pwn 0.5.435 → 0.5.437
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/pwn/config.rb +101 -3
- data/lib/pwn/plugins/repl.rb +2 -2
- data/lib/pwn/plugins/vault.rb +15 -6
- data/lib/pwn/reports/sast.rb +50 -57
- data/lib/pwn/sast/amqp_connect_as_guest.rb +17 -1
- data/lib/pwn/sast/apache_file_system_util_api.rb +17 -1
- data/lib/pwn/sast/aws.rb +17 -1
- data/lib/pwn/sast/banned_function_calls_c.rb +17 -1
- data/lib/pwn/sast/base64.rb +17 -1
- data/lib/pwn/sast/beef_hook.rb +17 -1
- data/lib/pwn/sast/cmd_execution_java.rb +17 -1
- data/lib/pwn/sast/cmd_execution_python.rb +17 -1
- data/lib/pwn/sast/cmd_execution_ruby.rb +17 -1
- data/lib/pwn/sast/cmd_execution_scala.rb +17 -1
- data/lib/pwn/sast/csrf.rb +17 -1
- data/lib/pwn/sast/deserial_java.rb +17 -1
- data/lib/pwn/sast/emoticon.rb +17 -1
- data/lib/pwn/sast/eval.rb +17 -1
- data/lib/pwn/sast/factory.rb +17 -1
- data/lib/pwn/sast/http_authorization_header.rb +17 -1
- data/lib/pwn/sast/inner_html.rb +17 -1
- data/lib/pwn/sast/keystore.rb +17 -1
- data/lib/pwn/sast/local_storage.rb +17 -1
- data/lib/pwn/sast/location_hash.rb +17 -1
- data/lib/pwn/sast/log4j.rb +17 -1
- data/lib/pwn/sast/logger.rb +17 -1
- data/lib/pwn/sast/md5.rb +17 -1
- data/lib/pwn/sast/outer_html.rb +17 -1
- data/lib/pwn/sast/padding_oracle.rb +17 -1
- data/lib/pwn/sast/password.rb +17 -1
- data/lib/pwn/sast/php_input_mechanisms.rb +17 -1
- data/lib/pwn/sast/php_type_juggling.rb +17 -1
- data/lib/pwn/sast/pom_version.rb +17 -1
- data/lib/pwn/sast/port.rb +17 -1
- data/lib/pwn/sast/post_message.rb +17 -1
- data/lib/pwn/sast/private_key.rb +17 -1
- data/lib/pwn/sast/redirect.rb +17 -1
- data/lib/pwn/sast/redos.rb +17 -1
- data/lib/pwn/sast/shell.rb +17 -1
- data/lib/pwn/sast/signature.rb +17 -1
- data/lib/pwn/sast/sql.rb +17 -1
- data/lib/pwn/sast/ssl.rb +17 -1
- data/lib/pwn/sast/sudo.rb +17 -1
- data/lib/pwn/sast/task_tag.rb +17 -1
- data/lib/pwn/sast/throw_errors.rb +17 -1
- data/lib/pwn/sast/token.rb +17 -1
- data/lib/pwn/sast/type_script_type_juggling.rb +17 -1
- data/lib/pwn/sast/version.rb +17 -1
- data/lib/pwn/sast/window_location_hash.rb +17 -1
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn.rb +3 -1
- data/spec/lib/pwn/config_spec.rb +0 -5
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dc4595f20cb20cc81eb1633ea84a91a9d3fd7ab8c7a17b718ec2ba15451412d5
|
|
4
|
+
data.tar.gz: 991eb600f873d5f1ad790ade4791dcacedd3eecab8e6375bb646a3a3c4979afb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 289bb8fafb11ccc48cd7335fbbbc451f9629414f2c7d4f47913d2568649ae63b57d36cf3e5d8711bb38dd8ce59741f629d27a264aa4879daca55d851a635e430
|
|
7
|
+
data.tar.gz: fc6256cc8b76c11f1286531e97c762572bda96fe337b73a905e30941fedc7978ce69886cf1f77a8895ee2284cdf624fe732df1407f36027f70ffaceb5ad1eee2
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.437]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.437]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.437]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/lib/pwn/config.rb
CHANGED
|
@@ -6,6 +6,101 @@ require 'yaml'
