pwn 0.5.493 → 0.5.495

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f77880b0e335c1f554ab63cc6f639edd72839ae9c64fdad241d89f2f341aa41c
-  data.tar.gz: e7fcb412903e2f718aafa08288b3e059f1f2fe36764e11b2747a8a5c56d6138e
+  metadata.gz: 60c64fa5b4751ee72882a87e666c22ca826bb94bab63f0dca925a92520241afd
+  data.tar.gz: 6ddf3436eca29081e4d53f81183555d80daaf847ebab4b9f6174114372bcde63
 SHA512:
-  metadata.gz: e196bc3ae6c8701e9ee04424ad1578675c1d87586ceb09d05ee779b2d78cacc58e1a4c2d462288b09931699a5ed05c9978d0efe2bd1c8f6992a9404912fd75e6
-  data.tar.gz: 10e500973b37a48f24b275d3aa2ceff00b9535210f4abdf245edc7b4bf72465386a98115060dab449640c2b46fbf6a1b83a4ae4a4080113a9842c669a7cfe4e6
+  metadata.gz: 25a82f578e16c23fbf958e353381c39f0ec9126a6d254c51849620b42d68012024f987cacbbf79790889bd282936f13c8ae8fba060b39b3bd2738e44270f76f7
+  data.tar.gz: 378c9b00d02d832aa820c4cf53cb09c01949d3a1ff2e7f4fd2d6e17833d84266d9a6be6a1fb5f2e792335a90b21ae88e42c574f2fb152d8b0bf74b56ab672112

data/.rubocop.yml

@@ -14,13 +14,13 @@ Metrics/BlockNesting:
 Metrics/ClassLength:
   Max: 134
 Metrics/CyclomaticComplexity:
-  Max: 157
+  Max: 158
 Metrics/MethodLength:
   Max: 565
 Metrics/ModuleLength:
-  Max: 1116
+  Max: 1133
 Metrics/PerceivedComplexity:
-  Max: 156
+  Max: 157
 Style/HashEachMethods:
   Enabled: true
 Style/HashSyntax:

data/Gemfile

@@ -11,14 +11,14 @@ gemspec
 # In some circumstances custom flags are passed to gems in order
 # to build appropriately.  Defer to ./reinstall_pwn_gemset.sh
 # to review these custom flags (e.g. pg, serialport, etc).
-gem 'activesupport', '<8.1.0'
+gem 'activesupport', '<8.1.1'
 gem 'anemone', '0.7.2'
 gem 'authy', '3.0.1'
 gem 'aws-sdk', '3.3.0'
 gem 'barby', '0.7.0'
 gem 'base32', '0.3.4'
 gem 'bitcoin-ruby', '0.0.20'
-gem 'brakeman', '7.1.0'
+gem 'brakeman', '7.1.1'
 gem 'bson', '5.2.0'
 gem 'bundler', '>=2.7.2'
 gem 'bundler-audit', '0.9.2'
@@ -70,17 +70,17 @@ gem 'pdf-reader', '2.15.0'
 gem 'pg', '1.6.2'
 gem 'pry', '0.15.2'
 gem 'pry-doc', '1.6.0'
-gem 'rake', '13.3.0'
+gem 'rake', '13.3.1'
 gem 'rb-readline', '0.5.5'
 gem 'rbvmomi2', '3.8.0'
-gem 'rdoc', '6.15.0'
+gem 'rdoc', '6.15.1'
 gem 'rest-client', '2.1.0'
 gem 'rex', '2.0.13'
 gem 'rmagick', '6.1.4'
 gem 'rqrcode', '3.1.0'
 gem 'rspec', '3.13.2'
 gem 'rtesseract', '3.1.4'
-gem 'rubocop', '1.81.6'
+gem 'rubocop', '1.81.7'
 gem 'rubocop-rake', '0.7.1'
 gem 'rubocop-rspec', '3.7.0'
 gem 'ruby-audio', '1.6.1'
@@ -88,8 +88,8 @@ gem 'ruby-nmap', '1.0.3'
 gem 'ruby-saml', '1.18.1'
 gem 'rvm', '1.11.3.9'
 gem 'savon', '2.15.1'
-gem 'selenium-devtools', '0.141.0'
-gem 'selenium-webdriver', '4.37.0'
+gem 'selenium-devtools', '0.142.0'
+gem 'selenium-webdriver', '4.38.0'
 gem 'slack-ruby-client', '3.0.0'
 gem 'socksify', '1.8.1'
 gem 'spreadsheet', '1.3.4'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.493]:001 >>> PWN.help
+pwn[v0.5.495]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.493]:001 >>> PWN.help
+pwn[v0.5.495]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.493]:001 >>> PWN.help
+pwn[v0.5.495]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/ai/introspection.rb

