pwn 0.5.42 → 0.5.44

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 132c78ae9112e7c2da8c02d5b2d7d32370953c7bc05686026e097ad04d5c4ba0
-  data.tar.gz: 2d51b81f19297ba49e61288998df35b4bc3c88a2dff0ca05a0ba44b6db1c3f65
+  metadata.gz: 3f25e99b7bab77b60bf540f3a7116b5a73880b4a48bb657fab50d3b790fa1c55
+  data.tar.gz: 1b1f20af44bedd09315acfe8f0d7e96cb80c51709a38daf7686f806de07694a1
 SHA512:
-  metadata.gz: 23a021b1d27dc5fd2352c61e9c00afea1aa9ffe98e7a6040e5d0cb913c5261eebd9e429a2f416304f3177c9c726bc8ca0cfec1c2d8bcc2a7cf7025852758d44a
-  data.tar.gz: 7a71c1e70bb63993f113b4c5ee7d6ce4162b6252da72b4795c2d9e320b740b7f8ef871179c5a65c4c77d1e6590008480e16127f15be868a403cea8362e021c5c
+  metadata.gz: e5a537100ad7b89d3f50fff3378a6d278cfd306fafcb28a25bdfef94c3284865b80936fa70010e67851a98f1b113466606c59175ddefaee25273492cdad16616
+  data.tar.gz: 8e686718096043e4b91a9f82a31ea5d584a7a80f9e7f07c7293c6a455910d06aad5e06b091b9111115e1f38f4bfae7031c8bfdab0c46c710afcc97773a42477c

data/.rubocop.yml

@@ -1,9 +1,26 @@
-inherit_from: .rubocop_todo.yml
 AllCops: 
   UseCache: false
   NewCops: enable
-Layout:
-  Max: 3000
+Layout/LineLength:
+  Max: 293
+Lint/UselessRescue:
+  Enabled: false
+Metrics/AbcSize:
+  Max: 537.6
+Metrics/BlockLength:
+  Max: 138
+Metrics/BlockNesting:
+  Max: 4
+Metrics/ClassLength:
+  Max: 134
+Metrics/CyclomaticComplexity:
+  Max: 103
+Metrics/MethodLength:
+  Max: 485
+Metrics/ModuleLength:
+  Max: 495
+Metrics/PerceivedComplexity:
+  Max: 101
 Style/HashEachMethods:
   Enabled: true
 Style/HashSyntax:
@@ -14,3 +31,5 @@ Style/HashTransformValues:
   Enabled: true
 Style/RedundantLineContinuation:
   Enabled: false
+
+inherit_from: .rubocop_todo.yml

data/.rubocop_todo.yml

@@ -1,11 +1,18 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2024-01-23 19:41:36 UTC using RuboCop version 1.60.1.
+# on 2024-03-04 01:40:30 UTC using RuboCop version 1.61.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
+# Offense count: 1
+# Configuration parameters: Severity, Include.
+# Include: **/*.gemspec
+Gemspec/RequiredRubyVersion:
+  Exclude:
+    - 'pwn.gemspec'
+
 # Offense count: 5
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
@@ -17,30 +24,43 @@ Layout/LineContinuationSpacing:
     - 'packer/provisioners/wpscan.rb'
     - 'vagrant/provisioners/beef.rb'
 
-# Offense count: 290
+# Offense count: 18
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
+# URISchemes: http, https
+Layout/LineLength:
+  Exclude:
+    - 'Vagrantfile'
+    - 'bin/pwn_diff_csv_files_w_column_exclude'
+    - 'lib/pwn/banner/jmp_esp.rb'
+    - 'lib/pwn/plugins/mail_agent.rb'
+    - 'lib/pwn/plugins/open_ai.rb'
+    - 'lib/pwn/reports/fuzz.rb'
+    - 'lib/pwn/reports/phone.rb'
+    - 'lib/pwn/reports/sast.rb'
+    - 'lib/pwn/reports/uri_buster.rb'
+    - 'lib/pwn/sast/banned_function_calls_c.rb'
+
+# Offense count: 294
 # This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AutoCorrect.
 Lint/UselessAssignment:
   Enabled: false
 
-# Offense count: 694
-Lint/UselessRescue:
-  Enabled: false
-
-# Offense count: 291
-# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
-Metrics/AbcSize:
-  Max: 328
-
-# Offense count: 71
-# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+# Offense count: 3
+# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 # AllowedMethods: refine
 Metrics/BlockLength:
-  Max: 196
+  Exclude:
+    - '**/*.gemspec'
+    - 'lib/pwn/plugins/android.rb'
+    - 'lib/pwn/plugins/msr206.rb'
+    - 'lib/pwn/sast/banned_function_calls_c.rb'
 
