pwn 0.5.453 → 0.5.454

data/lib/pwn/config.rb

@@ -7,8 +7,44 @@ module PWN
   # Used to manage PWN configuration settings within PWN drivers.
   module Config
     # Supported Method Parameters::
-    # env = PWN::Config.minimal_env
-    public_class_method def self.minimal_env(opts = {})
+    # PWN::Config.redact_sensitive_artifacts(
+    #   config: 'optional - Hash to redact sensitive artifacts from.  Defaults to PWN::Env'
+    # )
+    public_class_method def self.redact_sensitive_artifacts(opts = {})
+      config = opts[:config] ||= PWN::Env
+
+      sensitive_keys = %i[api_key key paswword psks token]
+
+      # Transform values at the current level: redact sensitive keys
+      config.transform_values.with_index do |v, k|
+        if sensitive_keys.include?(config.keys[k])
+          '>>> REDACTED >>> USE `pwn-vault` FOR ADMINISTRATION <<< REDACTED <<<'
+        else
+          v.is_a?(Hash) ? redact_sensitive_artifacts(config: v) : v
+        end
+      end
+    rescue StandardError => e
+      raise e
+    end
+
+    # Supported Method Parameters::
+    # env = PWN::Config.init_driver_options
+    public_class_method def self.init_driver_options
+      env = {
+        driver_opts: {
+          pwn_env_path: nil,
+          pwn_dec_path: nil
+        }
+      }
+      PWN.const_set(:Env, env)
+      # puts '[*] Loaded driver options.'
+    rescue StandardError => e
+      raise e
+    end
+
+    # Supported Method Parameters::
+    # env = PWN::Config.default_env
+    public_class_method def self.default_env(opts = {})
       pwn_env_path = opts[:pwn_env_path]
       pwn_dec_path = "#{File.dirname(pwn_env_path)}/pwn.decryptor.yaml"
 
@@ -26,38 +62,38 @@ module PWN
       "
       env = {
         ai: {
-          active: "'grok'",
+          active: 'grok',
           introspection: false,
           grok: {
-            base_uri: "'optional - Base URI for Grok - Use private base OR defaults to https://api.x.ai/v1'",
-            key: "'required - OpenAI API Key'",
-            model: "'optional - Grok model to use'",
-            system_role_content: "'You are an ethically hacking OpenAI agent.'",
-            temp: "'optional - OpenAI temperature'"
+            base_uri: 'optional - Base URI for Grok - Use private base OR defaults to https://api.x.ai/v1',
+            key: 'required - OpenAI API Key',
+            model: 'optional - Grok model to use',
+            system_role_content: 'You are an ethically hacking OpenAI agent.',
+            temp: 'optional - OpenAI temperature'
           },
           openai: {
-            base_uri: "'optional - Base URI for OpenAI - Use private base OR defaults to https://api.openai.com/v1'",
-            key: "'required - OpenAI API Key'",
-            model: "'optional - OpenAI model to use'",
-            system_role_content: "'You are an ethically hacking OpenAI agent.'",
-            temp: "'optional - OpenAI temperature'"
+            base_uri: 'optional - Base URI for OpenAI - Use private base OR defaults to https://api.openai.com/v1',
+            key: 'required - OpenAI API Key',
+            model: 'optional - OpenAI model to use',
+            system_role_content: 'You are an ethically hacking OpenAI agent.',
+            temp: 'optional - OpenAI temperature'
           },
           ollama: {
-            base_uri: "'required - Base URI for Open WebUI - e.g. https://ollama.local'",
-            key: "'required - Open WebUI API Key Under Settings  >> Account >> JWT Token'",
-            model: "'required - Ollama model to use'",
-            system_role_content: "'You are an ethically hacking Ollama agent.'",
-            temp: "'optional - Ollama temperature'"
+            base_uri: 'required - Base URI for Open WebUI - e.g. https://ollama.local',
+            key: 'required - Open WebUI API Key Under Settings  >> Account >> JWT Token',
+            model: 'required - Ollama model to use',
+            system_role_content: 'You are an ethically hacking Ollama agent.',
+            temp: 'optional - Ollama temperature'
           }
         },
         plugins: {
-          asm: { arch: "'#{PWN::Plugins::DetectOS.arch}'", endian: "'#{PWN::Plugins::DetectOS.endian}'" },
+          asm: { arch: PWN::Plugins::DetectOS.arch, endian: PWN::Plugins::DetectOS.endian },
           blockchain: {
             bitcoin: {
-              rpc_host: "'localhost'",
+              rpc_host: 'localhost',
               rpc_port: 8332,
-              rpc_user: "'bitcoin RPC Username'",
-              rpc_pass: "'bitcoin RPC Password'"
+              rpc_user: 'bitcoin RPC Username',
+              rpc_pass: 'bitcoin RPC Password'
             }
           },
           irc: {
@@ -124,7 +160,7 @@ module PWN
       FileUtils.mkdir_p(pwn_env_root)
 