|
|
|
6
6
|
module PWN
|
|
7
7
|
# Used to manage PWN configuration settings within PWN drivers.
|
|
8
8
|
module Config
|
|
9
|
+
# Supported Method Parameters::
|
|
10
|
+
# env = PWN::Config.minimal_env
|
|
11
|
+
public_class_method def self.minimal_env(opts = {})
|
|
12
|
+
pwn_env_path = opts[:pwn_env_path]
|
|
13
|
+
pwn_dec_path = "#{File.dirname(pwn_env_path)}/pwn.decryptor.yaml"
|
|
14
|
+
|
|
15
|
+
puts "
|
|
16
|
+
[*] NOTICE:
|
|
17
|
+
1. Writing minimal PWN::Env to:
|
|
18
|
+
#{pwn_env_path}
|
|
19
|
+
2. Your decryptor file will be written to:
|
|
20
|
+
#{pwn_dec_path}
|
|
21
|
+
3. Use the pwn-vault command in the pwn prototyping driver to update:
|
|
22
|
+
#{pwn_env_path}
|
|
23
|
+
4. For optimal security, it's recommended to move:
|
|
24
|
+
#{pwn_dec_path}
|
|
25
|
+
to a secure location and use the --pwn-dec parameter for PWN drivers.
|
|
26
|
+
"
|
|
27
|
+
env = {
|
|
28
|
+
ai: {
|
|
29
|
+
active: 'grok',
|
|
30
|
+
introspection: false,
|
|
31
|
+
grok: {
|
|
32
|
+
base_uri: 'optional - Base URI for Grok - Use private base OR defaults to https://api.x.ai/v1',
|
|
33
|
+
key: 'required - OpenAI API Key',
|
|
34
|
+
model: 'optional - Grok model to use',
|
|
35
|
+
system_role_content: 'You are an ethically hacking OpenAI agent.',
|
|
36
|
+
temp: 'optional - OpenAI temperature'
|
|
37
|
+
},
|
|
38
|
+
openai: {
|
|
39
|
+
base_uri: 'optional - Base URI for OpenAI - Use private base OR defaults to https://api.openai.com/v1',
|
|
40
|
+
key: 'required - OpenAI API Key',
|
|
41
|
+
model: 'optional - OpenAI model to use',
|
|
42
|
+
system_role_content: 'You are an ethically hacking OpenAI agent.',
|
|
43
|
+
temp: 'optional - OpenAI temperature'
|
|
44
|
+
},
|
|
45
|
+
ollama: {
|
|
46
|
+
base_uri: 'required - Base URI for Open WebUI - e.g. https://ollama.local',
|
|
47
|
+
key: 'required - Open WebUI API Key Under Settings >> Account >> JWT Token',
|
|
48
|
+
model: 'required - Ollama model to use',
|
|
49
|
+
system_role_content: 'You are an ethically hacking Ollama agent.',
|
|
50
|
+
temp: 'optional - Ollama temperature'
|
|
51
|
+
}
|
|
52
|
+
},
|
|
53
|
+
asm: { arch: PWN::Plugins::DetectOS.arch, endian: PWN::Plugins::DetectOS.endian },
|
|
54
|
+
irc: {
|
|
55
|
+
ui_nick: '_human_',
|
|
56
|
+
shared_chan: '#pwn',
|
|
57
|
+
ai_agent_nicks: {
|
|
58
|
+
browser: {
|
|
59
|
+
pwn_rb: '/opt/pwn/lib/pwn/plugins/transparent_browser.rb',
|
|
60
|
+
system_role_content: 'You are a browser. You are a web browser that can be controlled by a human or AI agent'
|
|
61
|
+
},
|
|
62
|
+
nimjeh: {
|
|
63
|
+
pwn_rb: '',
|
|
64
|
+
system_role_content: 'You are a sarcastic hacker. You find software zero day vulnerabilities. This involves analyzing source code, race conditions, application binaries, and network protocols from an offensive security perspective.'
