RubyGems - pwn - Versions diffs - 0.5.404 → 0.5.406 - Mend

pwn 0.5.404 → 0.5.406

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +3 -3
data/lib/pwn/plugins/burp_suite.rb +26 -1
data/lib/pwn/plugins/zaproxy.rb +220 -3
data/lib/pwn/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43c98ee49b32ce9b04d3fdc660599c8b7fc47db6f5b5042169a1ffe96eb6bb77
-  data.tar.gz: a577bdac165bd2e96ec1ed87bb51c0d434276a00e8234f58c200e037ef1b83c0
+  metadata.gz: 3a4875ea87dd3f0605bc2ac889621fc124d43016086b2ef914a71dd8104879ff
+  data.tar.gz: 68addc891a15eea06b39b9e575fd98ce3b9e5a4d3e490c20bdfbe138699b8f2e
 SHA512:
-  metadata.gz: 6bad0c2f1b20916b4245dc95a8b7a42f9a686e386fe475238b3890ea2287331e737d794b2a88e32437b50355fe4a3786420b3a756b40bc3f99b5fd76f3ce0496
-  data.tar.gz: fd6cb93dad15d5e55e824a6bdbe13a3260612a015054d4cff6637b5469f5aa88ce7bdbe5409f83f4102f0023ba4ba2c9ca486ffaf3bddd8a94db37d98c761506
+  metadata.gz: 6b9211d610152046dec2ddcb6c96687085ae3004d104713064831c511e7ce1aa490c5f4e69c12066bc6d11e4f81b47dd90e6b289d5df88a6a5d65abb67d24dd7
+  data.tar.gz: e43570d37f21c2a3dc4008da1b42ee0aa379f4aebe5880dd47bb1b4c881a767db74a85b4121a125fbcdb67a4fc7526e239dfb595fd2327dbc0742c67e76027c7

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.404]:001 >>> PWN.help
+pwn[v0.5.406]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.404]:001 >>> PWN.help
+pwn[v0.5.406]:001 >>> PWN.help
 ```
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.404]:001 >>> PWN.help
+pwn[v0.5.406]:001 >>> PWN.help
 ```
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/burp_suite.rb CHANGED Viewed

@@ -450,7 +450,7 @@ module PWN
         raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
         openapi_spec = opts[:openapi_spec]
-        raise 'ERROR: openapi_spec parameter not found' unless File.exist?(openapi_spec)
+        raise 'ERROR: openapi_spec parameter is required' if openapi_spec.nil?
         additional_http_headers = opts[:additional_http_headers] ||= {}
         raise 'ERROR: additional_http_headers must be a Hash' unless additional_http_headers.is_a?(Hash)
@@ -1013,6 +1013,31 @@ module PWN
         raise e
       end
+      # Supported Method Parameters::
+      # repeater_id = PWN::Plugins::BurpSuite.find_sitemap_entries(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   search_string: 'required - string to search for in the sitemap entries'
+      # )
+      public_class_method def self.find_sitemap_entries(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+        search_string = opts[:search_string]
+        raise 'ERROR: search_string parameter is required' if search_string.nil?
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+        json_sitemap = get_sitemap(burp_obj: burp_obj)
+        matching_entries = json_sitemap.select do |entry|
+          decoded_request = Base64.strict_decode64(entry[:request])
+          decoded_request.include?(search_string)
+        end
+      rescue StandardError => e
+        raise e
+      end
       # Supported Method Parameters::
       # repeater_id = PWN::Plugins::BurpSuite.add_repeater_tab(
       #   burp_obj: 'required - burp_obj returned by #start method',

