pwn 0.5.500 → 0.5.501
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/pwn/plugins/burp_suite.rb +33 -14
- data/lib/pwn/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c0b4570a5ff7da1064b4f789fb5baabda4a9ea32e0eb35cba1eb501812c9df3d
|
|
4
|
+
data.tar.gz: 62cd85bfbb6dfce975b244eb91fb271a3d0eb37cd895a28c021f71b9fcc28d95
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ecfade1d85158fff6dbd183427aa540e05eed36accd9cc890bd815ab4aa2b10e30cf41d48a6cbccfce00b330d0241dff057aab95f54d097eda9fd65f01152af6
|
|
7
|
+
data.tar.gz: 382fd86ae3bbb579099d164ba5346bd5c70370e22b0f81394bea6c50122433383e36b7a9f2cc0a4bb5da8bd887095a60e21fcbff1e01789d6005651d2717b9d3
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.501]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.501]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.501]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -119,6 +119,7 @@ module PWN
|
|
|
119
119
|
highlight_color
|
|
120
120
|
end
|
|
121
121
|
|
|
122
|
+
proxy_history = []
|
|
122
123
|
loop do
|
|
123
124
|
# TODO: Implement sitemap and repeater into the loop.
|
|
124
125
|
# Sitemap should work the same as proxy history.
|
|
@@ -135,19 +136,35 @@ module PWN
|
|
|
135
136
|
protocol = entry[:http_service][:protocol]
|
|
136
137
|
next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
|
|
137
138
|
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
139
|
+
proxy_history_entry = nil
|
|
140
|
+
if proxy_history.any?
|
|
141
|
+
proxy_history_entry = proxy_history.find do |proxy_entry|
|
|
142
|
+
next unless proxy_entry.key?(:http_service) && proxy_entry.key?(:request)
|
|
143
|
+
|
|
144
|
+
proxy_entry[:http_service][:host] == host &&
|
|
145
|
+
proxy_entry[:http_service][:port] == port &&
|
|
146
|
+
proxy_entry[:http_service][:protocol] == protocol &&
|
|
147
|
+
proxy_entry[:request] == entry[:request]
|
|
148
|
+
end
|
|
149
|
+
end
|
|
150
|
+
if proxy_history_entry.nil?
|
|
151
|
+
request = Base64.strict_decode64(request)
|
|
152
|
+
response = Base64.strict_decode64(response)
|
|
153
|
+
http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
|
|
154
|
+
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
155
|
+
system_role_content: system_role_content,
|
|
156
|
+
request: http_request_response,
|
|
157
|
+
suppress_pii_warning: true
|
|
158
|
+
)
|
|
146
159
|
|
|
147
|
-
|
|
160
|
+
next if ai_analysis.nil? || ai_analysis.strip.empty?
|
|
148
161
|
|
|
149
|
-
|
|
150
|
-
|
|
162
|
+
entry[:comment] = ai_analysis
|
|
163
|
+
entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
|
|
164
|
+
else
|
|
165
|
+
entry[:comment] = proxy_history_entry[:comment]
|
|
166
|
+
entry[:highlight] = proxy_history_entry[:highlight]
|
|
167
|
+
end
|
|
151
168
|
|
|
152
169
|
update_sitemap(
|
|
153
170
|
burp_obj: burp_obj,
|
|
@@ -166,13 +183,12 @@ module PWN
|
|
|
166
183
|
protocol = entry[:http_service][:protocol]
|
|
167
184
|
next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
|
|
168
185
|
|
|
169
|
-
request = Base64.strict_decode64(request)
|
|
170
|
-
response = Base64.strict_decode64(response)
|
|
171
|
-
|
|
172
186
|
# If sitemap comment and highlight color exists, use that instead of re-analyzing
|
|
173
187
|
sitemap_entry = nil
|
|
174
188
|
if sitemap.any?
|
|
175
189
|
sitemap_entry = sitemap.find do |site|
|
|
190
|
+
next unless site.key?(:http_service) && site.key?(:request)
|
|
191
|
+
|
|
176
192
|
site[:http_service][:host] == host &&
|
|
177
193
|
site[:http_service][:port] == port &&
|
|
178
194
|
site[:http_service][:protocol] == protocol &&
|
|
@@ -181,6 +197,9 @@ module PWN
|
|
|
181
197
|
end
|
|
182
198
|
|
|
183
199
|
if sitemap_entry.nil?
|
|
200
|
+
request = Base64.strict_decode64(request)
|
|
201
|
+
response = Base64.strict_decode64(response)
|
|
202
|
+
|
|
184
203
|
http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
|
|
185
204
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
186
205
|
system_role_content: system_role_content,
|
data/lib/pwn/version.rb
CHANGED