|
|
65
|
+
},
|
|
66
|
+
nmap: {
|
|
67
|
+
pwn_rb: '/opt/pwn/lib/pwn/plugins/nmap_it.rb',
|
|
68
|
+
system_role_content: 'You are a network scanner. You are a network scanner that can be controlled by a human or AI agent'
|
|
69
|
+
},
|
|
70
|
+
shodan: {
|
|
71
|
+
pwn_rb: '/opt/pwn/lib/pwn/plugins/shodan.rb',
|
|
72
|
+
system_role_content: 'You are a passive reconnaissance agent. You are a passive reconnaissance agent that can be controlled by a human or AI agent'
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
},
|
|
76
|
+
hunter: { api_key: 'hunter.how API Key' },
|
|
77
|
+
meshtastic: {
|
|
78
|
+
psks: {
|
|
79
|
+
LongFast: 'AQ==',
|
|
80
|
+
PWN: 'required - PSK for pwn channel'
|
|
81
|
+
}
|
|
82
|
+
},
|
|
83
|
+
shodan: { api_key: 'SHODAN API Key' }
|
|
84
|
+
}
|
|
85
|
+
# Remove beginning colon from key names
|
|
86
|
+
yaml_env = YAML.dump(env).gsub(/^(\s*):/, '\1')
|
|
87
|
+
File.write(pwn_env_path, yaml_env)
|
|
88
|
+
|
|
89
|
+
env[:pwn_env_path] = pwn_env_path
|
|
90
|
+
env[:pwn_dec_path] = pwn_dec_path
|
|
91
|
+
|
|
92
|
+
PWN::Plugins::Vault.create(
|
|
93
|
+
file: pwn_env_path,
|
|
94
|
+
decryptor_file: pwn_dec_path
|
|
95
|
+
)
|
|
96
|
+
|
|
97
|
+
Pry.config.refresh_pwn_env = false if defined?(Pry)
|
|
98
|
+
PWN.send(:remove_const, :Env) if PWN.const_defined?(:Env)
|
|
99
|
+
PWN.const_set(:Env, env.freeze)
|
|
100
|
+
rescue StandardError => e
|
|
101
|
+
raise e
|
|
102
|
+
end
|
|
103
|
+
|
|
9
104
|
# Supported Method Parameters::
|
|
10
105
|
# PWN::Config.refresh_env(
|
|
11
106
|
# pwn_env_path: 'optional - Path to pwn.yaml file. Defaults to ~/.pwn/pwn.yaml',
|
|
@@ -17,7 +112,7 @@ module PWN
|
|
|
17
112
|
FileUtils.mkdir_p(pwn_env_root)
|
|
18
113
|
|
|
19
114
|
pwn_env_path = opts[:pwn_env_path] ||= "#{pwn_env_root}/pwn.yaml"
|
|
20
|
-
return
|
|
115
|
+
return minimal_env(pwn_env_path: pwn_env_path) unless File.exist?(pwn_env_path)
|
|
21
116
|
|
|
22
117
|
is_encrypted = PWN::Plugins::Vault.file_encrypted?(file: pwn_env_path)
|
|
23
118
|
|
|
@@ -76,8 +171,7 @@ module PWN
|
|
|
76
171
|
env[:pwn_env_path] = pwn_env_path
|
|
77
172
|
env[:pwn_dec_path] = pwn_dec_path if is_encrypted
|
|
78
173
|
|
|
79
|
-
Pry.config.
