pwn 0.5.442 → 0.5.444

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f41d05e60c7f650088bc283e5a06b7d098c97df33136978ec4cbdb153bfa2c16
-  data.tar.gz: 93ba311fa530ba7bcf3622a581fc801d33aa600f7d266a554adc0473cf8ac5da
+  metadata.gz: ec6df63c1b99b28c53063a7a55160e3daf1b961fb5c9c65b13e522bb1011f54d
+  data.tar.gz: 384514b0c8e2fe6d11696a55e5e9fc04a3cf5af85218b6643a2009401da50188
 SHA512:
-  metadata.gz: b65927abd14e08746efc021f7ce5ad6e66d96224e9a6007401853b11f62a0d18da00b1e02655e228041d63bed46202e1e8217f294f83bb824f9cfc15332ebf85
-  data.tar.gz: 9ab2ee50ccba046c830a9b6120b491295c509d9962b64f1a77ca82b9e17ac98610d088ad78061c7afa4848d9313032764810880d54dd4e5b7ada5a0bd1c6a9b2
+  metadata.gz: 679c8b0262e600ae206e713ceec79d60de9ce91bf39b0eebb420c76316fd0cb7816a9bf96390bf5545e5c6063697809354fb52aa55aad962cd0b2c9c5373d123
+  data.tar.gz: f14604cb417bd26b745a4c311ed8614cc8ec3f13e07f622497efbb4037fda26ed767dc017ff2fa1e92eee4f47a731d4646ea76e05cf05628d4377a23e7cef460

data/Gemfile

@@ -41,7 +41,7 @@ gem 'htmlentities', '4.3.4'
 gem 'ipaddress', '0.8.3'
 gem 'jenkins_api_client2', '1.9.0'
 gem 'js-beautify', '0.1.8'
-gem 'json', '2.15.0'
+gem 'json', '2.15.1'
 gem 'jsonpath', '1.1.5'
 gem 'json_schemer', '2.4.0'
 gem 'jwt', '3.1.2'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.442]:001 >>> PWN.help
+pwn[v0.5.444]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.442]:001 >>> PWN.help
+pwn[v0.5.444]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.442]:001 >>> PWN.help
+pwn[v0.5.444]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_sast

@@ -102,6 +102,7 @@ begin
       BannedFunctionCallsC
       Base64
       BeefHook
+      CmdExecutionGoLang
       CmdExecutionJava
       CmdExecutionPython
       CmdExecutionRuby

data/lib/pwn/plugins/file_fu.rb

@@ -14,7 +14,9 @@ module PWN
     module FileFu
       # Supported Method Parameters::
       # PWN::Plugins::FileFu.recurse_in_dir(
-      #   dir_path: 'optional path to dir defaults to .'
+      #   dir_path: 'optional path to dir defaults to .',
+      #   include_extensions: 'optional - array of file extensions to search for in scan (e.g. ['.js', '.php'])',
+      #   exclude_extensions: 'optional - array of file extensions to exclude from scan (e.g. ['.log', '.txt', '.spec'])'
       # )
 
       public_class_method def self.recurse_in_dir(opts = {})
@@ -22,32 +24,24 @@ module PWN
         dir_path = dir_path.to_s.scrub unless dir_path.is_a?(String)
         raise "PWN Error: Invalid Directory #{dir_path}" unless Dir.exist?(dir_path)
 
+        include_extensions = opts[:include_extensions] ||= []
+        exclude_extensions = opts[:exclude_extensions] ||= []
+
         previous_dir = Dir.pwd
         Dir.chdir(dir_path)
         # Execute this like this:
         # recurse_in_dir(:dir_path => 'path to dir') {|entry| puts entry}
-        Dir.glob('./**/*').each { |entry| yield Shellwords.escape(entry) }
-      rescue StandardError => e
-        raise e
-      ensure
-        Dir.chdir(previous_dir) if Dir.exist?(previous_dir)
-      end
-
-      # Supported Method Parameters::
-      # PWN::Plugins::FileFu.recurse_dir(
-      #   dir_path: 'optional path to dir defaults to .'
-      # )
+        Dir.glob('./**/*').each do |entry|
+          next if exclude_extensions.include?(File.extname(entry))
 
