pwn 0.5.401 → 0.5.403

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d84bc3035034f9064b99d250eaebdae6868b2a6c67df2cd4ce9463060f32115f
-  data.tar.gz: 4be12fe5b7df1abdf32a8ce0944eafa6e627138823b0010bc05ad9be2181a35c
+  metadata.gz: 3e5390f3bf6209a6f425edc5c920dbd6869add40979a7f25e8962356d5c9a6bd
+  data.tar.gz: 5cf631f4bc2838ed8f016bc0da2d34c4543b4610300783ce39ace423d501be57
 SHA512:
-  metadata.gz: fbd47dd6ccf640ea9cfaebefb5ee4543ceb878f403700ddcc211872764ceb0ec5a494657fe3b5cd25f1f80039130bdea3c738b66d8cce31fec00a697667b48e0
-  data.tar.gz: eff9efbad951fe531b743fea854f23f38afd1e55101d2c88a6b2134ab7a2689710957c1eedb90bba97bf1bac46d15b88972cdae0aa8ce83bbc67aa5d83af3351
+  metadata.gz: 36181bae24a6d150c6badf0f42a5c1e7a76fc0f385ffe775eaf0b1d2403fbbcb577aaf5dd746b0f5f6cacbcd34fdd3b40be5bf31006f1a701499906236f38b21
+  data.tar.gz: cabc729dc772df80d270bc43192db6127cf1f6c418f580031d909a1c66488d8e75c24212e137758b01fe94eb45ae955fdee2d803a1ca6da553c38a3966e7ed27

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.401]:001 >>> PWN.help
+pwn[v0.5.403]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.401]:001 >>> PWN.help
+pwn[v0.5.403]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.401]:001 >>> PWN.help
+pwn[v0.5.403]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_burp_suite_pro_active_rest_api_scan

@@ -31,6 +31,10 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to firefox)>') do |b|
+    opts[:browser_type] = b
+  end
+
   options.on('-D', '--[no-]debug', '<Optional - Enable Debug Output and Do Not Delete Temporary OpenAPI Spec>') do |d|
     opts[:debug] = d
   end
@@ -55,7 +59,7 @@ OptionParser.new do |options|
     opts[:exclude_paths] = e
   end
 
-  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL to include in scope (Defaults to value of --target_url)>') do |s|
     opts[:in_scope] = s
   end
 end.parse!
@@ -80,6 +84,8 @@ begin
 
   burp_jar_path = opts[:burp_jar_path]
   headless = opts[:headless] || false
+  browser_type = opts[:browser_type] ||= :firefox
+  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   debug = opts[:debug] || false
 
   swagger_defs_arr = swagger_definitions.split(',').map(&:strip)
@@ -120,7 +126,7 @@ begin
   else
     burp_obj = PWN::Plugins::BurpSuite.start(
       burp_jar_path: burp_jar_path,
-      browser_type: :chrome
+      browser_type: browser_type
     )
   end
 
@@ -165,10 +171,8 @@ begin
       output_dir: output_dir
     )
   end
-
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj)
 rescue StandardError => e
   raise e
 ensure
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
+  PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
 end

data/bin/pwn_burp_suite_pro_active_scan

@@ -30,7 +30,7 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
-  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to chrome)>') do |b|
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to firefox)>') do |b|
     opts[:browser_type] = b
   end
 
@@ -42,7 +42,7 @@ OptionParser.new do |options|
     opts[:navigation_instruct] = i
   end
 
-  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL to include in scope (Defaults to value of --target_url)>') do |s|
     opts[:in_scope] = s
   end
 end.parse!
@@ -65,7 +65,8 @@ begin
   exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
   burp_jar_path = opts[:burp_jar_path]
   headless = opts[:headless] || false
-  browser_type = opts[:browser_type] ||= :chrome
+  browser_type = opts[:browser_type] ||= :firefox
+  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   spider = opts[:spider] || false
   navigation_instruct = opts[:navigation_instruct]
   in_scope = opts[:in_scope] ||= target_url
@@ -100,7 +101,7 @@ begin
   # support JavaScript, DOM-based XSS vuln attempts are
   # possible as well since we have a DOM to interact w/
   # (Burp's DOM-XSS checks are based on static code analysis)
-  browser_obj = burp_obj[:burp_browser]
+  browser_obj = burp_obj[:mitm_browser]
   browser = browser_obj[:browser]
   browser.goto(target_url)
 