@@ -11,7 +11,8 @@ module PWN
       # Supported Method Parameters::
       # response = PWN::AI::Introspection.reflect_on(
       #   request: 'required - String - What you want the AI to reflect on',
-      #   system_role_content: 'optional - context to set up the model behavior for reflection'
+      #   system_role_content: 'optional - context to set up the model behavior for reflection',
+      #   spinner: 'optional - Boolean - Display spinner during operation (default: false)'
       # )
 
       public_class_method def self.reflect_on(opts = {})
@@ -20,6 +21,8 @@ module PWN
 
         system_role_content = opts[:system_role_content]
 
+        spinner = opts[:spinner] || false
+
         response = nil
 
         ai_introspection = PWN::Env[:ai][:introspection]
@@ -34,7 +37,7 @@ module PWN
             response = PWN::AI::Grok.chat(
               request: request.chomp,
               system_role_content: system_role_content,
-              spinner: false
+              spinner: spinner
             )
             response = response[:choices].last[:content] if response.is_a?(Hash) &&
                                                             response.key?(:choices) &&
@@ -43,7 +46,7 @@ module PWN
             response = PWN::AI::Ollama.chat(
               request: request.chomp,
               system_role_content: system_role_content,
-              spinner: false
+              spinner: spinner
             )
             response = response[:choices].last[:content] if response.is_a?(Hash) &&
                                                             response.key?(:choices) &&
@@ -52,7 +55,7 @@ module PWN
             response = PWN::AI::OpenAI.chat(
               request: request.chomp,
               system_role_content: system_role_content,
-              spinner: false
+              spinner: spinner
             )
             if response.is_a?(Hash) && response.key?(:choices)
               response = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)

data/lib/pwn/ai/open_ai.rb

@@ -158,16 +158,12 @@ module PWN
           case model
           when 'gpt-3.5-turbo', 'gpt-3.5-turbo-0125', 'gpt-3.5-turbo-1106', 'gpt-3.5-turbo-instruct',
                'gpt-4-turbo', 'gpt-4-turbo-2024-04-09', 'gpt-4-turbo-preview', 'gpt-4-0125-preview', 'gpt-4-1106-preview'
-            max_completion_tokens = 4_096 - (request.to_s.length / 4)
+            max_completion_tokens = 4_096
           when 'gpt-4', 'gpt-4-0613', 'gpt-4-0314',
                'gpt-4o', 'gpt-4o-2024-05-13'
-            max_completion_tokens = 8_192 - (request.to_s.length / 4)
-          when 'gpt-4o-mini', 'gpt-4o-mini-2024-07-18', 'gpt-4o-2024-08-06', 'chatgpt-4o-latest', 'gpt-5-chat-latest'
-            max_completion_tokens = 16_384 - (request.to_s.length / 4)
-          when 'o1-preview', 'o1-preview-2024-09-12'
-            max_completion_tokens = 32_768 - (request.to_s.length / 4)
-          when 'o1-mini', 'o1-mini-2024-09-12'
-            max_completion_tokens = 65_536 - (request.to_s.length / 4)
+            max_completion_tokens = 8_192
+          else
+            max_completion_tokens = 16_384
           end
 
           response_history = opts[:response_history]

data/lib/pwn/config.rb

@@ -90,6 +90,7 @@ module PWN
             token: 'Jira Server API Token'
           },
           meshtastic: {
+            admin_key: 'Public key authorized to send admin messages to nodes',
             serial: {
               port: '/dev/ttyUSB0',
               baud: 115_200,

data/lib/pwn/plugins/burp_suite.rb

@@ -108,12 +108,20 @@ module PWN
           next
         end
 
-        # Update proxy listener to use the burp_ip and burp_port
-        update_proxy_listener(
+        # Delete existing proxy listener and add new one
+        # in favor of weird update behavior in event the port is alread in use
+        # by another application which refuses to enable the listener even when
+        # the port is changed via the update method.
+        delete_proxy_listener(
           burp_obj: burp_obj,
-          id: '0',
-          address: burp_ip,
-          port: burp_port
+          id: 0
+        )
+
+        add_proxy_listener(
+          burp_obj: burp_obj,
+          bindAddress: burp_ip,
+          port: burp_port,
+          enabled: true
         )
 
         burp_obj
@@ -270,7 +278,7 @@ module PWN
       # Supported Method Parameters::
       # json_proxy_listener = PWN::Plugins::BurpSuite.add_proxy_listener(
       #   burp_obj: 'required - burp_obj returned by #start method',
-      #   bind_address: 'required - bind address for the proxy listener (e.g., "127.0.0.1")',
+      #   bindAddress: 'required - bind address for the proxy listener (e.g., "127.0.0.1")',
       #   port: 'required - port for the proxy listener (e.g., 8081)',
       #   enabled: 'optional - enable the listener (defaults to true)'
       # )
@@ -279,8 +287,8 @@ module PWN
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
         mitm_rest_api = burp_obj[:mitm_rest_api]
-        bind_address = opts[:bind_address]
-        raise 'ERROR: bind_address parameter is required' if bind_address.nil?
+        bind_address = opts[:bindAddress]
+        raise 'ERROR: bindAddress parameter is required' if bind_address.nil?
 
