pwn 0.5.505 → 0.5.507
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -1
- data/Gemfile +2 -2
- data/README.md +3 -3
- data/bin/pwn_gqrx_scanner +16 -16
- data/bin/pwn_serial_son_micro_sm132_rfid +11 -11
- data/lib/pwn/ai.rb +1 -1
- data/lib/pwn/aws.rb +1 -1
- data/lib/pwn/banner.rb +1 -1
- data/lib/pwn/blockchain.rb +1 -1
- data/lib/pwn/ffi.rb +1 -1
- data/lib/pwn/plugins/burp_suite.rb +38 -37
- data/lib/pwn/plugins.rb +1 -7
- data/lib/pwn/reports.rb +1 -1
- data/lib/pwn/sast.rb +2 -2
- data/lib/pwn/sdr/decoder/gsm.rb +200 -0
- data/lib/pwn/sdr/decoder.rb +19 -0
- data/lib/pwn/{plugins → sdr}/flipper_zero.rb +5 -5
- data/lib/pwn/sdr/frequency_allocation.rb +372 -0
- data/lib/pwn/sdr/gqrx.rb +656 -0
- data/lib/pwn/{plugins → sdr}/rfidler.rb +2 -2
- data/lib/pwn/{plugins → sdr}/son_micro_rfid.rb +12 -12
- data/lib/pwn/sdr.rb +21 -0
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www.rb +1 -1
- data/lib/pwn.rb +1 -0
- data/spec/lib/pwn/sdr/decoder/gsm_spec.rb +15 -0
- data/spec/lib/pwn/sdr/decoder_spec.rb +10 -0
- data/spec/lib/pwn/{plugins → sdr}/flipper_zero_spec.rb +3 -3
- data/spec/lib/pwn/sdr/frequency_allocation_spec.rb +15 -0
- data/spec/lib/pwn/{plugins → sdr}/gqrx_spec.rb +3 -3
- data/spec/lib/pwn/{plugins → sdr}/rfidler_spec.rb +3 -3
- data/spec/lib/pwn/{plugins → sdr}/son_micro_rfid_spec.rb +3 -3
- data/spec/lib/pwn/sdr_spec.rb +10 -0
- data/third_party/pwn_rdoc.jsonl +3 -1
- metadata +21 -13
- data/lib/pwn/plugins/gqrx.rb +0 -757
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f5f3b2e3e72d554719b28120d3ccb558d563b5d0d70ca79425994eaf20977bc7
|
|
4
|
+
data.tar.gz: 2a59f3fb5bbe1b66192ebd4c4cd7c6528ead94ffb06770089aaff9806dc83130
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 846169897acd7a88a03c71c65f08e1502ad13ab98538000cf613ad9ff0d43844631510ffb75b32f186e6aca75df0761a92cb030c7014466f7c93e3826d1dae1d
|
|
7
|
+
data.tar.gz: 4974d662081fdc274fc8332265fcc41c5b51a8fcd9de3794641f46719002db226c1659bea12d19969bb5b1ef3ab3d93d088a16885de6a337ee6ab1cff86a9224
|
data/.rubocop.yml
CHANGED
data/Gemfile
CHANGED
|
@@ -38,7 +38,7 @@ gem 'gem-wrappers', '1.4.0'
|
|
|
38
38
|
gem 'geocoder', '1.8.6'
|
|
39
39
|
gem 'gist', '6.0.0'
|
|
40
40
|
gem 'gruff', '0.29.0'
|
|
41
|
-
gem 'htmlentities', '4.
|
|
41
|
+
gem 'htmlentities', '4.4.2'
|
|
42
42
|
gem 'ipaddress', '0.8.3'
|
|
43
43
|
gem 'jenkins_api_client2', '1.9.0'
|
|
44
44
|
gem 'js-beautify', '0.1.8'
|
|
@@ -90,7 +90,7 @@ gem 'rvm', '1.11.3.9'
|
|
|
90
90
|
gem 'savon', '2.15.1'
|
|
91
91
|
gem 'selenium-devtools', '0.142.0'
|
|
92
92
|
gem 'selenium-webdriver', '4.38.0'
|
|
93
|
-
gem 'slack-ruby-client', '3.