@@ -135,10 +136,8 @@ begin
       output_dir: output_dir
     )
   end
-
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj)
 rescue StandardError => e
   raise e
 ensure
-  burp_obj = PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
+  PWN::Plugins::BurpSuite.stop(burp_obj: burp_obj) unless burp_obj.nil?
 end

data/bin/pwn_zaproxy_active_rest_api_scan

@@ -36,6 +36,10 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to firefox)>') do |b|
+    opts[:browser_type] = b
+  end
+
   options.on('-D', '--[no-]debug', '<Optional - Enable Debug Output and Do Not Delete Temporary OpenAPI Spec>') do |d|
     opts[:debug] = d
   end
@@ -52,7 +56,7 @@ OptionParser.new do |options|
     opts[:exclude_paths] = e
   end
 
-  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL regex to include in scope (Defaults to "<target_url>.*")>') do |s|
     opts[:in_scope] = s
   end
 end.parse!
@@ -80,6 +84,8 @@ begin
 
   zap_bin_path = opts[:zap_bin_path]
   headless = opts[:headless] || false
+  browser_type = opts[:browser_type] ||= :firefox
+  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   debug = opts[:debug] || false
 
   swagger_defs_arr = swagger_definitions.split(',').map(&:strip)
@@ -100,12 +106,10 @@ begin
   )
 
   additional_http_headers = opts[:additional_http_headers]
-  additional_http_headers = JSON.parse(additional_http_headers, symbolize_names: true) if additional_http_headers.is_a?(String)
-
   exlude_paths = opts[:exclude_paths]
   exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
 
-  in_scope = opts[:in_scope] ||= target_url
+  in_scope = opts[:in_scope] ||= "#{target_url}.*"
 
   # ------
   # Open ZAP
@@ -117,7 +121,7 @@ begin
   else
     zap_obj = PWN::Plugins::Zaproxy.start(
       zap_bin_path: zap_bin_path,
-      browser_type: :chrome
+      browser_type: browser_type
     )
   end
 
@@ -127,12 +131,25 @@ begin
     zap_obj: zap_obj,
     openapi_spec: openapi_spec
   )
-
   raise "ERROR: Failed to import OpenAPI/Swagger spec #{openapi_spec} into ZAP's Sitemap." if json_sitemap.nil? || json_sitemap.empty?
 
+  if additional_http_headers.is_a?(String)
+    additional_http_headers = JSON.parse(additional_http_headers, symbolize_names: true)
+    PWN::Plugins::Zaproxy.inject_additional_http_headers(
+      zap_obj: zap_obj,
+      target_regex: in_scope,
+      additional_http_headers: additional_http_headers
+    )
+  end
+
+  PWN::Plugins::Zaproxy.add_to_scope(
+    zap_obj: zap_obj,
+    target_regex: in_scope
+  )
+
   PWN::Plugins::Zaproxy.active_scan(
     zap_obj: zap_obj,
-    target_url: target_url,
+    target_url: in_scope,
     exclude_paths: exlude_paths
   )
 
@@ -150,10 +167,8 @@ begin
       output_dir: output_dir
     )
   end
-
-  zap_obj = PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj)
 rescue StandardError => e
   raise e
 ensure
-  zap_obj = PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj) unless zap_obj.nil?
+  PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj) unless zap_obj.nil?
 end

data/bin/pwn_zaproxy_active_scan

@@ -34,7 +34,7 @@ OptionParser.new do |options|
     opts[:headless] = h
   end
 
-  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to chrome)>') do |b|
+  options.on('-bTYPE', '--browser_type=TYPE', '<Optional - Browser Type <firefox|chrome|headless|rest> (Defaults to firefox)>') do |b|
     opts[:browser_type] = b
   end
 
@@ -46,7 +46,7 @@ OptionParser.new do |options|
     opts[:navigation_instruct] = i
   end
 
-  options.on('-iURL', '--in_scope=URL', '<Optional - URL to add include in scope (Defaults to value of --target_url)>') do |s|
+  options.on('-iURL', '--in_scope=URL', '<Optional - URL regex to include in scope (Defaults to "<target_url>.*")>') do |s|
     opts[:in_scope] = s
   end
 end.parse!
@@ -62,12 +62,6 @@ begin
   api_key = opts[:api_key]
   raise 'ERROR: --api_key is required.' if api_key.nil?
 
-  if opts[:browser_type].nil?
-    browser_type = :chrome
-  else
-    browser_type = opts[:browser_type].to_s.strip.chomp.scrub.to_sym
-  end
-
   target_url = opts[:target_url]
   raise 'ERROR: --target_url is required.' if target_url.nil?
 