       pwn_env_path = opts[:pwn_env_path] ||= "#{pwn_env_root}/pwn.yaml"
-      return minimal_env(pwn_env_path: pwn_env_path) unless File.exist?(pwn_env_path)
+      return default_env(pwn_env_path: pwn_env_path) unless File.exist?(pwn_env_path)
 
       is_encrypted = PWN::Plugins::Vault.file_encrypted?(file: pwn_env_path)
 
@@ -185,9 +221,18 @@ module PWN
         pwn_dec_path: pwn_dec_path
       }
 
-      Pry.config.refresh_pwn_env = false if defined?(Pry)
+      # Assign the refreshed env to PWN::Env
       PWN.send(:remove_const, :Env) if PWN.const_defined?(:Env)
       PWN.const_set(:Env, env.freeze)
+
+      # Redact sensitive artifacts from PWN::Env and store in PWN::EnvRedacted
+      env_redacted = redact_sensitive_artifacts(config: env)
+      PWN.send(:remove_const, :EnvRedacted) if PWN.const_defined?(:EnvRedacted)
+      PWN.const_set(:EnvRedacted, env_redacted.freeze)
+
+      Pry.config.refresh_pwn_env = false if defined?(Pry)
+
+      puts "[*] PWN::Env loaded via: #{pwn_env_path}\n"
     rescue StandardError => e
       raise e
     end
@@ -204,7 +249,7 @@ module PWN
 
     public_class_method def self.help
       puts "USAGE:
-        #{self}.minimal_env(
+        #{self}.default_env(
           pwn_env_path: 'optional - Path to pwn.yaml file.  Defaults to ~/.pwn/pwn.yaml'
         )
 

data/lib/pwn/driver.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require 'optparse'
+
+module PWN
+  # Used to consume options passed into PWN drivers and load PWN::Env
+  class Driver
+    # Add OptionParser options to PWN::Env
+    class Parser < OptionParser
+      attr_accessor :auto_opts_help,
+                    :opts
+
+      def initialize
+        super
+        @opts = PWN::Env[:driver_opts]
+        @auto_opts_help = true
+
+        banner = "USAGE: #{File.basename($PROGRAM_NAME)} [opts]\n"
+        on(
+          '-YPATH',
+          '--pwn_env=PATH',
+          '<Optional - PWN::Env YAML file path (Default: ~/.pwn/pwn.yaml)>'
+        ) do |o|
+          @opts[:pwn_env_path] = o
+        end
+        on(
+          '-ZPATH',
+          '--pwn_dec=PATH',
+          '<Optional - Out-of-Band YAML file path (Default: ~/.pwn/pwn.decryptor.yaml)>'
+        ) do |o|
+          @opts[:pwn_dec_path] = o
+        end
+      end
+
+      def parse!
+        super(ARGV, into: @opts)
+        # puts @opts
+
+        PWN::Config.refresh_env(
+          pwn_env_path: @opts[:pwn_env_path],
+          pwn_dec_path: @opts[:pwn_dec_path]
+        )
+
+        if @auto_opts_help && @opts.keys.join(' ') == 'pwn_env_path pwn_dec_path'
+          puts `#{File.basename($PROGRAM_NAME)} --help`
+          exit 1
+        end
+      end
+    end
+
+    # Author(s):: 0day Inc. <support@0dayinc.com>
+
+    public_class_method def self.authors
+      "AUTHOR(S):
+        0day Inc. <support@0dayinc.com>
+      "
+    end
+
+    # Display Usage for this Module
+
+    public_class_method def self.help
+      puts "USAGE:
+        # Load default driver options into PWN::Env
+        opts = PWN::Env[:driver_opts]
+        #{self}::Parser.new.parse(&:on).parse!
+
+        # Add more options by passing a block to the parser
+        opts = PWN::Env[:driver_opts]
+        #{self}::Parser.new do |options|
+          # Boolean option
+          options.on('-b', '--boolean') do |o|
+            opts[:boolean] = o
+          end
+
+          # String option
+          options.on('-sSTRING', '--string=STRING') do |o|
+            opts[:string] = o
+          end
+        end.parse!
+
+        #{self}.authors
+      "
+    end
+  end
+end

