RubyGems - pwn - Versions diffs - 0.5.406 → 0.5.407 - Mend

pwn 0.5.406 → 0.5.407

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/.rubocop_todo.yml +14 -59
data/README.md +3 -3
data/lib/pwn/plugins/burp_suite.rb +30 -25
data/lib/pwn/plugins/zaproxy.rb +7 -24
data/lib/pwn/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a4875ea87dd3f0605bc2ac889621fc124d43016086b2ef914a71dd8104879ff
-  data.tar.gz: 68addc891a15eea06b39b9e575fd98ce3b9e5a4d3e490c20bdfbe138699b8f2e
+  metadata.gz: 6cdcedb953c971c8feccabd99bb44f1e229254d4adbaf8f5d06c53416da1d3c7
+  data.tar.gz: 2642aa96456651ef17d042794f21ad69754335e8d3b8d7e3415e311adb1dbd05
 SHA512:
-  metadata.gz: 6b9211d610152046dec2ddcb6c96687085ae3004d104713064831c511e7ce1aa490c5f4e69c12066bc6d11e4f81b47dd90e6b289d5df88a6a5d65abb67d24dd7
-  data.tar.gz: e43570d37f21c2a3dc4008da1b42ee0aa379f4aebe5880dd47bb1b4c881a767db74a85b4121a125fbcdb67a4fc7526e239dfb595fd2327dbc0742c67e76027c7
+  metadata.gz: 8041d87f4162ebb4fb28c9b6acc5cfae7394fb4e082cd8a4a99e6ac22f1181701a0e32d28e97593d7e169cadc80ca71c76d0144d7e313e16c8c9b1ee799bd20a
+  data.tar.gz: 0a654b39bf9c3f63b24accc464fd7b8222f060dfd5748118e99771d8ef9897e6551c95e63b40fdd4b0eabfe21694241a448c3a00607e21306b7e64683b871500