data/lib/pwn/plugins/zaproxy.rb CHANGED Viewed

@@ -171,6 +171,95 @@ module PWN
         raise e
       end
+      # Supported Method Parameters::
+      # json_sitemap = PWN::Plugins::Zaproxy.get_sitemap(
+      #   zap_obj: 'required - zap_obj returned from #open method',
+      #   return_as: 'optional - :base64 or :har (defaults to :base64)'
+      # )
+      public_class_method def self.get_sitemap(opts = {})
+        zap_obj = opts[:zap_obj]
+        api_key = zap_obj[:api_key].to_s.scrub
+        return_as = opts[:return_as] ||= :base64
+        entries = []
+        start = 0
+        count = 1000
+        loop do
+          params = { apikey: api_key, start: start, count: count }
+          response = zap_rest_call(
+            zap_obj: zap_obj,
+            rest_call: 'OTHER/exim/other/exportHar/',
+            params: params
+          )
+          har_data = JSON.parse(response.body, symbolize_names: true)
+          new_entries = har_data[:log][:entries]
+          break if new_entries.empty?
+          entries += new_entries
+          start += count
+        end
+        return entries if return_as == :har
+        # Deduplicate entries based on method + url
+        seen = Set.new
+        converted_messages = []
+        entries.each do |entry|
+          req = entry[:request]
+          key = [req[:method], req[:url]]
+          next if seen.include?(key)
+          seen.add(key)
+          # Build full request string
+          req_line = "#{req[:method]} #{req[:url]} #{req[:httpVersion]}\r\n"
+          req_headers = req[:headers].map { |h| "#{h[:name]}: #{h[:value]}\r\n" }.join
+          req_body = ''
+          if req[:postData] && req[:postData][:text]
+            req_body = req[:postData][:text]
+            req_body = Base64.decode64(req_body) if req[:postData][:encoding] == 'base64'
+          end
+          full_req = "#{req_line}#{req_headers}\r\n#{req_body}".force_encoding('ASCII-8BIT')
+          encoded_req = Base64.strict_encode64(full_req)
+          # Build full response string
+          res = entry[:response]
+          res_line = "#{res[:httpVersion]} #{res[:status]} #{res[:statusText]}\r\n"
+          res_headers = res[:headers].map { |h| "#{h[:name]}: #{h[:value]}\r\n" }.join
+          res_body = ''
+          if res[:content] && res[:content][:text]
+            res_body = res[:content][:text]
+            res_body = Base64.decode64(res_body) if res[:content][:encoding] == 'base64'
+          end
+          full_res = "#{res_line}#{res_headers}\r\n#{res_body}".force_encoding('ASCII-8BIT')
+          encoded_res = Base64.strict_encode64(full_res)
+          # Extract http_service
+          uri = URI.parse(req[:url])
+          http_service = {
+            host: uri.host,
+            port: uri.port,
+            protocol: uri.scheme
+          }
+          # Add to array
+          converted_messages << {
+            request: encoded_req,
+            response: encoded_res,
+            http_service: http_service
+          }
+        end
+        converted_messages
+      rescue StandardError, SystemExit, Interrupt => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
+        raise e
+      end
       # Supported Method Parameters::
       # PWN::Plugins::Zaproxy.add_to_scope(
       #   zap_obj: 'required - zap_obj returned from #open method',
@@ -204,6 +293,86 @@ module PWN
         raise e
       end
+      # Supported Method Parameters::
+      # PWN::Plugins::Zaproxy.find_har_entries(
+      #   zap_obj: 'required - zap_obj returned from #open method',
+      #   request: 'required - base64 encoded request or HAR entry :request (e.g. from #get_sitemap method)'
+      # )
+      public_class_method def self.find_har_entries(opts = {})
+        zap_obj = opts[:zap_obj]
+        api_key = zap_obj[:api_key].to_s.scrub
+        request = opts[:request]
+        raise 'ERROR: request must be provided' if request.nil?
+        har_sitemap = get_sitemap(
+          zap_obj: zap_obj,
+          return_as: :har
+        )
+        # HAR entry
+        if request.is_a?(Hash) && request.key?(:method) && request.key?(:url) && request.key?(:httpVersion)
+          har_entries = har_sitemap.select { |entry| entry[:request] == request }
+        else
+          # Base64 encoded string
+          dec_request = Base64.strict_decode64(request).force_encoding('ASCII-8BIT') unless dec_request.is_a?(Hash)
+          # Find the har request for the given base64 decoded dec_request value
+          har_entries = har_sitemap.select do |entry|
+            req = entry[:request]
+            req_line = "#{req[:method]} #{req[:url]} #{req[:httpVersion]}\r\n"
+            req_headers = req[:headers].map { |h| "#{h[:name]}: #{h[:value]}\r\n" }.join
+            req_body = ''
+            if req[:postData] && req[:postData][:text]
+              req_body = req[:postData][:text]
+              req_body = Base64.decode64(req_body) if req[:postData][:encoding] == 'base64'
+            end
+            full_req = "#{req_line}#{req_headers}\r\n#{req_body}".force_encoding('ASCII-8BIT')
+            full_req == dec_request
+          end
+        end
+        har_entries
+      rescue StandardError, SystemExit, Interrupt => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