-# Offense count: 49
-# Configuration parameters: CountBlocks.
+# Offense count: 44
+# Configuration parameters: CountBlocks, Max.
 Metrics/BlockNesting:
-  Max: 5
+  Enabled: false
 
 # Offense count: 1
 # Configuration parameters: LengthThreshold.
@@ -48,31 +68,36 @@ Metrics/CollectionLiteralLength:
   Exclude:
     - 'lib/pwn/plugins/uri_scheme.rb'
 
-# Offense count: 116
-# Configuration parameters: AllowedMethods, AllowedPatterns.
+# Offense count: 1
+# Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/CyclomaticComplexity:
-  Max: 231
+  Exclude:
+    - 'lib/pwn/plugins/android.rb'
 
-# Offense count: 536
-# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+# Offense count: 1
+# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
-  Max: 1001
+  Exclude:
+    - 'lib/pwn/banner/code_cave.rb'
 
-# Offense count: 56
-# Configuration parameters: CountComments, CountAsOne.
+# Offense count: 8
+# Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ModuleLength:
-  Max: 1187
-
-# Offense count: 108
-# Configuration parameters: AllowedMethods, AllowedPatterns.
-Metrics/PerceivedComplexity:
-  Max: 51
+  Exclude:
+    - 'lib/pwn/banner/code_cave.rb'
+    - 'lib/pwn/plugins/android.rb'
+    - 'lib/pwn/plugins/black_duck_binary_analysis.rb'
+    - 'lib/pwn/plugins/ibm_appscan.rb'
+    - 'lib/pwn/plugins/msr206.rb'
+    - 'lib/pwn/plugins/nessus_cloud.rb'
+    - 'lib/pwn/plugins/open_ai.rb'
+    - 'lib/pwn/plugins/packet.rb'
 
 # Offense count: 160
 Style/ClassVars:
   Enabled: false
 
-# Offense count: 278
+# Offense count: 280
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
 # SupportedStyles: assign_to_condition, assign_inside_condition
@@ -85,12 +110,13 @@ Style/ExplicitBlockArgument:
   Exclude:
     - 'lib/pwn/plugins/nmap_it.rb'
 
-# Offense count: 2
+# Offense count: 3
 # This cop supports safe autocorrection (--autocorrect).
 Style/IfUnlessModifier:
   Exclude:
     - 'bin/pwn'
     - 'lib/pwn/plugins/baresip.rb'
+    - 'lib/pwn/plugins/mail_agent.rb'
 
 # Offense count: 94
 # This cop supports safe autocorrection (--autocorrect).
@@ -108,7 +134,7 @@ Style/RedundantStringEscape:
     - 'lib/pwn/sast/redos.rb'
     - 'vagrant/provisioners/kali_customize.rb'
 
-# Offense count: 46
+# Offense count: 48
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
   Enabled: false
@@ -127,10 +153,3 @@ Style/SoleNestedConditional:
 Style/StringLiterals:
   Exclude:
     - 'bin/pwn'
-
-# Offense count: 637
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
-# URISchemes: http, https
-Layout/LineLength:
-  Max: 1620

data/Gemfile

@@ -40,7 +40,7 @@ gem 'jenkins_api_client2', '1.9.0'
 gem 'js-beautify', '0.1.8'
 gem 'json', '2.7.1'
 gem 'jsonpath', '1.1.5'
-gem 'jwt', '2.8.0'
+gem 'jwt', '2.8.1'
 gem 'libusb', '0.6.4'
 gem 'luhn', '1.0.2'
 gem 'mail', '2.8.1'
@@ -60,7 +60,7 @@ gem 'os', '1.1.4'
 gem 'packetfu', '2.0.0'
 gem 'packetgen', '3.3.1'
 gem 'pdf-reader', '2.12.0'
-gem 'pg', '1.5.5'
+gem 'pg', '1.5.6'
 gem 'pry', '0.14.2'
 gem 'pry-doc', '1.5.0'
 gem 'rake', '13.1.0'
@@ -73,9 +73,9 @@ gem 'rmagick', '5.4.4'
 gem 'rqrcode', '2.2.0'
 gem 'rspec', '3.13.0'
 gem 'rtesseract', '3.1.3'
-gem 'rubocop', '1.60.2'
+gem 'rubocop', '1.61.0'
 gem 'rubocop-rake', '0.6.0'
-gem 'rubocop-rspec', '2.26.1'
+gem 'rubocop-rspec', '2.27.1'
 gem 'ruby-audio', '1.6.1'
 gem 'ruby-nmap', '1.0.3'
 gem 'ruby-saml', '1.16.0'
@@ -97,3 +97,4 @@ gem 'webrick', '1.8.1'
 gem 'whois', '5.1.1'
 gem 'whois-parser', '2.0.0'
 gem 'wicked_pdf', '2.8.0'
+gem 'yard', '0.9.36'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.42]:001 >>> PWN.help
+pwn[v0.5.44]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.42]:001 >>> PWN.help
+pwn[v0.5.44]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.42]:001 >>> PWN.help
+pwn[v0.5.44]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn

@@ -216,21 +216,21 @@ begin
     end
   end
 
-  Pry::Commands.create_command 'toggle-pwn-asm' do
-    description 'Toggle pwn.asm interface.'
+  Pry::Commands.create_command 'pwn-asm' do
+    description 'Initiate pwn.asm shell.'
 
     def process
       pi = pry_instance
-      pi.config.pwn_asm ? pi.config.pwn_asm = false : pi.config.pwn_asm = true
+      pi.config.pwn_asm = true
     end
   end
 
-  Pry::Commands.create_command 'toggle-pwn-gpt' do
-    description 'Toggle pwn.gpt chat interface.'
+  Pry::Commands.create_command 'pwn-gpt' do
+    description 'Initiate pwn.gpt chat interface.'
 
     def process
       pi = pry_instance
-      pi.config.pwn_gpt ? pi.config.pwn_gpt = false : pi.config.pwn_gpt = true
+      pi.config.pwn_gpt = true
       pi.config.color = false if pi.config.pwn_gpt
       pi.config.color = true unless pi.config.pwn_gpt
     end
@@ -254,6 +254,18 @@ begin
     end
   end
 
+  Pry::Commands.create_command 'back' do
+    description 'Jump back to pwn REPL when in pwn-asm || pwn-gpt.'
+
+    def process
+      pi = pry_instance
+      pi.config.pwn_asm = false if pi.config.pwn_asm
+      pi.config.pwn_gpt = false if pi.config.pwn_gpt
+      pi.config.pwn_gpt_debug = false if pi.config.pwn_gpt_debug
+      pi.config.pwn_gpt_speak = false if pi.config.pwn_gpt_speak
+    end
+  end
+
   # Define REPL Hooks
   # Welcome Banner Hook
   Pry.config.hooks.add_hook(:before_session, :welcome) do |output, _binding, _pi|

data/lib/pwn/plugins/assembly.rb

@@ -29,10 +29,40 @@ module PWN
           arch_obj = Metasm::Ia32.new(endian)
         when 'amd64', 'x86_64'
           arch_obj = Metasm::X86_64.new(endian)
+        when 'arc'
+          arch_obj = Metasm::ARC.new(endian)
         when 'armv4l', 'armv4b', 'armv5l', 'armv5b', 'armv6l', 'armv6b', 'armv7b', 'armv7l', 'arm', 'armhf'
           arch_obj = Metasm::ARM.new(endian)
         when 'aarch64', 'arm64'
           arch_obj = Metasm::ARM64.new(endian)
+        when 'bpf'
+          arch_obj = Metasm::BPF.new(endian)
+        when 'cy16'
+          arch_obj = Metasm::CY16.new(endian)
+        when 'dalvik'
+          arch_obj = Metasm::Dalvik.new(endian)
+        when 'ebpf'
+          arch_obj = Metasm::EBPF.new(endian)
+        when 'mcs51'
+          arch_obj = Metasm::MCS51.new(endian)
+        when 'mips'
+          arch_obj = Metasm::MIPS.new(endian)
+        when 'mips64'
+          arch_obj = Metasm::MIPS64.new(endian)
+        when 'msp430'
+          arch_obj = Metasm::MSP430.new(endian)
+        when 'openrisc'
+          arch_obj = Metasm::OpenRisc.new(endian)
+        when 'ppc'
+          arch_obj = Metasm::PPC.new(endian)
+        when 'sh4'
+          arch_obj = Metasm::SH4.new(endian)
+        when 'st20'
+          arch_obj = Metasm::ST20.new(endian)
+        when 'webasm'
+          arch_obj = Metasm::WebAsm.new(endian)
+        when 'z80'
+          arch_obj = Metasm::Z80.new(endian)
         else
           raise "Unsupported architecture: #{arch}"
         end
@@ -104,10 +134,40 @@ module PWN
           arch_obj = Metasm::Ia32.new(endian)
         when 'amd64', 'x86_64'
           arch_obj = Metasm::X86_64.new(endian)
+        when 'arc'
+          arch_obj = Metasm::ARC.new(endian)
         when 'armv4l', 'armv4b', 'armv5l', 'armv5b', 'armv6l', 'armv6b', 'armv7b', 'armv7l', 'arm', 'armhf'
           arch_obj = Metasm::ARM.new(endian)
         when 'aarch64', 'arm64'
           arch_obj = Metasm::ARM64.new(endian)
+        when 'bpf'
+          arch_obj = Metasm::BPF.new(endian)
+        when 'cy16'
+          arch_obj = Metasm::CY16.new(endian)
+        when 'dalvik'
+          arch_obj = Metasm::Dalvik.new(endian)
+        when 'ebpf'
+          arch_obj = Metasm::EBPF.new(endian)
+        when 'mcs51'
+          arch_obj = Metasm::MCS51.new(endian)
+        when 'mips'
+          arch_obj = Metasm::MIPS.new(endian)
+        when 'mips64'
+          arch_obj = Metasm::MIPS64.new(endian)
+        when 'msp430'
+          arch_obj = Metasm::MSP430.new(endian)
+        when 'openrisc'
+          arch_obj = Metasm::OpenRisc.new(endian)
+        when 'ppc'
+          arch_obj = Metasm::PPC.new(endian)
+        when 'sh4'
+          arch_obj = Metasm::SH4.new(endian)
+        when 'st20'
+          arch_obj = Metasm::ST20.new(endian)
+        when 'webasm'
+          arch_obj = Metasm::WebAsm.new(endian)
+        when 'z80'
+          arch_obj = Metasm::Z80.new(endian)
         else
           raise "Unsupported architecture: #{arch}"
         end