data/.rubocop_todo.yml CHANGED Viewed

@@ -1,31 +1,11 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-05-30 23:04:07 UTC using RuboCop version 1.75.8.
+# on 2025-09-11 18:09:38 UTC using RuboCop version 1.80.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
-# Offense count: 24
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, SplitStrings.
-# URISchemes: http, https
-Layout/LineLength:
-  Exclude:
-    - 'Vagrantfile'
-    - 'bin/pwn_diff_csv_files_w_column_exclude'
-    - 'lib/pwn/banner/jmp_esp.rb'
-    - 'lib/pwn/banner/radare2_ai.rb'
-    - 'lib/pwn/plugins/mail_agent.rb'
-    - 'lib/pwn/plugins/ollama.rb'
-    - 'lib/pwn/plugins/open_ai.rb'
-    - 'lib/pwn/reports/fuzz.rb'
-    - 'lib/pwn/reports/phone.rb'
-    - 'lib/pwn/reports/sast.rb'
-    - 'lib/pwn/reports/uri_buster.rb'
-    - 'lib/pwn/sast/banned_function_calls_c.rb'
-    - 'packer/provisioners/aliases.rb'
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowInHeredoc.
@@ -50,37 +30,18 @@ Lint/RedundantTypeConversion:
     - 'lib/pwn/plugins/jenkins.rb'
     - 'lib/pwn/plugins/repl.rb'
-# Offense count: 307
+# Offense count: 320
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AutoCorrect.
 Lint/UselessAssignment:
   Enabled: false
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AutoCorrect, CheckForMethodsWithNoSideEffects.
+# Configuration parameters: CheckForMethodsWithNoSideEffects.
 Lint/Void:
   Exclude:
     - 'bin/pwn_web_cache_deception'
-# Offense count: 5
-# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
-# AllowedMethods: refine
-Metrics/BlockLength:
-  Exclude:
-    - '**/*.gemspec'
-    - 'lib/pwn/plugins/android.rb'
-    - 'lib/pwn/plugins/msr206.rb'
-    - 'lib/pwn/plugins/repl.rb'
-    - 'lib/pwn/sast/banned_function_calls_c.rb'
-# Offense count: 2
-# Configuration parameters: CountBlocks, CountModifierForms, Max.
-Metrics/BlockNesting:
-  Exclude:
-    - 'lib/pwn/plugins/son_micro_rfid.rb'
-    - 'lib/pwn/plugins/tor.rb'
 # Offense count: 1
 # Configuration parameters: LengthThreshold.
 Metrics/CollectionLiteralLength:
@@ -99,22 +60,13 @@ Metrics/MethodLength:
   Exclude:
     - 'lib/pwn/banner/code_cave.rb'
-# Offense count: 12
+# Offense count: 3
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ModuleLength:
   Exclude:
     - 'lib/pwn/banner/code_cave.rb'
     - 'lib/pwn/plugins/android.rb'
-    - 'lib/pwn/plugins/black_duck_binary_analysis.rb'
-    - 'lib/pwn/plugins/defect_dojo.rb'
-    - 'lib/pwn/plugins/gqrx.rb'
     - 'lib/pwn/plugins/msr206.rb'
-    - 'lib/pwn/plugins/nessus_cloud.rb'
-    - 'lib/pwn/plugins/open_ai.rb'
-    - 'lib/pwn/plugins/packet.rb'
-    - 'lib/pwn/plugins/repl.rb'
-    - 'lib/pwn/plugins/son_micro_rfid.rb'
-    - 'lib/pwn/plugins/transparent_browser.rb'
 # Offense count: 2
 Naming/AccessorMethodName:
@@ -133,7 +85,7 @@ Style/Alias:
 Style/ClassVars:
   Enabled: false
-# Offense count: 280
+# Offense count: 274
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
 # SupportedStyles: assign_to_condition, assign_inside_condition
@@ -146,12 +98,11 @@ Style/ExplicitBlockArgument:
   Exclude:
     - 'lib/pwn/plugins/nmap_it.rb'
-# Offense count: 2
+# Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 Style/IfUnlessModifier:
   Exclude:
     - 'lib/pwn/plugins/baresip.rb'
-    - 'lib/pwn/plugins/mail_agent.rb'
 # Offense count: 9
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -165,7 +116,7 @@ Style/MapIntoArray:
     - 'lib/pwn/plugins/char.rb'
     - 'lib/pwn/plugins/nexpose_vuln_scan.rb'
-# Offense count: 9
+# Offense count: 7
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowMethodComparison, ComparisonsThreshold.
 Style/MultipleComparison:
@@ -175,11 +126,15 @@ Style/MultipleComparison:
     - 'lib/pwn/sast/cmd_execution_ruby.rb'
     - 'lib/pwn/sast/deserial_java.rb'
     - 'lib/pwn/sast/factory.rb'
-    - 'lib/pwn/sast/logger.rb'
-    - 'lib/pwn/sast/throw_errors.rb'
     - 'lib/pwn/www/duckduckgo.rb'
     - 'lib/pwn/www/twitter.rb'
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantAssignment:
+  Exclude:
+    - 'lib/pwn/plugins/zaproxy.rb'
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 Style/RedundantBegin:
@@ -222,7 +177,7 @@ Style/RedundantStringEscape:
     - 'lib/pwn/sast/redos.rb'
     - 'vagrant/provisioners/kali_customize.rb'
-# Offense count: 58
+# Offense count: 62
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
   Enabled: false

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.406]:001 >>> PWN.help
+pwn[v0.5.407]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.406]:001 >>> PWN.help
+pwn[v0.5.407]:001 >>> PWN.help
 ```
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.406]:001 >>> PWN.help
+pwn[v0.5.407]:001 >>> PWN.help
 ```
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/burp_suite.rb CHANGED Viewed