|
|
80
|
-
|
|
174
|
+
Pry.config.refresh_pwn_env = false if defined?(Pry)
|
|
81
175
|
PWN.send(:remove_const, :Env) if PWN.const_defined?(:Env)
|
|
82
176
|
PWN.const_set(:Env, env.freeze)
|
|
83
177
|
rescue StandardError => e
|
|
@@ -96,6 +190,10 @@ module PWN
|
|
|
96
190
|
|
|
97
191
|
public_class_method def self.help
|
|
98
192
|
puts "USAGE:
|
|
193
|
+
#{self}.minimal_env(
|
|
194
|
+
pwn_env_path: 'optional - Path to pwn.yaml file. Defaults to ~/.pwn/pwn.yaml'
|
|
195
|
+
)
|
|
196
|
+
|
|
99
197
|
#{self}.refresh_env(
|
|
100
198
|
pwn_env_path: 'optional - Path to pwn.yaml file. Defaults to ~/.pwn/pwn.yaml',
|
|
101
199
|
pwn_dec_path: 'optional - Path to pwn.decryptor.yaml file. Defaults to ~/.pwn/pwn.decryptor.yaml'
|
data/lib/pwn/plugins/repl.rb
CHANGED
|
@@ -18,7 +18,7 @@ module PWN
|
|
|
18
18
|
mode = opts[:mode]
|
|
19
19
|
|
|
20
20
|
proc do |_target_self, _nest_level, pi|
|
|
21
|
-
PWN::Config.refresh_env(opts) if Pry.config.
|
|
21
|
+
PWN::Config.refresh_env(opts) if Pry.config.refresh_pwn_env
|
|
22
22
|
|
|
23
23
|
pi.config.pwn_repl_line += 1
|
|
24
24
|
line_pad = format(
|
|
@@ -530,8 +530,8 @@ module PWN
|
|
|
530
530
|
# Define REPL Hooks
|
|
531
531
|
# Welcome Banner Hook
|
|
532
532
|
Pry.config.hooks.add_hook(:before_session, :welcome) do |output, _binding, _pi|
|
|
533
|
-
PWN::Config.refresh_env(opts)
|
|
534
533
|
output.puts PWN::Banner.welcome
|
|
534
|
+
PWN::Config.refresh_env(opts)
|
|
535
535
|
end
|
|
536
536
|
|
|
537
537
|
Pry.config.hooks.add_hook(:after_read, :pwn_asm_hook) do |request, pi|
|
data/lib/pwn/plugins/vault.rb
CHANGED
|
@@ -37,19 +37,27 @@ module PWN
|
|
|
37
37
|
|
|
38
38
|
# Supported Method Parameters::
|
|
39
39
|
# PWN::Plugins::Vault.create(
|
|
40
|
-
# file: 'required - encrypted file to create'
|
|
40
|
+
# file: 'required - encrypted file to create',
|
|
41
|
+
# decryptor_file: 'optional - file to save the key && iv values'
|
|
41
42
|
# )
|
|
42
43
|
|
|
43
44
|
public_class_method def self.create(opts = {})
|
|
44
45
|
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
|
46
|
+
decryptor_file = opts[:decryptor_file]
|
|
45
47
|
|
|
46
48
|
cipher = OpenSSL::Cipher.new('aes-256-cbc')
|
|
47
49
|
key = Base64.strict_encode64(cipher.random_key)
|
|
48
50
|
iv = Base64.strict_encode64(cipher.random_iv)
|
|
49
51
|
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
52
|
+
if decryptor_file
|
|
53
|
+
decryptor_hash = { key: key, iv: iv }
|
|
54
|
+
yaml_decryptor = YAML.dump(decryptor_hash).gsub(/^(\s*):/, '\1')
|
|
55
|
+
File.write(decryptor_file, yaml_decryptor)
|
|
56
|
+
else
|
|
57
|
+
puts 'Please store the Key && IV in a secure location as they are required for decryption.'
