pwn 0.5.400 → 0.5.402

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 50e5c49a707126098497f95cb7a246b862f5a86c58941e4f7d739134b36a1f70
-  data.tar.gz: 24fc54a212c3b38749013f9182a5a5e27ea73cdd23c28df8fdbe3e83fe2dd873
+  metadata.gz: 13bfbc8e974f5f40d0e78a9081d9ade50ecbbcedbde8f7d6df60e43535e7a3ef
+  data.tar.gz: 275421f89482553cc5887d6806d84907230636db4b7a0a48c620fc69df7d3e68
 SHA512:
-  metadata.gz: de7931e719fa600cbe8e2b6774ce4f48f193cc836e15a9e4b5f5d47ccd3b94a72688fd43a045da2dc0f9ec966df49390b6f2f30ed6b270a1fc0739002571fcd6
-  data.tar.gz: 78aa16d0970eba2d1a711c83dc1ba2869b64e5d7d1cb939adeb9e1667b4bab646423c271040fa22383416c5ac22f72d06d3190f440daeadf28830f54b423779b
+  metadata.gz: c147247d6cc1214be92cf53af46318c63a5678183db2c743c247f9f1ae70ffb7c2719cb585e6074b55ce239a17c9167a88d00cc0823accb26feb5b517b645553
+  data.tar.gz: 6be749ad84718f956de12db9f47729eff67746177ffb3c568d7c17bebdcd948e2f97830e9c9c8ff3c2fb5dcea1c367ae27282843bd07ef02e9ad429cce3bfba8

data/Gemfile

@@ -20,7 +20,7 @@ gem 'barby', '0.7.0'
 gem 'base32', '0.3.4'
 gem 'brakeman', '7.1.0'
 gem 'bson', '5.1.1'
-gem 'bundler', '>=2.7.1'
+gem 'bundler', '>=2.7.2'
 gem 'bundler-audit', '0.9.2'
 gem 'bunny', '2.24.0'
 gem 'colorize', '1.1.0'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.400]:001 >>> PWN.help
+pwn[v0.5.402]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.400]:001 >>> PWN.help
+pwn[v0.5.402]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.400]:001 >>> PWN.help
+pwn[v0.5.402]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_burp_suite_pro_active_rest_api_scan

@@ -31,6 +31,10 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to firefox)>') do |b|
+    opts[:browser_type] = b
+  end
+
   options.on('-D', '--[no-]debug', '<Optional - Enable Debug Output and Do Not Delete Temporary OpenAPI Spec>') do |d|
     opts[:debug] = d
   end
@@ -55,7 +59,7 @@ OptionParser.new do |options|
     opts[:exclude_paths] = e
   end
 
-  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL to include in scope (Defaults to value of --target_url)>') do |s|
     opts[:in_scope] = s
   end
 end.parse!
@@ -80,6 +84,8 @@ begin
 
   burp_jar_path = opts[:burp_jar_path]
   headless = opts[:headless] || false
+  browser_type = opts[:browser_type] ||= :firefox
+  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   debug = opts[:debug] || false
 
   swagger_defs_arr = swagger_definitions.split(',').map(&:strip)
@@ -120,7 +126,7 @@ begin
   else
     burp_obj = PWN::Plugins::BurpSuite.start(
       burp_jar_path: burp_jar_path,
-      browser_type: :chrome
+      browser_type: browser_type
     )
   end
 
@@ -165,10 +171,8 @@ begin
       output_dir: output_dir
     )
   end
-
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj)
 rescue StandardError => e
   raise e
 ensure
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
+  PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
 end

data/bin/pwn_burp_suite_pro_active_scan

@@ -30,7 +30,7 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
-  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to chrome)>') do |b|
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to firefox)>') do |b|
     opts[:browser_type] = b
   end
 
@@ -42,7 +42,7 @@ OptionParser.new do |options|
     opts[:navigation_instruct] = i
   end
 
-  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL to include in scope (Defaults to value of --target_url)>') do |s|
     opts[:in_scope] = s
   end
 end.parse!
@@ -65,7 +65,8 @@ begin
   exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
   burp_jar_path = opts[:burp_jar_path]
   headless = opts[:headless] || false
-  browser_type = opts[:browser_type] ||= :chrome
+  browser_type = opts[:browser_type] ||= :firefox
+  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   spider = opts[:spider] || false
   navigation_instruct = opts[:navigation_instruct]
   in_scope = opts[:in_scope] ||= target_url
@@ -100,7 +101,7 @@ begin
   # support JavaScript, DOM-based XSS vuln attempts are
   # possible as well since we have a DOM to interact w/
   # (Burp's DOM-XSS checks are based on static code analysis)
-  browser_obj = burp_obj[:burp_browser]
+  browser_obj = burp_obj[:mitm_browser]
   browser = browser_obj[:browser]
   browser.goto(target_url)
 
@@ -135,10 +136,8 @@ begin
       output_dir: output_dir
     )
   end
-
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj)
 rescue StandardError => e
   raise e
 ensure
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
+  PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
 end

data/bin/pwn_zaproxy_active_rest_api_scan

@@ -36,6 +36,10 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to firefox)>') do |b|
+    opts[:browser_type] = b
+  end
+
   options.on('-D', '--[no-]debug', '<Optional - Enable Debug Output and Do Not Delete Temporary OpenAPI Spec>') do |d|
     opts[:debug] = d
   end
@@ -52,7 +56,7 @@ OptionParser.new do |options|
     opts[:exclude_paths] = e
   end
 
-  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL regex to include in scope (Defaults to "<target_url>.*")>') do |s|
     opts[:in_scope] = s
   end
 end.parse!
@@ -80,6 +84,8 @@ begin
 
   zap_bin_path = opts[:zap_bin_path]
   headless = opts[:headless] || false
+  browser_type = opts[:browser_type] ||= :firefox
+  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   debug = opts[:debug] || false
 
   swagger_defs_arr = swagger_definitions.split(',').map(&:strip)
@@ -105,7 +111,7 @@ begin
   exlude_paths = opts[:exclude_paths]
   exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
 
-  in_scope = opts[:in_scope] ||= target_url
+  in_scope = opts[:in_scope] ||= "#{target_url}.*"
 
   # ------
   # Open ZAP
@@ -117,7 +123,7 @@ begin
   else
     zap_obj = PWN::Plugins::Zaproxy.start(
       zap_bin_path: zap_bin_path,
-      browser_type: :chrome
+      browser_type: browser_type
     )
   end
 
@@ -128,11 +134,18 @@ begin
     openapi_spec: openapi_spec
   )
 
+  # TODO: Initialize authorization header if required by API
+
   raise "ERROR: Failed to import OpenAPI/Swagger spec #{openapi_spec} into ZAP's Sitemap." if json_sitemap.nil? || json_sitemap.empty?
 
