge pull request #758 from ninp0/master
+b2c8755 pwn_burp_suite_pro_active_scan Driver - Add to scope prior to executing navigation instructions
+2dcee71 Merge pull request #757 from ninp0/master
+7ee1968 PWN::Plugins::BurpSuite - #bugfix within #generate_scan_report method
+3e9d42b PWN::Plugins::BurpSuite - #bugfix within #generate_scan_report  method
+ffdf5c1 PWN::Plugins::BurpSuite - #bugfix within #generate_scan_report  method
+41e7d90 Merge pull request #756 from ninp0/master
+180c187 PWN::Plugins::BurpSuite - test use_https values in post_body variable within #invoke_scan_method
+88fb7790 Merge pull request #755 from ninp0/master
+5abaf61 PWN::Plugins::BurpSuite - #bugfix in json_uri generation within #invoke_active_scan method
+b59b53b Merge pull request #754 from ninp0/master
+cd30423 PWN::Plugins::BurpSuite - test useHttps values in post_body variable within #invoke_scan_method
+2dad6b1 Merge pull request #753 from ninp0/master
+9620af0 PWN::Reports::* modules - Update # of entries / page options to be 10, 25, 50, 100, 250, 500, 1000, 2500, 5000
+703564f Merge pull request #752 from ninp0/master
+2a04764 PWN::Plugins::TransparentBrowser module - more efficient / stable #list_tabs method
+c52492e Merge pull request #751 from ninp0/master
+5a1a72c Gemfile - comment out openapi3_parser for REST API testing as dependencies break pwn install in OpenBSD
+dbf3bb3 Merge pull request #750 from ninp0/master
+a0a3af6 PWN::Plugins::TransparentBrowser module - specify optional `index` parameter to dictate which DOM mutations to view or hide
+10f9d15 Merge pull request #749 from ninp0/master
+94abfa8 Gemfile - pull in openapi3_parser for REST API testing && PWN::Plugins::TransparentBrowser module - overhaul on tab management
+5ba895a Merge pull request #748 from ninp0/master
+ac80447 PWN::Plugins::TransparentBrowser module - change `keyword` parameter in #jmp_tab method to optional, defaulting to switching to the next  inactive tab from the list returned by the #list_tabs method
+651a7e0 Merge pull request #747 from ninp0/master
+efcc3af PWN::Plugins::TransparentBrowser module - multi-tab support within #view_dom_mutations #hide_dom_mutations methods
+317c7f8 Merge pull request #746 from ninp0/master
+c9a9917 PWN::Plugins::TransparentBrowser module - enhancements in #view_dom_mutations methods to include common sinks for DOM XSS
+30184bd Merge pull request #745 from ninp0/master
+99de13a PWN::Plugins::TransparentBrowser module - enhancements in #console and #view_dom_mutations methods.  #bugfixes in #hide_dom_mutations method
+c113537 Merge pull request #744 from ninp0/master
+4db450b PWN::Plugins::TransparentBrowser module - add methods to output DOM mutations in the console when devtools = true #bugfixes
+5efdc25 Merge pull request #743 from ninp0/master
+6223de5 PWN::Plugins::TransparentBrowser module - add methods to output DOM mutations in the console when devtools = true
+924f1d5 Merge pull request #742 from ninp0/master
+4bf4f16 PWN::Plugins::TransparentBrowser module - add methods to output DOM mutations in the console when devtools = true
+c0c716c Merge pull request #741 from ninp0/master
+0aa8cd5 PWN::Plugins::TransparentBrowser module - begin supporting BiDi for browsers that support this more standardized approach to automating browser navigation
+c0770a1 Merge pull request #740 from ninp0/master
+30627ca PWN::Report::SAST module - extend proper line anchor formatting for different git source code managment software solutions
+ee79c1d Merge pull request #739 from ninp0/master
+a6e05f5 PWN::Plugins::JiraServer module - #bugfix in #issue_comment method
+a8d9da7 Merge pull request #738 from ninp0/master
+0226316 PWN::Plugins::JiraServer module - always return value of #get_issue when performing issue CRUD actions within other methods (except delete, cause well, issue == nil)
+7bd820b Merge pull request #737 from ninp0/master
+624738f PWN::Plugins::JiraServer module - support attaching multiple files in issue w/ one call to either #create_issue or #update_issue.  Additionally, implement the ability to delete attachments via #delete_attachment method and manage comments for an issue via #issue_comment method.
+33f1303 Merge pull request #736 from ninp0/master
+4dd158d PWN::Plugins::JiraServer module - attachment #bugfixes
+720bdb9 Merge pull request #735 from ninp0/master