         port = opts[:port]
         raise 'ERROR: port parameter is required' if port.nil?
@@ -288,12 +296,14 @@ module PWN
         enabled = opts[:enabled] != false # Default to true if not specified
 
         proxy_listeners = get_proxy_listeners(burp_obj: burp_obj)
-        last_known_proxy_id = proxy_listeners.last[:id].to_i ||= 0
+        puts "Proxy Listeners: #{proxy_listeners.inspect}"
+        last_known_proxy_id = 0
+        last_known_proxy_id = proxy_listeners.last[:id].to_i if proxy_listeners.any?
         next_id = last_known_proxy_id + 1
 
         post_body = {
           id: next_id.to_s,
-          bind_address: bind_address,
+          bindAddress: bind_address,
           port: port,
           enabled: enabled
         }.to_json
@@ -308,24 +318,29 @@ module PWN
       # Supported Method Parameters::
       # json_proxy_listener = PWN::Plugins::BurpSuite.update_proxy_listener(
       #   burp_obj: 'required - burp_obj returned by #start method',
-      #   id: 'optional - ID of the proxy listener (defaults to "0")',
-      #   bind_address: 'optional - bind address for the proxy listener (defaults to "127.0.0.1")',
-      #   port: 'optional - port for the proxy listener (defaults to 8080)',
-      #   enabled: 'optional - enable or disable the listener (defaults to true)'
+      #   id: 'optional - ID of the proxy listener (defaults to 0)',
+      #   bindAddress: 'optional - bind address for the proxy listener (defaults to value of existing listener)',
+      #   port: 'optional - port for the proxy listener (defaults to value of existing listener)',
+      #   enabled: 'optional - enable or disable the listener (defaults to value of existing listener)'
       # )
 
       public_class_method def self.update_proxy_listener(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
         mitm_rest_api = burp_obj[:mitm_rest_api]
-        id = opts[:id] ||= '0'
-        bind_address = opts[:bind_address] ||= '127.0.0.1'
-        port = opts[:port] ||= 8080
-        enabled = opts[:enabled] != false # Default to true if not specified
+        id = opts[:id] ||= 0
+
+        proxy_listeners = get_proxy_listeners(burp_obj: burp_obj)
+        listener_by_id = proxy_listeners.find { |listener| listener[:id].to_i == id.to_i }
+        raise "ERROR: No proxy listener found with ID #{id}" if listener_by_id.nil?
+
+        bind_address = opts[:bindAddress] ||= listener_by_id[:bindAddress]
+        port = opts[:port] ||= listener_by_id[:port]
+        enabled = opts[:enabled] ||= listener_by_id[:enabled]
 
         post_body = {
-          id: id,
-          bind_address: bind_address,
+          id: id.to_s,
+          bindAddress: bind_address,
           port: port,
           enabled: enabled
         }.to_json
@@ -340,15 +355,17 @@ module PWN
       # Supported Method Parameters::
       # PWN::Plugins::BurpSuite.delete_proxy_listener(
       #   burp_obj: 'required - burp_obj returned by #start method',
-      #   id: 'required - ID of the proxy listener (defaults to "0")'
+      #   id: 'optional - ID of the proxy listener (defaults to 0)'
       # )
 
       public_class_method def self.delete_proxy_listener(opts = {})
         burp_obj = opts[:burp_obj]
         rest_browser = burp_obj[:rest_browser]
         mitm_rest_api = burp_obj[:mitm_rest_api]
-        id = opts[:id] ||= '0'
-        raise 'ERROR: id parameter is required' if id.nil?
+        id = opts[:id] ||= 0
+        proxy_listeners = get_proxy_listeners(burp_obj: burp_obj)
+        listener_by_id = proxy_listeners.find { |listener| listener[:id].to_i == id.to_i }
+        raise "ERROR: No proxy listener found with ID #{id}" if listener_by_id.nil?
 
         rest_browser.delete("http://#{mitm_rest_api}/proxy/listeners/#{id}")
         true # Return true to indicate successful deletion (or error if API fails)
@@ -567,6 +584,22 @@ module PWN
         sitemap = opts[:sitemap] ||= {}
         debug = opts[:debug] || false
 
