pwn 0.5.496 → 0.5.498
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -1
- data/Gemfile +1 -1
- data/README.md +3 -3
- data/lib/pwn/ai/grok.rb +5 -2
- data/lib/pwn/ai/introspection.rb +7 -2
- data/lib/pwn/ai/ollama.rb +5 -2
- data/lib/pwn/ai/open_ai.rb +3 -0
- data/lib/pwn/blockchain/btc.rb +2 -1
- data/lib/pwn/config.rb +6 -3
- data/lib/pwn/plugins/assembly.rb +5 -3
- data/lib/pwn/plugins/burp_suite.rb +354 -38
- data/lib/pwn/plugins/char.rb +17 -0
- data/lib/pwn/plugins/transparent_browser.rb +9 -4
- data/lib/pwn/plugins/zaproxy.rb +1 -1
- data/lib/pwn/sast/pom_version.rb +7 -1
- data/lib/pwn/sast/test_case_engine.rb +7 -1
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www/hacker_one.rb +6 -3
- data/third_party/pwn_rdoc.jsonl +6 -4
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c41bc76760db0b513a3ad2e622d66299878abc0470557cf342afe18b5cee66e7
|
|
4
|
+
data.tar.gz: 56af59b296710ca0a24819d7dcd122e8e058b65152a9e04202a53ff0e41c6473
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d1346423bc99955590ecd3eaa819b9af4bc584dee83e405557afc23e3a0819fb52a2a83952e09f72c37e648696fe58ad8abd6f20e91ef80821ff381728c160a0
|
|
7
|
+
data.tar.gz: 91408051ad834f50b5665f9bc1bad7b1a87e83e57641e34995aa8f79eca42e8fc98e2be59e44209609e4f0ffe212b8f774ebd4100803006c194c059e9050e69d
|
data/.rubocop.yml
CHANGED
data/Gemfile
CHANGED
|
@@ -93,7 +93,7 @@ gem 'selenium-webdriver', '4.38.0'
|
|
|
93
93
|
gem 'slack-ruby-client', '3.0.0'
|
|
94
94
|
gem 'socksify', '1.8.1'
|
|
95
95
|
gem 'spreadsheet', '1.3.4'
|
|
96
|
-
gem 'sqlite3', '2.
|
|
96
|
+
gem 'sqlite3', '2.8.0'
|
|
97
97
|
gem 'thin', '2.0.1'
|
|
98
98
|
gem 'tty-prompt', '0.23.1'
|
|
99
99
|
gem 'tty-spinner', '0.9.3'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.498]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.498]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.498]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/lib/pwn/ai/grok.rb
CHANGED
|
@@ -132,7 +132,7 @@ module PWN
|
|
|
132
132
|
|
|
133
133
|
# Supported Method Parameters::
|
|
134
134
|
# response = PWN::AI::Grok.chat(
|
|
135
|
-
# request: 'required - message to
|
|
135
|
+
# request: 'required - message to Grok'
|
|
136
136
|
# model: 'optional - model to use for text generation (defaults to PWN::Env[:ai][:grok][:model])',
|
|
137
137
|
# temp: 'optional - creative response float (deafults to PWN::Env[:ai][:grok][:temp])',
|
|
138
138
|
# system_role_content: 'optional - context to set up the model behavior for conversation (Default: PWN::Env[:ai][:grok][:system_role_content])',
|
|
@@ -145,6 +145,9 @@ module PWN
|
|
|
145
145
|
public_class_method def self.chat(opts = {})
|
|
146
146
|
engine = PWN::Env[:ai][:grok]
|
|
147
147
|
request = opts[:request]
|
|
148
|
+
max_prompt_length = engine[:max_prompt_length] ||= 256_000
|
|
149
|
+
request_trunc_idx = ((max_prompt_length - 1) / 3.36).floor
|
|
150
|
+
request = request[0..request_trunc_idx]
|
|
148
151
|
|
|
149
152
|
model = opts[:model] ||= engine[:model]
|
|
150
153
|
raise 'ERROR: Model is required. Call #get_models method for details' if model.nil?
|
|
@@ -237,7 +240,7 @@ module PWN
|
|
|
237
240
|
models = #{self}.get_models
|
|
238
241
|
|
|
239
242
|
response = #{self}.chat(
|
|
240
|
-
request: 'required - message to
|
|
243
|
+
request: 'required - message to Grok',
|
|
241
244
|
model: 'optional - model to use for text generation (defaults to PWN::Env[:ai][:grok][:model])',
|
|
242
245
|
temp: 'optional - creative response float (defaults to PWN::Env[:ai][:grok][:temp])',
|
|
243
246
|
system_role_content: 'optional - context to set up the model behavior for conversation (Default: PWN::Env[:ai][:grok][:system_role_content])',
|
data/lib/pwn/ai/introspection.rb
CHANGED
|
@@ -12,7 +12,8 @@ module PWN
|
|
|
12
12
|
# response = PWN::AI::Introspection.reflect_on(
|
|
13
13
|
# request: 'required - String - What you want the AI to reflect on',
|
|
14
14
|
# system_role_content: 'optional - context to set up the model behavior for reflection',
|
|
15
|
-
# spinner: 'optional - Boolean - Display spinner during operation (default: false)'
|
|
15
|
+
# spinner: 'optional - Boolean - Display spinner during operation (default: false)',
|
|
16
|
+
# suppress_pii_warning: 'optional - Boolean - Suppress PII Warnings (default: false)'
|
|
16
17
|
# )
|
|
17
18
|
|
|
18
19
|
public_class_method def self.reflect_on(opts = {})
|
|
@@ -23,6 +24,8 @@ module PWN
|
|
|
23
24
|
|
|
24
25
|
spinner = opts[:spinner] || false
|
|
25
26
|
|
|
27
|
+
suppress_pii_warning = opts[:suppress_pii_warning] || false
|
|
28
|
+
|
|
26
29
|
response = nil
|
|
27
30
|
|
|
28
31
|
ai_introspection = PWN::Env[:ai][:introspection]
|
|
@@ -32,6 +35,7 @@ module PWN
|
|
|
32
35
|
engine = PWN::Env[:ai][:active].to_s.downcase.to_sym
|
|
33
36
|
raise "ERROR: Unsupported AI engine. Supported engines are: #{valid_ai_engines}" unless valid_ai_engines.include?(engine)
|
|
34
37
|
|
|
38
|
+
puts "WARNING: AI Introspection is enabled. Ensure #{engine} has been authorized for use and/or requests are sanitized properly." unless suppress_pii_warning
|
|
35
39
|
case engine
|
|
36
40
|
when :grok
|
|
37
41
|
response = PWN::AI::Grok.chat(
|
|
@@ -84,7 +88,8 @@ module PWN
|
|
|
84
88
|
#{self}.reflect_on(
|
|
85
89
|
request: 'required - String - What you want the AI to reflect on',
|
|
86
90
|
system_role_content: 'optional - context to set up the model behavior for reflection',
|
|
87
|
-
spinner: 'optional - Boolean - Display spinner during operation (default: false)'
|
|
91
|
+
spinner: 'optional - Boolean - Display spinner during operation (default: false)',
|
|
92
|
+
suppress_pii_warning: 'optional - Boolean - Suppress PII Warnings (default: false)'
|
|
88
93
|
)
|
|
89
94
|
|
|
90
95
|
#{self}.authors
|
data/lib/pwn/ai/ollama.rb
CHANGED
|
@@ -134,7 +134,7 @@ module PWN
|
|
|
134
134
|
|
|
135
135
|
# Supported Method Parameters::
|
|
136
136
|
# response = PWN::AI::Ollama.chat(
|
|
137
|
-
# request: 'required - message to
|
|
137
|
+
# request: 'required - message to Ollama'
|
|
138
138
|
# model: 'optional - model to use for text generation (defaults to PWN::Env[:ai][:ollama][:model])',
|
|
139
139
|
# temp: 'optional - creative response float (deafults to PWN::Env[:ai][:ollama][:temp])',
|
|
140
140
|
# system_role_content: 'optional - context to set up the model behavior for conversation (Default: PWN::Env[:ai][:ollama][:system_role_content])',
|
|
@@ -147,6 +147,9 @@ module PWN
|
|
|
147
147
|
public_class_method def self.chat(opts = {})
|
|
148
148
|
engine = PWN::Env[:ai][:ollama]
|
|
149
149
|
request = opts[:request]
|
|
150
|
+
max_prompt_length = engine[:max_prompt_length] ||= 1_000_000
|
|
151
|
+
request_trunc_idx = ((max_prompt_length - 1) / 3.36).floor
|
|
152
|
+
request = request[0..request_trunc_idx]
|
|
150
153
|
|
|
151
154
|
model = opts[:model] ||= engine[:model]
|
|
152
155
|
raise 'ERROR: Model is required. Call #get_models method for details' if model.nil?