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.399]:001 >>> PWN.help
+pwn[v0.5.400]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.399]:001 >>> PWN.help
+pwn[v0.5.400]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.399]:001 >>> PWN.help
+pwn[v0.5.400]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_zaproxy_active_rest_api_scan

@@ -20,8 +20,8 @@ OptionParser.new do |options|
     opts[:target_url] = t
   end
 
-  options.on('-oPATH', '--report_output_path=PATH', '<Required - Output Path for Active Scan Issues>') do |o|
-    opts[:output_path] = o
+  options.on('-oDIR', '--report_output_dir=DIR', '<Required -  Output Directory for Active Scan Report>') do |o|
+    opts[:output_dir] = o
   end
 
   options.on('-dSWAGGER', '--swagger_definitions=SWAGGER', '<Required - Comma-delimited list of Swagger JSON/YAML files to import>') do |s|
@@ -72,8 +72,8 @@ begin
   target_url = opts[:target_url]
   raise 'ERROR: --target_url is required.' if target_url.nil?
 
-  output_path = opts[:output_path]
-  raise 'ERROR: --report_output_path is required.' if output_path.nil?
+  output_dir = opts[:output_dir]
+  raise 'ERROR: --report_output_dir is required.' if output_dir.nil?
 
   swagger_definitions = opts[:swagger_definitions]
   raise 'ERROR: --swagger_definitions is required.' if swagger_definitions.nil?
@@ -141,19 +141,13 @@ begin
   # puts scan_issues
 
   # Once DefectDojo begins to support XML report results
-  report_types = %i[html xml]
+  report_types = %i[html markdown xml]
   report_types.each do |report_type|
-    this_output_path = "#{output_path}.html"
-    # this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.html"
-
-    this_output_path = "#{output_path}.xml" if report_type == :xml
-    # this_output_path = "#{File.dirname(output_path)}/#{File.basename(output_path, File.extname(output_path))}.xml" if report_type == :xml
-
     PWN::Plugins::Zaproxy.generate_scan_report(
       zap_obj: zap_obj,
       target_url: in_scope,
       report_type: report_type,
-      output_path: this_output_path
+      output_dir: output_dir
     )
   end
 
@@ -161,6 +155,5 @@ begin
 rescue StandardError => e
   raise e
 ensure
-  FileUtils.rm_f(openapi_spec) unless debug
   zap_obj = PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj) unless zap_obj.nil?
 end

data/bin/pwn_zaproxy_active_scan

@@ -59,7 +59,8 @@ end
 begin
   logger = PWN::Plugins::PWNLogger.create
 
-  api_key = opts[:api_key].to_s.strip.chomp.scrub
+  api_key = opts[:api_key]
+  raise 'ERROR: --api_key is required.' if api_key.nil?
 
   if opts[:browser_type].nil?
     browser_type = :chrome

data/lib/pwn/plugins/burp_suite.rb

@@ -56,7 +56,7 @@ module PWN
 
       public_class_method def self.start(opts = {})
         burp_jar_path = opts[:burp_jar_path] ||= '/opt/burpsuite/burpsuite-pro.jar'
-        raise 'Invalid path to burp jar file.  Please check your spelling and try again.' unless File.exist?(burp_jar_path)
+        raise "ERROR: #{burp_jar_path} not found." unless File.exist?(burp_jar_path)
 
         raise 'ERROR: /opt/burpsuite/pwn-burp.jar not found.  For more details about installing this extension, checkout https://github.com/0dayinc/pwn_burp' unless File.exist?('/opt/burpsuite/pwn-burp.jar')
 

data/lib/pwn/plugins/zaproxy.rb

@@ -81,42 +81,34 @@ module PWN
 
       public_class_method def self.start(opts = {})
         zap_obj = {}
-        api_key = opts[:api_key].to_s.scrub.strip.chomp
+        api_key = opts[:api_key]
+        raise 'ERROR: api_key must be provided' if api_key.nil?
+
         zap_obj[:api_key] = api_key
 