+        decoded_sitemap = {
+          request: Base64.strict_decode64(sitemap[:request]),
+          http_service: {
+            host: sitemap[:http_service][:host],
+            port: sitemap[:http_service][:port],
+            protocol: sitemap[:http_service][:protocol]
+          }
+        }
+        system_role_content = 'Your sole purpose is to analyze each `protocol`, `host`, `port`, and `request` and generate an Exploit Prediction Scoring System (EPSS) score from 0%-100%.  Just generate a score unless the score is >= 75% in which a PoC should also be generated to communicate the threat.  You can always generate an score - provide the score at _the beggining of your analysis_.  Be concise and to the point.'
+        ai_analysis = PWN::AI::Introspection.reflect_on(
+          system_role_content: system_role_content,
+          request: decoded_sitemap.to_json,
+          spinner: true
+        )
+        sitemap[:comment] = ai_analysis unless ai_analysis.nil?
+
         rest_client = rest_browser::Request
         response = rest_client.execute(
           method: :post,
@@ -1484,22 +1517,22 @@ module PWN
 
           json_proxy_listener = #{self}.add_proxy_listener(
             burp_obj: 'required - burp_obj returned by #start method',
-            bind_address: 'required - bind address for the proxy listener (e.g., \"127.0.0.1\")',
+            bindAddress: 'required - bind address for the proxy listener (e.g., \"127.0.0.1\")',
             port: 'required - port for the proxy listener (e.g., 8081)',
             enabled: 'optional - enable the listener (defaults to true)'
           )
 
           json_proxy_listener = #{self}.update_proxy_listener(
             burp_obj: 'required - burp_obj returned by #start method',
-            id: 'optional - ID of the proxy listener (defaults to \"0\")',
-            bind_address: 'required - bind address for the proxy listener (e.g., \"127.0.0.1\")',
-            port: 'required - port for the proxy listener (e.g., 8081)',
-            enabled: 'optional - enable the listener (defaults to true)'
+            id: 'optional - ID of the proxy listener (defaults to 0)',
+            bindAddress: 'optional - bind address for the proxy listener (defaults to value of existing listener)',
+            port: 'optional - port for the proxy listener (defaults to value of existing listener)',
+            enabled: 'optional - enable the listener (defaults to value of existing listener)'
           )
 
           #{self}.delete_proxy_listener(
             burp_obj: 'required - burp_obj returned by #start method',
-            id: 'required - ID of the proxy listener (defaults to \"0\")'
+            id: 'optional - ID of the proxy listener (defaults to 0)'
           )
 
           json_sitemap = #{self}.get_sitemap(

data/lib/pwn/plugins/transparent_browser.rb

@@ -190,11 +190,6 @@ module PWN
             args.push("--proxy-server=#{proxy}")
           end
 
-          if devtools
-            args.push('--auto-open-devtools-for-tabs')
-            args.push('--disable-hang-monitor')
-          end
-
           # Incognito browsing mode
           args.push('--incognito')
           options = Selenium::WebDriver::Chrome::Options.new(
@@ -202,6 +197,13 @@ module PWN
             accept_insecure_certs: true
           )
 
+          if devtools
+            args.push('--auto-open-devtools-for-tabs')
+            args.push('--disable-hang-monitor')
+            options.add_preference('devtools.preferences.enable-ignore-listing', false)
+            options.add_preference('devtools.preferences.default-indentation', '2 spaces')
+          end
+
           # This is required for BiDi support
           options.web_socket_url = true
           options.add_preference('remote.active-protocols', 3)
@@ -1148,52 +1150,150 @@ module PWN
         raise 'ERROR: action parameter must be :enable|:pause|:resume|:disable' unless valid_actions.include?(action)
 
         devtools = browser_obj[:devtools]
-        debugger_state = devtools.instance_variable_get(:@debugger_state)
+        debugger_state = devtools.instance_variable_get(:@debugger_state) || {}
+        breakpoint_arr = debugger_state[:breakpoints] || []
 