-      public_class_method def self.recurse_dir(opts = {})
-        dir_path = opts[:dir_path] ||= '.'
-        dir_path = dir_path.to_s.scrub unless dir_path.is_a?(String)
-        raise "PWN Error: Invalid Directory #{dir_path}" unless Dir.exist?(dir_path)
+          next unless include_extensions.empty? || include_extensions.include?(File.extname(entry))
 
-        # Execute this like this:
-        # recurse_dir(:dir_path => 'path to dir') {|entry| puts entry}
-        Dir.glob("#{dir_path}/**/*").each { |entry| yield Shellwords.escape(entry) }
+          yield Shellwords.escape(entry)
+        end
       rescue StandardError => e
         raise e
+      ensure
+        Dir.chdir(previous_dir) if Dir.exist?(previous_dir)
       end
 
       # Supported Method Parameters::
@@ -78,9 +72,13 @@ module PWN
 
       public_class_method def self.help
         puts "USAGE:
-          #{self}.recurse_in_dir(dir_path: 'optional path to dir defaults to .') {|entry| puts entry}
-
-          #{self}.recurse_dir(dir_path: 'optional path to dir defaults to .') {|entry| puts entry}
+          #{self}.recurse_in_dir(
+            dir_path: 'optional path to dir defaults to .',
+            include_extensions: 'optional - array of file extensions to search for in scan (e.g. ['.js', '.php'])',
+            exclude_extensions: 'optional - array of file extensions to exclude from scan (e.g. ['.log', '.txt', '.spec'])'
+          ) do |entry|
+            puts entry
+          end
 
           #{self}.untar_gz_file(
             tar_gz_file: 'required - path to .tar.gz file',

data/lib/pwn/sast/amqp_connect_as_guest.rb

@@ -9,8 +9,6 @@ module PWN
     # within source code to determine if connections to RabbitMQ servers
     # are using guest accounts.
     module AMQPConnectAsGuest
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::AMQPConnectAsGuest.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -20,97 +18,20 @@ module PWN
       public_class_method def self.scan(opts = {})
         dir_path = opts[:dir_path]
         git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
-        result_arr = []
-        ai_introspection = PWN::Env[:ai][:introspection]
-        logger_results = "AI Introspection => #{ai_introspection} => "
-
-        PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
-            line_no_and_contents_arr = []
-            entry_beautified = false
-
-            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
-              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
-              entry = "#{entry}.JS-BEAUTIFIED"
-              entry_beautified = true
-            end
-
-            test_case_filter = "
-              grep -in \
-              -e amqp \
-              -e rabbit #{entry} 2> /dev/null | \
-              grep guest
-            "
 
-            str = `#{test_case_filter}`.to_s.scrub
-            if str.to_s.empty?
-              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
-              logger_results = "#{logger_results}~" # Catching bugs is good :)
-            else
-              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
-
-              hash_line = {
-                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                security_references: security_references,
-                filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
-                line_no_and_contents: '',
-                raw_content: str,
-                test_case_filter: test_case_filter
-              }
-
-              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
-              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
-              line_no_count = line_contents_split.length # This should always be an even number
-              current_count = 0
-              while line_no_count > current_count
-                line_no = line_contents_split[current_count]
-                contents = line_contents_split[current_count + 1]
-                if Dir.exist?('.git')
-                  repo_root = '.'
-                  author = PWN::Plugins::Git.get_author(
-                    repo_root: repo_root,
-                    from_line: line_no,
-                    to_line: line_no,
-                    target_file: entry,
-                    entry_beautified: entry_beautified
-                  )
-                end
-                author ||= 'N/A'
-
-                ai_analysis = nil
-                if ai_introspection
-                  request = {
-                    scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
-                    line_no: line_no,
-                    source_code_snippet: contents
-                  }.to_json
-                  response = PWN::AI::Introspection.reflect(request: request)
-                  if response.is_a?(Hash)
-                    ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
-                    ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
-                  end
-                end
+        test_case_filter = "
+          grep -in \
+          -e amqp \
+          -e rabbit {PWN_SAST_SRC_TARGET} 2> /dev/null | \
+          grep guest
+        "
 