|
|
58
|
+
puts "Key: #{key}"
|
|
59
|
+
puts "IV: #{iv}"
|
|
60
|
+
end
|
|
53
61
|
|
|
54
62
|
encrypt(
|
|
55
63
|
file: file,
|
|
@@ -173,7 +181,7 @@ module PWN
|
|
|
173
181
|
system(relative_editor, file)
|
|
174
182
|
|
|
175
183
|
# If the Pry object exists, set refresh_config to true
|
|
176
|
-
Pry.config.
|
|
184
|
+
Pry.config.refresh_pwn_env = true if defined?(Pry)
|
|
177
185
|
|
|
178
186
|
encrypt(
|
|
179
187
|
file: file,
|
|
@@ -253,7 +261,8 @@ module PWN
|
|
|
253
261
|
)
|
|
254
262
|
|
|
255
263
|
#{self}.create(
|
|
256
|
-
file: 'required - file to encrypt'
|
|
264
|
+
file: 'required - file to encrypt',
|
|
265
|
+
decryptor_file: 'optional - file to save the key && iv values'
|
|
257
266
|
)
|
|
258
267
|
|
|
259
268
|
#{self}.decrypt(
|
data/lib/pwn/reports/sast.rb
CHANGED
|
@@ -25,62 +25,55 @@ module PWN
|
|
|
25
25
|
}
|
|
26
26
|
report_name = opts[:report_name] ||= File.basename(Dir.pwd)
|
|
27
27
|
|
|
28
|
-
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
29
|
-
puts "Analyzing source code using AI engine: #{engine}\nModel: #{model}\nSystem Role Content: #{system_role_content}\nTemperature: #{temp}" if ai_instrospection
|
|
30
|
-
|
|
31
28
|
# Calculate percentage of AI analysis based on the number of entries
|
|
32
|
-
total_entries = results_hash[:data].sum { |entry| entry[:line_no_and_contents].size }
|
|
33
|
-
puts "Total entries to analyze: #{total_entries}" if engine
|
|
34
|
-
|
|
35
|
-
percent_complete = 0.0
|
|
36
|
-
entry_count = 0
|
|
37
|
-
spin = TTY::Spinner.new(
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
)
|
|
42
|
-
spin.auto_spin
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
total_entries: total_entries
|
|
81
|
-
)
|
|
82
|
-
end
|
|
83
|
-
end
|
|
29
|
+
# total_entries = results_hash[:data].sum { |entry| entry[:line_no_and_contents].size }
|
|
30
|
+
# puts "Total entries to analyze: #{total_entries}" if engine
|
|
31
|
+
|
|
32
|
+
# percent_complete = 0.0
|
|
33
|
+
# entry_count = 0
|
|
34
|
+
# spin = TTY::Spinner.new(
|
|
35
|
+
# '[:spinner] Report Generation Progress: :percent_complete :entry_count of :total_entries',
|
|
36
|
+
# format: :dots,
|
|
37
|
+
# hide_cursor: true
|
|
38
|
+
# )
|
|
39
|
+
# spin.auto_spin
|
|
40
|
+
|
|
41
|
+
# ai_instrospection = PWN::Env[:ai][:introspection]
|
|
42
|
+
# puts "Analyzing source code using AI engine: #{engine}\nModel: #{model}\nSystem Role Content: #{system_role_content}\nTemperature: #{temp}" if ai_instrospection
|
|
43
|
+
|
|
44
|
+
# results_hash[:data].each do |hash_line|
|
|
45
|
+
# git_repo_root_uri = hash_line[:filename][:git_repo_root_uri]
|
|
46
|
+
# filename = hash_line[:filename][:entry]
|
|
47
|
+
# hash_line[:line_no_and_contents].each do |src_detail|
|
|
48
|
+
# entry_count += 1
|
|
49
|
+
# percent_complete = (entry_count.to_f / total_entries * 100).round(2)
|
|
50
|
+
# line_no = src_detail[:line_no]
|
|
51
|
+
# source_code_snippet = src_detail[:contents]
|
|
52
|
+
# author = src_detail[:author].to_s.scrub.chomp.strip
|
|
53
|
+
# response = nil
|
|
54
|
+
# if ai_instrospection
|
|
55
|
+
# request = {
|
|
56
|
+
# scm_uri: "#{git_repo_root_uri}/#{filename}",
|
|
57
|
+
# line: line_no,
|
|
58
|
+
# source_code_snippet: source_code_snippet
|
|
59
|
+
# }.to_json
|
|
60
|
+
# response = PWN::AI::Introspection.reflect(request: request)
|
