pwn 0.5.408 → 0.5.410

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8d06c6b5e12a9f4cf4234fac12f6ab411827e323c3e9e0a47619f0dbef244c48
-  data.tar.gz: 3add4e6e3d8aa13f210500668182dafccc85c212e1d4b13cabda9d932ccaf668
+  metadata.gz: 47f802f58c91581bb6ff43b3d03cbd951207e8768fdc2fd54688f0d2e2552131
+  data.tar.gz: 3168fd3fa3ca83e0950885d1901694b37b0710d62987ac6ae0c1af50409c0a37
 SHA512:
-  metadata.gz: 715b74eaecca58b65bfabe0b9e025eb807068ce7774ab04d3ed21ba29c52b597a7e730c45fff58a6a97d95566dd9d987fb29f2f63b212f28e0d9869c21822374
-  data.tar.gz: 7d93377be56f0f32aa29f4e8321d789fb63b100b0a6b212f2857286045035706afcee3138998c7f15428f919a195457449e9945feba15678838c85a724cf44e4
+  metadata.gz: 8f1f19eebb20125b2bf3764eb4278a01c68ef94d8045e354e7846a205b0377f58e5b735b0f95333e42cb4ba7a8f0ac2f0d6053e9c146da8b71e1360a718a795e
+  data.tar.gz: b71d97f350f6aa08a62c2d0b0abbfec20e351a61fb36ccd68b7c1d8944d05b1db53a46449a889e9b7a5dfb8840d8f9a14cd870b20375fe6ac192c6138ca380d2

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.408]:001 >>> PWN.help
+pwn[v0.5.410]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.408]:001 >>> PWN.help
+pwn[v0.5.410]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.408]:001 >>> PWN.help
+pwn[v0.5.410]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_burp_suite_pro_active_rest_api_scan

@@ -85,7 +85,6 @@ begin
   burp_jar_path = opts[:burp_jar_path]
   headless = opts[:headless] || false
   browser_type = opts[:browser_type] ||= :firefox
-  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   debug = opts[:debug] || false
 
   swagger_defs_arr = swagger_definitions.split(',').map(&:strip)
@@ -121,7 +120,7 @@ begin
   if headless
     burp_obj = PWN::Plugins::BurpSuite.start(
       burp_jar_path: burp_jar_path,
-      browser_type: :headless
+      headless: headless
     )
   else
     burp_obj = PWN::Plugins::BurpSuite.start(

data/bin/pwn_burp_suite_pro_active_scan

@@ -66,7 +66,6 @@ begin
   burp_jar_path = opts[:burp_jar_path]
   headless = opts[:headless] || false
   browser_type = opts[:browser_type] ||= :firefox
-  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   spider = opts[:spider] || false
   navigation_instruct = opts[:navigation_instruct]
   in_scope = opts[:in_scope] ||= target_url
@@ -76,7 +75,7 @@ begin
   if headless
     burp_obj = PWN::Plugins::BurpSuite.start(
       burp_jar_path: burp_jar_path,
-      browser_type: :headless
+      headless: headless
     )
   else
     burp_obj = PWN::Plugins::BurpSuite.start(

data/bin/pwn_zaproxy_active_rest_api_scan

@@ -85,7 +85,6 @@ begin
   zap_bin_path = opts[:zap_bin_path]
   headless = opts[:headless] || false
   browser_type = opts[:browser_type] ||= :firefox
-  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   debug = opts[:debug] || false
 
   swagger_defs_arr = swagger_definitions.split(',').map(&:strip)
@@ -116,11 +115,13 @@ begin
   if headless
     zap_obj = PWN::Plugins::Zaproxy.start(
       zap_bin_path: zap_bin_path,
+      api_key: api_key,
       headless: headless
     )
   else
     zap_obj = PWN::Plugins::Zaproxy.start(
       zap_bin_path: zap_bin_path,
+      api_key: api_key,
       browser_type: browser_type
     )
   end

data/bin/pwn_zaproxy_active_scan

@@ -73,7 +73,6 @@ begin
   zap_bin_path = opts[:zap_bin_path].to_s.strip.chomp.scrub if File.exist?(opts[:zap_bin_path].to_s.strip.chomp.scrub)
   headless = opts[:headless] || false
   browser_type = opts[:browser_type] ||= :firefox
-  browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
   spider = opts[:spider] || false
   navigation_instruct = opts[:navigation_instruct]
   in_scope = opts[:in_scope] ||= "#{target_url}.*"
@@ -84,8 +83,7 @@ begin
     zap_obj = PWN::Plugins::Zaproxy.start(
       zap_bin_path: zap_bin_path,
       api_key: api_key,
-      headless: headless,
-      browser_type: :headless
+      headless: headless
     )
   else
     zap_obj = PWN::Plugins::Zaproxy.start(

data/lib/pwn/plugins/burp_suite.rb

@@ -62,7 +62,10 @@ module PWN
 
         burp_root = File.dirname(burp_jar_path)
 
+        headless = opts[:headless] || false
         browser_type = opts[:browser_type] ||= :firefox
+        browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
+        browser_type = :headless if headless
         burp_ip = opts[:burp_ip] ||= '127.0.0.1'
         burp_port = opts[:burp_port] ||= PWN::Plugins::Sock.get_random_unused_port
 
@@ -70,7 +73,7 @@ module PWN
         pwn_burp_port = opts[:pwn_burp_port] ||= PWN::Plugins::Sock.get_random_unused_port
 
         burp_cmd_string = 'java -Xms4G -Xmx16G'
-        burp_cmd_string = "#{burp_cmd_string} -Djava.awt.headless=true" if opts[:headless]
+        burp_cmd_string = "#{burp_cmd_string} -Djava.awt.headless=true" if headless
         burp_cmd_string = "#{burp_cmd_string} -Dproxy.address=#{burp_ip} -Dproxy.port=#{burp_port}"
         burp_cmd_string = "#{burp_cmd_string} -Dserver.address=#{pwn_burp_ip} -Dserver.port=#{pwn_burp_port}"
         burp_cmd_string = "#{burp_cmd_string} -jar #{burp_jar_path}"
@@ -485,6 +488,9 @@ module PWN
 
         debug = opts[:debug] || false
 
+        openapi_spec_root = File.dirname(openapi_spec)
+        Dir.chdir(openapi_spec_root)
+
         # Parse the OpenAPI JSON or YAML specification file
         # If the openapi_spec is YAML, convert it to JSON
         openapi = if openapi_spec.end_with?('.json')

data/lib/pwn/plugins/zaproxy.rb

@@ -93,6 +93,8 @@ module PWN
 
         headless = opts[:headless] || false
         browser_type = opts[:browser_type] ||= :firefox
+        browser_type = browser_type.to_s.downcase.to_sym unless browser_type.is_a?(Symbol)
+        browser_type = :headless if headless
         zap_ip = opts[:zap_ip] ||= '127.0.0.1'
         zap_port = opts[:zap_port] ||= PWN::Plugins::Sock.get_random_unused_port
 
@@ -728,7 +730,10 @@ module PWN
         session_path = zap_obj[:session_path]
         session_path_files = Dir.glob("#{session_path}*")
         # Remove session files - need to add a slight delay between each unlink to work around file locks
-        session_path_files.each { |f| FileUtils.rm_f(f); sleep 0.3 }
+        session_path_files.each do |f|
+          FileUtils.rm_f(f)
+          sleep 0.3
+        end
 
         zap_obj = nil
       rescue StandardError, SystemExit, Interrupt => e

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.408'
+  VERSION = '0.5.410'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.408
+  version: 0.5.410
 platform: ruby
 authors:
 - 0day Inc.