+        raise e
+      end
+      # Supported Method Parameters::
+      # PWN::Plugins::Zaproxy.requester(
+      #   zap_obj: 'required - zap_obj returned from #open method',
+      #   har_entry: 'required - har entry (e.g. from #get_sitemap method or #find_har_entries method)',
+      #   redirect: 'optional - follow redirects if set to true (defaults to false)'
+      # )
+      public_class_method def self.requester(opts = {})
+        zap_obj = opts[:zap_obj]
+        api_key = zap_obj[:api_key].to_s.scrub
+        har_entry = opts[:har_entry]
+        raise 'ERROR: har_entry must be provided and be a valid HAR entry' unless har_entry.is_a?(Hash) && har_entry.key?(:request) && har_entry.key?(:response)
+        redirect = opts[:redirect] || false
+        raise 'ERROR: redirect must be a boolean' unless redirect.is_a?(TrueClass) || redirect.is_a?(FalseClass)
+        har_json = har_entry.to_json
+        params = {
+          apikey: api_key,
+          request: har_json,
+          followRedirects: redirect.to_s
+        }
+        response = zap_rest_call(
+          zap_obj: zap_obj,
+          rest_call: 'OTHER/exim/other/sendHarRequest/',
+          params: params
+        )
+        JSON.parse(response.body, symbolize_names: true)
+      rescue StandardError, SystemExit, Interrupt => e
+        stop(zap_obj: zap_obj) unless zap_obj.nil?
+        raise e
+      end
       # Supported Method Parameters::
       # PWN::Plugins::Zaproxy.spider(
       #   zap_obj: 'required - zap_obj returned from #open method',
@@ -273,14 +442,41 @@ module PWN
         headers = opts[:headers] ||= {}
         raise 'ERROR: headers must be provided' if headers.empty? || !headers.is_a?(Hash)
+        # Check if replacer rule already exists
+        params = { apikey: api_key }
+        response = zap_rest_call(
+          zap_obj: zap_obj,
+          rest_call: 'JSON/replacer/view/rules/',
+          params: params
+        )
+        replacer = JSON.parse(response.body, symbolize_names: true)
         replacer_resp_arr = []
         headers.each_key do |header_key|
+          this_header = { header: header_key }
+          rule_exists = replacer[:rules].any? { |rule| rule[:description] == header_key.to_s && rule[:url] == target_regex }
+          if rule_exists
+            # Remove existing rule first
+            puts "Removing existing replacer rule for header key: #{header_key}..."
+            params = {
+              apikey: api_key,
+              description: header_key
+            }
+            zap_rest_call(
+              zap_obj: zap_obj,
+              rest_call: 'JSON/replacer/action/removeRule/',
+              params: params
+            )
+          end
+          puts "Adding replacer rule for header key: #{header_key}..."
           params = {
             apikey: api_key,
             description: header_key,
-            enabled: true,
+            enabled: 'true',
             matchType: 'REQ_HEADER',
-            matchRegex: false,
+            matchRegex: 'false',
             matchString: header_key,
             replacement: headers[header_key],
             initiators: '',
@@ -294,7 +490,8 @@ module PWN
           )
           json_resp = JSON.parse(response.body, symbolize_names: true)
-          replacer_resp_arr.push(json_resp)
+          this_header[:Result] = json_resp[:Result]
+          replacer_resp_arr.push(this_header)
         end
         replacer_resp_arr
@@ -571,12 +768,32 @@ module PWN
             openapi_spec: 'required - path to OpenAPI JSON or YAML spec file'
           )
+          #{self}.get_sitemap(
+            zap_obj: 'required - zap_obj returned from #open method',
+            return_as: 'optional - :base64 or :har (defaults to :base64)'
+          )
           #{self}.add_to_scope(
             zap_obj: 'required - zap_obj returned from #open method',
             target_regex: 'required - url regex to add to scope (e.g. https://test.domain.local.*)',
             context_name: 'optional - context name to add target_regex to (defaults to Default Context)'
           )
+          #{self}.find_har_entries(
+            zap_obj: 'required - zap_obj returned from #open method',
+            request: 'required - base64 encoded request or HAR entry :request (e.g. from #get_sitemap method)'
+          )
+          #{self}.requester(
+            zap_obj: 'required - zap_obj returned from #open method',
+            har_entry: 'required - har entry (e.g. from #get_sitemap method or #find_har_entries method)',
+            redirect: 'optional - follow redirects if set to true (defaults to true)'
+          )
+          json_sitemap = #{self}.spider(
+            zap_obj: 'required - zap_obj returned from #open method'
+          )
           #{self}.inject_additional_http_headers(
             zap_obj: 'required - zap_obj returned from #open method',
             target_regex: 'required - url regex to inject headers into (e.g. https://test.domain.local.*)',

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.5.404'
+  VERSION = '0.5.406'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.404
+  version: 0.5.406
 platform: ruby
 authors:
 - 0day Inc.