|
61
|
+
# end
|
|
62
|
+
# ai_analysis = nil
|
|
63
|
+
# if response.is_a?(Hash)
|
|
64
|
+
# ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
65
|
+
# ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
66
|
+
# puts "AI Analysis Progress: #{percent_complete}% Line: #{line_no} | Author: #{author} | AI Analysis: #{ai_analysis}\n\n\n" if ai_analysis
|
|
67
|
+
# end
|
|
68
|
+
# src_detail[:ai_analysis] = ai_analysis.to_s.scrub.chomp.strip
|
|
69
|
+
# spin.update(
|
|
70
|
+
# percent_complete: "#{percent_complete}%",
|
|
71
|
+
# entry_count: entry_count,
|
|
72
|
+
# total_entries: total_entries
|
|
73
|
+
# )
|
|
74
|
+
# end
|
|
75
|
+
# end
|
|
76
|
+
|
|
84
77
|
# JSON object Completion
|
|
85
78
|
# File.open("#{dir_path}/pwn_scan_git_source.json", 'w') do |f|
|
|
86
79
|
# f.print(results_hash.to_json)
|
|
@@ -467,8 +460,8 @@ module PWN
|
|
|
467
460
|
end
|
|
468
461
|
rescue StandardError => e
|
|
469
462
|
raise e
|
|
470
|
-
|
|
471
|
-
spin.stop unless spin.nil?
|
|
463
|
+
# ensure
|
|
464
|
+
# spin.stop unless spin.nil?
|
|
472
465
|
end
|
|
473
466
|
|
|
474
467
|
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
@@ -75,10 +75,26 @@ module PWN
|
|
|
75
75
|
end
|
|
76
76
|
author ||= 'N/A'
|
|
77
77
|
|
|
78
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
79
|
+
ai_analysis = nil
|
|
80
|
+
if ai_instrospection
|
|
81
|
+
request = {
|
|
82
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
83
|
+
line_no: line_no,
|
|
84
|
+
source_code_snippet: contents
|
|
85
|
+
}.to_json
|
|
86
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
87
|
+
if response.is_a?(Hash)
|
|
88
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
89
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
78
93
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
79
94
|
line_no: line_no,
|
|
80
95
|
contents: contents,
|
|
81
|
-
author: author
|
|
96
|
+
author: author,
|
|
97
|
+
ai_analysis: ai_analysis
|
|
82
98
|
)
|
|
83
99
|
current_count += 2
|
|
84
100
|
end
|
|
@@ -75,10 +75,26 @@ module PWN
|
|
|
75
75
|
end
|
|
76
76
|
author ||= 'N/A'
|
|
77
77
|
|
|
78
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
79
|
+
ai_analysis = nil
|
|
80
|
+
if ai_instrospection
|
|
81
|
+
request = {
|
|
82
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
83
|
+
line_no: line_no,
|
|
84
|
+
source_code_snippet: contents
|
|
85
|
+
}.to_json
|
|
86
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
87
|
+
if response.is_a?(Hash)
|
|
88
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
89
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
78
93
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
79
94
|
line_no: line_no,
|
|
80
95
|
contents: contents,
|
|
81
|
-
author: author
|
|
96
|
+
author: author,
|
|
97
|
+
ai_analysis: ai_analysis
|
|
82
98
|
)
|
|
83
99
|
|
|
84
100
|
current_count += 2
|
data/lib/pwn/sast/aws.rb
CHANGED
|
@@ -76,10 +76,26 @@ module PWN
|
|
|
76
76
|
end
|
|
77
77
|
author ||= 'N/A'
|
|
78
78
|
|
|
79
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
80
|
+
ai_analysis = nil
|
|
81
|
+
if ai_instrospection
|
|
82
|
+
request = {
|
|
83
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
84
|
+
line_no: line_no,
|
|
85
|
+
source_code_snippet: contents
|
|
86
|
+
}.to_json
|
|
87
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