+        method = nil
         case action
         when :enable
-          if debugger_state.is_a?(Hash)
-            debugger_state = devtools.instance_variable_get(:@debugger_state)
-            devtools.remove_instance_variable(:@debugger_state) if debugger_state.is_a?(Hash)
-            devtools.debugger.disable
-          end
-          debugger_state = {}
-          breakpoint_arr = []
-
-          # breakpoint = devtools.debugger.set_instrumentation_breakpoint(instrumentation: 'beforeScriptExecution')
-          bcmd = 'EventBreakpoints.setInstrumentationBreakpoint'
-          event = 'load'
-          breakpoint = devtools.send_cmd(bcmd, eventName: event)
-          breakpoint['result']['breakpointId'] = "#{bcmd}.#{event}.#{SecureRandom.uuid}"
-          breakpoint_arr.push(breakpoint)
-          debugger_state[:breakpoints] = breakpoint_arr
-
-          devtools.runtime.disable
+          devtools.dom.enable
           devtools.log.disable
           devtools.network.disable
           devtools.page.disable
-          devtools.debugger.enable
+          devtools.runtime.disable
+
+          method = 'Debugger.scriptParsed'
+          callbacks_to_delete = devtools.callbacks.keys.reject { |k| k == 'Target.atta`chedToTarget' }
+          # until devtools.callbacks.keys.include?(method) && breakpoint_arr.any?
+          until breakpoint_arr.any?
+            callbacks_to_delete.each { |method| devtools.callbacks.delete(method) }
+            breakpoint_set = false
+            # devtools.dom.disable
+            devtools.debugger.disable
+            devtools.debugger.on(:script_parsed) do |params|
+              url = params['url']
+              next if breakpoint_set || url.include?('devtools://') || url.empty?
+
+              breakpoint_set = true
+              puts url
+              bcmd = 'Debugger.setBreakpoint'
+              script_id = params['scriptId']
+              line = params['startLine']
+              column = params['startColumn']
+              location = { scriptId: script_id, lineNumber: line, columnNumber: column }
+              breakpoint = devtools.send_cmd(bcmd, location: location)
+              breakpoint['result']['breakpointId'] = "#{bcmd}.#{script_id}.#{line}.#{column}.#{SecureRandom.uuid}"
+              breakpoint['id'] = breakpoint['id'].to_s
+              breakpoint['url'] = url
+              breakpoint['caught'] = false
+              breakpoint_arr.push(breakpoint)
+              debugger_state[:breakpoints] = breakpoint_arr
+              devtools.instance_variable_set(:@debugger_state, debugger_state)
+
+              puts "Breakpoint set in #{url} at line #{line}, column #{column}: #{breakpoint}"
+              puts params.inspect
+            end
+            devtools.debugger.enable
+          end
+          devtools.callbacks.delete(method)
+          method = 'Debugger.enabled'
         when :pause
-          devtools.debugger.pause
-          Timeout.timeout(5) { browser_obj[:browser].refresh }
+          method = 'Debugger.paused'
+          callbacks_to_delete = devtools.callbacks.keys.reject { |k| k == 'Target.attachedToTarget' }
+          Timeout.timeout(30) { browser_obj[:browser].refresh }
+          until devtools.callbacks.keys.include?(method) && breakpoint_arr.any? { |bp| bp['caught'] == true }
+            callbacks_to_delete.each { |method| devtools.callbacks.delete(method) }
+            devtools.debugger.on(:paused) do |params|
+              breakpoint_id_caught = params['callFrames'].first['location']['scriptId']
+              breakpoint_arr.each_with_index do |bp, idx|
+                next unless  bp['id'] == breakpoint_id_caught
+
+                bp['caught'] = true
+                breakpoint_arr[idx] = bp
+                debugger_state[:breakpoints] = breakpoint_arr
+                devtools.instance_variable_set(:@debugger_state, debugger_state)
+              end
+              puts "TARGET BREAKPOINTS: #{breakpoint_arr.inspect}"
+              puts "PARAMS Observerd: #{params.inspect}"
+            end
+            devtools.debugger.pause
+            # browser_obj[:browser].refresh
+            debugger_state = devtools.instance_variable_get(:@debugger_state)
+            breakpoint_arr = debugger_state[:breakpoints]
+          end
+          devtools.callbacks.delete(method)
         when :resume
-          devtools.debugger.resume
+          method = 'Debugger.resumed'
+          callbacks_to_delete = devtools.callbacks.keys.reject { |k| k == 'Target.attachedToTarget' }
+          callbacks_to_delete.each { |method| devtools.callbacks.delete(method) }
+          devtools.debugger.resume until devtools.callbacks.keys.include?(method)
         when :disable
-          debugger_state = devtools.instance_variable_get(:@debugger_state)
-          devtools.remove_instance_variable(:@debugger_state) if debugger_state.is_a?(Hash)
+          callbacks_to_delete = devtools.callbacks.keys.reject { |k| k == 'Target.attachedToTarget' }
+          callbacks_to_delete.each { |method| devtools.callbacks.delete(method) }
           devtools.debugger.disable
+          method = 'Debugger.disabled'
         end
 