-                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
-                  line_no: line_no,
-                  contents: contents,
-                  author: author,
-                  ai_analysis: ai_analysis
-                )
-                current_count += 2
-              end
-              result_arr.push(hash_line)
-              logger_results = "#{logger_results}x" # Seeing progress is good :)
-            end
-          end
-        end
-        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
-        if logger_results.empty?
-          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
-        else
-          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
-        end
-        result_arr
+        PWN::SAST::TestCaseEngine.execute(
+          test_case_filter: test_case_filter,
+          security_references: security_references,
+          dir_path: dir_path,
+          git_repo_root_uri: git_repo_root_uri
+        )
       rescue StandardError => e
         raise e
       end

data/lib/pwn/sast/apache_file_system_util_api.rb

@@ -8,8 +8,6 @@ module PWN
     # SAST Module used to identify arbitrary command execution
     # within Apache Common's API Class, org.apache.commons.io.FileSystemUtils
     module ApacheFileSystemUtilAPI
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::ApacheFileSystemUtilAPI.scan(
       #   :dir_path => 'optional path to dir defaults to .'
@@ -19,99 +17,19 @@ module PWN
       public_class_method def self.scan(opts = {})
         dir_path = opts[:dir_path]
         git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
-        result_arr = []
-        ai_introspection = PWN::Env[:ai][:introspection]
-        logger_results = "AI Introspection => #{ai_introspection} => "
-
-        PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
-            line_no_and_contents_arr = []
-            entry_beautified = false
-
-            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
-              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
-              entry = "#{entry}.JS-BEAUTIFIED"
-              entry_beautified = true
-            end
-
-            test_case_filter = "
-              grep -n \
-              -e 'import org.apache.commons.io.FileSystemUtils' \
-              -e 'freeSpaceKb' #{entry} 2> /dev/null
-            "
-
-            str = `#{test_case_filter}`.to_s.scrub
-
-            if str.to_s.empty?
-              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
-              logger_results = "#{logger_results}~" # Catching bugs is good :)
-            else
-              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
 
-              hash_line = {
-                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                security_references: security_references,
-                filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
-                line_no_and_contents: '',
-                raw_content: str,
-                test_case_filter: test_case_filter
-              }
-
-              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
-              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
-              line_no_count = line_contents_split.length # This should always be an even number
-              current_count = 0
-              while line_no_count > current_count
-                line_no = line_contents_split[current_count]
-                contents = line_contents_split[current_count + 1]
-                if Dir.exist?('.git')
-                  repo_root = '.'
-
-                  author = PWN::Plugins::Git.get_author(
-                    repo_root: repo_root,
-                    from_line: line_no,
-                    to_line: line_no,
-                    target_file: entry,
-                    entry_beautified: entry_beautified
-                  )
-                end
-                author ||= 'N/A'
-
-                ai_analysis = nil
-                if ai_introspection
-                  request = {
-                    scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
-                    line_no: line_no,
-                    source_code_snippet: contents
-                  }.to_json
-                  response = PWN::AI::Introspection.reflect(request: request)
-                  if response.is_a?(Hash)
-                    ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
-                    ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
-                  end
-                end
-
-                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
-                  line_no: line_no,
-                  contents: contents,
-                  author: author,
-                  ai_analysis: ai_analysis
-                )
+        test_case_filter = "
+          grep -n \
+          -e 'import org.apache.commons.io.FileSystemUtils' \
+          -e 'freeSpaceKb' {PWN_SAST_SRC_TARGET} 2> /dev/null
+        "
 