@@ -78,10 +72,11 @@ begin
   exlude_paths = exlude_paths.split(',').map(&:strip) if exlude_paths.is_a?(String)
   zap_bin_path = opts[:zap_bin_path].to_s.strip.chomp.scrub if File.exist?(opts[:zap_bin_path].to_s.strip.chomp.scrub)
   headless = opts[:headless] || false
-  browser_type = opts[:browser_type] ||= :chrome
+  browser_type = opts[:browser_type] ||= :firefox
+  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   spider = opts[:spider] || false
   navigation_instruct = opts[:navigation_instruct]
-  in_scope = opts[:in_scope] ||= target_url
+  in_scope = opts[:in_scope] ||= "#{target_url}.*"
 
   # ------
   # Dynamically build arguments hash based on flags passed and Open Zap
@@ -102,7 +97,7 @@ begin
 
   logger.info(zap_obj)
 
-  browser_obj = zap_obj[:zap_browser]
+  browser_obj = zap_obj[:mitm_browser]
   browser = browser_obj[:browser]
   browser.goto(target_url)
 
@@ -117,9 +112,16 @@ begin
   end
 
   PWN::Plugins::Zaproxy.spider(zap_obj: zap_obj, target_url: target_url) if spider
+
+  PWN::Plugins::Zaproxy.add_to_scope(
+    zap_obj: zap_obj,
+    target_regex: in_scope
+  )
+
   PWN::Plugins::Zaproxy.active_scan(
     zap_obj: zap_obj,
-    target_url: target_url
+    target_url: in_scope,
+    exclude_paths: exlude_paths
   )
 
   # Generate all Report Types
@@ -133,11 +135,8 @@ begin
 
     logger.info("Report can be found here: #{report_path}")
   end
-
-  PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj)
 rescue StandardError => e
   raise e
 ensure
   PWN::Plugins::Zaproxy.stop(zap_obj: zap_obj) unless zap_obj.nil?
-  browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj) unless browser_obj.nil?
 end

data/lib/pwn/plugins/burp_suite.rb

@@ -82,7 +82,7 @@ module PWN
         rest_browser = browser_obj1[:browser]
 
         burp_obj[:mitm_proxy] = "#{burp_ip}:#{burp_port}"
-        burp_obj[:pwn_burp_api] = "#{pwn_burp_ip}:#{pwn_burp_port}"
+        burp_obj[:mitm_rest_api] = "#{pwn_burp_ip}:#{pwn_burp_port}"
         burp_obj[:rest_browser] = rest_browser
 
         # Proxy always listens on localhost...use SSH tunneling if remote access is required
@@ -92,7 +92,7 @@ module PWN
           devtools: true
         )
 
-        burp_obj[:burp_browser] = browser_obj2
+        burp_obj[:mitm_browser] = browser_obj2
 
         # Wait for pwn_burp_port to open prior to returning burp_obj
         loop do
@@ -133,11 +133,11 @@ module PWN
         raise 'ERROR: uri parameter is required' if uri.nil?
 
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         base64_encoded_uri = Base64.strict_encode64(uri.to_s.scrub.strip.chomp)
 
         in_scope_resp = rest_browser.get(
-          "http://#{pwn_burp_api}/scope/#{base64_encoded_uri}",
+          "http://#{mitm_rest_api}/scope/#{base64_encoded_uri}",
           content_type: 'application/json; charset=UTF8'
         )
         json_in_scope = JSON.parse(in_scope_resp, symbolize_names: true)
@@ -156,11 +156,11 @@ module PWN
         burp_obj = opts[:burp_obj]
         target_url = opts[:target_url]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         post_body = { url: target_url }.to_json
 
-        in_scope = rest_browser.post("http://#{pwn_burp_api}/scope", post_body, content_type: 'application/json; charset=UTF8')
+        in_scope = rest_browser.post("http://#{mitm_rest_api}/scope", post_body, content_type: 'application/json; charset=UTF8')
         JSON.parse(in_scope, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -177,12 +177,12 @@ module PWN
         burp_obj = opts[:burp_obj]
         target_url = opts[:target_url]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         post_body = { url: target_url }.to_json
 
         in_scope = rest_browser.post(
-          "http://#{pwn_burp_api}/spider",
+          "http://#{mitm_rest_api}/spider",
           post_body,
           content_type: 'application/json; charset=UTF8'
         )
@@ -192,7 +192,7 @@ module PWN
         spider_status_json = {}
         loop do
           print '.'
-          spider_status_resp = rest_browser.get("http://#{pwn_burp_api}/spider/#{spider_id}")
+          spider_status_resp = rest_browser.get("http://#{mitm_rest_api}/spider/#{spider_id}")
           spider_status_json = JSON.parse(spider_status_resp, symbolize_names: true)
           spider_status = spider_status_json[:status]
           case spider_status
@@ -221,9 +221,9 @@ module PWN
       public_class_method def self.enable_proxy(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
-        enable_resp = rest_browser.post("http://#{pwn_burp_api}/proxy/intercept/enable", nil)
+        enable_resp = rest_browser.post("http://#{mitm_rest_api}/proxy/intercept/enable", nil)
         JSON.parse(enable_resp, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -238,9 +238,9 @@ module PWN
       public_class_method def self.disable_proxy(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
-        disable_resp = rest_browser.post("http://#{pwn_burp_api}/proxy/intercept/disable", nil)
+        disable_resp = rest_browser.post("http://#{mitm_rest_api}/proxy/intercept/disable", nil)
         JSON.parse(disable_resp, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -255,9 +255,9 @@ module PWN
       public_class_method def self.get_proxy_listeners(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
-        listeners = rest_browser.get("http://#{pwn_burp_api}/proxy/listeners", content_type: 'application/json; charset=UTF8')
+        listeners = rest_browser.get("http://#{mitm_rest_api}/proxy/listeners", content_type: 'application/json; charset=UTF8')
         JSON.parse(listeners, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -275,7 +275,7 @@ module PWN
       public_class_method def self.add_proxy_listener(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         bind_address = opts[:bind_address]
         raise 'ERROR: bind_address parameter is required' if bind_address.nil?
 