+  PWN::Plugins::Zaproxy.add_to_scope(
+    zap_obj: zap_obj,
+    target_regex: in_scope
+  )
+
   PWN::Plugins::Zaproxy.active_scan(
     zap_obj: zap_obj,
-    target_url: target_url,
+    target_url: in_scope,
     exclude_paths: exlude_paths
   )
 
@@ -150,10 +163,8 @@ begin
       output_dir: output_dir
     )
   end
-
-  zap_obj = PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj)
 rescue StandardError => e
   raise e
 ensure
-  zap_obj = PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj) unless zap_obj.nil?
+  PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj) unless zap_obj.nil?
 end

data/bin/pwn_zaproxy_active_scan

@@ -34,7 +34,7 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
-  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to chrome)>') do |b|
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to firefox)>') do |b|
     opts[:browser_type] = b
   end
 
@@ -46,7 +46,7 @@ OptionParser.new do |options|
     opts[:navigation_instruct] = i
   end
 
-  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL regex to include in scope (Defaults to "<target_url>.*")>') do |s|
     opts[:in_scope] = s
   end
 end.parse!
@@ -62,12 +62,6 @@ begin
   api_key = opts[:api_key]
   raise 'ERROR: --api_key is required.' if api_key.nil?
 
-  if opts[:browser_type].nil?
-    browser_type = :chrome
-  else
-    browser_type = opts[:browser_type].to_s.strip.chomp.scrub.to_sym
-  end
-
   target_url = opts[:target_url]
   raise 'ERROR: --target_url is required.' if target_url.nil?
 
@@ -78,10 +72,11 @@ begin
   exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
   zap_bin_path = opts[:zap_bin_path].to_s.strip.chomp.scrub if File.exist?(opts[:zap_bin_path].to_s.strip.chomp.scrub)
   headless = opts[:headless] || false
-  browser_type = opts[:browser_type] ||= :chrome
+  browser_type = opts[:browser_type] ||= :firefox
+  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   spider = opts[:spider] || false
   navigation_instruct = opts[:navigation_instruct]
-  in_scope = opts[:in_scope] ||= target_url
+  in_scope = opts[:in_scope] ||= "#{target_url}.*"
 
   # ------
   # Dynamically build arguments hash based on flags passed and Open Zap
@@ -102,7 +97,7 @@ begin
 
   logger.info(zap_obj)
 
-  browser_obj = zap_obj[:zap_browser]
+  browser_obj = zap_obj[:mitm_browser]
   browser = browser_obj[:browser]
   browser.goto(target_url)
 
@@ -117,9 +112,16 @@ begin
   end
 
   PWN::Plugins::Zaproxy.spider(zap_obj: zap_obj, target_url: target_url) if spider
+
+  PWN::Plugins::Zaproxy.add_to_scope(
+    zap_obj: zap_obj,
+    target_regex: in_scope
+  )
+
   PWN::Plugins::Zaproxy.active_scan(
     zap_obj: zap_obj,
-    target_url: target_url
+    target_url: in_scope,
+    exclude_paths: exlude_paths
   )
 
   # Generate all Report Types
@@ -133,11 +135,8 @@ begin
 
     logger.info("Report can be found here: #{report_path}")
   end
-
-  PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj)
 rescue StandardError => e
   raise e
 ensure
   PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj) unless zap_obj.nil?
-  browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj) unless browser_obj.nil?
 end

data/lib/pwn/plugins/burp_suite.rb

@@ -82,7 +82,7 @@ module PWN
         rest_browser = browser_obj1[:browser]
 
         burp_obj[:mitm_proxy] = "#{burp_ip}:#{burp_port}"
-        burp_obj[:pwn_burp_api] = "#{pwn_burp_ip}:#{pwn_burp_port}"
+        burp_obj[:mitm_rest_api] = "#{pwn_burp_ip}:#{pwn_burp_port}"
         burp_obj[:rest_browser] = rest_browser
 
         # Proxy always listens on localhost...use SSH tunneling if remote access is required
@@ -92,7 +92,7 @@ module PWN
           devtools: true
         )
 
-        burp_obj[:burp_browser] = browser_obj2
+        burp_obj[:mitm_browser] = browser_obj2
 
         # Wait for pwn_burp_port to open prior to returning burp_obj
         loop do
@@ -133,11 +133,11 @@ module PWN
         raise 'ERROR: uri parameter is required' if uri.nil?
 
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         base64_encoded_uri = Base64.strict_encode64(uri.to_s.scrub.strip.chomp)
 
         in_scope_resp = rest_browser.get(
-          "http://#{pwn_burp_api}/scope/#{base64_encoded_uri}",
+          "http://#{mitm_rest_api}/scope/#{base64_encoded_uri}",
           content_type: 'application/json; charset=UTF8'
         )
         json_in_scope = JSON.parse(in_scope_resp, symbolize_names: true)
@@ -156,11 +156,11 @@ module PWN
         burp_obj = opts[:burp_obj]
         target_url = opts[:target_url]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         post_body = { url: target_url }.to_json
 
-        in_scope = rest_browser.post("http://#{pwn_burp_api}/scope", post_body, content_type: 'application/json; charset=UTF8')
+        in_scope = rest_browser.post("http://#{mitm_rest_api}/scope", post_body, content_type: 'application/json; charset=UTF8')
         JSON.parse(in_scope, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -177,12 +177,12 @@ module PWN
         burp_obj = opts[:burp_obj]
         target_url = opts[:target_url]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         post_body = { url: target_url }.to_json
 
         in_scope = rest_browser.post(
-          "http://#{pwn_burp_api}/spider",
+          "http://#{mitm_rest_api}/spider",
           post_body,
           content_type: 'application/json; charset=UTF8'
         )
@@ -192,7 +192,7 @@ module PWN
         spider_status_json = {}
         loop do
           print '.'
-          spider_status_resp = rest_browser.get("http://#{pwn_burp_api}/spider/#{spider_id}")
+          spider_status_resp = rest_browser.get("http://#{mitm_rest_api}/spider/#{spider_id}")
           spider_status_json = JSON.parse(spider_status_resp, symbolize_names: true)
           spider_status = spider_status_json[:status]
           case spider_status
@@ -221,9 +221,9 @@ module PWN
       public_class_method def self.enable_proxy(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
-        enable_resp = rest_browser.post("http://#{pwn_burp_api}/proxy/intercept/enable", nil)
+        enable_resp = rest_browser.post("http://#{mitm_rest_api}/proxy/intercept/enable", nil)
         JSON.parse(enable_resp, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -238,9 +238,9 @@ module PWN
       public_class_method def self.disable_proxy(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
-        disable_resp = rest_browser.post("http://#{pwn_burp_api}/proxy/intercept/disable", nil)
+        disable_resp = rest_browser.post("http://#{mitm_rest_api}/proxy/intercept/disable", nil)
         JSON.parse(disable_resp, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -255,9 +255,9 @@ module PWN
       public_class_method def self.get_proxy_listeners(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
-        listeners = rest_browser.get("http://#{pwn_burp_api}/proxy/listeners", content_type: 'application/json; charset=UTF8')
+        listeners = rest_browser.get("http://#{mitm_rest_api}/proxy/listeners", content_type: 'application/json; charset=UTF8')
         JSON.parse(listeners, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -275,7 +275,7 @@ module PWN
       public_class_method def self.add_proxy_listener(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         bind_address = opts[:bind_address]
         raise 'ERROR: bind_address parameter is required' if bind_address.nil?
 