88
|
+
if response.is_a?(Hash)
|
|
89
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
90
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
79
94
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
80
95
|
line_no: line_no,
|
|
81
96
|
contents: contents,
|
|
82
|
-
author: author
|
|
97
|
+
author: author,
|
|
98
|
+
ai_analysis: ai_analysis
|
|
83
99
|
)
|
|
84
100
|
|
|
85
101
|
current_count += 2
|
|
@@ -203,10 +203,26 @@ module PWN
|
|
|
203
203
|
end
|
|
204
204
|
author ||= 'N/A'
|
|
205
205
|
|
|
206
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
207
|
+
ai_analysis = nil
|
|
208
|
+
if ai_instrospection
|
|
209
|
+
request = {
|
|
210
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
211
|
+
line_no: line_no,
|
|
212
|
+
source_code_snippet: contents
|
|
213
|
+
}.to_json
|
|
214
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
215
|
+
if response.is_a?(Hash)
|
|
216
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
217
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
218
|
+
end
|
|
219
|
+
end
|
|
220
|
+
|
|
206
221
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
207
222
|
line_no: line_no,
|
|
208
223
|
contents: contents,
|
|
209
|
-
author: author
|
|
224
|
+
author: author,
|
|
225
|
+
ai_analysis: ai_analysis
|
|
210
226
|
)
|
|
211
227
|
|
|
212
228
|
current_count += 2
|
data/lib/pwn/sast/base64.rb
CHANGED
|
@@ -74,10 +74,26 @@ module PWN
|
|
|
74
74
|
end
|
|
75
75
|
author ||= 'N/A'
|
|
76
76
|
|
|
77
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
78
|
+
ai_analysis = nil
|
|
79
|
+
if ai_instrospection
|
|
80
|
+
request = {
|
|
81
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
82
|
+
line_no: line_no,
|
|
83
|
+
source_code_snippet: contents
|
|
84
|
+
}.to_json
|
|
85
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
86
|
+
if response.is_a?(Hash)
|
|
87
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
88
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
77
92
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
78
93
|
line_no: line_no,
|
|
79
94
|
contents: contents,
|
|
80
|
-
author: author
|
|
95
|
+
author: author,
|
|
96
|
+
ai_analysis: ai_analysis
|
|
81
97
|
)
|
|
82
98
|
|
|
83
99
|
current_count += 2
|
data/lib/pwn/sast/beef_hook.rb
CHANGED
|
@@ -74,10 +74,26 @@ module PWN
|
|
|
74
74
|
end
|
|
75
75
|
author ||= 'N/A'
|
|
76
76
|
|
|
77
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
78
|
+
ai_analysis = nil
|
|
79
|
+
if ai_instrospection
|
|
80
|
+
request = {
|
|
81
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
82
|
+
line_no: line_no,
|
|
83
|
+
source_code_snippet: contents
|
|
84
|
+
}.to_json
|
|
85
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
86
|
+
if response.is_a?(Hash)
|
|
87
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
88
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
77
92
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
78
93
|
line_no: line_no,
|
|
79
94
|
contents: contents,
|
|
80
|
-
author: author
|
|
95
|
+
author: author,
|
|
96
|
+
ai_analysis: ai_analysis
|
|
81
97
|
)
|
|
82
98
|
|
|
83
99
|
current_count += 2
|
|
@@ -76,10 +76,26 @@ module PWN
|
|
|
76
76
|
end
|
|
77
77
|
author ||= 'N/A'
|
|
78
78
|
|
|
79
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
80
|
+
ai_analysis = nil
|
|
81
|