-        if opts[:zap_bin_path]
-          zap_bin_path = opts[:zap_bin_path]
-          raise "ERROR: zap.sh not found at #{zap_bin_path}" unless File.exist?(zap_bin_path)
-        else
-          underlying_os = PWN::Plugins::DetectOS.type
-
-          case underlying_os
-          when :linux
-            zap_bin_path = '/usr/share/zaproxy/zap.sh'
-          when :osx
-            zap_bin_path = '/Applications/OWASP\ ZAP.app/Contents/Java/zap.sh'
-          else
-            raise "ERROR: zap.sh not found for #{underlying_os}. Please pass the :zap_bin_path parameter to this method for proper execution"
-          end
-        end
+        zap_bin_path = opts[:zap_bin_path] ||= '/usr/share/zaproxy/zap.sh'
+        raise "ERROR: #{zap_bin_path} not found." unless File.exist?(zap_bin_path)
 
         zap_bin = File.basename(zap_bin_path)
-        zap_dir = File.dirname(zap_bin_path)
+        zap_root = File.dirname(zap_bin_path)
 
         headless = opts[:headless] || false
         browser_type = opts[:browser_type] ||= :firefox
         zap_ip = opts[:zap_ip] ||= '127.0.0.1'
         zap_port = opts[:zap_port] ||= PWN::Plugins::Sock.get_random_unused_port
 
-        zap_rest_ip = opts[:pwn_zap_ip] ||= '127.0.0.1'
-        zap_rest_port = opts[:pwn_zap_port] ||= PWN::Plugins::Sock.get_random_unused_port
+        zap_rest_ip = zap_ip
+        zap_rest_port = zap_port
 
         if headless
-          zaproxy_cmd = "cd #{zap_dir} && ./#{zap_bin} -daemon"
+          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -daemon"
         else
-          zaproxy_cmd = "cd #{zap_dir} && ./#{zap_bin}"
+          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin}"
         end
 
+        zaproxy_cmd = "#{zaproxy_cmd} -host #{zap_ip} -port #{zap_port}"
+
+        zap_obj[:pid] = Process.spawn(zaproxy_cmd)
         browser_obj1 = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
         rest_browser = browser_obj1[:browser]
 
@@ -124,8 +116,6 @@ module PWN
         zap_obj[:zap_rest_api] = zap_obj[:mitm_proxy]
         zap_obj[:rest_browser] = rest_browser
 
-        zaproxy_cmd = "#{zaproxy_cmd} -host #{zap_ip} -port #{zap_port}"
-
         browser_obj2 = PWN::Plugins::TransparentBrowser.open(
           browser_type: browser_type,
           proxy: "http://#{zap_obj[:mitm_proxy]}",
@@ -134,52 +124,18 @@ module PWN
 
         zap_obj[:zap_browser] = browser_obj2
 
-        pwn_stdout_log_path = "/tmp/pwn_plugins_owasp-#{SecureRandom.hex}.log"
-        pwn_stdout_log = File.new(pwn_stdout_log_path, 'w')
-        # Immediately writes all buffered data in IO to disk
-        pwn_stdout_log.sync = true
-        pwn_stdout_log.fsync
-
-        fork_pid = Process.fork do
-          PTY.spawn(zaproxy_cmd) do |stdout, _stdin, _pid|
-            stdout.each do |line|
-              puts line
-              pwn_stdout_log.puts line
-            end
-          end
-        rescue PTY::ChildExited, SystemExit, Interrupt, Errno::EIO
-          puts 'Spawned OWASP Zap PTY exiting...'
-          File.unlink(pwn_stdout_log_path)
-        rescue StandardError => e
-          puts 'Spawned process exiting...'
-          File.unlink(pwn_stdout_log_path)
-          raise e
-        end
-        Process.detach(fork_pid)
-
-        zap_obj[:pid] = fork_pid
-        zap_obj[:stdout_log] = pwn_stdout_log_path
-        # This is how we'll know OWSAP Zap is in a ready state.
-        # if headless
-        #   return_pattern = '[ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap  - ZAP is now listening'
-        # else
-        #   case underlying_os
-        #   when :linux
-        #     return_pattern = '[AWT-EventQueue-1] INFO hsqldb.db..ENGINE  - Database closed'
-        #   when :osx
-        #     return_pattern = '[AWT-EventQueue-0] INFO hsqldb.db..ENGINE  - Database closed'
-        #   end
-        # end
-        return_pattern = 'Started callback service on'
-
+        # Wait for pwn_burp_port to open prior to returning burp_obj
         loop do
-          return zap_obj if File.exist?(pwn_stdout_log_path) &&
-                            File.read(
-                              pwn_stdout_log_path
-                            ).include?(return_pattern)
-
+          s = TCPSocket.new(zap_rest_ip, zap_rest_port)
+          s.close
+          break
+        rescue Errno::ECONNREFUSED
+          print '.'
           sleep 3
+          next
         end
+
+        zap_obj
       rescue StandardError, SystemExit, Interrupt => e
         stop(zap_obj) unless zap_obj.nil?
         raise e

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.399'
+  VERSION = '0.5.400'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.399
+  version: 0.5.400
 platform: ruby
 authors:
 - 0day Inc.