@@ -295,7 +295,7 @@ module PWN
           enabled: enabled
         }.to_json
 
-        listener = rest_browser.post("http://#{pwn_burp_api}/proxy/listeners", post_body, content_type: 'application/json; charset=UTF8')
+        listener = rest_browser.post("http://#{mitm_rest_api}/proxy/listeners", post_body, content_type: 'application/json; charset=UTF8')
         JSON.parse(listener, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -314,7 +314,7 @@ module PWN
       public_class_method def self.update_proxy_listener(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         id = opts[:id] ||= '0'
         bind_address = opts[:bind_address] ||= '127.0.0.1'
         port = opts[:port] ||= 8080
@@ -327,7 +327,7 @@ module PWN
           enabled: enabled
         }.to_json
 
-        listener = rest_browser.put("http://#{pwn_burp_api}/proxy/listeners/#{id}", post_body, content_type: 'application/json; charset=UTF8')
+        listener = rest_browser.put("http://#{mitm_rest_api}/proxy/listeners/#{id}", post_body, content_type: 'application/json; charset=UTF8')
         JSON.parse(listener, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -343,11 +343,11 @@ module PWN
       public_class_method def self.delete_proxy_listener(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         id = opts[:id] ||= '0'
         raise 'ERROR: id parameter is required' if id.nil?
 
-        rest_browser.delete("http://#{pwn_burp_api}/proxy/listeners/#{id}")
+        rest_browser.delete("http://#{mitm_rest_api}/proxy/listeners/#{id}")
         true # Return true to indicate successful deletion (or error if API fails)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -363,12 +363,12 @@ module PWN
       public_class_method def self.get_sitemap(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         target_url = opts[:target_url]
 
         base64_encoded_target_url = Base64.strict_encode64(target_url.to_s.scrub.strip.chomp) if target_url
 
-        rest_call = "http://#{pwn_burp_api}/sitemap"
+        rest_call = "http://#{mitm_rest_api}/sitemap"
         rest_call = "#{rest_call}/#{base64_encoded_target_url}" if target_url
 
         sitemap = rest_browser.get(
@@ -407,14 +407,14 @@ module PWN
       public_class_method def self.add_to_sitemap(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         sitemap = opts[:sitemap] ||= {}
         debug = opts[:debug] || false
 
         rest_client = rest_browser::Request
         response = rest_client.execute(
           method: :post,
-          url: "http://#{pwn_burp_api}/sitemap",
+          url: "http://#{mitm_rest_api}/sitemap",
           payload: sitemap.to_json,
           headers: { content_type: 'application/json; charset=UTF-8' },
           timeout: 10
@@ -881,14 +881,14 @@ module PWN
       # Supported Method Parameters::
       # active_scan_url_arr = PWN::Plugins::BurpSuite.active_scan(
       #   burp_obj: 'required - burp_obj returned by #start method',
-      #   target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',
+      #   target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:mitm_browser])',
       #   exclude_paths: 'optional - array of paths to exclude from active scan (default: [])'
       # )
 
       public_class_method def self.active_scan(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         target_url = opts[:target_url].to_s.scrub.strip.chomp
         raise 'ERROR: target_url parameter is required' if target_url.empty?
 
@@ -947,7 +947,7 @@ module PWN
           }.to_json
           # Kick off an active scan for each given page in the json_sitemap results
           resp = rest_browser.post(
-            "http://#{pwn_burp_api}/scan/active",
+            "http://#{mitm_rest_api}/scan/active",
             post_body,
             content_type: 'application/json'
           )
@@ -959,7 +959,7 @@ module PWN
 
         # Wait for scan completion
         loop do
-          scan_queue = rest_browser.get("http://#{pwn_burp_api}/scan/active")
+          scan_queue = rest_browser.get("http://#{mitm_rest_api}/scan/active")
           json_scan_queue = JSON.parse(scan_queue, symbolize_names: true)
           break if json_scan_queue.all? { |scan| scan[:status] == 'finished' }
 