-        devtools_websocket_messages = devtools_websocket_messages(browser_obj: browser_obj)
-        debugger_state[:method] = devtools_websocket_messages['method']
-        devtools.instance_variable_set(:@debugger_state, debugger_state)
-        devtools
-      rescue Timeout::Error
         devtools
       rescue Selenium::WebDriver::Error::WebDriverError => e
         puts e.message
       rescue StandardError => e
         raise e
+      ensure
+        debugger_state[:method] = method
+        devtools.instance_variable_set(:@debugger_state, debugger_state) if debugger_state.is_a?(Hash)
+      end
+
+      # Supported Method Parameters::
+      # page_state_arr = PWN::Plugins::TransparentBrowser.get_targets(
+      #   browser_obj: 'required - browser_obj returned from #open method)'
+      # )
+
+      public_class_method def self.get_targets(opts = {})
+        browser_obj = opts[:browser_obj]
+        supported = %i[chrome headless_chrome]
+        verified = verify_devtools_browser(browser_obj: browser_obj, supported: supported)
+        puts 'This browser is not supported for DevTools operations.' unless verified
+        return unless verified
+
+        devtools = browser_obj[:devtools]
+        bcmd = 'Target.getTargets'
+        devtools.send_cmd(bcmd)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # page_state_arr = PWN::Plugins::TransparentBrowser.breakpoint_locations(
+      #   browser_obj: 'required - browser_obj returned from #open method)'
+      # )
+
+      public_class_method def self.breakpoint_locations(opts = {})
+        browser_obj = opts[:browser_obj]
+        supported = %i[chrome headless_chrome]
+        verified = verify_devtools_browser(browser_obj: browser_obj, supported: supported)
+        puts 'This browser is not supported for DevTools operations.' unless verified
+        return unless verified
+
+        valid_methods = %w[Debugger.scriptParsed Debugger.paused Debugger.resumed]
+        devtools = browser_obj[:devtools]
+        ws_msg = devtools_websocket_messages(browser_obj: browser_obj)
+        method = ws_msg['method']
+        raise "ERROR: Unsupported method: #{method}" unless valid_methods.include?(method)
+
+        case method
+        when 'Debugger.resumed', 'Debugger.paused'
+          script_id = ws_msg['params']['callFrames'].first['location']['scriptId'].to_s
+        when 'Debugger.scriptParsed'
+          script_id = ws_msg['params']['scriptId'].to_s
+        end
+
+        puts "Method: #{method}"
+        puts "Fetching possible breakpoints for script ID: #{script_id}..."
+        bcmd = 'Debugger.getPossibleBreakpoints'
+        devtools.send_cmd(bcmd, start: { scriptId: script_id, lineNumber: 0, columnNumber: 0 })
+      rescue StandardError => e
+        raise e
       end
 
       # Supported Method Parameters::
@@ -1219,107 +1319,116 @@ module PWN
         steps = 1 if steps.zero? || steps.negative?
 
         devtools = browser_obj[:devtools]
+        ws_msg = devtools_websocket_messages(browser_obj: browser_obj)
+        method = ws_msg['method']
+
         debugger_state = devtools.instance_variable_get(:@debugger_state)
-        method = debugger_state[:method]
-        if method != 'Debugger.paused'
-          puts 'The debugger must be paused before stepping. Pausing now...'
-          return devtools
-        end
+        debugger_state[:method] = method
+        devtools.instance_variable_set(:@debugger_state, debugger_state)
 
-        page_state_arr = []
+        valid_methods = %w[Debugger.scriptParsed Debugger.paused Debugger.resumed]
+        devtools = browser_obj[:devtools]
+        ws_msg = devtools_websocket_messages(browser_obj: browser_obj)
+        method = ws_msg['method']
+        raise "ERROR: Unsupported method: #{method}" unless valid_methods.include?(method)
+
+        steps_arr = []
+        cursor_termination_chars = %w[; , . ( ) { } = |]
         steps.times do |s|
           step_num = s + 1
           puts "Stepping #{action} (step #{step_num}/#{steps})..."
 