|
|
@@ -239,7 +242,7 @@ module PWN
|
|
|
239
242
|
models = #{self}.get_models
|
|
240
243
|
|
|
241
244
|
response = #{self}.chat(
|
|
242
|
-
request: 'required - message to
|
|
245
|
+
request: 'required - message to Ollama',
|
|
243
246
|
model: 'optional - model to use for text generation (defaults to PWN::Env[:ai][:ollama][:model])',
|
|
244
247
|
temp: 'optional - creative response float (defaults to PWN::Env[:ai][:ollama][:temp])',
|
|
245
248
|
system_role_content: 'optional - context to set up the model behavior for conversation (Default: PWN::Env[:ai][:ollama][:system_role_content])',
|
data/lib/pwn/ai/open_ai.rb
CHANGED
|
@@ -143,6 +143,9 @@ module PWN
|
|
|
143
143
|
public_class_method def self.chat(opts = {})
|
|
144
144
|
engine = PWN::Env[:ai][:openai]
|
|
145
145
|
request = opts[:request]
|
|
146
|
+
max_prompt_length = engine[:max_prompt_length] ||= 128_000
|
|
147
|
+
request_trunc_idx = ((max_prompt_length - 1) / 3.36).floor
|
|
148
|
+
request = request[0..request_trunc_idx]
|
|
146
149
|
|
|
147
150
|
model = opts[:model] ||= engine[:model]
|
|
148
151
|
|
data/lib/pwn/blockchain/btc.rb
CHANGED
|
@@ -185,7 +185,8 @@ module PWN
|
|
|
185
185
|
system_role_content = 'Provide a useful summary of this latest bitcoin block returned from a bitcoin node via getblockchaininfo.'
|
|
186
186
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
187
187
|
request: latest_block.to_s,
|
|
188
|
-
system_role_content: system_role_content
|
|
188
|
+
system_role_content: system_role_content,
|
|
189
|
+
suppress_pii_warning: true
|
|
189
190
|
)
|
|
190
191
|
puts ai_analysis
|
|
191
192
|
|
data/lib/pwn/config.rb
CHANGED
|
@@ -35,21 +35,24 @@ module PWN
|
|
|
35
35
|
key: 'required - OpenAI API Key',
|
|
36
36
|
model: 'optional - Grok model to use',
|
|
37
37
|
system_role_content: 'You are an ethically hacking OpenAI agent.',
|
|
38
|
-
temp: 'optional - OpenAI temperature'
|
|
38
|
+
temp: 'optional - OpenAI temperature',
|
|
39
|
+
max_prompt_length: 256_000
|
|
39
40
|
},
|
|
40
41
|
openai: {
|
|
41
42
|
base_uri: 'optional - Base URI for OpenAI - Use private base OR defaults to https://api.openai.com/v1',
|
|
42
43
|
key: 'required - OpenAI API Key',
|
|
43
44
|
model: 'optional - OpenAI model to use',
|
|
44
45
|
system_role_content: 'You are an ethically hacking OpenAI agent.',
|
|
45
|
-
temp: 'optional - OpenAI temperature'
|
|
46
|
+
temp: 'optional - OpenAI temperature',
|
|
47
|
+
max_prompt_length: 128_000
|
|
46
48
|
},
|
|
47
49
|
ollama: {
|
|
48
50
|
base_uri: 'required - Base URI for Open WebUI - e.g. https://ollama.local',
|
|
49
51
|
key: 'required - Open WebUI API Key Under Settings >> Account >> JWT Token',
|
|
50
52
|
model: 'required - Ollama model to use',
|
|
51
53
|
system_role_content: 'You are an ethically hacking Ollama agent.',
|
|
52
|
-
temp: 'optional - Ollama temperature'
|
|
54
|
+
temp: 'optional - Ollama temperature',
|
|
55
|
+
max_prompt_length: 32_000
|
|
53
56
|
}
|
|
54
57
|
},
|
|
55
58
|
plugins: {
|
data/lib/pwn/plugins/assembly.rb
CHANGED
|
@@ -25,10 +25,11 @@ module PWN
|
|
|
25
25
|
|
|
26
26
|
raise 'ERROR: opcodes parameter is required.' if opcodes.nil?
|
|
27
27
|
|
|
28
|
-
system_role_content = "Analyze the #{endian} endian #{arch} assembly opcodes below and provide a concise summary of their functionality."
|
|
28
|
+
system_role_content = "Analyze the #{endian} endian #{arch} assembly opcodes below and provide a concise summary of their functionality. If possible, also convert the assembly to c/c++ code."
|
|
29
29
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
30
30
|
request: opcodes,
|
|
31
|
-
system_role_content: system_role_content
|
|
31
|
+
system_role_content: system_role_content,
|
|
32
|
+
suppress_pii_warning: true
|
|
32
33
|
)
|
|
33
34
|
|
|
34
35
|
case arch.to_s.downcase
|
|
@@ -140,7 +141,8 @@ module PWN
|
|
|
140
141
|
system_role_content = "Analyze the #{endian} endian #{arch} assembly instructions below and provide a concise summary of their functionality."
|
|
141
142
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
142
143
|
request: asm,
|
|
143
|
-
system_role_content: system_role_content
|
|
144
|
+
system_role_content: system_role_content,
|
|
145
|
+
suppress_pii_warning: true
|
|
144
146
|
)
|
|
145
147
|
|
|
146
148
|
case arch.to_s.downcase
|
|
@@ -43,6 +43,136 @@ module PWN
|
|
|
43
43
|
raise e
|
|
44
44
|
end
|
|
45
45
|
|
|
46
|
+
# Supported Method Parameters::
|
|
47
|
+
# burp_obj = PWN::Plugins::BurpSuite.init_introspection_thread(
|
|
48
|
+
# burp_obj: 'required - burp_obj returned by #start method',
|
|
49
|
+
# enumerable_array: 'required - array of items to process in the thread'
|
|
50
|
+
# )
|
|
51
|
+
private_class_method def self.init_introspection_thread(opts = {})
|
|
52
|
+
# if PWN::Env[:ai][:introspection] is true,
|
|
53
|
+
# spin up PWN::Plugins::ThreadPool to
|
|
54
|
+
# 1. Periodically call get_proxy_history(burp_obj: burp_obj) method
|
|
55
|
+
# 2. For each entry w/ empty comment,
|
|
56
|
+
# generate AI analysis via PWN::AI::Introspection.reflect_on
|
|
57
|
+
# and populate the comment field for the entry.
|
|
58
|
+
# 3. Update the highlight field based on EPSS score extracted from AI analysis.
|
|
59
|
+
# 4. Call update_proxy_history(burp_obj: burp_obj, entry: updated_entry)
|
|
60
|
+
burp_obj = opts[:burp_obj]
|
|
61
|
+
raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
|
|
62
|
+
|
|
63
|
+
if PWN::Env[:ai][:introspection]
|
|
64
|
+
introspection_thread = Thread.new do
|
|
65
|
+
system_role_content = '
|
|
66
|
+
Your expertise lies in dissecting HTTP request/response pairs to identify high-impact vulnerabilities, including but not limited to XSS (reflected, stored, DOM-based), CSRF, SSRF, IDOR, open redirects, CORS misconfigurations, authentication bypasses, SQLi/NoSQLi, command/code injection, business logic flaws, and API abuse. You prioritize zero-days and novel chains, always focusing on exploitability, impact (e.g., account takeover, data exfiltration, RCE), and reproducibility.