@@ -975,7 +975,7 @@ module PWN
         # json_scan_queue.each do |scan_item|
         #   this_scan_item_id = scan_item[:id]
         #   until scan_item[:status] == 'finished'
-        #     scan_item_resp = rest_browser.get("http://#{pwn_burp_api}/scan/active/#{this_scan_item_id}")
+        #     scan_item_resp = rest_browser.get("http://#{mitm_rest_api}/scan/active/#{this_scan_item_id}")
         #     scan_item = JSON.parse(scan_item_resp, symbolize_names: true)
         #     scan_status = scan_item[:status]
         #     puts "Target ID ##{this_scan_item_id} of ##{scan_queue_total}| #{scan_status}"
@@ -999,12 +999,12 @@ module PWN
       public_class_method def self.get_scan_issues(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         rest_client = rest_browser::Request
         scan_issues = rest_client.execute(
           method: :get,
-          url: "http://#{pwn_burp_api}/scanissues",
+          url: "http://#{mitm_rest_api}/scanissues",
           timeout: 540
         )
         JSON.parse(scan_issues, symbolize_names: true)
@@ -1013,6 +1013,183 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # repeater_id = PWN::Plugins::BurpSuite.add_repeater_tab(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   name: 'required - name of the repeater tab (max 30 characters)',
+      #   request: 'optional - base64 encoded HTTP request string'
+      # )
+
+      public_class_method def self.add_repeater_tab(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+
+        name = opts[:name]
+        raise 'ERROR: name parameter is required' if name.nil?
+
+        request = opts[:request]
+        raise 'ERROR: request parameter is required' if request.nil?
+
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+
+        post_body = {
+          name: name[0..29],
+          request: request
+        }.to_json
+
+        repeater_resp = rest_browser.post(
+          "http://#{mitm_rest_api}/repeater",
+          post_body,
+          content_type: 'application/json; charset=UTF8'
+        )
+
+        repeater_resp = JSON.parse(repeater_resp, symbolize_names: true)
+        { id: repeater_resp[:value] }
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # repeater_tabs = PWN::Plugins::BurpSuite.get_all_repeater_tabs(
+      #   burp_obj: 'required - burp_obj returned by #start method'
+      # )
+
+      public_class_method def self.get_all_repeater_tabs(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+
+        repeater_resp = rest_browser.get(
+          "http://#{mitm_rest_api}/repeater",
+          content_type: 'application/json; charset=UTF8'
+        )
+
+        JSON.parse(repeater_resp, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # repeater_tab = PWN::Plugins::BurpSuite.get_repeater_tab(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   id: 'required - id of the repeater tab to get'
+      # )
+
+      public_class_method def self.get_repeater_tab(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+
+        id = opts[:id]
+        raise 'ERROR: id parameter is required' if id.nil?
+
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+
+        repeater_resp = rest_browser.get(
+          "http://#{mitm_rest_api}/repeater/#{id}",
+          content_type: 'application/json; charset=UTF8'
+        )
+
+        JSON.parse(repeater_resp, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # repeater_resp = PWN::Plugins::BurpSuite.send_repeater_request(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   id: 'required - id of the repeater tab to send'
+      # )
+
+      public_class_method def self.send_repeater_request(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+
+        id = opts[:id]
+        raise 'ERROR: id parameter is required' if id.nil?
+
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+
+        repeater_resp = rest_browser.post(
+          "http://#{mitm_rest_api}/repeater/#{id}/send",
+          content_type: 'application/json; charset=UTF8'
+        )
+
+        JSON.parse(repeater_resp, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # repeater_obj = PWN::Plugins::BurpSuite.update_repeater_tab(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   id: 'required - id of the repeater tab to update',
+      #   name: 'required - name of the repeater tab (max 30 characters)',
+      #   request: 'required - base64 encoded HTTP request string'
+      # )
+
+      public_class_method def self.update_repeater_tab(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+
+        id = opts[:id]
+        raise 'ERROR: id parameter is required' if id.nil?
+
+        name = opts[:name]
+        raise 'ERROR: name parameter is required' if name.nil?
+
+        request = opts[:request]
+        raise 'ERROR: request parameter is required' if request.nil?
+
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+
+        put_body = {
+          name: name[0..29],
+          request: request
+        }.to_json
+
+        repeater_resp = rest_browser.put(
+          "http://#{mitm_rest_api}/repeater/#{id}",
+          put_body,
+          content_type: 'application/json; charset=UTF8'
+        )
+
+        JSON.parse(repeater_resp, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # uri_in_scope = PWN::Plugins::BurpSuite.delete_repeater_tab(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   id: 'required - id of the repeater tab to delete'
+      # )
+
+      public_class_method def self.delete_repeater_tab(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+
+        id = opts[:id]
+        raise 'ERROR: id parameter is required' if id.nil?
+
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+
+        rest_browser.delete(
+          "http://#{mitm_rest_api}/repeater/#{id}",
+          content_type: 'application/json; charset=UTF8'
+        )
+
+        { id: id }
+      rescue StandardError => e
+        raise e
+      end
+
       # Supported Method Parameters::
       # PWN::Plugins::BurpSuite.generate_scan_report(
       #   burp_obj: 'required - burp_obj returned by #start method',
@@ -1025,7 +1202,7 @@ module PWN
         burp_obj = opts[:burp_obj]
         target_url = opts[:target_url]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         output_dir = opts[:output_dir]
         raise "ERROR: #{output_dir} does not exist." unless Dir.exist?(output_dir)
 
@@ -1059,7 +1236,7 @@ module PWN
         report_url = Base64.strict_encode64(target_domain)
         # Ready scanreport API call in pwn_burp to support HTML & XML report generation
         report_resp = rest_browser.get(
-          "http://#{pwn_burp_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
+          "http://#{mitm_rest_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
         )
 
         File.open(report_path, 'w') do |f|
@@ -1087,13 +1264,13 @@ module PWN
 
       public_class_method def self.stop(opts = {})
         burp_obj = opts[:burp_obj]
-        browser_obj = burp_obj[:burp_browser]
+        browser_obj = burp_obj[:mitm_browser]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         # burp_pid = burp_obj[:pid]
 
-        browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
-        rest_browser.post("http://#{pwn_burp_api}/shutdown", '')
+        PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
+        rest_browser.post("http://#{mitm_rest_api}/shutdown", '')
         # Process.kill('TERM', burp_pid)
 
         burp_obj = nil
@@ -1204,7 +1381,7 @@ module PWN
 
           active_scan_url_arr = #{self}.active_scan(
             burp_obj: 'required - burp_obj returned by #start method',
-            target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',
+            target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:mitm_browser])',
             exclude_paths: 'optional - array of paths to exclude from active scan (default: [])'
           )
 
@@ -1212,6 +1389,38 @@ module PWN
             burp_obj: 'required - burp_obj returned by #start method'
           ).to_json
 
+          repeater_id = #{self}.add_repeater_tab(
+            burp_obj: 'required - burp_obj returned by #start method',
+            name: 'required - name of the repeater tab (max 30 characters)',
+            request: 'optional - base64 encoded HTTP request string'
+          )
+
+          repeater_tabs = #{self}.get_all_repeater_tabs(
+            burp_obj: 'required - burp_obj returned by #start method'
+          )
+
+          repeater_tab = #{self}.get_repeater_tab(
+            burp_obj: 'required - burp_obj returned by #start method',
+            id: 'required - id of the repeater tab to get'
+          )
+
+          repeater_resp = #{self}.send_repeater_request(
+            burp_obj: 'required - burp_obj returned by #start method',
+            id: 'required - id of the repeater tab to send'
+          )
+
+          repeater_obj = #{self}.update_repeater_tab(
+            burp_obj: 'required - burp_obj returned by #start method',
+            id: 'required - id of the repeater tab to update',
+            name: 'required - name of the repeater tab (max 30 characters)',
+            request: 'required - base64 encoded HTTP request string'
+          )
+
+          repeater_obj = #{self}.delete_repeater_tab(
+            burp_obj: 'required - burp_obj returned by #start method',
+            id: 'required - id of the repeater tab to delete'
+          )
+
           #{self}.generate_scan_report(
             burp_obj: 'required - burp_obj returned by #start method',
             target_url: 'required - target_url passed to #active_scan method',

data/lib/pwn/plugins/transparent_browser.rb

@@ -1225,7 +1225,8 @@ module PWN
         PWN::Plugins::Tor.stop(tor_obj: browser_obj[:tor_obj]) if tor_obj
 
