pwn 0.5.406 → 0.5.408

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a4875ea87dd3f0605bc2ac889621fc124d43016086b2ef914a71dd8104879ff
-  data.tar.gz: 68addc891a15eea06b39b9e575fd98ce3b9e5a4d3e490c20bdfbe138699b8f2e
+  metadata.gz: 8d06c6b5e12a9f4cf4234fac12f6ab411827e323c3e9e0a47619f0dbef244c48
+  data.tar.gz: 3add4e6e3d8aa13f210500668182dafccc85c212e1d4b13cabda9d932ccaf668
 SHA512:
-  metadata.gz: 6b9211d610152046dec2ddcb6c96687085ae3004d104713064831c511e7ce1aa490c5f4e69c12066bc6d11e4f81b47dd90e6b289d5df88a6a5d65abb67d24dd7
-  data.tar.gz: e43570d37f21c2a3dc4008da1b42ee0aa379f4aebe5880dd47bb1b4c881a767db74a85b4121a125fbcdb67a4fc7526e239dfb595fd2327dbc0742c67e76027c7
+  metadata.gz: 715b74eaecca58b65bfabe0b9e025eb807068ce7774ab04d3ed21ba29c52b597a7e730c45fff58a6a97d95566dd9d987fb29f2f63b212f28e0d9869c21822374
+  data.tar.gz: 7d93377be56f0f32aa29f4e8321d789fb63b100b0a6b212f2857286045035706afcee3138998c7f15428f919a195457449e9945feba15678838c85a724cf44e4

data/.rubocop_todo.yml

@@ -1,31 +1,11 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-05-30 23:04:07 UTC using RuboCop version 1.75.8.
+# on 2025-09-11 18:09:38 UTC using RuboCop version 1.80.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 24
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, SplitStrings.
-# URISchemes: http, https
-Layout/LineLength:
-  Exclude:
-    - 'Vagrantfile'
-    - 'bin/pwn_diff_csv_files_w_column_exclude'
-    - 'lib/pwn/banner/jmp_esp.rb'
-    - 'lib/pwn/banner/radare2_ai.rb'
-    - 'lib/pwn/plugins/mail_agent.rb'
-    - 'lib/pwn/plugins/ollama.rb'
-    - 'lib/pwn/plugins/open_ai.rb'
-    - 'lib/pwn/reports/fuzz.rb'
-    - 'lib/pwn/reports/phone.rb'
-    - 'lib/pwn/reports/sast.rb'
-    - 'lib/pwn/reports/uri_buster.rb'
-    - 'lib/pwn/sast/banned_function_calls_c.rb'
-    - 'packer/provisioners/aliases.rb'
-
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowInHeredoc.
@@ -50,37 +30,18 @@ Lint/RedundantTypeConversion:
     - 'lib/pwn/plugins/jenkins.rb'
     - 'lib/pwn/plugins/repl.rb'
 
-# Offense count: 307
+# Offense count: 320
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AutoCorrect.
 Lint/UselessAssignment:
   Enabled: false
 
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AutoCorrect, CheckForMethodsWithNoSideEffects.
+# Configuration parameters: CheckForMethodsWithNoSideEffects.
 Lint/Void:
   Exclude:
     - 'bin/pwn_web_cache_deception'
 
-# Offense count: 5
-# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
-# AllowedMethods: refine
-Metrics/BlockLength:
-  Exclude:
-    - '**/*.gemspec'
-    - 'lib/pwn/plugins/android.rb'
-    - 'lib/pwn/plugins/msr206.rb'
-    - 'lib/pwn/plugins/repl.rb'
-    - 'lib/pwn/sast/banned_function_calls_c.rb'
-
-# Offense count: 2
-# Configuration parameters: CountBlocks, CountModifierForms, Max.
-Metrics/BlockNesting:
-  Exclude:
-    - 'lib/pwn/plugins/son_micro_rfid.rb'
-    - 'lib/pwn/plugins/tor.rb'
-
 # Offense count: 1
 # Configuration parameters: LengthThreshold.
 Metrics/CollectionLiteralLength:
@@ -99,22 +60,13 @@ Metrics/MethodLength:
   Exclude:
     - 'lib/pwn/banner/code_cave.rb'
 
-# Offense count: 12
+# Offense count: 3
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ModuleLength:
   Exclude:
     - 'lib/pwn/banner/code_cave.rb'
     - 'lib/pwn/plugins/android.rb'
-    - 'lib/pwn/plugins/black_duck_binary_analysis.rb'
-    - 'lib/pwn/plugins/defect_dojo.rb'
-    - 'lib/pwn/plugins/gqrx.rb'
     - 'lib/pwn/plugins/msr206.rb'
-    - 'lib/pwn/plugins/nessus_cloud.rb'
-    - 'lib/pwn/plugins/open_ai.rb'
-    - 'lib/pwn/plugins/packet.rb'
-    - 'lib/pwn/plugins/repl.rb'
-    - 'lib/pwn/plugins/son_micro_rfid.rb'
-    - 'lib/pwn/plugins/transparent_browser.rb'
 