data/lib/pwn/plugins/repl.rb

@@ -489,6 +489,7 @@ module PWN
         # Define REPL Hooks
         # Welcome Banner Hook
         Pry.config.hooks.add_hook(:before_session, :welcome) do |output, _binding, _pi|
+          Pry.config.refresh_pwn_env = false
           output.puts PWN::Banner.welcome
         end
 
@@ -597,11 +598,11 @@ module PWN
       end
 
       # Supported Method Parameters::
-      # PWN::Plugins::REPL.start(
-      #   opts: 'required - Hash object passed in via pwn OptParser'
-      # )
+      # PWN::Plugins::REPL.start
+
+      public_class_method def self.start
+        opts = PWN::Env[:driver_opts]
 
-      public_class_method def self.start(opts = {})
         # Monkey Patch Pry, add commands, && hooks
         PWN::Plugins::MonkeyPatch.pry
         pwn_env_root = "#{Dir.home}/.pwn"
@@ -646,13 +647,9 @@ module PWN
 
           #{self}.add_commands
 
-          #{self}.add_hooks(
-            opts: 'required - Hash object passed in via pwn OptParser'
-          )
+          #{self}.add_hooks
 
-          #{self}.start(
-            opts: 'required - Hash object passed in via pwn OptParser'
-          )
+          #{self}.start
 
           #{self}.authors
         "

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.453'
+  VERSION = '0.5.454'
 end

data/lib/pwn.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require 'json'
-require 'optparse'
 require 'pwn/version'
 require 'yaml'
 
@@ -16,21 +15,23 @@ module PWN
   autoload :Banner, 'pwn/banner'
   autoload :Blockchain, 'pwn/blockchain'
   autoload :Config, 'pwn/config'
+  autoload :Driver, 'pwn/driver'
   autoload :FFI, 'pwn/ffi'
   autoload :Plugins, 'pwn/plugins'
   autoload :Reports, 'pwn/reports'
   autoload :SAST, 'pwn/sast'
   autoload :WWW, 'pwn/www'
 
+  # Initialize Options for Drivers
+
+  PWN::Config.init_driver_options
+
   # Display a List of Every PWN Module
 
   public_class_method def self.help
     constants.sort
   end
 
-  # Initialize PWN configuration file
-  # PWN::Env is the constant that stores the configuration data
-  PWN::Config.refresh_env
 rescue StandardError => e
   puts e.backtrace
   raise e

data/spec/lib/pwn/driver_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Driver do
+  it 'should display information for authors' do
+    authors_response = PWN::Driver
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Driver
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.453
+  version: 0.5.454
 platform: ruby
 authors:
 - 0day Inc.
@@ -127,14 +127,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.1
+        version: 5.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.1
+        version: 5.2.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -1261,14 +1261,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.0.2
+        version: 6.0.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.0.2
+        version: 6.0.3
 - !ruby/object:Gem::Dependency
   name: whois-parser
   requirement: !ruby/object:Gem::Requirement
@@ -1449,8 +1449,6 @@ files:
 - documentation/pwn_wallpaper.jpg
 - documentation/ringing-spectrogram.png
 - documentation/ringing-waveform.png
-- etc/pwn.decryptor.yaml.EXAMPLE
-- etc/pwn.yaml.EXAMPLE
 - etc/systemd/msfrpcd.service
 - etc/systemd/openvas.service
 - etc/userland/aws/apache2/jenkins_443.conf
@@ -1876,6 +1874,7 @@ files:
 - lib/pwn/blockchain/btc.rb
 - lib/pwn/blockchain/eth.rb
 - lib/pwn/config.rb
+- lib/pwn/driver.rb
 - lib/pwn/ffi.rb
 - lib/pwn/ffi/stdio.rb
 - lib/pwn/plugins.rb
@@ -2229,6 +2228,7 @@ files:
 - spec/lib/pwn/blockchain/eth_spec.rb
 - spec/lib/pwn/blockchain_spec.rb
 - spec/lib/pwn/config_spec.rb
+- spec/lib/pwn/driver_spec.rb
 - spec/lib/pwn/ffi/stdio_spec.rb
 - spec/lib/pwn/ffi_spec.rb
 - spec/lib/pwn/plugins/android_spec.rb