|
|
67
|
+
|
|
68
|
+
When analyzing HTTP request/response pairs:
|
|
69
|
+
|
|
70
|
+
1. **Parse and Contextualize Traffic**:
|
|
71
|
+
- Break down every element: HTTP method, URI (path, query parameters), headers (e.g., Host, User-Agent, Cookies, Authorization, Referer, Origin, Content-Type), request body (e.g., form data, JSON payloads), response status code, response headers, and response body (HTML, JSON, XML, etc.).
|
|
72
|
+
- Identify dynamic elements: User-controlled inputs (e.g., query params, POST data, headers like X-Forwarded-For), server-side echoes, redirects, and client-side processing.
|
|
73
|
+
- Trace data flow: Map how inputs propagate from request to response, including any client-side JavaScript execution where exploitation may be possible in the client without communicating with the server (e.g. DOM-XSS).
|
|
74
|
+
|
|
75
|
+
2. **Vulnerability Hunting Framework**:
|
|
76
|
+
- **Input Validation & Sanitization**: Check for unescaped/lack of encoding in outputs (e.g., HTML context for XSS, URL context for open redirects).
|
|
77
|
+
- **XSS Focus**: Hunt for sinks like innerHTML/outerHTML, document.write, eval, setTimeout/setInterval with strings, location.href/assign/replace, and history.pushState. Test payloads like <script>alert(1)</script>, javascript:alert(1), and polyglots. For DOM-based, simulate client-side execution.
|
|
78
|
+
- **JavaScript Library Analysis**: If JS is present (e.g., in response body or referenced scripts), deobfuscate and inspect:
|
|
79
|
+
- Objects/properties that could clobber DOM (e.g., window.name, document.cookie manipulation leading to prototype pollution).
|
|
80
|
+
- DOM XSS vectors: Analyze event handlers, querySelector, addEventListener with unsanitized data from location.hash/search, postMessage, or localStorage.
|
|
81
|
+
- Third-party libs (e.g., jQuery, React): Flag known sink patterns like .html(), dangerouslySetInnerHTML, or eval-like functions.
|
|
82
|
+
- **Server-Side Issues**: Probe for SSRF (e.g., via URL params fetching internal resources), IDOR (e.g., manipulating IDs in paths/bodies), rate limiting bypass, and insecure deserialization (e.g., in JSON/PHP objects).
|
|
83
|
+
- **Headers & Misc**: Examine for exposed sensitive info (e.g., debug headers, stack traces), misconfigured security headers (CSP, HSTS), and upload flaws (e.g., file extension bypass).
|
|
84
|
+
- **Chaining Opportunities**: Always consider multi-step exploits, like XSS leading to CSRF token theft or SSRF to internal metadata endpoints.
|
|
85
|
+
|
|
86
|
+
3. **PoC Generation**:
|
|
87
|
+
- Produce concise, step-by-step PoCs in a standardized format:
|
|
88
|
+
- **Description**: Clear vuln summary, CVSS-like severity, and impact.
|
|
89
|
+
- **Steps to Reproduce**: Numbered HTTP requests (use curl or Burp syntax, e.g., `curl -X POST -d "param=<payload>" https://target.com/endpoint`).
|
|
90
|
+
- **Payloads**: Provide working, minimal payloads with variations for evasion (e.g., encoded, obfuscated).
|
|
91
|
+
- **Screenshots/Evidence**: Suggest what to capture (e.g., alert popup for XSS, response diff for IDOR).
|
|
92
|
+
- **Mitigation Advice**: Recommend fixes (e.g., output encoding, input validation).
|
|
93
|
+
- Ensure PoCs are ethical: Target only in-scope assets, avoid DoS, and emphasize disclosure via proper channels (e.g., HackerOne, Bugcrowd).
|
|
94
|
+
- If no vuln found, explain why and suggest further tests (e.g., fuzzing params).
|
|
95
|
+
4. Risk Score:
|
|
96
|
+
For each analysis generate a risk score between 0% - 100% based on exploitability and impact. This should be reflected as { "risk_score": "nnn%" } in the final output JSON.
|
|
97
|
+
|
|
98
|
+
Analyze provided HTTP request/response pairs methodically: Start with a high-level overview, then dive into specifics, flag potential issues with evidence from the traffic, and end with PoC if applicable. Be verbose in reasoning but concise in output. Prioritize high-severity findings. If data is incomplete, request clarifications.
|
|
99
|
+
'
|
|
100
|
+
|
|
101
|
+
loop do
|
|
102
|
+
# TODO: Implement sitemap and repeater into the loop.
|
|
103
|
+
# Sitemap should work the same as proxy history.
|
|
104
|
+
# Repeater should analyze the reqesut/response pair and suggest
|
|
105
|
+
# modifications to the request to further probe for vulnerabilities.
|
|
106
|
+
proxy_history = get_proxy_history(burp_obj: burp_obj)
|
|
107
|
+
proxy_history.each do |entry|
|
|
108
|
+
next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
|
|
109
|
+
|
|
110
|
+
request = entry[:request]
|
|
111
|
+
response = entry[:response]
|
|
112
|
+
host = entry[:http_service][:host]
|
|
113
|
+
port = entry[:http_service][:port]
|
|
114
|
+
protocol = entry[:http_service][:protocol]
|
|
115
|
+
next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
|
|
116
|
+
|
|
117
|
+
request = Base64.strict_decode64(request)
|
|
118
|
+
response = Base64.strict_decode64(response)
|
|
119
|
+
|
|
120
|
+
http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
|
|
121
|
+
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
122
|
+
system_role_content: system_role_content,
|
|
123
|
+
request: http_request_response,
|
|
124
|
+
suppress_pii_warning: true
|
|
125
|
+
)
|
|
126
|
+
|
|
127
|
+
next if ai_analysis.nil? || ai_analysis.strip.empty?
|
|
128
|
+
|
|
129
|
+
entry[:comment] = ai_analysis
|
|
130
|
+
# Extract score and assign color highlight based on severity
|
|
131
|
+
if ai_analysis =~ /"risk_score":\s*"(\d{1,3})%"/
|
|
132
|
+
score = Regexp.last_match(1).to_i
|
|
133
|
+
highlight_color = case score
|
|
134
|
+
when 0..24
|
|
135
|
+
'GREEN'
|
|
136
|
+
when 25..49
|
|
137
|
+
'YELLOW'
|
|
138
|
+
when 50..74
|
|
139
|
+
'ORANGE'
|
|
140
|
+
when 75..100
|
|
141
|
+
'RED'
|
|
142
|
+
end
|
|
143
|
+
end
|
|
144
|
+
highlight_color ||= 'GRAY'
|
|
145
|
+
entry[:highlight] = highlight_color
|
|
146
|
+
|
|
147
|
+
entry.delete(:request)
|
|
148
|
+
entry.delete(:response)
|
|
149
|
+
entry.delete(:http_service)
|
|
150
|
+
|
|
151
|
+
update_proxy_history(
|
|
152
|
+
burp_obj: burp_obj,
|
|
153
|
+
entry: entry
|
|
154
|
+
)
|
|
155
|
+
end
|
|
156
|
+
sleep 10
|
|
157
|
+
end
|
|
158
|
+
rescue Errno::ECONNREFUSED
|
|
159
|
+
puts 'Thread Terminating...'
|
|
160
|
+
rescue StandardError => e
|
|
161
|
+
puts "BurpSuite AI Introspection Thread Error: #{e}"
|
|
162
|
+
puts e.backtrace
|
|
163
|
+
raise e
|
|
164
|
+
ensure
|
|
165
|
+
puts 'BurpSuite AI Introspection Thread >>> Goodbye.'