 # Offense count: 2
 Naming/AccessorMethodName:
@@ -133,7 +85,7 @@ Style/Alias:
 Style/ClassVars:
   Enabled: false
 
-# Offense count: 280
+# Offense count: 274
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
 # SupportedStyles: assign_to_condition, assign_inside_condition
@@ -146,12 +98,11 @@ Style/ExplicitBlockArgument:
   Exclude:
     - 'lib/pwn/plugins/nmap_it.rb'
 
-# Offense count: 2
+# Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 Style/IfUnlessModifier:
   Exclude:
     - 'lib/pwn/plugins/baresip.rb'
-    - 'lib/pwn/plugins/mail_agent.rb'
 
 # Offense count: 9
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -165,7 +116,7 @@ Style/MapIntoArray:
     - 'lib/pwn/plugins/char.rb'
     - 'lib/pwn/plugins/nexpose_vuln_scan.rb'
 
-# Offense count: 9
+# Offense count: 7
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowMethodComparison, ComparisonsThreshold.
 Style/MultipleComparison:
@@ -175,11 +126,15 @@ Style/MultipleComparison:
     - 'lib/pwn/sast/cmd_execution_ruby.rb'
     - 'lib/pwn/sast/deserial_java.rb'
     - 'lib/pwn/sast/factory.rb'
-    - 'lib/pwn/sast/logger.rb'
-    - 'lib/pwn/sast/throw_errors.rb'
     - 'lib/pwn/www/duckduckgo.rb'
     - 'lib/pwn/www/twitter.rb'
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantAssignment:
+  Exclude:
+    - 'lib/pwn/plugins/zaproxy.rb'
+
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 Style/RedundantBegin:
@@ -222,7 +177,7 @@ Style/RedundantStringEscape:
     - 'lib/pwn/sast/redos.rb'
     - 'vagrant/provisioners/kali_customize.rb'
 
-# Offense count: 58
+# Offense count: 62
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
   Enabled: false

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.406]:001 >>> PWN.help
+pwn[v0.5.408]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.406]:001 >>> PWN.help
+pwn[v0.5.408]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.406]:001 >>> PWN.help
+pwn[v0.5.408]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/burp_suite.rb

@@ -436,6 +436,31 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # repeater_id = PWN::Plugins::BurpSuite.find_sitemap_entries(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   search_string: 'required - string to search for in the sitemap entries'
+      # )
+
+      public_class_method def self.find_sitemap_entries(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+
+        search_string = opts[:search_string]
+        raise 'ERROR: search_string parameter is required' if search_string.nil?
+
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+
+        json_sitemap = get_sitemap(burp_obj: burp_obj)
+        matching_entries = json_sitemap.select do |entry|
+          decoded_request = Base64.strict_decode64(entry[:request])
+          decoded_request.include?(search_string)
+        end
+      rescue StandardError => e
+        raise e
+      end
+
       # Supported Method Parameters:
       # json_sitemap = PWN::Plugins::BurpSuite.import_openapi_to_sitemap(
       #   burp_obj: 'required - burp_obj returned by #start method',
@@ -1013,31 +1038,6 @@ module PWN
         raise e
       end
 
-      # Supported Method Parameters::
-      # repeater_id = PWN::Plugins::BurpSuite.find_sitemap_entries(
-      #   burp_obj: 'required - burp_obj returned by #start method',
-      #   search_string: 'required - string to search for in the sitemap entries'
-      # )
-
-      public_class_method def self.find_sitemap_entries(opts = {})
-        burp_obj = opts[:burp_obj]
-        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
-
-        search_string = opts[:search_string]
-        raise 'ERROR: search_string parameter is required' if search_string.nil?
-
-        rest_browser = burp_obj[:rest_browser]
-        mitm_rest_api = burp_obj[:mitm_rest_api]
-
-        json_sitemap = get_sitemap(burp_obj: burp_obj)
-        matching_entries = json_sitemap.select do |entry|
-          decoded_request = Base64.strict_decode64(entry[:request])
-          decoded_request.include?(search_string)
-        end
-      rescue StandardError => e
-        raise e
-      end
-
       # Supported Method Parameters::
       # repeater_id = PWN::Plugins::BurpSuite.add_repeater_tab(
       #   burp_obj: 'required - burp_obj returned by #start method',
@@ -1395,6 +1395,11 @@ module PWN
             }
           )
 