@@ -295,7 +295,7 @@ module PWN
           enabled: enabled
         }.to_json
 
-        listener = rest_browser.post("http://#{pwn_burp_api}/proxy/listeners", post_body, content_type: 'application/json; charset=UTF8')
+        listener = rest_browser.post("http://#{mitm_rest_api}/proxy/listeners", post_body, content_type: 'application/json; charset=UTF8')
         JSON.parse(listener, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -314,7 +314,7 @@ module PWN
       public_class_method def self.update_proxy_listener(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         id = opts[:id] ||= '0'
         bind_address = opts[:bind_address] ||= '127.0.0.1'
         port = opts[:port] ||= 8080
@@ -327,7 +327,7 @@ module PWN
           enabled: enabled
         }.to_json
 
-        listener = rest_browser.put("http://#{pwn_burp_api}/proxy/listeners/#{id}", post_body, content_type: 'application/json; charset=UTF8')
+        listener = rest_browser.put("http://#{mitm_rest_api}/proxy/listeners/#{id}", post_body, content_type: 'application/json; charset=UTF8')
         JSON.parse(listener, symbolize_names: true)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -343,11 +343,11 @@ module PWN
       public_class_method def self.delete_proxy_listener(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         id = opts[:id] ||= '0'
         raise 'ERROR: id parameter is required' if id.nil?
 
-        rest_browser.delete("http://#{pwn_burp_api}/proxy/listeners/#{id}")
+        rest_browser.delete("http://#{mitm_rest_api}/proxy/listeners/#{id}")
         true # Return true to indicate successful deletion (or error if API fails)
       rescue StandardError => e
         stop(burp_obj: burp_obj) unless burp_obj.nil?
@@ -363,12 +363,12 @@ module PWN
       public_class_method def self.get_sitemap(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         target_url = opts[:target_url]
 
         base64_encoded_target_url = Base64.strict_encode64(target_url.to_s.scrub.strip.chomp) if target_url
 
-        rest_call = "http://#{pwn_burp_api}/sitemap"
+        rest_call = "http://#{mitm_rest_api}/sitemap"
         rest_call = "#{rest_call}/#{base64_encoded_target_url}" if target_url
 
         sitemap = rest_browser.get(
@@ -407,14 +407,14 @@ module PWN
       public_class_method def self.add_to_sitemap(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         sitemap = opts[:sitemap] ||= {}
         debug = opts[:debug] || false
 
         rest_client = rest_browser::Request
         response = rest_client.execute(
           method: :post,
-          url: "http://#{pwn_burp_api}/sitemap",
+          url: "http://#{mitm_rest_api}/sitemap",
           payload: sitemap.to_json,
           headers: { content_type: 'application/json; charset=UTF-8' },
           timeout: 10
@@ -881,14 +881,14 @@ module PWN
       # Supported Method Parameters::
       # active_scan_url_arr = PWN::Plugins::BurpSuite.active_scan(
       #   burp_obj: 'required - burp_obj returned by #start method',
-      #   target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',
+      #   target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:mitm_browser])',
       #   exclude_paths: 'optional - array of paths to exclude from active scan (default: [])'
       # )
 
       public_class_method def self.active_scan(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         target_url = opts[:target_url].to_s.scrub.strip.chomp
         raise 'ERROR: target_url parameter is required' if target_url.empty?
 