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
burp_obj[:introspection_thread] = introspection_thread
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
burp_obj
|
|
172
|
+
rescue StandardError => e
|
|
173
|
+
raise e
|
|
174
|
+
end
|
|
175
|
+
|
|
46
176
|
# Supported Method Parameters::
|
|
47
177
|
# burp_obj1 = PWN::Plugins::BurpSuite.start(
|
|
48
178
|
# burp_jar_path: 'optional - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',
|
|
@@ -80,7 +210,7 @@ module PWN
|
|
|
80
210
|
|
|
81
211
|
# Construct burp_obj
|
|
82
212
|
burp_obj = {}
|
|
83
|
-
burp_obj[:pid] = Process.spawn(burp_cmd_string)
|
|
213
|
+
burp_obj[:pid] = Process.spawn(burp_cmd_string, pgroup: true)
|
|
84
214
|
browser_obj1 = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
|
|
85
215
|
rest_browser = browser_obj1[:browser]
|
|
86
216
|
|
|
@@ -124,7 +254,7 @@ module PWN
|
|
|
124
254
|
enabled: true
|
|
125
255
|
)
|
|
126
256
|
|
|
127
|
-
burp_obj
|
|
257
|
+
init_introspection_thread(burp_obj: burp_obj)
|
|
128
258
|
rescue StandardError => e
|
|
129
259
|
stop(burp_obj: burp_obj) unless burp_obj.nil?
|
|
130
260
|
raise e
|
|
@@ -296,7 +426,6 @@ module PWN
|
|
|
296
426
|
enabled = opts[:enabled] != false # Default to true if not specified
|
|
297
427
|
|
|
298
428
|
proxy_listeners = get_proxy_listeners(burp_obj: burp_obj)
|
|
299
|
-
puts "Proxy Listeners: #{proxy_listeners.inspect}"
|
|
300
429
|
last_known_proxy_id = 0
|
|
301
430
|
last_known_proxy_id = proxy_listeners.last[:id].to_i if proxy_listeners.any?
|
|
302
431
|
next_id = last_known_proxy_id + 1
|
|
@@ -374,6 +503,219 @@ module PWN
|
|
|
374
503
|
raise e
|
|
375
504
|
end
|
|
376
505
|
|
|
506
|
+
# Supported Method Parameters::
|
|
507
|
+
# json_proxy_history = PWN::Plugins::BurpSuite.get_proxy_history(
|
|
508
|
+
# burp_obj: 'required - burp_obj returned by #start method',
|
|
509
|
+
# keyword: 'optional - keyword to filter proxy history entries (default: nil)',
|
|
510
|
+
# return_as: 'optional - :base64 or :har (defaults to :base64)'
|
|
511
|
+
# )
|
|
512
|
+
|
|
513
|
+
public_class_method def self.get_proxy_history(opts = {})
|
|
514
|
+
burp_obj = opts[:burp_obj]
|
|
515
|
+
rest_browser = burp_obj[:rest_browser]
|
|
516
|
+
mitm_rest_api = burp_obj[:mitm_rest_api]
|
|
517
|
+
keyword = opts[:keyword]
|
|
518
|
+
return_as = opts[:return_as] ||= :base64
|
|
519
|
+
|
|
520
|
+
rest_call = "http://#{mitm_rest_api}/proxyhistory"
|
|
521
|
+
|
|
522
|
+
sitemap = rest_browser.get(
|
|
523
|
+
rest_call,
|
|
524
|
+
content_type: 'application/json; charset=UTF8'
|
|
525
|
+
)
|
|
526
|
+
|
|
527
|
+
sitemap_arr = JSON.parse(sitemap, symbolize_names: true)
|
|
528
|
+
|
|
529
|
+
if keyword
|
|
530
|
+
sitemap_arr = sitemap_arr.select do |site|
|
|
531
|
+
decoded_request = Base64.strict_decode64(site[:request])
|
|
532
|
+
decoded_request.include?(keyword)
|
|
533
|
+
end
|
|
534
|
+
end
|
|
535
|
+
|
|
536
|
+
if return_as == :har
|
|
537
|
+
# Convert to HAR format
|
|
538
|
+
har_entries = sitemap_arr.map do |site|
|
|
539
|
+
decoded_request = Base64.strict_decode64(site[:request])
|
|
540
|
+
|
|
541
|
+
# Parse request head and body
|
|
542
|
+
if decoded_request.include?("\r\n\r\n")
|
|
543
|
+
request_head, request_body = decoded_request.split("\r\n\r\n", 2)
|
|
544
|
+
else
|
|
545
|
+
request_head = decoded_request
|
|
546
|
+
request_body = ''
|
|
547
|
+
end
|
|
548
|
+
request_lines = request_head.split("\r\n")
|
|
549
|
+
request_line = request_lines.shift
|
|
550
|
+
method, full_path, http_version = request_line.split(' ', 3)
|
|
551
|
+
headers = {}
|
|
552
|
+
request_lines.each do |line|
|
|
553
|
+
next if line.empty?
|
|
554
|
+
|
|
555
|
+
key, value = line.split(': ', 2)
|
|
556
|
+
headers[key] = value if key && value
|
|
557
|
+
end
|
|
558
|
+
|
|
559
|
+
host = headers['Host'] || raise('No Host header found in request')
|
|
560
|
+
scheme = 'http' # Hardcoded as protocol is not available; consider enhancing if available in site
|
|
561
|
+
url = "#{scheme}://#{host}#{full_path}"
|
|
562
|
+
uri = URI.parse(url)
|
|
563
|
+
query_string = uri.query ? URI.decode_www_form(uri.query).map { |k, v| { name: k, value: v.to_s } } : []
|
|
564
|
+
|
|
565
|
+
request_headers_size = request_head.bytesize + 4 # Account for \r\n\r\n
|
|
566
|
+
request_body_size = request_body.bytesize
|
|
567
|
+
|
|
568
|
+
request_obj = {
|
|
569
|
+
method: method,
|
|
570
|
+
url: uri.to_s,
|
|
571
|
+
httpVersion: http_version,
|
|
572
|
+
headers: headers.map { |k, v| { name: k, value: v } },
|
|
573
|
+
queryString: query_string,
|
|
574
|
+
headersSize: request_headers_size,
|
|
575
|
+
bodySize: request_body_size
|
|
576
|
+
}
|
|
577
|
+
|
|
578
|
+
if request_body_size.positive?
|
|
579
|
+
mime_type = headers['Content-Type'] || 'application/octet-stream'
|
|
580
|
+
post_data = {
|
|
581
|
+
mimeType: mime_type,
|
|
582
|
+
text: request_body
|
|
583
|
+
}
|
|
584
|
+
post_data[:params] = URI.decode_www_form(request_body).map { |k, v| { name: k, value: v.to_s } } if mime_type.include?('x-www-form-urlencoded')
|
|
585
|
+
request_obj[:postData] = post_data
|
|
586
|
+
end
|
|
587
|
+
|
|
588
|
+
if site[:response]
|
|
589
|
+
decoded_response = Base64.strict_decode64(site[:response])
|
|
590
|
+
|
|
591
|
+
# Parse response head and body
|
|
592
|
+
if decoded_response.include?("\r\n\r\n")
|
|
593
|
+
response_head, response_body = decoded_response.split("\r\n\r\n", 2)
|
|
594
|
+
else
|
|
595
|
+
response_head = decoded_response
|
|
596
|
+
response_body = ''
|
|
597
|
+
end
|
|
598
|
+
response_lines = response_head.split("\r\n")
|
|
599
|
+
status_line = response_lines.shift
|
|
600
|
+
version, status_str, status_text = status_line.split(' ', 3)
|
|
601
|
+
status = status_str.to_i
|
|
602
|
+
status_text ||= ''
|
|
603
|
+
response_headers = {}
|
|
604
|
+
response_lines.each do |line|
|
|
605
|
+
next if line.empty?