data/etc/pwn.decryptor.yaml.EXAMPLE

@@ -1,5 +0,0 @@
-# Drop this file in $HOME/.pwn/pwn.decryptor.yaml
-# If you rely upon this file, it should be out-of-band for optimal security
-# (e.g. not available in code repos, permission protected, limited access, etc.) 
-key: 'KEY PROVIDED WHEN USING PWN::Plugins::Vault.create(file: "pwn.yaml") TO ENCRYPT pwn.yaml'
-iv: 'KEY PROVIDED WHEN USING PWN::Plugins::Vault.create(file: "pwn.yaml") TO ENCRYPT pwn.yaml'

data/etc/pwn.yaml.EXAMPLE

@@ -1,71 +0,0 @@
-# Drop this file in $HOME/.pwn/pwn.yaml
-# Use PWN::Plugins::Vault.create(file: 'pwn.yaml') to encrypt this file
-
-# ai_engine: 'openai' || 'ollama'
-# WARNING::
-# If PWN::CONFIG[:ai][:instrospection] = true, the active ai agent will be used
-# wherever possible throughout pwn. Proceeds with caution, as this may incur additional costs
-ai:
-  active: 'grok'
-  introspection: false
-  grok:
-    base_uri: 'optional - Base URI for Grok - Use private base OR defaults to https://api.x.ai/v1'
-    key: 'required - OpenAI API Key'
-    model: 'optional - Grok model to use'
-    system_role_content: 'You are an ethically hacking Grok agent.'
-    temp: 'optional - OpenAI temperature'
-
-  openai:
-    base_uri: 'optional - Base URI for OpenAI - Use private base OR defaults to https://api.openai.com/v1'
-    key: 'required - OpenAI API Key'
-    model: 'optional - OpenAI model to use'
-    system_role_content: 'You are an ethically hacking OpenAI agent.'
-    temp: 'optional - OpenAI temperature'
-
-  ollama:
-    base_uri: 'required - Base URI for Open WebUI - e.g. https://ollama.local'
-    key: 'required - Open WebUI API Key Under Settings  >> Account >> JWT Token'
-    model: 'required - Ollama model to use'
-    system_role_content: 'You are an ethically hacking Ollama agent.'
-    temp: 'optional - Ollama temperature'
-
-# Use PWN::Plugins::Assembly.list_supported_archs to list supported architectures
-plugins:
-  asm:
-    arch: 'x86_64'
-    endian: 'little'
-
-  blockchain:
-  bitcoin:
-      rpc_host: '127.0.0.1'
-      rpc_port: 8332
-      rpc_user: 'bitcoin rpc user'
-      rpc_pass: 'bitcoin rpc password'
-
-  irc:
-    ui_nick: '_human_'
-    shared_chan: '#pwn'
-    ai_agent_nicks:
-      browser:
-        pwn_rb: '/opt/pwn/lib/pwn/plugins/transparent_browser.rb'
-        system_role_content: 'You are a browser.  You are a web browser that can be controlled by a human or AI agent'
-      nimjeh:
-        pwn_rb: ''
-        system_role_content: 'You are a sarcastic hacker.  You find software zero day vulnerabilities. This involves analyzing source code, race conditions, application binaries, and network protocols from an offensive security perspective.'
-      nmap:
-        pwn_rb: '/opt/pwn/lib/pwn/plugins/nmap_it.rb'
-        system_role_content: 'You are a network scanner.  You are a network scanner that can be controlled by a human or AI agent'
-      shodan:
-        pwn_rb: '/opt/pwn/lib/pwn/plugins/shodan.rb'
-        system_role_content: 'You are a passive reconnaissance agent.  You are a passive reconnaissance agent that can be controlled by a human or AI agent'
-
-  hunter:
-    api_key: 'hunter.how API Key'
-
-  meshtastic:
-    psks:
-      LongFast: 'required - PSK for LongFast channel'
-      PWN: 'required - PSK for pwn channel'
-
-  shodan:
-    api_key: 'SHODAN API Key'