@@ -947,7 +947,7 @@ module PWN
           }.to_json
           # Kick off an active scan for each given page in the json_sitemap results
           resp = rest_browser.post(
-            "http://#{pwn_burp_api}/scan/active",
+            "http://#{mitm_rest_api}/scan/active",
             post_body,
             content_type: 'application/json'
           )
@@ -959,7 +959,7 @@ module PWN
 
         # Wait for scan completion
         loop do
-          scan_queue = rest_browser.get("http://#{pwn_burp_api}/scan/active")
+          scan_queue = rest_browser.get("http://#{mitm_rest_api}/scan/active")
           json_scan_queue = JSON.parse(scan_queue, symbolize_names: true)
           break if json_scan_queue.all? { |scan| scan[:status] == 'finished' }
 
@@ -975,7 +975,7 @@ module PWN
         # json_scan_queue.each do |scan_item|
         #   this_scan_item_id = scan_item[:id]
         #   until scan_item[:status] == 'finished'
-        #     scan_item_resp = rest_browser.get("http://#{pwn_burp_api}/scan/active/#{this_scan_item_id}")
+        #     scan_item_resp = rest_browser.get("http://#{mitm_rest_api}/scan/active/#{this_scan_item_id}")
         #     scan_item = JSON.parse(scan_item_resp, symbolize_names: true)
         #     scan_status = scan_item[:status]
         #     puts "Target ID ##{this_scan_item_id} of ##{scan_queue_total}| #{scan_status}"
@@ -999,12 +999,12 @@ module PWN
       public_class_method def self.get_scan_issues(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         rest_client = rest_browser::Request
         scan_issues = rest_client.execute(
           method: :get,
-          url: "http://#{pwn_burp_api}/scanissues",
+          url: "http://#{mitm_rest_api}/scanissues",
           timeout: 540
         )
         JSON.parse(scan_issues, symbolize_names: true)
@@ -1031,7 +1031,7 @@ module PWN
         raise 'ERROR: request parameter is required' if request.nil?
 
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         post_body = {
           name: name[0..29],
@@ -1039,7 +1039,7 @@ module PWN
         }.to_json
 
         repeater_resp = rest_browser.post(
-          "http://#{pwn_burp_api}/repeater",
+          "http://#{mitm_rest_api}/repeater",
           post_body,
           content_type: 'application/json; charset=UTF8'
         )
@@ -1060,10 +1060,10 @@ module PWN
         raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
 
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         repeater_resp = rest_browser.get(
-          "http://#{pwn_burp_api}/repeater",
+          "http://#{mitm_rest_api}/repeater",
           content_type: 'application/json; charset=UTF8'
         )
 
@@ -1086,10 +1086,10 @@ module PWN
         raise 'ERROR: id parameter is required' if id.nil?
 
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         repeater_resp = rest_browser.get(
-          "http://#{pwn_burp_api}/repeater/#{id}",
+          "http://#{mitm_rest_api}/repeater/#{id}",
           content_type: 'application/json; charset=UTF8'
         )
 
@@ -1112,10 +1112,10 @@ module PWN
         raise 'ERROR: id parameter is required' if id.nil?
 
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         repeater_resp = rest_browser.post(
-          "http://#{pwn_burp_api}/repeater/#{id}/send",
+          "http://#{mitm_rest_api}/repeater/#{id}/send",
           content_type: 'application/json; charset=UTF8'
         )
 
@@ -1146,7 +1146,7 @@ module PWN
         raise 'ERROR: request parameter is required' if request.nil?
 
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         put_body = {
           name: name[0..29],
@@ -1154,7 +1154,7 @@ module PWN
         }.to_json
 
         repeater_resp = rest_browser.put(
-          "http://#{pwn_burp_api}/repeater/#{id}",
+          "http://#{mitm_rest_api}/repeater/#{id}",
           put_body,
           content_type: 'application/json; charset=UTF8'
         )
@@ -1178,10 +1178,10 @@ module PWN
         raise 'ERROR: id parameter is required' if id.nil?
 
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
 
         rest_browser.delete(
-          "http://#{pwn_burp_api}/repeater/#{id}",
+          "http://#{mitm_rest_api}/repeater/#{id}",
           content_type: 'application/json; charset=UTF8'
         )
 
@@ -1202,7 +1202,7 @@ module PWN
         burp_obj = opts[:burp_obj]
         target_url = opts[:target_url]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         output_dir = opts[:output_dir]
         raise "ERROR: #{output_dir} does not exist." unless Dir.exist?(output_dir)
 
@@ -1236,7 +1236,7 @@ module PWN
         report_url = Base64.strict_encode64(target_domain)
         # Ready scanreport API call in pwn_burp to support HTML & XML report generation
         report_resp = rest_browser.get(
-          "http://#{pwn_burp_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
+          "http://#{mitm_rest_api}/scanreport/#{report_type.to_s.upcase}/#{report_url}"
         )
 
         File.open(report_path, 'w') do |f|
@@ -1264,13 +1264,13 @@ module PWN
 
       public_class_method def self.stop(opts = {})
         burp_obj = opts[:burp_obj]
-        browser_obj = burp_obj[:burp_browser]
+        browser_obj = burp_obj[:mitm_browser]
         rest_browser = burp_obj[:rest_browser]
-        pwn_burp_api = burp_obj[:pwn_burp_api]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
         # burp_pid = burp_obj[:pid]
 