|
|
606
|
+
|
|
607
|
+
key, value = line.split(': ', 2)
|
|
608
|
+
response_headers[key] = value if key && value
|
|
609
|
+
end
|
|
610
|
+
|
|
611
|
+
response_headers_size = response_head.bytesize + 4 # Account for \r\n\r\n
|
|
612
|
+
response_body_size = response_body.bytesize
|
|
613
|
+
mime_type = response_headers['Content-Type'] || 'text/plain'
|
|
614
|
+
|
|
615
|
+
response_obj = {
|
|
616
|
+
status: status,
|
|
617
|
+
statusText: status_text,
|
|
618
|
+
httpVersion: version,
|
|
619
|
+
headers: response_headers.map { |k, v| { name: k, value: v } },
|
|
620
|
+
content: {
|
|
621
|
+
size: response_body_size,
|
|
622
|
+
mimeType: mime_type,
|
|
623
|
+
text: response_body
|
|
624
|
+
},
|
|
625
|
+
redirectURL: response_headers['Location'] || '',
|
|
626
|
+
headersSize: response_headers_size,
|
|
627
|
+
bodySize: response_body_size
|
|
628
|
+
}
|
|
629
|
+
else
|
|
630
|
+
response_obj = {
|
|
631
|
+
status: 0,
|
|
632
|
+
statusText: 'No response',
|
|
633
|
+
httpVersion: 'unknown',
|
|
634
|
+
headers: [],
|
|
635
|
+
content: {
|
|
636
|
+
size: 0,
|
|
637
|
+
mimeType: 'text/plain',
|
|
638
|
+
text: ''
|
|
639
|
+
},
|
|
640
|
+
redirectURL: '',
|
|
641
|
+
headersSize: -1,
|
|
642
|
+
bodySize: 0
|
|
643
|
+
}
|
|
644
|
+
end
|
|
645
|
+
|
|
646
|
+
{
|
|
647
|
+
startedDateTime: Time.now.iso8601,
|
|
648
|
+
time: 0,
|
|
649
|
+
request: request_obj,
|
|
650
|
+
response: response_obj,
|
|
651
|
+
cache: {},
|
|
652
|
+
timings: {
|
|
653
|
+
send: 0,
|
|
654
|
+
wait: 0,
|
|
655
|
+
receive: 0
|
|
656
|
+
},
|
|
657
|
+
pageref: 'page_1'
|
|
658
|
+
}
|
|
659
|
+
end
|
|
660
|
+
|
|
661
|
+
har_log = {
|
|
662
|
+
log: {
|
|
663
|
+
version: '1.2',
|
|
664
|
+
creator: {
|
|
665
|
+
name: 'BurpSuite via PWN::Plugins::BurpSuite',
|
|
666
|
+
version: '1.0'
|
|
667
|
+
},
|
|
668
|
+
pages: [{
|
|
669
|
+
startedDateTime: Time.now.iso8601,
|
|
670
|
+
id: 'page_1',
|
|
671
|
+
title: 'Sitemap Export',
|
|
672
|
+
pageTimings: {}
|
|
673
|
+
}],
|
|
674
|
+
entries: har_entries
|
|
675
|
+
}
|
|
676
|
+
}
|
|
677
|
+
|
|
678
|
+
sitemap_arr = har_log
|
|
679
|
+
end
|
|
680
|
+
|
|
681
|
+
sitemap_arr.uniq
|
|
682
|
+
rescue StandardError => e
|
|
683
|
+
stop(burp_obj: burp_obj) unless burp_obj.nil?
|
|
684
|
+
raise e
|
|
685
|
+
end
|
|
686
|
+
|
|
687
|
+
# Supported Method Parameters::
|
|
688
|
+
# repeater_obj = PWN::Plugins::BurpSuite.update_proxy_history(
|
|
689
|
+
# burp_obj: 'required - burp_obj returned by #start method',
|
|
690
|
+
# entry: 'required - hash of the proxy history entry to update'
|
|
691
|
+
# )
|
|
692
|
+
|
|
693
|
+
public_class_method def self.update_proxy_history(opts = {})
|
|
694
|
+
burp_obj = opts[:burp_obj]
|
|
695
|
+
raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
|
|
696
|
+
|
|
697
|
+
entry = opts[:entry]
|
|
698
|
+
raise 'ERROR: entry parameter is required and must be a hash' unless entry.is_a?(Hash)
|
|
699
|
+
|
|
700
|
+
id = entry[:id]
|
|
701
|
+
raise 'ERROR: id key value pair is required within entry hash' if id.nil?
|
|
702
|
+
|
|
703
|
+
rest_browser = burp_obj[:rest_browser]
|
|
704
|
+
mitm_rest_api = burp_obj[:mitm_rest_api]
|
|
705
|
+
|
|
706
|
+
put_body = entry.to_json
|
|
707
|
+
|
|
708
|
+
proxy_history_resp = rest_browser.put(
|
|
709
|
+
"http://#{mitm_rest_api}/proxyhistory/#{id}",
|
|
710
|
+
put_body,
|
|
711
|
+
content_type: 'application/json; charset=UTF8'
|
|
712
|
+
)
|
|
713
|
+
|
|
714
|
+
JSON.parse(proxy_history_resp, symbolize_names: true)
|
|
715
|
+
rescue StandardError => e
|
|
716
|
+
raise e
|
|
717
|
+
end
|
|
718
|
+
|
|
377
719
|
# Supported Method Parameters::
|
|
378
720
|
# json_sitemap = PWN::Plugins::BurpSuite.get_sitemap(
|
|
379
721
|
# burp_obj: 'required - burp_obj returned by #start method',
|
|
@@ -584,39 +926,6 @@ module PWN
|
|
|
584
926
|
sitemap = opts[:sitemap] ||= {}
|
|
585
927
|
debug = opts[:debug] || false
|
|
586
928
|
|
|
587
|
-
decoded_sitemap = {
|
|
588
|
-
request: Base64.strict_decode64(sitemap[:request]),
|
|
589
|
-
http_service: {
|
|
590
|
-
host: sitemap[:http_service][:host],
|
|
591
|
-
port: sitemap[:http_service][:port],
|
|
592
|
-
protocol: sitemap[:http_service][:protocol]
|
|
593
|
-
}
|
|
594
|
-
}
|
|
595
|
-
system_role_content = 'Your sole purpose is to analyze each `protocol`, `host`, `port`, and `request` and generate an Exploit Prediction Scoring System (EPSS) score from 0%-100%. Just generate a score unless the score is >= 75% in which a PoC should also be generated to communicate the threat. You can always generate an score - provide the score at _the beggining of your analysis_. Be concise and to the point.'
|
|
596
|
-
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
597
|
-
system_role_content: system_role_content,
|
|
598
|
-
request: decoded_sitemap.to_json,
|
|
599
|
-
spinner: true
|
|
600
|
-
)
|
|
601
|
-
sitemap[:comment] = ai_analysis unless ai_analysis.nil?
|
|
602
|
-
# Extract score and assign color highlight based on severity
|
|
603
|
-
if ai_analysis =~ /(\d{1,3})%/
|
|
604
|
-
score = Regexp.last_match(1).to_i
|
|
605
|
-
highlight_color = case score
|
|
606
|
-
when 0..24
|
|
607
|
-
'GREEN'
|
|
608
|
-
when 25..49
|
|
609
|
-
'YELLOW'
|
|
610
|
-
when 50..74
|
|
611
|
-
'ORANGE'
|
|
612
|
-
when 75..100
|
|
613
|
-
'RED'
|
|
614
|
-
else
|
|
615
|
-
'NONE'
|
|
616
|
-
end
|
|
617
|
-
sitemap[:highlight] = highlight_color
|
|
618
|
-
end
|
|
619
|
-
|
|
620
929
|
rest_client = rest_browser::Request
|
|
621
930
|
response = rest_client.execute(
|
|
622
931
|
method: :post,
|
|
@@ -1473,14 +1782,15 @@ module PWN
|
|
|
1473
1782
|
|
|
1474
1783
|
public_class_method def self.stop(opts = {})
|
|
1475
1784
|
burp_obj = opts[:burp_obj]
|
|
1785
|
+
|
|
1476
1786
|
browser_obj = burp_obj[:mitm_browser]
|
|
1477
1787
|
rest_browser = burp_obj[:rest_browser]
|
|
1478
1788
|
mitm_rest_api = burp_obj[:mitm_rest_api]
|
|
1479
|
-
|
|
1789
|
+
introspection_thread = burp_obj[:introspection_thread]
|
|
1790
|
+
introspection_thread.kill unless introspection_thread.nil?