+
if ai_instrospection
|
|
82
|
+
request = {
|
|
83
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
84
|
+
line_no: line_no,
|
|
85
|
+
source_code_snippet: contents
|
|
86
|
+
}.to_json
|
|
87
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
88
|
+
if response.is_a?(Hash)
|
|
89
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
90
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
79
94
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
80
95
|
line_no: line_no,
|
|
81
96
|
contents: contents,
|
|
82
|
-
author: author
|
|
97
|
+
author: author,
|
|
98
|
+
ai_analysis: ai_analysis
|
|
83
99
|
)
|
|
84
100
|
|
|
85
101
|
current_count += 2
|
|
@@ -78,10 +78,26 @@ module PWN
|
|
|
78
78
|
end
|
|
79
79
|
author ||= 'N/A'
|
|
80
80
|
|
|
81
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
82
|
+
ai_analysis = nil
|
|
83
|
+
if ai_instrospection
|
|
84
|
+
request = {
|
|
85
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
86
|
+
line_no: line_no,
|
|
87
|
+
source_code_snippet: contents
|
|
88
|
+
}.to_json
|
|
89
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
90
|
+
if response.is_a?(Hash)
|
|
91
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
92
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
|
|
81
96
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
82
97
|
line_no: line_no,
|
|
83
98
|
contents: contents,
|
|
84
|
-
author: author
|
|
99
|
+
author: author,
|
|
100
|
+
ai_analysis: ai_analysis
|
|
85
101
|
)
|
|
86
102
|
|
|
87
103
|
current_count += 2
|
|
@@ -86,10 +86,26 @@ module PWN
|
|
|
86
86
|
end
|
|
87
87
|
author ||= 'N/A'
|
|
88
88
|
|
|
89
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
90
|
+
ai_analysis = nil
|
|
91
|
+
if ai_instrospection
|
|
92
|
+
request = {
|
|
93
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
94
|
+
line_no: line_no,
|
|
95
|
+
source_code_snippet: contents
|
|
96
|
+
}.to_json
|
|
97
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
98
|
+
if response.is_a?(Hash)
|
|
99
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
100
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
101
|
+
end
|
|
102
|
+
end
|
|
103
|
+
|
|
89
104
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
90
105
|
line_no: line_no,
|
|
91
106
|
contents: contents,
|
|
92
|
-
author: author
|
|
107
|
+
author: author,
|
|
108
|
+
ai_analysis: ai_analysis
|
|
93
109
|
)
|
|
94
110
|
|
|
95
111
|
current_count += 2
|
|
@@ -76,10 +76,26 @@ module PWN
|
|
|
76
76
|
end
|
|
77
77
|
author ||= 'N/A'
|
|
78
78
|
|
|
79
|
+
ai_instrospection = PWN::Env[:ai][:introspection]
|
|
80
|
+
ai_analysis = nil
|
|
81
|
+
if ai_instrospection
|
|
82
|
+
request = {
|
|
83
|
+
scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
|
|
84
|
+
line_no: line_no,
|
|
85
|
+
source_code_snippet: contents
|
|
86
|
+
}.to_json
|
|
87
|
+
response = PWN::AI::Introspection.reflect(request: request)
|
|
88
|
+
if response.is_a?(Hash)
|
|
89
|
+
ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
|
|
90
|
+
ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
79
94
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
80
95
|
line_no: line_no,
|
|
81
96
|
contents: contents,
|
|
82
|
-
author: author
|
|
97
|
+
author: author,
|
|
98
|
+
ai_analysis: ai_analysis
|
|
83
99
|
)
|
|
84
100
|
|
|
85
101
|
current_count += 2
|