-        browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
-        rest_browser.post("http://#{pwn_burp_api}/shutdown", '')
+        PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
+        rest_browser.post("http://#{mitm_rest_api}/shutdown", '')
         # Process.kill('TERM', burp_pid)
 
         burp_obj = nil
@@ -1381,7 +1381,7 @@ module PWN
 
           active_scan_url_arr = #{self}.active_scan(
             burp_obj: 'required - burp_obj returned by #start method',
-            target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:burp_browser])',
+            target_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:mitm_browser])',
             exclude_paths: 'optional - array of paths to exclude from active scan (default: [])'
           )
 

data/lib/pwn/plugins/transparent_browser.rb

@@ -1225,7 +1225,8 @@ module PWN
         PWN::Plugins::Tor.stop(tor_obj: browser_obj[:tor_obj]) if tor_obj
 
         # Close the browser unless browser.nil? (thus the &)
-        browser&.close unless browser.to_s == 'RestClient'
+        # browser&.close unless browser.to_s == 'RestClient'
+        browser&.close unless browser.is_a?(RestClient)
 
         nil
       rescue StandardError => e

data/lib/pwn/plugins/zaproxy.rb

@@ -24,17 +24,15 @@ module PWN
       private_class_method def self.zap_rest_call(opts = {})
         zap_obj = opts[:zap_obj]
         rest_call = opts[:rest_call].to_s.scrub
-        http_method = if opts[:http_method].nil?
-                        :get
-                      else
-                        opts[:http_method].to_s.scrub.to_sym
-                      end
+        http_method = opts[:http_method] ||= :get
+        http_method = http_method.to_s.downcase.to_sym unless http_method.is_a?(Symbol)
         params = opts[:params]
         http_body = opts[:http_body].to_s.scrub
-        zap_rest_api = zap_obj[:zap_rest_api]
-        base_zap_api_uri = "http://#{zap_rest_api}"
 
         rest_client = zap_obj[:rest_browser]::Request
+        mitm_rest_api = zap_obj[:mitm_rest_api]
+
+        base_zap_api_uri = "http://#{mitm_rest_api}"
 
         case http_method
         when :get
@@ -66,7 +64,7 @@ module PWN
 
         response
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -100,20 +98,11 @@ module PWN
         zap_rest_ip = zap_ip
         zap_rest_port = zap_port
 
-        if headless
-          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -daemon"
-        else
-          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin}"
-        end
-
-        zaproxy_cmd = "#{zaproxy_cmd} -host #{zap_ip} -port #{zap_port}"
-
-        zap_obj[:pid] = Process.spawn(zaproxy_cmd)
         browser_obj1 = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
         rest_browser = browser_obj1[:browser]
 
         zap_obj[:mitm_proxy] = "#{zap_ip}:#{zap_port}"
-        zap_obj[:zap_rest_api] = zap_obj[:mitm_proxy]
+        zap_obj[:mitm_rest_api] = zap_obj[:mitm_proxy]
         zap_obj[:rest_browser] = rest_browser
 
         browser_obj2 = PWN::Plugins::TransparentBrowser.open(
@@ -122,8 +111,17 @@ module PWN
           devtools: true
         )
 
-        zap_obj[:zap_browser] = browser_obj2
+        zap_obj[:mitm_browser] = browser_obj2
 
+        if headless
+          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -daemon"
+        else
+          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin}"
+        end
+
+        zaproxy_cmd = "#{zaproxy_cmd} -host #{zap_ip} -port #{zap_port}"
+
+        zap_obj[:pid] = Process.spawn(zaproxy_cmd)
         # Wait for pwn_burp_port to open prior to returning burp_obj
         loop do
           s = TCPSocket.new(zap_rest_ip, zap_rest_port)
@@ -136,8 +134,8 @@ module PWN
         end
 
         zap_obj
-      rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+      rescue Selenium::WebDriver::Error::SessionNotCreatedError, StandardError, SystemExit, Interrupt => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -169,7 +167,40 @@ module PWN
 
