pwn 0.5.415 → 0.5.417

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87c919a7c845775ef01b0e168e8436eba8e7ccb976f6ee1ef17f0a0d263c3f20
-  data.tar.gz: 7ca524553e9fd11aceb4d4e1579d6f0bf9e30962742207ee74e26256d85c1bbb
+  metadata.gz: 8cafc7549310f3dd64c9f8b8794ca996ee16c80d57617822cb3ef38bcd1a7f45
+  data.tar.gz: d5fd1a2dc3b8f901cd3cb2a9bcb5b131377cc0ed8c5fd63563757b991febfdf5
 SHA512:
-  metadata.gz: bb210d6b63260aa3d2a6318f7889cc1d21e9ecadfee29901c0f1edcf73caae6ba731f3b843dec67ef939aeeaceedee671c361ae569b8e5e8588f7e62209e291b
-  data.tar.gz: 041231c631e9cb09f63fbdd4c27ea514ceca96f8794c43787ba3d6842239703fd471210658f7a4a38f824ecd5bd2e3f89443fa89831ff0a82e2bb4360394e6a4
+  metadata.gz: 9fbc6c458031607bfaf7f400a68f0a887a8b42e95696a6708c1a6c8271edde502652b86e4cba63aee459b8b5ffb69c67d6c5b6080334a424263b890e8a29690c
+  data.tar.gz: 50e973dc9b275909a2100aed6986f19fba776a691313661bbf7d8101a8f742d32f7cca0620e6423510af8386dd147a3d51c9df91141f2bd1847609da4e827bd3

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.415]:001 >>> PWN.help
+pwn[v0.5.417]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.415]:001 >>> PWN.help
+pwn[v0.5.417]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.415]:001 >>> PWN.help
+pwn[v0.5.417]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/burp_suite.rb

@@ -360,7 +360,7 @@ module PWN
       # Supported Method Parameters::
       # json_sitemap = PWN::Plugins::BurpSuite.get_sitemap(
       #   burp_obj: 'required - burp_obj returned by #start method',
-      #   keyword: 'optional - keyword to filter sitemap entries (default: nil)',
+      #   keyword: 'optional - keyword to filter sitemap entries (default: nil)'
       # )
 
       public_class_method def self.get_sitemap(opts = {})
@@ -379,7 +379,7 @@ module PWN
         sitemap_arr = JSON.parse(sitemap, symbolize_names: true)
 
         if keyword
-          sitmap_arr = sitemap_arr.select do |site|
+          sitemap_arr = sitemap_arr.select do |site|
             decoded_request = Base64.strict_decode64(site[:request])
             decoded_request.include?(keyword)
           end
@@ -1357,7 +1357,7 @@ module PWN
 
           json_sitemap = #{self}.get_sitemap(
             burp_obj: 'required - burp_obj returned by #start method',
-            keyword: 'optional - keyword to filter sitemap results (default: nil)',
+            keyword: 'optional - keyword to filter sitemap results (default: nil)'
           )
 
           json_sitemap = #{self}.add_to_sitemap(

data/lib/pwn/plugins/transparent_browser.rb

@@ -1225,8 +1225,7 @@ module PWN
         PWN::Plugins::Tor.stop(tor_obj: browser_obj[:tor_obj]) if tor_obj
 
         # Close the browser unless browser.nil? (thus the &)
-        # browser&.close unless browser.to_s == 'RestClient'
-        browser&.close unless browser.is_a?(RestClient)
+        browser&.close unless browser == RestClient
 
         nil
       rescue StandardError => e

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.415'
+  VERSION = '0.5.417'
 end

data/lib/pwn/www/hacker_one.rb

@@ -27,55 +27,128 @@ module PWN
 
       # Supported Method Parameters::
       # programs_arr = PWN::WWW::HackerOne.get_bounty_programs(
-      #   browser_obj: 'required - browser_obj returned from #open method',
-      #   proxy: 'optional - scheme://proxy_host:port || tor',
       #   min_payouts_enabled: 'optional - only display programs where payouts are > $0.00 (defaults to false)',
-      #   suppress_progress: 'optional - suppress output (defaults to false)'
+      #   suppress_progress: 'optional - suppress output (defaults to false)',
+      #   proxy: 'optional - scheme://proxy_host:port || tor'
       # )
 
       public_class_method def self.get_bounty_programs(opts = {})
-        browser_obj = opts[:browser_obj]
-        browser = browser_obj[:browser]
-        min_payouts_enabled = true if opts[:min_payouts_enabled]
-        min_payouts_enabled ||= false
-        suppress_progress = opts[:suppress_progress] ||= false
+        min_payouts_enabled = opts[:min_payouts_enabled] || false
+        raise 'ERROR: min_payouts_enabled should be true or false' unless [true, false].include?(min_payouts_enabled)
+
+        suppress_progress = opts[:suppress_progress] || false
+        raise 'ERROR: suppress_progress should be true or false' unless [true, false].include?(suppress_progress)
+
+        proxy = opts[:proxy]
+
+        browser_obj = PWN::Plugins::TransparentBrowser.open(
+          browser_type: :rest,
+          proxy: proxy
+        )
+        rest_client = browser_obj[:browser]
+        rest_request = rest_client::Request
 