@@ -436,6 +436,31 @@ module PWN
         raise e
       end
+      # Supported Method Parameters::
+      # repeater_id = PWN::Plugins::BurpSuite.find_sitemap_entries(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   search_string: 'required - string to search for in the sitemap entries'
+      # )
+      public_class_method def self.find_sitemap_entries(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+        search_string = opts[:search_string]
+        raise 'ERROR: search_string parameter is required' if search_string.nil?
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+        json_sitemap = get_sitemap(burp_obj: burp_obj)
+        matching_entries = json_sitemap.select do |entry|
+          decoded_request = Base64.strict_decode64(entry[:request])
+          decoded_request.include?(search_string)
+        end
+      rescue StandardError => e
+        raise e
+      end
       # Supported Method Parameters:
       # json_sitemap = PWN::Plugins::BurpSuite.import_openapi_to_sitemap(
       #   burp_obj: 'required - burp_obj returned by #start method',
@@ -1013,31 +1038,6 @@ module PWN
         raise e
       end
-      # Supported Method Parameters::
-      # repeater_id = PWN::Plugins::BurpSuite.find_sitemap_entries(
-      #   burp_obj: 'required - burp_obj returned by #start method',
-      #   search_string: 'required - string to search for in the sitemap entries'
-      # )
-      public_class_method def self.find_sitemap_entries(opts = {})
-        burp_obj = opts[:burp_obj]
-        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
-        search_string = opts[:search_string]
-        raise 'ERROR: search_string parameter is required' if search_string.nil?
-        rest_browser = burp_obj[:rest_browser]
-        mitm_rest_api = burp_obj[:mitm_rest_api]
-        json_sitemap = get_sitemap(burp_obj: burp_obj)
-        matching_entries = json_sitemap.select do |entry|
-          decoded_request = Base64.strict_decode64(entry[:request])
-          decoded_request.include?(search_string)
-        end
-      rescue StandardError => e
-        raise e
-      end
       # Supported Method Parameters::
       # repeater_id = PWN::Plugins::BurpSuite.add_repeater_tab(
       #   burp_obj: 'required - burp_obj returned by #start method',
@@ -1395,6 +1395,11 @@ module PWN
             }
           )
+          #{self}.find_sitemap_entry(
+            burp_obj: 'required - burp_obj returned by #start method',
+            search_string: 'required - string to search for in the sitemap entries'
+          )
           json_sitemap = #{self}.import_openapi_to_sitemap(
             burp_obj: 'required - burp_obj returned by #start method',
             openapi_spec: 'required - path to OpenAPI JSON or YAML specification file',

data/lib/pwn/plugins/zaproxy.rb CHANGED Viewed

@@ -296,40 +296,23 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::Zaproxy.find_har_entries(
       #   zap_obj: 'required - zap_obj returned from #open method',
-      #   request: 'required - base64 encoded request or HAR entry :request (e.g. from #get_sitemap method)'
+      #   search_string: 'required - string to search for in the sitemap entries'
       # )
       public_class_method def self.find_har_entries(opts = {})
         zap_obj = opts[:zap_obj]
         api_key = zap_obj[:api_key].to_s.scrub
-        request = opts[:request]
-        raise 'ERROR: request must be provided' if request.nil?
+        search_string = opts[:search_string]
+        raise 'ERROR: search_string must be provided' if search_string.nil?
         har_sitemap = get_sitemap(
           zap_obj: zap_obj,
           return_as: :har
         )
-        # HAR entry
-        if request.is_a?(Hash) && request.key?(:method) && request.key?(:url) && request.key?(:httpVersion)
-          har_entries = har_sitemap.select { |entry| entry[:request] == request }
-        else
-          # Base64 encoded string
-          dec_request = Base64.strict_decode64(request).force_encoding('ASCII-8BIT') unless dec_request.is_a?(Hash)
-          # Find the har request for the given base64 decoded dec_request value
-          har_entries = har_sitemap.select do |entry|
-            req = entry[:request]
-            req_line = "#{req[:method]} #{req[:url]} #{req[:httpVersion]}\r\n"
-            req_headers = req[:headers].map { |h| "#{h[:name]}: #{h[:value]}\r\n" }.join
-            req_body = ''
-            if req[:postData] && req[:postData][:text]
-              req_body = req[:postData][:text]
-              req_body = Base64.decode64(req_body) if req[:postData][:encoding] == 'base64'
-            end
-            full_req = "#{req_line}#{req_headers}\r\n#{req_body}".force_encoding('ASCII-8BIT')
-            full_req == dec_request
-          end
+        har_entries = har_sitemap.select do |entry|
+          json_request = entry[:request].to_json
+          json_request.include?(search_string)
         end
         har_entries
@@ -781,7 +764,7 @@ module PWN
           #{self}.find_har_entries(
             zap_obj: 'required - zap_obj returned from #open method',
-            request: 'required - base64 encoded request or HAR entry :request (e.g. from #get_sitemap method)'
+            search_string: 'required - string to search for in the sitemap entries'
           )
           #{self}.requester(

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.5.406'
+  VERSION = '0.5.407'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.406
+  version: 0.5.407
 platform: ruby
 authors:
 - 0day Inc.