|
|
1480
1791
|
|
|
1481
1792
|
PWN::Plugins::TransparentBrowser.close(browser_obj: browser_obj)
|
|
1482
1793
|
rest_browser.post("http://#{mitm_rest_api}/shutdown", '')
|
|
1483
|
-
# Process.kill('TERM', burp_pid)
|
|
1484
1794
|
|
|
1485
1795
|
burp_obj = nil
|
|
1486
1796
|
rescue StandardError => e
|
|
@@ -1552,6 +1862,12 @@ module PWN
|
|
|
1552
1862
|
id: 'optional - ID of the proxy listener (defaults to 0)'
|
|
1553
1863
|
)
|
|
1554
1864
|
|
|
1865
|
+
json_proxy_history = #{self}.get_proxy_history(
|
|
1866
|
+
burp_obj: 'required - burp_obj returned by #start method',
|
|
1867
|
+
keyword: 'optional - keyword to filter proxy history results (default: nil)',
|
|
1868
|
+
return_as: 'optional - :base64 or :har (defaults to :base64)'
|
|
1869
|
+
)
|
|
1870
|
+
|
|
1555
1871
|
json_sitemap = #{self}.get_sitemap(
|
|
1556
1872
|
burp_obj: 'required - burp_obj returned by #start method',
|
|
1557
1873
|
keyword: 'optional - keyword to filter sitemap results (default: nil)',
|
data/lib/pwn/plugins/char.rb
CHANGED
|
@@ -7,6 +7,23 @@ module PWN
|
|
|
7
7
|
module Plugins
|
|
8
8
|
# This plugin was created to generate various characters for fuzzing
|
|
9
9
|
module Char
|
|
10
|
+
# Supported Method Parameters::
|
|
11
|
+
# PWN::Plugins::Char.force_utf8(
|
|
12
|
+
# obj: 'required - object to force to UTF-8'
|
|
13
|
+
# )
|
|
14
|
+
public_class_method def self.force_utf8(obj)
|
|
15
|
+
case obj
|
|
16
|
+
when String
|
|
17
|
+
obj.force_encoding('ISO-8859-1').encode('UTF-8', invalid: :replace, undef: :replace)
|
|
18
|
+
when Array
|
|
19
|
+
obj.map { |item| force_utf8(item) }
|
|
20
|
+
when Hash
|
|
21
|
+
obj.transform_values { |value| force_utf8(value) }
|
|
22
|
+
else
|
|
23
|
+
obj
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
10
27
|
# Supported Method Parameters::
|
|
11
28
|
# PWN::Plugins::Char.generate_by_range(
|
|
12
29
|
# from: 'required - integer to start from',
|
|
@@ -1202,7 +1202,8 @@ module PWN
|
|
|
1202
1202
|
callbacks_to_delete = devtools.callbacks.keys.reject { |k| k == 'Target.attachedToTarget' }
|
|
1203
1203
|
Timeout.timeout(30) { browser_obj[:browser].refresh }
|
|
1204
1204
|
until devtools.callbacks.keys.include?(method) && breakpoint_arr.any? { |bp| bp['caught'] == true }
|
|
1205
|
-
|
|
1205
|
+
devtools.callbacks.delete(method)
|
|
1206
|
+
devtools.debugger.resume
|
|
1206
1207
|
devtools.debugger.on(:paused) do |params|
|
|
1207
1208
|
breakpoint_id_caught = params['callFrames'].first['location']['scriptId']
|
|
1208
1209
|
breakpoint_arr.each_with_index do |bp, idx|
|
|
@@ -1213,8 +1214,11 @@ module PWN
|
|
|
1213
1214
|
debugger_state[:breakpoints] = breakpoint_arr
|
|
1214
1215
|
devtools.instance_variable_set(:@debugger_state, debugger_state)
|
|
1215
1216
|
end
|
|
1216
|
-
puts "TARGET BREAKPOINTS: #{breakpoint_arr.inspect}"
|
|
1217
|
-
puts "PARAMS Observerd: #{params.inspect}"
|
|
1217
|
+
# puts "TARGET BREAKPOINTS: #{breakpoint_arr.inspect}"
|
|
1218
|
+
# puts "PARAMS Observerd: #{params.inspect}"
|
|
1219
|
+
debugger_state = devtools.instance_variable_get(:@debugger_state)
|
|
1220
|
+
puts devtools.callbacks.inspect
|
|
1221
|
+
puts debugger_state.inspect
|
|
1218
1222
|
end
|
|
1219
1223
|
devtools.debugger.pause
|
|
1220
1224
|
# browser_obj[:browser].refresh
|
|
@@ -1413,7 +1417,8 @@ module PWN
|
|
|
1413
1417
|
|
|
1414
1418
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
1415
1419
|
system_role_content: system_role_content,
|
|
1416
|
-
request: current_step
|
|
1420
|
+
request: current_step,
|
|
1421
|
+
suppress_pii_output: true
|
|
1417
1422
|
)
|
|
1418
1423
|
puts "^^^ #{ai_analysis}" unless ai_analysis.nil?
|
|
1419
1424
|
end
|
data/lib/pwn/plugins/zaproxy.rb
CHANGED
|
@@ -129,7 +129,7 @@ module PWN
|
|
|
129
129
|
|
|
130
130
|
zaproxy_cmd = "#{zaproxy_cmd} -host #{zap_ip} -port #{zap_port}"
|
|
131
131
|
|
|
132
|
-
zap_obj[:pid] = Process.spawn(zaproxy_cmd)
|
|
132
|
+
zap_obj[:pid] = Process.spawn(zaproxy_cmd, pgroup: true)
|
|
133
133
|
# Wait for pwn_burp_port to open prior to returning burp_obj
|
|
134
134
|
loop do
|
|
135
135
|
s = TCPSocket.new(zap_rest_ip, zap_rest_port)
|
data/lib/pwn/sast/pom_version.rb
CHANGED
|
@@ -82,7 +82,13 @@ module PWN
|
|
|
82
82
|
line_no: line_no,
|
|
83
83
|
source_code_snippet: contents
|
|
84
84
|
}.to_json
|
|
85
|
-
|
|
85
|
+
|
|
86
|
+
system_role_content = 'Your sole purpose is to analyze source code snippets and generate an Exploit Prediction Scoring System (EPSS) score between 0% - 100%. Just generate a score unless score is >= 75% in which a PoC and code fix should also be included.'
|
|
87
|
+
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
88
|
+
system_role_content: system_role_content,
|
|
89
|
+
request: request,
|
|
90
|
+
suppress_pii_warning: true
|
|
91
|
+
)
|
|
86
92
|
ai_analysis ||= 'N/A'
|
|
87
93
|
|
|
88
94
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
|
@@ -124,7 +124,13 @@ module PWN
|
|
|
124
124
|
line_no: line_no,
|
|
125
125
|
source_code_snippet: contents
|
|
126
126
|
}.to_json
|
|
127
|
-
|
|
127
|
+
|
|
128
|
+
system_role_content = 'Your sole purpose is to analyze source code snippets and generate an Exploit Prediction Scoring System (EPSS) score between 0% - 100%. Just generate a score unless score is >= 75% in which a PoC and code fix should also be included.'
|
|
129
|
+
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
130
|
+
system_role_content: system_role_content,
|
|
131
|
+
request: request,
|
|
132
|
+
suppress_pii_warning: true
|
|
133
|
+
)
|
|
128
134
|
ai_analysis ||= 'N/A'
|
|
129
135
|
|
|
130
136
|
hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
|
data/lib/pwn/version.rb
CHANGED
data/lib/pwn/www/hacker_one.rb
CHANGED
|
@@ -139,7 +139,8 @@ module PWN
|
|
|
139
139
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
140
140
|
request: programs_arr.to_json,
|
|
141
141
|
system_role_content: system_role_content,
|
|
142
|
-
spinner: true
|
|
142
|
+
spinner: true,
|
|
143
|
+
suppress_pii_warning: true
|
|
143
144
|
)
|
|
144
145
|
puts "\n\n#{ai_analysis}" unless ai_analysis.nil?
|
|
145
146
|
|
|
@@ -284,7 +285,8 @@ module PWN
|
|
|
284
285
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
285
286
|
request: json_resp.to_json,
|
|
286
287
|
system_role_content: system_role_content,
|
|
287
|
-
spinner: true
|
|
288
|
+
spinner: true,
|
|
289
|
+
suppress_pii_warning: true
|
|
288
290
|
)
|
|
289
291
|
puts "\n\n#{ai_analysis}" unless ai_analysis.nil?