-        browser.goto('https://hackerone.com/bug-bounty-programs')
-        # Wait for JavaScript to load the DOM
+        graphql_endpoint = 'https://hackerone.com/graphql'
+        headers = { content_type: 'application/json' }
+        # NOTE: If you copy this payload to the pwn REPL
+        # the triple dots ... attempt to execute commands
+        # <cough>Pry CE</cough>
+        query = "
+          query GetBountyPrograms($after: String) {
+            teams(
+              first: 100,
+              after: $after,
+              where: { state: {_in: [soft_launched, public_mode]} }
+            ) {
+              edges {
+                node {
+                  handle
+                  name
+                  minimum_bounty
+                }
+              }
+              pageInfo {
+                endCursor
+                hasNextPage
+              }
+            }
+          }
+        "
 
         programs_arr = []
-        browser.ul(class: 'program__meta-data').wait_until(&:present?)
-        browser.uls(class: 'program__meta-data').each do |ul|
-          min_payout = ul.text.split('$').last.split.first.to_f
-
-          next if min_payouts_enabled && min_payout.zero?
-
-          print '.' unless suppress_progress
-
-          link = "https://#{ul.first.text}"
-          min_payout_fmt = format('$%0.2f', min_payout)
-          scheme = URI.parse(link).scheme
-          host = URI.parse(link).host
-          path = URI.parse(link).path
-          burp_target_config = "#{scheme}://#{host}/teams#{path}/assets/download_burp_project_file.json"
-
-          bounty_program_hash = {
-            name: link.split('/').last,
-            min_payout: min_payout_fmt,
-            policy: "#{link}?view_policy=true",
-            burp_target_config: burp_target_config,
-            scope: "#{link}/policy_scopes",
-            hacktivity: "#{link}/hacktivity",
-            thanks: "#{link}/thanks",
-            updates: "#{link}/updates",
-            collaborators: "#{link}/collaborators"
+        cursor = nil
+
+        loop do
+          payload = {
+            operationName: 'GetBountyPrograms',
+            variables: { after: cursor },
+            query: query
           }
-          programs_arr.push(bounty_program_hash)
+
+          rest_response = rest_request.execute(
+            method: :post,
+            url: graphql_endpoint,
+            headers: headers,
+            payload: payload.to_json.delete("\n"),
+            verify_ssl: false
+          )
+
+          data = JSON.parse(rest_response.body, symbolize_names: true)
+
+          teams = data[:data][:teams][:edges]
+          teams.each do |edge|
+            team = edge[:node]
+            min_payout = team[:minimum_bounty] ? team[:minimum_bounty].to_f : 0.0
+            next if min_payouts_enabled && min_payout.zero?
+
+            # next if min_payouts_enabled && min_payout.zero?
+
+            print '.' unless suppress_progress
+
+            min_payout_fmt = format('$%0.2f', min_payout)
+            handle = team[:handle]
+            link = "https://hackerone.com/#{handle}"
+            scheme = URI.parse(link).scheme
+            host = URI.parse(link).host
+            path = URI.parse(link).path
+            burp_target_config = "#{scheme}://#{host}/teams#{path}/assets/download_burp_project_file.json"
+
+            bounty_program_hash = {
+              name: handle,
+              min_payout: min_payout_fmt,
+              policy: "#{link}?view_policy=true",
+              burp_target_config: burp_target_config,
+              scope: "#{link}/policy_scopes",
+              hacktivity: "#{link}/hacktivity",
+              thanks: "#{link}/thanks",
+              updates: "#{link}/updates",
+              collaborators: "#{link}/collaborators"
+            }
+            programs_arr.push(bounty_program_hash)
+          end
+
+          page_info = data[:data][:teams][:pageInfo]
+          cursor = page_info[:endCursor]
+          break unless page_info[:hasNextPage]
         end
 
+        programs_arr.sort_by! { |p| -p[:min_payout].gsub('$', '').gsub(',', '').to_f }
+
         programs_arr
+      rescue RestClient::ExceptionWithResponse => e
+        if e.response
+          puts "HTTP RESPONSE CODE: #{e.response.code}"
+          puts "HTTP RESPONSE HEADERS:\n#{e.response.headers}"
+          puts "HTTP RESPONSE BODY:\n#{e.response.body}\n\n\n"
+        end
+
+        raise e
       rescue StandardError => e
         raise e
+      ensure
+        browser_obj = PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj) if browser_obj
+        rest_client = nil if rest_client
+        rest_request = nil if rest_request
       end
 
       # Supported Method Parameters::
@@ -500,10 +573,9 @@ module PWN
           )
 
           programs_arr = #{self}.get_bounty_programs(
-            browser_obj: 'required - browser_obj returned from #open method',
-            proxy: 'optional - scheme://proxy_host:port || tor',
             min_payouts_enabled: 'optional - only display programs where payouts are > $0.00 (defaults to false)',
-            suppress_progress: 'optional - suppress output (defaults to false)'
+            suppress_progress: 'optional - suppress output (defaults to false)',
+            proxy: 'optional - scheme://proxy_host:port || tor'
           )
 
           scope_details = #{self}.get_scope_details(

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.415
+  version: 0.5.417
 platform: ruby
 authors:
 - 0day Inc.