         # Close the browser unless browser.nil? (thus the &)
-        browser&.close unless browser.to_s == 'RestClient'
+        # browser&.close unless browser.to_s == 'RestClient'
+        browser&.close unless browser.is_a?(RestClient)
 
         nil
       rescue StandardError => e

data/lib/pwn/plugins/zaproxy.rb

@@ -24,17 +24,15 @@ module PWN
       private_class_method def self.zap_rest_call(opts = {})
         zap_obj = opts[:zap_obj]
         rest_call = opts[:rest_call].to_s.scrub
-        http_method = if opts[:http_method].nil?
-                        :get
-                      else
-                        opts[:http_method].to_s.scrub.to_sym
-                      end
+        http_method = opts[:http_method] ||= :get
+        http_method = http_method.to_s.downcase.to_sym unless http_method.is_a?(Symbol)
         params = opts[:params]
         http_body = opts[:http_body].to_s.scrub
-        zap_rest_api = zap_obj[:zap_rest_api]
-        base_zap_api_uri = "http://#{zap_rest_api}"
 
         rest_client = zap_obj[:rest_browser]::Request
+        mitm_rest_api = zap_obj[:mitm_rest_api]
+
+        base_zap_api_uri = "http://#{mitm_rest_api}"
 
         case http_method
         when :get
@@ -66,7 +64,7 @@ module PWN
 
         response
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -100,20 +98,11 @@ module PWN
         zap_rest_ip = zap_ip
         zap_rest_port = zap_port
 
-        if headless
-          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -daemon"
-        else
-          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin}"
-        end
-
-        zaproxy_cmd = "#{zaproxy_cmd} -host #{zap_ip} -port #{zap_port}"
-
-        zap_obj[:pid] = Process.spawn(zaproxy_cmd)
         browser_obj1 = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
         rest_browser = browser_obj1[:browser]
 
         zap_obj[:mitm_proxy] = "#{zap_ip}:#{zap_port}"
-        zap_obj[:zap_rest_api] = zap_obj[:mitm_proxy]
+        zap_obj[:mitm_rest_api] = zap_obj[:mitm_proxy]
         zap_obj[:rest_browser] = rest_browser
 
         browser_obj2 = PWN::Plugins::TransparentBrowser.open(
@@ -122,8 +111,17 @@ module PWN
           devtools: true
         )
 
-        zap_obj[:zap_browser] = browser_obj2
+        zap_obj[:mitm_browser] = browser_obj2
+
+        if headless
+          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -daemon"
+        else
+          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin}"
+        end
+
+        zaproxy_cmd = "#{zaproxy_cmd} -host #{zap_ip} -port #{zap_port}"
 
+        zap_obj[:pid] = Process.spawn(zaproxy_cmd)
         # Wait for pwn_burp_port to open prior to returning burp_obj
         loop do
           s = TCPSocket.new(zap_rest_ip, zap_rest_port)
@@ -136,8 +134,8 @@ module PWN
         end
 
         zap_obj
-      rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+      rescue Selenium::WebDriver::Error::SessionNotCreatedError, StandardError, SystemExit, Interrupt => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -169,7 +167,40 @@ module PWN
 
         JSON.parse(response.body, symbolize_names: true)
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::Zaproxy.add_to_scope(
+      #   zap_obj: 'required - zap_obj returned from #open method',
+      #   target_regex: 'required - url regex to add to scope (e.g. https://test.domain.local.*)',
+      #   context_name: 'optional - context name to add target_regex to (defaults to Default Context)'
+      # )
+
+      public_class_method def self.add_to_scope(opts = {})
+        zap_obj = opts[:zap_obj]
+        api_key = zap_obj[:api_key].to_s.scrub
+        target_regex = opts[:target_regex]
+        raise 'ERROR: target_url must be provided' if target_regex.nil?
+
+        context_name = opts[:context_name] ||= 'Default Context'
+
+        params = {
+          apikey: api_key,
+          contextName: context_name,
+          regex: target_regex
+        }
+
+        response = zap_rest_call(
+          zap_obj: zap_obj,
+          rest_call: 'JSON/context/action/includeInContext/',
+          params: params
+        )
+
+        JSON.parse(response.body, symbolize_names: true)
+      rescue StandardError, SystemExit, Interrupt => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -222,7 +253,7 @@ module PWN
           break if status == 100
         end
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -230,6 +261,7 @@ module PWN
       # PWN::Plugins::Zaproxy.active_scan(
       #   zap_obj: 'required - zap_obj returned from #open method',
       #   target_url:  'required - url to scan',
+      #   exclude_paths: 'optional - array of paths to exclude from scan (default: [])',
       #   scan_policy: 'optional - scan policy to use (defaults to Default Policy)'
       # )
 
@@ -237,10 +269,23 @@ module PWN
         zap_obj = opts[:zap_obj]
         api_key = zap_obj[:api_key].to_s.scrub
         target_url = opts[:target_url]
-        if opts[:scan_policy].nil?
-          scan_policy = 'Default Policy'
-        else
-          scan_policy = opts[:scan_policy].to_s.scrub.strip.chomp
+        raise 'ERROR: target_url must be provided' if target_url.nil?
+
+        exclude_paths = opts[:exclude_paths] ||= []
+        scan_policy = opts[:scan_policy] ||= 'Default Policy'
+
+        exclude_paths.each do |exclude_path|
+          exclude_path_regex = "#{target_url}#{exclude_path}.*"
+          params = {
+            apikey: api_key,
+            regex: exclude_path_regex
+          }
+          zap_rest_call(
+            zap_obj: zap_obj,
+            rest_call: 'JSON/ascan/action/excludeFromScan/',
+            params: params
+          )
+          puts "Excluding #{exclude_path_regex} from Active Scan"
         end
 
         # TODO: Implement adding target_url to scope so that inScopeOnly can be changed to true
@@ -279,17 +324,17 @@ module PWN
           break if status == 100
         end
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
       # Supported Method Parameters::
-      # PWN::Plugins::Zaproxy.alerts(
+      # PWN::Plugins::Zaproxy.get_alerts(
       #   zap_obj: 'required - zap_obj returned from #open method',
       #   target_url: 'required - base url to return alerts'
       # )
 
-      public_class_method def self.alerts(opts = {})
+      public_class_method def self.get_alerts(opts = {})
         zap_obj = opts[:zap_obj]
         api_key = zap_obj[:api_key].to_s.scrub
         target_url = opts[:target_url]
@@ -307,7 +352,7 @@ module PWN
 