-          # before = get_page_state(browser_obj: browser_obj)
-          # puts before.inspect
-          before = devtools_websocket_messages(browser_obj: browser_obj)
-          method = before['method']
-          # puts before
-          puts "\n"
-
-          if method == 'Debugger.paused'
-            before_location = before['params']['callFrames'].first['location']
-            start_location = before['params']['callFrames'].first['scopeChain'].first['startLocation']
-            before_script_id = start_location['scriptId']
-            from_line_num = start_location['lineNumber']
-            from_column_num = start_location['columnNumber']
-
-            end_location = before['params']['callFrames'].first['scopeChain'].first['endLocation']
-            to_line_num = end_location['lineNumber']
-            to_column_num = end_location['columnNumber']
-
-            source_obj = devtools.debugger.get_script_source(script_id: before_script_id)
-            source_code = source_obj['result']['scriptSource']
-            # puts source_code
-            # gets
-
-            source_lines = source_code.split("\n")
-            source_lines_str = source_lines[from_line_num..to_line_num].join("\n")
-            source_to_review = source_lines_str[from_column_num..to_column_num]
-
-            puts source_to_review
-            request = source_lines_str[from_column_num..to_column_num]
-            ai_analysis = PWN::AI::Introspection.reflect_on(request: request)
-            puts "^^^ #{ai_analysis}" unless ai_analysis.nil?
-            # gets
-          end
-
+          method = 'Debugger.resumed'
           case action
           when :into
-            devtools.debugger.step_into
+            devtools.debugger.step_into until devtools.callbacks.keys.include?(method)
           when :out
-            devtools.debugger.step_out
+            devtools.debugger.step_out until devtools.callbacks.keys.include?(method)
           when :over
-            devtools.debugger.step_over
+            devtools.debugger.step_over until devtools.callbacks.keys.include?(method)
+          end
+          devtools.callbacks.delete(method)
+
+          method = 'Debugger.paused'
+          devtools.debugger.pause until devtools.callbacks.keys.include?(method)
+          devtools.callbacks.delete(method)
+
+          ws_msg = devtools_websocket_messages(browser_obj: browser_obj)
+          ws_msg_params = ws_msg['params']
+          ws_msg_call_frames = ws_msg_params['callFrames'].first
+          ws_msg_scope_chain_local = ws_msg_call_frames['scopeChain'].find { |scope| scope['type'] == 'local' }
+          next unless ws_msg_scope_chain_local.is_a?(Hash)
+
+          ws_msg_scope_chain_block = ws_msg_call_frames['scopeChain'].find { |scope| scope['type'] == 'block' }
+
+          cursor_location = ws_msg_call_frames['location']
+          cursor_line_num = cursor_location['lineNumber']
+          cursor_column_num = cursor_location['columnNumber']
+
+          script_id = cursor_location['scriptId']
+
+          start_location = ws_msg_scope_chain_local['startLocation']
+          start_line_num = start_location['lineNumber']
+          start_column_num = start_location['columnNumber']
+
+          end_location = ws_msg_scope_chain_local['endLocation']
+          # end_location_block = ws_msg_scope_chain_block['endLocation']
+          # puts "TEST: #{end_location - end_location_block}"
+          end_line_num = end_location['lineNumber']
+          end_column_num = end_location['columnNumber']
+
+          source_obj = devtools.debugger.get_script_source(script_id: script_id)
+          full_source_code = source_obj['result']['scriptSource']
+
+          source_lines = full_source_code.split("\n")
+          # puts source_lines.inspect
+          source_lines_range = source_lines[start_line_num..end_line_num]
+          next if source_lines_range.nil?
+
+          source_lines_str = source_lines_range.join("\n")
+          source_to_review = source_lines_str[start_column_num..end_column_num]
+          current_step = source_lines_str[cursor_column_num..end_column_num]
+
+          # TODO: leverage ANSI escape codes to highlight current_step to red
+          # puts ws_msg.inspect
+          # puts "\n"
+          # puts ws_msg_call_frames['scopeChain'].inspect
+          # puts "\n"
+          cursor_terminated = false
+          source_to_review.each_char.with_index do |char, idx|
+            cursor_start_offset = cursor_column_num - start_column_num
+            cursor_end_offset = end_column_num - start_column_num
+
+            if idx >= cursor_start_offset && !cursor_terminated
+              cursor_terminated = true if cursor_termination_chars.include?(char)
+              print char if cursor_terminated
+              print "\001\e[31m\002#{char}\001\e[0m\002" unless cursor_terminated
+            else
+              print char
+            end
           end
 
-          puts "\n" * 3
-          after = devtools_websocket_messages(browser_obj: browser_obj)
-          method = after['method']
-          # puts after
-          puts "\n"
-
-          if method == 'Debugger.paused'
-            after_location = after['params']['callFrames'].first['scopeChain'].first['object']
-            start_location = after['params']['callFrames'].first['scopeChain'].first['startLocation']
-            after_script_id = start_location['scriptId']
-            from_line_num = start_location['lineNumber']
-            from_column_num = start_location['columnNumber']
-
-            end_location = after['params']['callFrames'].first['scopeChain'].first['endLocation']
-            to_line_num = end_location['lineNumber']
-            to_column_num = end_location['columnNumber']
-
-            source_obj = devtools.debugger.get_script_source(script_id: after_script_id)
-            source_code = source_obj['result']['scriptSource']
-            # puts source_code
-            # gets
-
-            source_lines = source_code.split("\n")
-            source_lines_str = source_lines[from_line_num..to_line_num].join("\n")
-            source_to_review = source_lines_str[from_column_num..to_column_num]
-
-            puts source_to_review
-            request = source_lines_str[from_column_num..to_column_num]
-            ai_analysis = PWN::AI::Introspection.reflect_on(request: request)
+          if current_step.length.positive?
+            system_role_content = "Being an expert penetration tester skilled in code analysis, debugging, and exploitation while stepping through JavaScript in a Chrome DevTools debugging session:  1. Your sole purpose is to analyze each JavaScript step and generate an Exploit Prediction Scoring System (EPSS) score between 0% - 100%.  The step currently resides in this block of JavaScript:\n```\n#{source_to_review}\n```\n2. If the score is >= 75%, generate a JavaScript proof-of-concept that would allow a threat actor to directly exploit or target a user for exploitation (i.e. no self-exploit).  3. If the EPSS score is >= 75% also provide a code fix. *** If the EPSS score is < 75%, no explanations or summaries - just the EPSS score."
+
+            ai_analysis = PWN::AI::Introspection.reflect_on(
+              system_role_content: system_role_content,
+              request: current_step
+            )
             puts "^^^ #{ai_analysis}" unless ai_analysis.nil?
-            # gets
           end
-          puts "\n" * 6
+          puts "\n" * 3
 