data/lib/pwn/plugins/black_duck_binary_analysis.rb

@@ -423,6 +423,47 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_group_statistics(
+      #   token: 'required - Bearer token',
+      #   group_id: 'required - group id'
+      # )
+
+      public_class_method def self.get_group_statistics(opts = {})
+        token = opts[:token]
+        group_id = opts[:group_id]
+
+        response = bd_bin_analysis_rest_call(
+          token: token,
+          rest_call: "groups/#{group_id}/statistics"
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # response = PWN::Plugins::BlackDuckBinaryAnalysis.delete_group(
+      #   token: 'required - Bearer token',
+      #   group_id: 'required - group id'
+      # )
+
+      public_class_method def self.delete_group(opts = {})
+        token = opts[:token]
+        group_id = opts[:group_id]
+
+        response = bd_bin_analysis_rest_call(
+          http_method: :delete,
+          token: token,
+          rest_call: "groups/#{group_id}"
+        )
+
+        JSON.parse(response, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
       # Supported Method Parameters::
       # response = PWN::Plugins::BlackDuckBinaryAnalysis.get_licenses(
       #   token: 'required - Bearer token'
@@ -687,6 +728,16 @@ module PWN
             group_id: 'required - group id'
           )
 
+          response = #{self}.get_group_statistics(
+            token: 'required - Bearer token',
+            group_id: 'required - group id'
+          )
+
+          response = #{self}.delete_group(
+            token: 'required - Bearer token',
+            group_id: 'required - group id'
+          )
+
           response = #{self}.get_licenses(
             token: 'required - Bearer token'
           )

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.42'
+  VERSION = '0.5.44'
 end

data/packer/provisioners/aliases.rb

@@ -6,6 +6,7 @@ system("sudo touch #{alias_file}")
 system("sudo chmod 777 #{alias_file}")
 File.open(alias_file, 'w') do |f|
   f.puts '#!/bin/bash'
+  f.puts "alias file='file --keep-going --raw'"
   f.puts "alias grep='grep --color=auto'"
   f.puts "alias kpid='kill -15'"
   f.puts "alias ls='ls --color=auto'"

data/pwn.gemspec

@@ -6,7 +6,9 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'pwn/version'
 
 Gem::Specification.new do |spec|
-  spec.required_ruby_version = ">= #{File.read('.ruby-version').split('-').last.chomp}"
+  ruby_version = ">= #{File.read('.ruby-version').split('-').last.chomp}".freeze
+  # spec.required_ruby_version = ruby_version
+  spec.required_ruby_version = '>= 3.3.0'
   spec.name = 'pwn'
   spec.version = PWN::VERSION
   spec.authors = ['0day Inc.']

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.42
+  version: 0.5.44
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-28 00:00:00.000000000 Z
+date: 2024-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -408,14 +408,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: 2.8.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.8.0
+        version: 2.8.1
 - !ruby/object:Gem::Dependency
   name: libusb
   requirement: !ruby/object:Gem::Requirement
@@ -674,14 +674,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.5
+        version: 1.5.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.5
+        version: 1.5.6
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -856,14 +856,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.60.2
+        version: 1.61.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.60.2
+        version: 1.61.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -884,14 +884,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.26.1
+        version: 2.27.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.26.1
+        version: 2.27.1
 - !ruby/object:Gem::Dependency
   name: ruby-audio
   requirement: !ruby/object:Gem::Requirement
@@ -1172,6 +1172,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.8.0
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.36
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.36
 description: https://github.com/0dayinc/pwn/README.md
 email:
 - request.pentest@0dayinc.com