         JSON.parse(response.body, symbolize_names: true)
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -357,7 +402,7 @@ module PWN
 
         report_path
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -391,7 +436,7 @@ module PWN
           http_method: :get
         )
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -423,47 +468,7 @@ module PWN
           http_method: :get
         )
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
-        raise e
-      end
-
-      # Supported Method Parameters::
-      # watir_resp = PWN::Plugins::Zaproxy.request(
-      #   zap_obj: 'required - zap_obj returned from #open method',
-      #   browser_obj: 'required - browser_obj w/ browser_type: :firefox||:headless returned from #open method',
-      #   instruction: 'required - watir instruction to make (e.g. button(text: "Google Search").click)'
-      # )
-
-      public_class_method def self.request(opts = {})
-        zap_obj = opts[:zap_obj]
-        api_key = zap_obj[:api_key].to_s.scrub
-        this_browser_obj = opts[:browser_obj]
-        instruction = opts[:instruction].to_s.strip.chomp.scrub
-
-        raise "\nbrowser_obj.class == #{this_browser_obj.class} browser_obj == #{this_browser_obj}\n#{self}.nonblocking_goto only supports browser_obj.class == Watir::Browser" unless this_browser_obj.is_a?(Watir::Browser)
-        raise "\nthis_browser_obj.driver.browser == #{this_browser_obj.driver.browser}\n#{self}.nonblocking_goto only supports this_browser_obj.driver.browser == :firefox" unless this_browser_obj.driver.browser == :firefox
-
-        timeout = 0
-        # this_browser_obj.driver.manage.timeouts.implicit_wait = timeout
-        this_browser_obj.driver.manage.timeouts.page_load = timeout
-        # this_browser_obj.driver.manage.timeouts.script_timeout = timeout
-
-        watir_resp = this_browser_obj.instance_eval(instruction)
-      rescue Timeout::Error
-        sleep 0.9
-        request_content = zap_rest_call(
-          zap_obj: zap_obj,
-          rest_call: "JSON/break/view/httpMessage/?zapapiformat=JSON&apikey=#{api_key}",
-          http_method: :get
-        ).body
-
-        # Now set all the timeouts back to default:
-        # this_browser_obj.driver.manage.timeouts.implicit_wait = b.driver.capabilities[:implicit_timeout]
-        this_browser_obj.driver.manage.timeouts.page_load = this_browser_obj.driver.capabilities[:page_load_timeout]
-        # this_browser_obj.driver.manage.timeouts.script_timeout = b.driver.capabilities[:script_timeout]
-
-        request_content
-      rescue StandardError => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -475,10 +480,9 @@ module PWN
       public_class_method def self.stop(opts = {})
         zap_obj = opts[:zap_obj]
         api_key = zap_obj[:api_key]
-        browser_obj = zap_obj[:zap_browser]
-        rest_browser = zap_obj[:rest_browser]
+        browser_obj = zap_obj[:mitm_browser]
 
-        browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
+        PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
 
         params = { apikey: api_key }
         zap_rest_call(
@@ -489,7 +493,6 @@ module PWN
 
         zap_obj = nil
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -525,10 +528,11 @@ module PWN
           #{self}.active_scan(
             zap_obj: 'required - zap_obj returned from #open method'
             target_url: 'required - url to scan',
+            exclude_paths: 'optional - array of paths to exclude from scan (default: [])',
             scan_policy: 'optional - scan policy to use (defaults to Default Policy)'
           )
 
-          json_alerts = #{self}.alerts(
+          json_alerts = #{self}.get_alerts(
             zap_obj: 'required - zap_obj returned from #open method'
             target_url: 'required - base url to return alerts'
           )
@@ -546,10 +550,10 @@ module PWN
             enabled: 'optional - boolean (defaults to true)'
           )
 
-          watir_resp = #{self}.request(
+          #{self}.tamper(
             zap_obj: 'required - zap_obj returned from #open method',
-            browser_obj: 'required - browser_obj w/ browser_type: :firefox||:headless returned from #open method',
-            instruction: 'required - watir instruction to make (e.g. button(text: \"Google Search\").click)'
+            domain: 'required - FQDN to tamper (e.g. test.domain.local)',
+            enabled: 'optional - boolean (defaults to true)'
           )
 
           #{self}.stop(

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.400'
+  VERSION = '0.5.402'
 end