-                current_count += 2
-              end
-              result_arr.push(hash_line)
-              logger_results = "#{logger_results}x" # Seeing progress is good :)
-            end
-          end
-        end
-        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
-        if logger_results.empty?
-          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
-        else
-          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
-        end
-        result_arr
+        PWN::SAST::TestCaseEngine.execute(
+          test_case_filter: test_case_filter,
+          security_references: security_references,
+          dir_path: dir_path,
+          git_repo_root_uri: git_repo_root_uri
+        )
       rescue StandardError => e
         raise e
       end

data/lib/pwn/sast/aws.rb

@@ -7,8 +7,6 @@ module PWN
   module SAST
     # SAST Module used to identify sensitive AWS AuthN artifacts.
     module AWS
-      @@logger = PWN::Plugins::PWNLogger.create
-
       # Supported Method Parameters::
       # PWN::SAST::Port.scan(
       #   dir_path: 'optional path to dir defaults to .'
@@ -18,101 +16,21 @@ module PWN
       public_class_method def self.scan(opts = {})
         dir_path = opts[:dir_path]
         git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
-        result_arr = []
-        ai_introspection = PWN::Env[:ai][:introspection]
-        logger_results = "AI Introspection => #{ai_introspection} => "
-
-        PWN::Plugins::FileFu.recurse_in_dir(dir_path: dir_path) do |entry|
-          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
-            line_no_and_contents_arr = []
-            entry_beautified = false
-
-            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
-              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED 2> /dev/null`.to_s.scrub
-              entry = "#{entry}.JS-BEAUTIFIED"
-              entry_beautified = true
-            end
-
-            test_case_filter = "
-              grep -niE \
-              -e 'ec2-' \
-              -e 'access.key' \
-              -e 'secret.access' \
-              -e 'secret.key' #{entry} 2> /dev/null
-            "
-
-            str = `#{test_case_filter}`.to_s.scrub
-
-            if str.to_s.empty?
-              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
-              logger_results = "#{logger_results}~" # Catching bugs is good :)
-            else
-              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
 
-              hash_line = {
-                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
-                security_references: security_references,
-                filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
-                line_no_and_contents: '',
-                raw_content: str,
-                test_case_filter: test_case_filter
-              }
-
-              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
-              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
-              line_no_count = line_contents_split.length # This should always be an even number
-              current_count = 0
-              while line_no_count > current_count
-                line_no = line_contents_split[current_count]
-                contents = line_contents_split[current_count + 1]
-                if Dir.exist?('.git')
-                  repo_root = '.'
-
-                  author = PWN::Plugins::Git.get_author(
-                    repo_root: repo_root,
-                    from_line: line_no,
-                    to_line: line_no,
-                    target_file: entry,
-                    entry_beautified: entry_beautified
-                  )
-                end
-                author ||= 'N/A'
-
-                ai_analysis = nil
-                if ai_introspection
-                  request = {
-                    scm_uri: "#{hash_line[:filename][:git_repo_root_uri]}/#{hash_line[:filename][:entry]}",
-                    line_no: line_no,
-                    source_code_snippet: contents
-                  }.to_json
-                  response = PWN::AI::Introspection.reflect(request: request)
-                  if response.is_a?(Hash)
-                    ai_analysis = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
-                    ai_analysis = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
-                  end
-                end
-
-                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
-                  line_no: line_no,
-                  contents: contents,
-                  author: author,
-                  ai_analysis: ai_analysis
-                )
+        test_case_filter = "
+          grep -niE \
+          -e 'ec2-' \
+          -e 'access.key' \
+          -e 'secret.access' \
+          -e 'secret.key' {PWN_SAST_SRC_TARGET} 2> /dev/null
+        "
 
-                current_count += 2
-              end
-              result_arr.push(hash_line)
-              logger_results = "#{logger_results}x" # Seeing progress is good :)
-            end
-          end
-        end
-        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
-        if logger_results.empty?
-          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
-        else
-          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
-        end
-        result_arr
+        PWN::SAST::TestCaseEngine.execute(
+          test_case_filter: test_case_filter,
+          security_references: security_references,
+          dir_path: dir_path,
+          git_repo_root_uri: git_repo_root_uri
+        )
       rescue StandardError => e
         raise e
       end