         JSON.parse(response.body, symbolize_names: true)
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::Zaproxy.add_to_scope(
+      #   zap_obj: 'required - zap_obj returned from #open method',
+      #   target_regex: 'required - url regex to add to scope (e.g. https://test.domain.local.*)',
+      #   context_name: 'optional - context name to add target_regex to (defaults to Default Context)'
+      # )
+
+      public_class_method def self.add_to_scope(opts = {})
+        zap_obj = opts[:zap_obj]
+        api_key = zap_obj[:api_key].to_s.scrub
+        target_regex = opts[:target_regex]
+        raise 'ERROR: target_url must be provided' if target_regex.nil?
+
+        context_name = opts[:context_name] ||= 'Default Context'
+
+        params = {
+          apikey: api_key,
+          contextName: context_name,
+          regex: target_regex
+        }
+
+        response = zap_rest_call(
+          zap_obj: zap_obj,
+          rest_call: 'JSON/context/action/includeInContext/',
+          params: params
+        )
+
+        JSON.parse(response.body, symbolize_names: true)
+      rescue StandardError, SystemExit, Interrupt => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -222,7 +253,53 @@ module PWN
           break if status == 100
         end
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::Zaproxy.inject_additional_http_headers(
+      #   zap_obj: 'required - zap_obj returned from #open method',
+      #   target_regex: 'required - url regex to inject headers into (e.g. https://test.domain.local.*)',
+      #   headers: 'required - hash of additional headers to inject into each request',
+      # )
+
+      public_class_method def self.inject_additional_http_headers(opts = {})
+        zap_obj = opts[:zap_obj]
+        api_key = zap_obj[:api_key].to_s.scrub
+        target_regex = opts[:target_regex]
+        raise 'ERROR: target_regex must be provided' if target_regex.nil?
+
+        headers = opts[:headers] ||= {}
+        raise 'ERROR: headers must be provided' if headers.empty? || !headers.is_a?(Hash)
+
+        replacer_resp_arr = []
+        headers.each_key do |header_key|
+          params = {
+            apikey: api_key,
+            description: header_key,
+            enabled: true,
+            matchType: 'REQ_HEADER',
+            matchRegex: false,
+            matchString: header_key,
+            replacement: "#{header_key}: #{headers[header_key]}",
+            initiators: '',
+            url: target_regex
+          }
+
+          response = zap_rest_call(
+            zap_obj: zap_obj,
+            rest_call: 'JSON/replacer/action/addRule/',
+            params: params
+          )
+
+          json_resp = JSON.parse(response.body, symbolize_names: true)
+          replacer_resp_arr.push(json_resp)
+        end
+
+        replacer_resp_arr
+      rescue StandardError, SystemExit, Interrupt => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -230,6 +307,7 @@ module PWN
       # PWN::Plugins::Zaproxy.active_scan(
       #   zap_obj: 'required - zap_obj returned from #open method',
       #   target_url:  'required - url to scan',
+      #   exclude_paths: 'optional - array of paths to exclude from scan (default: [])',
       #   scan_policy: 'optional - scan policy to use (defaults to Default Policy)'
       # )
 
@@ -237,10 +315,23 @@ module PWN
         zap_obj = opts[:zap_obj]
         api_key = zap_obj[:api_key].to_s.scrub
         target_url = opts[:target_url]
-        if opts[:scan_policy].nil?
-          scan_policy = 'Default Policy'
-        else
-          scan_policy = opts[:scan_policy].to_s.scrub.strip.chomp
+        raise 'ERROR: target_url must be provided' if target_url.nil?
+
+        exclude_paths = opts[:exclude_paths] ||= []
+        scan_policy = opts[:scan_policy] ||= 'Default Policy'
+
+        exclude_paths.each do |exclude_path|
+          exclude_path_regex = "#{target_url}#{exclude_path}.*"
+          params = {
+            apikey: api_key,
+            regex: exclude_path_regex
+          }
+          zap_rest_call(
+            zap_obj: zap_obj,
+            rest_call: 'JSON/ascan/action/excludeFromScan/',
+            params: params
+          )
+          puts "Excluding #{exclude_path_regex} from Active Scan"
         end
 
         # TODO: Implement adding target_url to scope so that inScopeOnly can be changed to true
@@ -279,17 +370,17 @@ module PWN
           break if status == 100
         end
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
       # Supported Method Parameters::
-      # PWN::Plugins::Zaproxy.alerts(
+      # PWN::Plugins::Zaproxy.get_alerts(
       #   zap_obj: 'required - zap_obj returned from #open method',
       #   target_url: 'required - base url to return alerts'
       # )
 
-      public_class_method def self.alerts(opts = {})
+      public_class_method def self.get_alerts(opts = {})
         zap_obj = opts[:zap_obj]
         api_key = zap_obj[:api_key].to_s.scrub
         target_url = opts[:target_url]
@@ -307,7 +398,7 @@ module PWN
 