data/third_party/pwn_rdoc.jsonl

@@ -520,6 +520,7 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::BlackDuckBinaryAnalysis.get_vulnerabilities Usage"},{"role":"assistant","content":"`PWN::Plugins::BlackDuckBinaryAnalysis.get_vulnerabilities`: Supported Method Parameters\n\nresponse = PWN::Plugins::BlackDuckBinaryAnalysis.get_vulnerabilities(\n\ntoken: 'required - Bearer token'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BlackDuckBinaryAnalysis.help Usage"},{"role":"assistant","content":"`PWN::Plugins::BlackDuckBinaryAnalysis.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BlackDuckBinaryAnalysis.upload_file Usage"},{"role":"assistant","content":"`PWN::Plugins::BlackDuckBinaryAnalysis.upload_file`: Supported Method Parameters\n\nresponse = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(\n\ntoken: 'required - Bearer token',\nfile: 'required - path of file to upload',\ngroup_id: 'optional - group id',\ndelete_binary: 'optional - delete binary after upload (defaults to false)',\nforce_scan: 'optional - force scan (defaults to false)',\ncallback_url: 'optional - callback url',\nscan_infoleak: 'optional - scan infoleak (defaults to true)',\ncode_analysis: 'optional - code analysis (defaults to true)',\nscan_code_familiarity: 'optional - scan code familiarity (defaults to false)',\nversion: 'optional - version',\nproduct_id: 'optional - product id'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.active_scan`: Supported Method Parameters\n\nactive_scan_url_arr = PWN::Plugins::BurpSuite.active_scan(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',\nexclude_paths: 'optional - array of paths to exclude from active scan (default: [])'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_proxy_listener`: Supported Method Parameters\n\njson_proxy_listener = PWN::Plugins::BurpSuite.add_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\nbind_address: 'required - bind address for the proxy listener (e.g., \"127.0.0.1\")',\nport: 'required - port for the proxy listener (e.g., 8081)',\nenabled: 'optional - enable the listener (defaults to true)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_to_scope Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_to_scope`: Supported Method Parameters\n\njson_in_scope = PWN::Plugins::BurpSuite.add_to_scope(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to add to scope'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_to_sitemap Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_to_sitemap`: "}]}
@@ -528,14 +529,13 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.disable_proxy Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.disable_proxy`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.disable_proxy(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.enable_proxy Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.enable_proxy`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.enable_proxy(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.format_uri_from_sitemap_resp Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.format_uri_from_sitemap_resp`: Supported Method Parameters\n\nuri = PWN::Plugins::BurpSuite.format_uri_from_sitemap_resp(\n\nscheme: 'required - scheme of the URI (http|https)',\nhost: 'required - host of the URI',\nport: 'optional - port of the URI',\npath: 'optional - path of the URI',\nquery: 'optional - query string of the URI'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.generate_scan_report Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.generate_scan_report`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.generate_scan_report(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target_url passed to #invoke_active_scan method',\nreport_type: :html|:xml|:both,\noutput_path: 'required - path to save report results'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.generate_scan_report Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.generate_scan_report`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.generate_scan_report(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target_url passed to #active_scan method',\noutput_dir: 'required - directory to save the report',\nreport_type: required - <:html|:xml>'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.get_proxy_listeners Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.get_proxy_listeners`: Supported Method Parameters\n\njson_proxy_listeners = PWN::Plugins::BurpSuite.get_proxy_listeners(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.get_scan_issues Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.get_scan_issues`: Supported Method Parameters\n\njson_scan_issues = PWN::Plugins::BurpSuite.get_scan_issues(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.get_sitemap Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.get_sitemap`: Supported Method Parameters\n\njson_sitemap = PWN::Plugins::BurpSuite.get_sitemap(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'optional - target URL to filter sitemap results (defaults to entire sitemap)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.help Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.import_openapi_to_sitemap Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.import_openapi_to_sitemap`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.in_scope Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.in_scope`: Supported Method Parameters\n\nuri_in_scope = PWN::Plugins::BurpSuite.in_scope(\n\nburp_obj: 'required - burp_obj returned by #start method',\nuri: 'required - URI to determine if in scope'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.invoke_active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.invoke_active_scan`: Supported Method Parameters\n\nactive_scan_url_arr = PWN::Plugins::BurpSuite.invoke_active_scan(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',\nexclude_paths: 'optional - array of paths to exclude from active scan (default: [])'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.spider Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.spider`: Supported Method Parameters\n\njson_spider = PWN::Plugins::BurpSuite.spider(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to add to crawl / spider'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj1 = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: 'optional - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',\nheadless: 'optional - run burp headless if set to true',\nbrowser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',\nburp_ip: 'optional - IP address for the Burp proxy (defaults to 127.0.0.1)',\nburp_port: 'optional - port for the Burp proxy (defaults to a random unused port)',\npwn_burp_ip: 'optional - IP address for the PWN Burp API (defaults to 127.0.0.1)',\npwn_burp_port: 'optional - port for the PWN Burp API (defaults to a random unused port)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.stop Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.stop`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.stop(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
@@ -826,19 +826,6 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::OpenVAS.last_report_id Usage"},{"role":"assistant","content":"`PWN::Plugins::OpenVAS.last_report_id`: Supported Method Parameters\n\nlast_report_id = PWN::Plugins::OpenVAS.last_report_id(\n\ntask_name: 'required task name to start',\nusername: 'required username',\npassword: 'optional password (will prompt if nil)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OpenVAS.save_report Usage"},{"role":"assistant","content":"`PWN::Plugins::OpenVAS.save_report`: Supported Method Parameters\n\nPWN::Plugins::OpenVAS.save_report(\n\nreport_type: 'required report type (csv|itg|pdf|txt|xml)',\nreport_id: 'required report id to save',\nreport_dir: 'required directory to save report',\nusername: 'required username',\npassword: 'optional password (will prompt if nil)',\nreport_filter: 'optional - results filter (Default: \"apply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity\")\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::OpenVAS.start_task Usage"},{"role":"assistant","content":"`PWN::Plugins::OpenVAS.start_task`: Supported Method Parameters\n\nstart_task_xml_resp = PWN::Plugins::OpenVAS.start_task(\n\ntask_name: 'required task name to start',\nusername: 'required username',\npassword: 'optional password (will prompt if nil)'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.active_scan`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.active_scan(\n\nzap_obj: 'required - zap_obj returned from #open method',\ntarget:  'required - url to scan',\nscan_policy: 'optional - scan policy to use (defaults to Default Policy)'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.alerts Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.alerts`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.alerts(\n\nzap_obj: 'required - zap_obj returned from #open method',\ntarget: 'required - base url to return alerts'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.breakpoint Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.breakpoint`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.breakpoint(\n\nzap_obj: 'required - zap_obj returned from #open method',\nregex_type: 'required - :url, :request_header, :request_body, :response_header or :response_body',\nregex_pattern: 'required - regex pattern to search for respective regex_type',\nenabled: 'optional - boolean (defaults to true)'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.generate_report Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.generate_report`: Supported Method Parameters\n\nreport_path = PWN::Plugins::OwaspZap.generate_report(\n\nzap_obj: 'required - zap_obj returned from #open method',\noutput_dir: 'required - directory to save report',\nreport_type: 'required - <html|markdown|xml>'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.help Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.help`: "}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.import_openapi_spec_file Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.import_openapi_spec_file`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.import_openapi_spec_file(\n\nzap_obj: 'required - zap_obj returned from #open method',\nspec: 'required - path to OpenAPI spec file (e.g. /path/to/openapi.yaml)',\ntarget: 'required - target URL to ovverride the service URL in the OpenAPI spec (e.g. https://fq.dn)',\ncontext_id: 'optional - ID of the ZAP context (Defaults to first context, if any)',\nuser_id: 'optional - ID of the ZAP user (Defaults to first user, if