-          # step_hash = {
-          #   step: step_num,
-          #   action: action,
-          #   before: before,
-          #   after: after,
-          #   diff: diff.to_s(:text)
-          # }
+          step_hash = {
+            step: step_num,
+            action: action,
+            source: current_step
+          }
 
-          # page_state_arr.push(step_hash)
+          steps_arr.push(step_hash)
         end
 
-        devtools
+        steps_arr
       rescue Selenium::WebDriver::Error::WebDriverError
         devtools
       rescue StandardError => e

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.493'
+  VERSION = '0.5.495'
 end

data/lib/pwn/www/hacker_one.rb

@@ -131,9 +131,18 @@ module PWN
           cursor = page_info[:endCursor]
           break unless page_info[:hasNextPage]
         end
+        puts "\n"
 
         programs_arr.sort_by! { |p| -p[:min_payout].gsub('$', '').gsub(',', '').to_f }
 
+        system_role_content = 'Suggest an optimal bug bounty program to target on HackerOne to maximize potential earnings based on values within `min_payout` and publicly known vulnerabilities that have surfaced for the `name` of the program.'
+        ai_analysis = PWN::AI::Introspection.reflect_on(
+          request: programs_arr.to_json,
+          system_role_content: system_role_content,
+          spinner: true
+        )
+        puts "\n\n#{ai_analysis}" unless ai_analysis.nil?
+
         programs_arr
       rescue RestClient::ExceptionWithResponse => e
         if e.response
@@ -270,6 +279,16 @@ module PWN
           name: program_name,
           scope_details: json_resp_hash
         }
+
+        system_role_content = 'Analyze the scope details for the given bug bounty program on HackerOne. Identify key areas of interest, potential vulnerabilities, and any patterns that could inform a targeted security assessment based on the provided scope information.'
+        ai_analysis = PWN::AI::Introspection.reflect_on(
+          request: json_resp.to_json,
+          system_role_content: system_role_content,
+          spinner: true
+        )
+        puts "\n\n#{ai_analysis}" unless ai_analysis.nil?
+
+        json_resp
       rescue RestClient::ExceptionWithResponse => e
         if e.response
           puts "HTTP RESPONSE CODE: #{e.response.code}"
@@ -408,6 +427,16 @@ module PWN
           name: program_name,
           hacktivity: json_resp_hash
         }
+
+        system_role_content = 'Analyze the hacktivity details for the given bug bounty program on HackerOne. Identify significant disclosed reports, common vulnerability types, and any trends that could inform future security assessments based on the provided hacktivity information.'
+        ai_analysis = PWN::AI::Introspection.reflect_on(
+          request: json_resp.to_json,
+          system_role_content: system_role_content,
+          spinner: true
+        )
+        puts "\n\n#{ai_analysis}" unless ai_analysis.nil?
+
+        json_resp
       rescue RestClient::ExceptionWithResponse => e
         if e.response
           puts "HTTP RESPONSE CODE: #{e.response.code}"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.493
+  version: 0.5.495
 platform: ruby
 authors:
 - 0day Inc.
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: 8.1.0
+        version: 8.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "<"
       - !ruby/object:Gem::Version
-        version: 8.1.0
+        version: 8.1.1
 - !ruby/object:Gem::Dependency
   name: anemone
   requirement: !ruby/object:Gem::Requirement
@@ -113,14 +113,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.1.0
+        version: 7.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.1.0
+        version: 7.1.1
 - !ruby/object:Gem::Dependency
   name: bson
   requirement: !ruby/object:Gem::Requirement
@@ -827,14 +827,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 13.3.0
+        version: 13.3.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 13.3.0
+        version: 13.3.1
 - !ruby/object:Gem::Dependency
   name: rb-readline
   requirement: !ruby/object:Gem::Requirement
@@ -869,14 +869,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.15.0
+        version: 6.15.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.15.0
+        version: 6.15.1
 - !ruby/object:Gem::Dependency
   name: rest-client
   requirement: !ruby/object:Gem::Requirement
@@ -967,14 +967,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.81.6
+        version: 1.81.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.81.6
+        version: 1.81.7
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -1079,28 +1079,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.141.0
+        version: 0.142.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.141.0
+        version: 0.142.0
 - !ruby/object:Gem::Dependency
   name: selenium-webdriver
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.37.0
+        version: 4.38.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.37.0
+        version: 4.38.0
 - !ruby/object:Gem::Dependency
   name: slack-ruby-client
   requirement: !ruby/object:Gem::Requirement