         JSON.parse(response.body, symbolize_names: true)
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -357,7 +448,7 @@ module PWN
 
         report_path
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -391,7 +482,7 @@ module PWN
           http_method: :get
         )
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -423,47 +514,7 @@ module PWN
           http_method: :get
         )
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
-        raise e
-      end
-
-      # Supported Method Parameters::
-      # watir_resp = PWN::Plugins::Zaproxy.request(
-      #   zap_obj: 'required - zap_obj returned from #open method',
-      #   browser_obj: 'required - browser_obj w/ browser_type: :firefox||:headless returned from #open method',
-      #   instruction: 'required - watir instruction to make (e.g. button(text: "Google Search").click)'
-      # )
-
-      public_class_method def self.request(opts = {})
-        zap_obj = opts[:zap_obj]
-        api_key = zap_obj[:api_key].to_s.scrub
-        this_browser_obj = opts[:browser_obj]
-        instruction = opts[:instruction].to_s.strip.chomp.scrub
-
-        raise "\nbrowser_obj.class == #{this_browser_obj.class} browser_obj == #{this_browser_obj}\n#{self}.nonblocking_goto only supports browser_obj.class == Watir::Browser" unless this_browser_obj.is_a?(Watir::Browser)
-        raise "\nthis_browser_obj.driver.browser == #{this_browser_obj.driver.browser}\n#{self}.nonblocking_goto only supports this_browser_obj.driver.browser == :firefox" unless this_browser_obj.driver.browser == :firefox
-
-        timeout = 0
-        # this_browser_obj.driver.manage.timeouts.implicit_wait = timeout
-        this_browser_obj.driver.manage.timeouts.page_load = timeout
-        # this_browser_obj.driver.manage.timeouts.script_timeout = timeout
-
-        watir_resp = this_browser_obj.instance_eval(instruction)
-      rescue Timeout::Error
-        sleep 0.9
-        request_content = zap_rest_call(
-          zap_obj: zap_obj,
-          rest_call: "JSON/break/view/httpMessage/?zapapiformat=JSON&apikey=#{api_key}",
-          http_method: :get
-        ).body
-
-        # Now set all the timeouts back to default:
-        # this_browser_obj.driver.manage.timeouts.implicit_wait = b.driver.capabilities[:implicit_timeout]
-        this_browser_obj.driver.manage.timeouts.page_load = this_browser_obj.driver.capabilities[:page_load_timeout]
-        # this_browser_obj.driver.manage.timeouts.script_timeout = b.driver.capabilities[:script_timeout]
-
-        request_content
-      rescue StandardError => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -475,10 +526,9 @@ module PWN
       public_class_method def self.stop(opts = {})
         zap_obj = opts[:zap_obj]
         api_key = zap_obj[:api_key]
-        browser_obj = zap_obj[:zap_browser]
-        rest_browser = zap_obj[:rest_browser]
+        browser_obj = zap_obj[:mitm_browser]
 
-        browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
+        PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
 
         params = { apikey: api_key }
         zap_rest_call(
@@ -489,7 +539,6 @@ module PWN
 
         zap_obj = nil
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj) unless zap_obj.nil?
         raise e
       end
 
@@ -522,13 +571,26 @@ module PWN
             openapi_spec: 'required - path to OpenAPI JSON or YAML spec file'
           )
 
+          #{self}.add_to_scope(
+            zap_obj: 'required - zap_obj returned from #open method',
+            target_regex: 'required - url regex to add to scope (e.g. https://test.domain.local.*)',
+            context_name: 'optional - context name to add target_regex to (defaults to Default Context)'
+          )
+
+          #{self}.inject_additional_http_headers(
+            zap_obj: 'required - zap_obj returned from #open method',
+            target_regex: 'required - url regex to inject headers into (e.g. https://test.domain.local.*)',
+            headers: 'required - hash of additional headers to inject into each request'
+          )
+
           #{self}.active_scan(
             zap_obj: 'required - zap_obj returned from #open method'
             target_url: 'required - url to scan',
+            exclude_paths: 'optional - array of paths to exclude from scan (default: [])',
             scan_policy: 'optional - scan policy to use (defaults to Default Policy)'
           )
 
-          json_alerts = #{self}.alerts(
+          json_alerts = #{self}.get_alerts(
             zap_obj: 'required - zap_obj returned from #open method'
             target_url: 'required - base url to return alerts'
           )
@@ -546,10 +608,10 @@ module PWN
             enabled: 'optional - boolean (defaults to true)'
           )
 
-          watir_resp = #{self}.request(
+          #{self}.tamper(
             zap_obj: 'required - zap_obj returned from #open method',
-            browser_obj: 'required - browser_obj w/ browser_type: :firefox||:headless returned from #open method',
-            instruction: 'required - watir instruction to make (e.g. button(text: \"Google Search\").click)'
+            domain: 'required - FQDN to tamper (e.g. test.domain.local)',
+            enabled: 'optional - boolean (defaults to true)'
           )
 
           #{self}.stop(

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.401'
+  VERSION = '0.5.403'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.401
+  version: 0.5.403
 platform: ruby
 authors:
 - 0day Inc.