any)'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.request Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.request`: Supported Method Parameters\n\nwatir_resp = PWN::Plugins::OwaspZap.request(\n\nzap_obj: 'required - zap_obj returned from #open method',\nbrowser_obj: 'required - browser_obj w/ browser_type: :firefox||:headless returned from #open method',\ninstruction: 'required - watir instruction to make (e.g. button(text: \"Google Search\").click)'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.spider Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.spider`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.spider(\n\nzap_obj: 'required - zap_obj returned from #open method',\ntarget: 'required - url to spider'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.start Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.start`: Supported Method Parameters\n\nzap_obj = PWN::Plugins::OwaspZap.start(\n\napi_key: 'required - api key for API authorization',\nzap_bin_path: 'optional - path to zap.sh file'\nheadless: 'optional - run zap headless if set to true',\nproxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:<Random 1024-65535>)',\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.stop Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.stop`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.stop(\n\n:zap_obj => 'required - zap_obj returned from #start method'\n\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.tamper Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.tamper`: Supported Method Parameters\n\nPWN::Plugins::OwaspZap.tamper(\n\nzap_obj: 'required - zap_obj returned from #open method',\ndomain: 'required - FQDN to tamper (e.g. test.domain.local)',\nenabled: 'optional - boolean (defaults to true)'\n\n)\n"}]}
-{"messages":[{"role":"user","content":"PWN::Plugins::OwaspZap.zap_rest_call Usage"},{"role":"assistant","content":"`PWN::Plugins::OwaspZap.zap_rest_call`: Supported Method Parameters\n\nzap_rest_call(\n\nzap_obj: 'required zap_obj returned from #start method',\nrest_call: 'required rest call to make per the schema',\nhttp_method: 'optional HTTP method (defaults to GET)\nhttp_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::PDFParse.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::PDFParse.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::PDFParse.help Usage"},{"role":"assistant","content":"`PWN::Plugins::PDFParse.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::PDFParse.read_text Usage"},{"role":"assistant","content":"`PWN::Plugins::PDFParse.read_text`: Supported Method Parameters\n\nPWN::Plugins::PDFParse.read_text(\n\npdf_path: 'optional path to dir defaults to .'\n\n)\n"}]}
@@ -1046,10 +1033,26 @@
 {"messages":[{"role":"user","content":"PWN::Plugins::XXD.fill_range_w_byte Usage"},{"role":"assistant","content":"`PWN::Plugins::XXD.fill_range_w_byte`: Supported Method Parameters\n\nhexdump = PWN::Plugins::XXD.fill_range_w_byte(\n\nhexdump: 'required - hexdump returned from #dump method',\nstart_addr: 'required - start address to fill with byte',\nend_addr: 'required - end address to fill with byte',\nbyte: 'required - byte to fill range with'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::XXD.help Usage"},{"role":"assistant","content":"`PWN::Plugins::XXD.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Plugins::XXD.reverse_dump Usage"},{"role":"assistant","content":"`PWN::Plugins::XXD.reverse_dump`: Supported Method Parameters\n\nPWN::Plugins::XXD.reverse_dump(\n\nhexdump: 'required - hexdump returned from #dump method',\nfile: 'required - path to binary file to dump',\nbyte_chunks: 'optional - if set, will write n byte chunks of hexdump to multiple files'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.active_scan`: Supported Method Parameters\n\nPWN::Plugins::Zaproxy.active_scan(\n\nzap_obj: 'required - zap_obj returned from #open method',\ntarget_url:  'required - url to scan',\nscan_policy: 'optional - scan policy to use (defaults to Default Policy)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.alerts Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.alerts`: Supported Method Parameters\n\nPWN::Plugins::Zaproxy.alerts(\n\nzap_obj: 'required - zap_obj returned from #open method',\ntarget_url: 'required - base url to return alerts'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.breakpoint Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.breakpoint`: Supported Method Parameters\n\nPWN::Plugins::Zaproxy.breakpoint(\n\nzap_obj: 'required - zap_obj returned from #open method',\nregex_type: 'required - :url, :request_header, :request_body, :response_header or :response_body',\nregex_pattern: 'required - regex pattern to search for respective regex_type',\nenabled: 'optional - boolean (defaults to true)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.generate_scan_report Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.generate_scan_report`: Supported Method Parameters\n\nreport_path = PWN::Plugins::Zaproxy.generate_scan_report(\n\nzap_obj: 'required - zap_obj returned from #open method',\noutput_dir: 'required - directory to save report',\nreport_type: 'required - <:html|:markdown|:xml>'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.help Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.help`: "}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.import_openapi_to_sitemap Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.import_openapi_to_sitemap`: Supported Method Parameters\n\nPWN::Plugins::Zaproxy.import_openapi_to_sitemap(\n\nzap_obj: 'required - zap_obj returned from #open method',\nopenapi_spec: 'required - path to OpenAPI JSON or YAML spec file'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.request Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.request`: Supported Method Parameters\n\nwatir_resp = PWN::Plugins::Zaproxy.request(\n\nzap_obj: 'required - zap_obj returned from #open method',\nbrowser_obj: 'required - browser_obj w/ browser_type: :firefox||:headless returned from #open method',\ninstruction: 'required - watir instruction to make (e.g. button(text: \"Google Search\").click)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.spider Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.spider`: Supported Method Parameters\n\nPWN::Plugins::Zaproxy.spider(\n\nzap_obj: 'required - zap_obj returned from #open method',\ntarget_url: 'required - url to spider'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.start Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.start`: Supported Method Parameters\n\nzap_obj = PWN::Plugins::Zaproxy.start(\n\napi_key: 'required - api key for API authorization',\nzap_bin_path: 'optional - path to zap.sh file'\nheadless: 'optional - run zap headless if set to true',\nbrowser_type: 'optional - defaults to :firefox.  See PWN::Plugins::TransparentBrowser.help for a list of types',\nproxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:<Random 1024-65535>)',\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.stop Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.stop`: Supported Method Parameters\n\nPWN::Plugins::Zaproxy.stop(\n\nzap_obj: 'required - zap_obj returned from #open method'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.tamper Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.tamper`: Supported Method Parameters\n\nPWN::Plugins::Zaproxy.tamper(\n\nzap_obj: 'required - zap_obj returned from #open method',\ndomain: 'required - FQDN to tamper (e.g. test.domain.local)',\nenabled: 'optional - boolean (defaults to true)'\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Plugins::Zaproxy.zap_rest_call Usage"},{"role":"assistant","content":"`PWN::Plugins::Zaproxy.zap_rest_call`: Supported Method Parameters\n\nzap_rest_call(\n\nzap_obj: 'required zap_obj returned from #start method',\nrest_call: 'required rest call to make per the schema',\nhttp_method: 'optional HTTP method (defaults to GET)\nhttp_body: 'optional HTTP body sent in HTTP methods that support it e.g. POST'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports.help Usage"},{"role":"assistant","content":"`PWN::Reports.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Fuzz.authors Usage"},{"role":"assistant","content":"`PWN::Reports::Fuzz.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Fuzz.generate Usage"},{"role":"assistant","content":"`PWN::Reports::Fuzz.generate`: Supported Method Parameters\n\nPWN::Reports::Fuzz.generate(\n\ndir_path: dir_path,\nresults_hash: results_hash,\nchar_encoding: 'optional - character encoding returned by PWN::Plugins::Char.list_encoders (defaults to UTF-8)'\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::Fuzz.help Usage"},{"role":"assistant","content":"`PWN::Reports::Fuzz.help`: "}]}
+{"messages":[{"role":"user","content":"PWN::Reports::HTMLFooter.authors Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLFooter.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
+{"messages":[{"role":"user","content":"PWN::Reports::HTMLFooter.generate Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLFooter.generate`: Supported Method Parameters\n\nPWN::Reports::HTMLFooter.generate(\n\ncolumn_names: 'required - array of column names to use in the report table',\ndriver_src_uri: 'required - pwn driver source code uri',\n\n)\n"}]}
+{"messages":[{"role":"user","content":"PWN::Reports::HTMLFooter.help Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLFooter.help`: "}]}
 {"messages":[{"role":"user","content":"PWN::Reports::HTMLHeader.authors Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLHeader.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::HTMLHeader.generate Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLHeader.generate`: Supported Method Parameters\n\nPWN::Reports::HTMLHeader.generate(\n\ncolumn_names: 'required - array of column names to use in the report table',\ndriver_src_uri: 'required - pwn driver source code uri',\n\n)\n"}]}
 {"messages":[{"role":"user","content":"PWN::Reports::HTMLHeader.help Usage"},{"role":"assistant","content":"`PWN::Reports::HTMLHeader.help`: "}]}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.400
+  version: 0.5.402
 platform: ruby
 authors:
 - 0day Inc.
@@ -127,14 +127,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.7.1
+        version: 2.7.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.7.1
+        version: 2.7.2
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -2379,7 +2379,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.1
+rubygems_version: 3.7.2
 specification_version: 4
 summary: Automated Security Testing for CI/CD Pipelines & Beyond
 test_files: []