pwn 0.5.407 → 0.5.409

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -3
  3. data/bin/pwn_burp_suite_pro_active_rest_api_scan +1 -0
  4. data/bin/pwn_burp_suite_pro_active_scan +1 -0
  5. data/bin/pwn_zaproxy_active_rest_api_scan +4 -1
  6. data/lib/pwn/plugins/zaproxy.rb +18 -2
  7. data/lib/pwn/version.rb +1 -1
  8. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6cdcedb953c971c8feccabd99bb44f1e229254d4adbaf8f5d06c53416da1d3c7
4
- data.tar.gz: 2642aa96456651ef17d042794f21ad69754335e8d3b8d7e3415e311adb1dbd05
3
+ metadata.gz: a5719931540871a6eb0ff38a2c85c9f7ea79e96aa7f49a04dea737c7fa957687
4
+ data.tar.gz: e186acacbdc7c464cba4c8fb4d748e8c033394b7f39e322c2ae7d11450b41666
5
5
  SHA512:
6
- metadata.gz: 8041d87f4162ebb4fb28c9b6acc5cfae7394fb4e082cd8a4a99e6ac22f1181701a0e32d28e97593d7e169cadc80ca71c76d0144d7e313e16c8c9b1ee799bd20a
7
- data.tar.gz: 0a654b39bf9c3f63b24accc464fd7b8222f060dfd5748118e99771d8ef9897e6551c95e63b40fdd4b0eabfe21694241a448c3a00607e21306b7e64683b871500
6
+ metadata.gz: 405eaaec00031a74bcdf1cde79127c352a3d0115fae29c7ad605c649ab91355aa971a9a079bb57c663e1c1ab6e617cd4f4680bc5f3eedff612ce7baea977f167
7
+ data.tar.gz: 3fb87bc84c8edd34b2e855514a2e6b3eb31315c9c885e73b734c823488a18434064daad3b03fb9f5d202574510d94510c066ab525814e31870d67f1a402bd797
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
37
37
  $ ./install.sh
38
38
  $ ./install.sh ruby-gem
39
39
  $ pwn
40
- pwn[v0.5.407]:001 >>> PWN.help
40
+ pwn[v0.5.409]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.5.407]:001 >>> PWN.help
55
+ pwn[v0.5.409]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
  If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
62
62
  $ rvmsudo gem uninstall --all --executables pwn
63
63
  $ rvmsudo gem install --verbose pwn
64
64
  $ pwn
65
- pwn[v0.5.407]:001 >>> PWN.help
65
+ pwn[v0.5.409]:001 >>> PWN.help
66
66
  ```
67
67
 
68
68
  PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
data/bin/pwn_burp_suite_pro_active_rest_api_scan CHANGED
@@ -121,6 +121,7 @@ begin
121
121
  if headless
122
122
  burp_obj = PWN::Plugins::BurpSuite.start(
123
123
  burp_jar_path: burp_jar_path,
124
+ headless: headless,
124
125
  browser_type: :headless
125
126
  )
126
127
  else
data/bin/pwn_burp_suite_pro_active_scan CHANGED
@@ -76,6 +76,7 @@ begin
76
76
  if headless
77
77
  burp_obj = PWN::Plugins::BurpSuite.start(
78
78
  burp_jar_path: burp_jar_path,
79
+ headless: headless,
79
80
  browser_type: :headless
80
81
  )
81
82
  else
data/bin/pwn_zaproxy_active_rest_api_scan CHANGED
@@ -116,11 +116,14 @@ begin
116
116
  if headless
117
117
  zap_obj = PWN::Plugins::Zaproxy.start(
118
118
  zap_bin_path: zap_bin_path,
119
- headless: headless
119
+ api_key: api_key,
120
+ headless: headless,
121
+ browser_type: :headless
120
122
  )
121
123
  else
122
124
  zap_obj = PWN::Plugins::Zaproxy.start(
123
125
  zap_bin_path: zap_bin_path,
126
+ api_key: api_key,
124
127
  browser_type: browser_type
125
128
  )
126
129
  end
data/lib/pwn/plugins/zaproxy.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'cgi'
4
+ require 'fileutils'
4
5
  require 'pty'
5
6
  require 'securerandom'
6
7
  require 'json'
@@ -113,10 +114,15 @@ module PWN
113
114
 
114
115
  zap_obj[:mitm_browser] = browser_obj2
115
116
 
117
+ timestamp = Time.now.strftime('%Y-%m-%d_%H-%M-%S%z')
118
+ session_path = "/tmp/zaproxy-#{timestamp}.session"
119
+ zap_obj[:session_path] = session_path
120
+
116
121
  if headless
117
- zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -daemon"
122
+ # TODO: Ensure Default Context still exists and is default context
123
+ zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -daemon -newsession #{session_path}"
118
124
  else
119
- zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin}"
125
+ zaproxy_cmd = "cd #{zap_root} && ./#{zap_bin} -newsession #{session_path}"
120
126
  end
121
127
 
122
128
  zaproxy_cmd = "#{zaproxy_cmd} -host #{zap_ip} -port #{zap_port}"
@@ -501,6 +507,8 @@ module PWN
501
507
  scan_policy = opts[:scan_policy] ||= 'Default Policy'
502
508
 
503
509
  exclude_paths.each do |exclude_path|
510
+ # Remove trailing .* from target_url if it exists
511
+ target_url = target_url.delete_suffix('.*') if target_url.end_with?('.*')
504
512
  exclude_path_regex = "#{target_url}#{exclude_path}.*"
505
513
  params = {
506
514
  apikey: api_key,
@@ -717,6 +725,14 @@ module PWN
717
725
  params: params
718
726
  )
719
727
 
728
+ session_path = zap_obj[:session_path]
729
+ session_path_files = Dir.glob("#{session_path}*")
730
+ # Remove session files - need to add a slight delay between each unlink to work around file locks
731
+ session_path_files.each do |f|
732
+ FileUtils.rm_f(f)
733
+ sleep 0.3
734
+ end
735
+
720
736
  zap_obj = nil
721
737
  rescue StandardError, SystemExit, Interrupt => e
722
738
  raise e
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.5.407'
4
+ VERSION = '0.5.409'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.407
4
+ version: 0.5.409
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.