|
|
290
292
|
|
|
@@ -432,7 +434,8 @@ module PWN
|
|
|
432
434
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
433
435
|
request: json_resp.to_json,
|
|
434
436
|
system_role_content: system_role_content,
|
|
435
|
-
spinner: true
|
|
437
|
+
spinner: true,
|
|
438
|
+
suppress_pii_warning: true
|
|
436
439
|
)
|
|
437
440
|
puts "\n\n#{ai_analysis}" unless ai_analysis.nil?
|
|
438
441
|
|
data/third_party/pwn_rdoc.jsonl
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
{"messages":[{"role":"user","content":"PWN::AI::Grok.help Usage"},{"role":"assistant","content":"`PWN::AI::Grok.help`: "}]}
|
|
8
8
|
{"messages":[{"role":"user","content":"PWN::AI::Introspection.authors Usage"},{"role":"assistant","content":"`PWN::AI::Introspection.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
|
|
9
9
|
{"messages":[{"role":"user","content":"PWN::AI::Introspection.help Usage"},{"role":"assistant","content":"`PWN::AI::Introspection.help`: "}]}
|
|
10
|
-
{"messages":[{"role":"user","content":"PWN::AI::Introspection.reflect_on Usage"},{"role":"assistant","content":"`PWN::AI::Introspection.reflect_on`: Supported Method Parameters\n\nresponse = PWN::AI::Introspection.reflect_on(\n\nrequest: 'required - String - What you want the AI to reflect on',\nsystem_role_content: 'optional - context to set up the model behavior for reflection'\n\n)\n"}]}
|
|
10
|
+
{"messages":[{"role":"user","content":"PWN::AI::Introspection.reflect_on Usage"},{"role":"assistant","content":"`PWN::AI::Introspection.reflect_on`: Supported Method Parameters\n\nresponse = PWN::AI::Introspection.reflect_on(\n\nrequest: 'required - String - What you want the AI to reflect on',\nsystem_role_content: 'optional - context to set up the model behavior for reflection',\nspinner: 'optional - Boolean - Display spinner during operation (default: false)'\n\n)\n"}]}
|
|
11
11
|
{"messages":[{"role":"user","content":"PWN::AI::Ollama.authors Usage"},{"role":"assistant","content":"`PWN::AI::Ollama.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
|
|
12
12
|
{"messages":[{"role":"user","content":"PWN::AI::Ollama.chat Usage"},{"role":"assistant","content":"`PWN::AI::Ollama.chat`: Supported Method Parameters\n\nresponse = PWN::AI::Ollama.chat(\n\nrequest: 'required - message to ChatGPT'\nmodel: 'optional - model to use for text generation (defaults to PWN::Env[:ai][:ollama][:model])',\ntemp: 'optional - creative response float (deafults to PWN::Env[:ai][:ollama][:temp])',\nsystem_role_content: 'optional - context to set up the model behavior for conversation (Default: PWN::Env[:ai][:ollama][:system_role_content])',\nresponse_history: 'optional - pass response back in to have a conversation',\nspeak_answer: 'optional speak answer using PWN::Plugins::Voice.text_to_speech (Default: nil)',\ntimeout: 'optional timeout in seconds (defaults to 300)',\nspinner: 'optional - display spinner (defaults to false)'\n\n)\n"}]}
|
|
13
13
|
{"messages":[{"role":"user","content":"PWN::AI::Ollama.get_models Usage"},{"role":"assistant","content":"`PWN::AI::Ollama.get_models`: Supported Method Parameters\n\nresponse = PWN::AI::Ollama.get_models\n"}]}
|
|
@@ -550,12 +550,12 @@
|
|
|
550
550
|
{"messages":[{"role":"user","content":"PWN::Plugins::BlackDuckBinaryAnalysis.help Usage"},{"role":"assistant","content":"`PWN::Plugins::BlackDuckBinaryAnalysis.help`: "}]}
|
|
551
551
|
{"messages":[{"role":"user","content":"PWN::Plugins::BlackDuckBinaryAnalysis.upload_file Usage"},{"role":"assistant","content":"`PWN::Plugins::BlackDuckBinaryAnalysis.upload_file`: Supported Method Parameters\n\nresponse = PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(\n\ntoken: 'required - Bearer token',\nfile: 'required - path of file to upload',\ngroup_id: 'optional - group id',\ndelete_binary: 'optional - delete binary after upload (defaults to false)',\nforce_scan: 'optional - force scan (defaults to false)',\ncallback_url: 'optional - callback url',\nscan_infoleak: 'optional - scan infoleak (defaults to true)',\ncode_analysis: 'optional - code analysis (defaults to true)',\nscan_code_familiarity: 'optional - scan code familiarity (defaults to false)',\nversion: 'optional - version',\nproduct_id: 'optional - product id'\n\n)\n"}]}
|
|
552
552
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.active_scan Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.active_scan`: Supported Method Parameters\n\nactive_scan_url_arr = PWN::Plugins::BurpSuite.active_scan(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to scan in sitemap (should be loaded & authenticated w/ burp_obj[:mitm_browser])',\nexclude_paths: 'optional - array of paths to exclude from active scan (default: [])'\n\n)\n"}]}
|
|
553
|
-
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_proxy_listener`: Supported Method Parameters\n\njson_proxy_listener = PWN::Plugins::BurpSuite.add_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\
|
|
553
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_proxy_listener`: Supported Method Parameters\n\njson_proxy_listener = PWN::Plugins::BurpSuite.add_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\nbindAddress: 'required - bind address for the proxy listener (e.g., \"127.0.0.1\")',\nport: 'required - port for the proxy listener (e.g., 8081)',\nenabled: 'optional - enable the listener (defaults to true)'\n\n)\n"}]}
|
|
554
554
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_repeater_tab Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_repeater_tab`: Supported Method Parameters\n\nrepeater_id = PWN::Plugins::BurpSuite.add_repeater_tab(\n\nburp_obj: 'required - burp_obj returned by #start method',\nname: 'required - name of the repeater tab (max 30 characters)',\nrequest: 'optional - base64 encoded HTTP request string'\n\n)\n"}]}
|
|
555
555
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_to_scope Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_to_scope`: Supported Method Parameters\n\njson_in_scope = PWN::Plugins::BurpSuite.add_to_scope(\n\nburp_obj: 'required - burp_obj returned by #start method',\ntarget_url: 'required - target url to add to scope'\n\n)\n"}]}
|
|
556
556
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.add_to_sitemap Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.add_to_sitemap`: "}]}
|
|
557
557
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
|
|
558
|
-
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.delete_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.delete_proxy_listener`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.delete_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\nid: '
|
|
558
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.delete_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.delete_proxy_listener`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.delete_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\nid: 'optional - ID of the proxy listener (defaults to 0)'\n\n)\n"}]}
|
|
559
559
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.delete_repeater_tab Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.delete_repeater_tab`: Supported Method Parameters\n\nuri_in_scope = PWN::Plugins::BurpSuite.delete_repeater_tab(\n\nburp_obj: 'required - burp_obj returned by #start method',\nid: 'required - id of the repeater tab to delete'\n\n)\n"}]}
|
|
560
560
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.disable_proxy Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.disable_proxy`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.disable_proxy(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
|
|
561
561
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.enable_proxy Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.enable_proxy`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.enable_proxy(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
|
|
@@ -574,7 +574,7 @@
|
|
|
574
574
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.start Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.start`: Supported Method Parameters\n\nburp_obj1 = PWN::Plugins::BurpSuite.start(\n\nburp_jar_path: 'optional - path of burp suite pro jar file (defaults to /opt/burpsuite/burpsuite_pro.jar)',\nheadless: 'optional - run burp headless if set to true',\nbrowser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',\nburp_ip: 'optional - IP address for the Burp proxy (defaults to 127.0.0.1)',\nburp_port: 'optional - port for the Burp proxy (defaults to a random unused port)',\npwn_burp_ip: 'optional - IP address for the PWN Burp API (defaults to 127.0.0.1)',\npwn_burp_port: 'optional - port for the PWN Burp API (defaults to a random unused port)'\n\n)\n"}]}