+          #{self}.find_sitemap_entry(
+            burp_obj: 'required - burp_obj returned by #start method',
+            search_string: 'required - string to search for in the sitemap entries'
+          )
+
           json_sitemap = #{self}.import_openapi_to_sitemap(
             burp_obj: 'required - burp_obj returned by #start method',
             openapi_spec: 'required - path to OpenAPI JSON or YAML specification file',

data/lib/pwn/plugins/zaproxy.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'cgi'
+require 'fileutils'
 require 'pty'
 require 'securerandom'
 require 'json'
@@ -113,10 +114,15 @@ module PWN
 
         zap_obj[:mitm_browser] = browser_obj2
 
+        timestamp = Time.now.strftime('%Y-%m-%d_%H-%M-%S%z')
+        session_path = "/tmp/zaproxy-#{timestamp}.session"
+        zap_obj[:session_path] = session_path
+
         if headless
-          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -daemon"
+          # TODO: Ensure Default Context still exists and is default context
+          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -daemon -newsession #{session_path}"
         else
-          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin}"
+          zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -newsession #{session_path}"
         end
 
         zaproxy_cmd = "#{zaproxy_cmd} -host #{zap_ip} -port #{zap_port}"
@@ -296,40 +302,23 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::Zaproxy.find_har_entries(
       #   zap_obj: 'required - zap_obj returned from #open method',
-      #   request: 'required - base64 encoded request or HAR entry :request (e.g. from #get_sitemap method)'
+      #   search_string: 'required - string to search for in the sitemap entries'
       # )
 
       public_class_method def self.find_har_entries(opts = {})
         zap_obj = opts[:zap_obj]
         api_key = zap_obj[:api_key].to_s.scrub
-        request = opts[:request]
-        raise 'ERROR: request must be provided' if request.nil?
+        search_string = opts[:search_string]
+        raise 'ERROR: search_string must be provided' if search_string.nil?
 
         har_sitemap = get_sitemap(
           zap_obj: zap_obj,
           return_as: :har
         )
 
-        # HAR entry
-        if request.is_a?(Hash) && request.key?(:method) && request.key?(:url) && request.key?(:httpVersion)
-          har_entries = har_sitemap.select { |entry| entry[:request] == request }
-        else
-          # Base64 encoded string
-          dec_request = Base64.strict_decode64(request).force_encoding('ASCII-8BIT') unless dec_request.is_a?(Hash)
-
-          # Find the har request for the given base64 decoded dec_request value
-          har_entries = har_sitemap.select do |entry|
-            req = entry[:request]
-            req_line = "#{req[:method]} #{req[:url]} #{req[:httpVersion]}\r\n"
-            req_headers = req[:headers].map { |h| "#{h[:name]}: #{h[:value]}\r\n" }.join
-            req_body = ''
-            if req[:postData] && req[:postData][:text]
-              req_body = req[:postData][:text]
-              req_body = Base64.decode64(req_body) if req[:postData][:encoding] == 'base64'
-            end
-            full_req = "#{req_line}#{req_headers}\r\n#{req_body}".force_encoding('ASCII-8BIT')
-            full_req == dec_request
-          end
+        har_entries = har_sitemap.select do |entry|
+          json_request = entry[:request].to_json
+          json_request.include?(search_string)
         end
 
         har_entries
@@ -518,6 +507,8 @@ module PWN
         scan_policy = opts[:scan_policy] ||= 'Default Policy'
 
         exclude_paths.each do |exclude_path|
+          # Remove trailing .* from target_url if it exists
+          target_url = target_url.delete_suffix('.*') if target_url.end_with?('.*')
           exclude_path_regex = "#{target_url}#{exclude_path}.*"
           params = {
             apikey: api_key,
@@ -734,6 +725,11 @@ module PWN
           params: params
         )
 
+        session_path = zap_obj[:session_path]
+        session_path_files = Dir.glob("#{session_path}*")
+        # Remove session files - need to add a slight delay between each unlink to work around file locks
+        session_path_files.each { |f| FileUtils.rm_f(f); sleep 0.3 }
+
         zap_obj = nil
       rescue StandardError, SystemExit, Interrupt => e
         raise e
@@ -781,7 +777,7 @@ module PWN
 
           #{self}.find_har_entries(
             zap_obj: 'required - zap_obj returned from #open method',
-            request: 'required - base64 encoded request or HAR entry :request (e.g. from #get_sitemap method)'
+            search_string: 'required - string to search for in the sitemap entries'
           )
 
           #{self}.requester(

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.406'
+  VERSION = '0.5.408'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.406
+  version: 0.5.408
 platform: ruby
 authors:
 - 0day Inc.