|
|
575
575
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.stop Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.stop`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.stop(\n\nburp_obj: 'required - burp_obj returned by #start method'\n\n)\n"}]}
|
|
576
576
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_burp_jar Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_burp_jar`: Supported Method Parameters\n\nPWN::Plugins::BurpSuite.update_burp_jar( )\n"}]}
|
|
577
|
-
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_proxy_listener`: Supported Method Parameters\n\njson_proxy_listener = PWN::Plugins::BurpSuite.update_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\nid: 'optional - ID of the proxy listener (defaults to
|
|
577
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_proxy_listener Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_proxy_listener`: Supported Method Parameters\n\njson_proxy_listener = PWN::Plugins::BurpSuite.update_proxy_listener(\n\nburp_obj: 'required - burp_obj returned by #start method',\nid: 'optional - ID of the proxy listener (defaults to 0)',\nbindAddress: 'optional - bind address for the proxy listener (defaults to value of existing listener)',\nport: 'optional - port for the proxy listener (defaults to value of existing listener)',\nenabled: 'optional - enable or disable the listener (defaults to value of existing listener)'\n\n)\n"}]}
|
|
578
578
|
{"messages":[{"role":"user","content":"PWN::Plugins::BurpSuite.update_repeater_tab Usage"},{"role":"assistant","content":"`PWN::Plugins::BurpSuite.update_repeater_tab`: Supported Method Parameters\n\nrepeater_obj = PWN::Plugins::BurpSuite.update_repeater_tab(\n\nburp_obj: 'required - burp_obj returned by #start method',\nid: 'required - id of the repeater tab to update',\nname: 'required - name of the repeater tab (max 30 characters)',\nrequest: 'required - base64 encoded HTTP request string'\n\n)\n"}]}
|
|
579
579
|
{"messages":[{"role":"user","content":"PWN::Plugins::BusPirate.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::BusPirate.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
|
|
580
580
|
{"messages":[{"role":"user","content":"PWN::Plugins::BusPirate.connect Usage"},{"role":"assistant","content":"`PWN::Plugins::BusPirate.connect`: Supported Method Parameters\n\nbus_pirate_obj = PWN::Plugins::BusPirate.connect(\n\nblock_dev: 'optional serial block device path (defaults to /dev/ttyUSB0)',\nbaud: 'optional (defaults to 9600)',\ndata_bits: 'optional (defaults to 8)',\nstop_bits: 'optional (defaults to 1)',\nparity: 'optional (defaults to SerialPort::NONE)',\nflow_control: 'optional (defaults to SerialPort::HARD) SerialPort::NONE|SerialPort::SOFT|SerialPort::HARD'\n\n)\n"}]}
|
|
@@ -1001,6 +1001,7 @@
|
|
|
1001
1001
|
{"messages":[{"role":"user","content":"PWN::Plugins::Tor.switch_exit_node Usage"},{"role":"assistant","content":"`PWN::Plugins::Tor.switch_exit_node`: Supported Method Parameters\n\nPWN::Plugins::Tor.switch_exit_node(\n\ntor_obj: 'required - tor_obj returned from #start method',\nresponse_timeout: 'optional - float in seconds to timeout (default: 3.0)'\n\n)\n"}]}
|
|
1002
1002
|
{"messages":[{"role":"user","content":"PWN::Plugins::Tor.tor_control_cmd Usage"},{"role":"assistant","content":"`PWN::Plugins::Tor.tor_control_cmd`: Supported Method Parameters\n\ntor_ctrl_cmd(\n\ntor_obj: 'required - tor_obj returned from #start method'\ncmd: 'required - Tor control command to execute',\nresponse_timeout: 'optional - float in seconds to timeout (default: 3.0)'\n\n)\n"}]}
|
|
1003
1003
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.authors Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.authors`: Author(s)\n\n0day Inc. <support@0dayinc.com>\n"}]}
|
|
1004
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.breakpoint_locations Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.breakpoint_locations`: Supported Method Parameters\n\npage_state_arr = PWN::Plugins::TransparentBrowser.breakpoint_locations(\n\nbrowser_obj: 'required - browser_obj returned from #open method)'\n\n)\n"}]}
|
|
1004
1005
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.close Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.close`: Supported Method Parameters\n\nbrowser_obj1 = PWN::Plugins::TransparentBrowser.close(\n\nbrowser_obj: 'required - browser_obj returned from #open method)'\n\n)\n"}]}
|
|
1005
1006
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.close_tab Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.close_tab`: Supported Method Parameters\n\ntab = PWN::Plugins::TransparentBrowser.close_tab(\n\nbrowser_obj: 'required - browser_obj returned from #open method)',\nindex: 'optional - index of tab to close (defaults to closing active tab)',\nkeyword: 'optional - keyword in title or url used to close tabs (defaults to closing active tab)'\n\n)\n"}]}
|
|
1006
1007
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.console Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.console`: Supported Method Parameters\n\nconsole_resp = PWN::Plugins::TransparentBrowser.console(\n\nbrowser_obj: browser_obj1,\njs: 'required - JavaScript expression to evaluate',\nreturn_to: 'optional - return to :console or :stdout (defaults to :console)'\n\n)\n"}]}
|
|
@@ -1010,6 +1011,7 @@
|
|
|
1010
1011
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.dump_links Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.dump_links`: Supported Method Parameters\n\nbrowser_obj = PWN::Plugins::TransparentBrowser.dump_links(\n\nbrowser_obj: browser_obj1\n\n)\n"}]}
|
|
1011
1012
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.find_elements_by_text Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.find_elements_by_text`: Supported Method Parameters\n\nbrowser_obj = PWN::Plugins::TransparentBrowser.find_elements_by_text(\n\nbrowser_obj: browser_obj1,\ntext: 'required - text to search for in the DOM'\n\n)\n"}]}
|
|
1012
1013
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.get_page_state Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.get_page_state`: Supported Method Parameters\n\npage_state = PWN::Plugins::TransparentBrowser.get_page_state(\n\nbrowser_obj: 'required - browser_obj returned from #open method)'\n\n)\n"}]}
|
|
1014
|
+
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.get_targets Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.get_targets`: Supported Method Parameters\n\npage_state_arr = PWN::Plugins::TransparentBrowser.get_targets(\n\nbrowser_obj: 'required - browser_obj returned from #open method)'\n\n)\n"}]}
|
|
1013
1015
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.help Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.help`: "}]}
|
|
1014
1016
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.hide_dom_mutations Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.hide_dom_mutations`: Supported Method Parameters\n\nconsole_resp = PWN::Plugins::TransparentBrowser.hide_dom_mutations(\n\nbrowser_obj: browser_obj1,\nindex: 'optional - index of tab to switch to (defaults to active tab)'\n\n)\n"}]}
|
|
1015
1017
|
{"messages":[{"role":"user","content":"PWN::Plugins::TransparentBrowser.jmp_devtools_panel Usage"},{"role":"assistant","content":"`PWN::Plugins::TransparentBrowser.jmp_devtools_panel`: Supported Method Parameters\n\nPWN::Plugins::TransparentBrowser.jmp_devtools_panel(\n\nbrowser_obj: 'required - browser_obj returned from #open method)',\npanel: 'optional - panel to switch to :elements|:inspector|:console|:debugger|:sources|:network\n\n)\n"}]}
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.498
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -1149,14 +1149,14 @@ dependencies:
|
|
|
1149
1149
|
requirements:
|
|
1150
1150
|
- - '='
|
|
1151
1151
|
- !ruby/object:Gem::Version
|
|
1152
|
-
version: 2.
|
|
1152
|
+
version: 2.8.0
|
|
1153
1153
|
type: :runtime
|
|
1154
1154
|
prerelease: false
|
|
1155
1155
|
version_requirements: !ruby/object:Gem::Requirement
|
|
1156
1156
|
requirements:
|
|
1157
1157
|
- - '='
|
|
1158
1158
|
- !ruby/object:Gem::Version
|
|
1159
|
-
version: 2.
|
|
1159
|
+
version: 2.8.0
|
|
1160
1160
|
- !ruby/object:Gem::Dependency
|
|
1161
1161
|
name: thin
|
|
1162
1162
|
requirement: !ruby/object:Gem::Requirement
|