|
|
93
|
+
gem 'slack-ruby-client', '3.1.0'
|
|
94
94
|
gem 'socksify', '1.8.1'
|
|
95
95
|
gem 'spreadsheet', '1.3.4'
|
|
96
96
|
gem 'sqlite3', '2.8.0'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.507]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.507]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.507]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/bin/pwn_gqrx_scanner
CHANGED
|
@@ -9,8 +9,8 @@ PWN::Driver::Parser.new do |options|
|
|
|
9
9
|
opts[:profile] = p
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
options.on('-l', '--list-profiles', '<Optional - List supported profiles and exit>') do |l|
|
|
13
|
-
opts[:
|
|
12
|
+
options.on('-l', '--list-scan-profiles', '<Optional - List supported scan profiles and exit>') do |l|
|
|
13
|
+
opts[:list_scan_profiles] = l
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
options.on('-tFREQ', '--target-freq=FREQ', '<Required if "--assume-profile" is Nil - Frequency to Conclude Scanning (e.g. 900.000.000 == 900 mHz>') do |e|
|
|
@@ -74,15 +74,15 @@ begin
|
|
|
74
74
|
pwn_provider = 'ruby-gem'
|
|
75
75
|
pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
|
|
76
76
|
|
|
77
|
-
|
|
78
|
-
if
|
|
79
|
-
profiles_available = PWN::
|
|
77
|
+
list_scan_profiles = opts[:list_scan_profiles]
|
|
78
|
+
if list_scan_profiles
|
|
79
|
+
profiles_available = PWN::SDR::GQRX.list_scan_profiles
|
|
80
80
|
puts JSON.pretty_generate(profiles_available)
|
|
81
81
|
exit 0
|
|
82
82
|
end
|
|
83
83
|
|
|
84
84
|
profile = opts[:profile]
|
|
85
|
-
opts = PWN::
|
|
85
|
+
opts = PWN::SDR::GQRX.assume_profile(profile: profile) unless profile.nil?
|
|
86
86
|
|
|
87
87
|
target_freq = opts[:target_freq]
|
|
88
88
|
target_freq = target_freq.to_s.delete('.') unless target_freq.nil?
|
|
@@ -93,13 +93,13 @@ begin
|
|
|
93
93
|
port = opts[:port]
|
|
94
94
|
|
|
95
95
|
puts "Connecting to GQRX at #{host}:#{port}..."
|
|
96
|
-
gqrx_sock = PWN::
|
|
96
|
+
gqrx_sock = PWN::SDR::GQRX.connect(target: host, port: port)
|
|
97
97
|
|
|
98
98
|
start_freq = opts[:start_freq]
|
|
99
99
|
start_freq = start_freq.to_s.delete('.') unless start_freq.nil?
|
|
100
100
|
start_freq = start_freq.to_i
|
|
101
101
|
if start_freq.zero?
|
|
102
|
-
start_freq = PWN::
|
|
102
|
+
start_freq = PWN::SDR::GQRX.gqrx_cmd(
|
|
103
103
|
gqrx_sock: gqrx_sock, cmd: 'f',
|
|
104
104
|
resp_ok: 'RPRT 0'
|
|
105
105
|
).to_i
|
|
@@ -115,7 +115,7 @@ begin
|
|
|
115
115
|
|
|
116
116
|
puts "Setting demodulator mode to #{demodulator_mode} and bandwidth to #{bandwidth}..."
|
|
117
117
|
bandwidth = bandwidth.to_s.delete('.').to_i unless bandwidth.nil?
|
|
118
|
-
demod_resp = PWN::
|
|
118
|
+
demod_resp = PWN::SDR::GQRX.gqrx_cmd(
|
|
119
119
|
gqrx_sock: gqrx_sock,
|
|
120
120
|
cmd: "M #{demodulator_mode} #{bandwidth}",
|
|
121
121
|
resp_ok: 'RPRT 0'
|
|
@@ -123,7 +123,7 @@ begin
|
|
|
123
123
|
|
|
124
124
|
audio_gain_db = opts[:audio_gain_db] ||= 1.0
|
|
125
125
|
audio_gain_db = audio_gain_db.to_f
|
|
126
|
-
audio_gain_db_resp = PWN::
|
|
126
|
+
audio_gain_db_resp = PWN::SDR::GQRX.gqrx_cmd(
|
|
127
127
|
gqrx_sock: gqrx_sock,
|
|
128
128
|
cmd: "L AF #{audio_gain_db}",
|
|
129
129
|
resp_ok: 'RPRT 0'
|
|
@@ -131,7 +131,7 @@ begin
|
|
|
131
131
|
|
|
132
132
|
squelch = opts[:squelch] ||= -63.0
|
|
133
133
|
squelch = squelch.to_f
|
|
134
|
-
squelch_resp = PWN::
|
|
134
|
+
squelch_resp = PWN::SDR::GQRX.gqrx_cmd(
|
|
135
135
|
gqrx_sock: gqrx_sock,
|
|
136
136
|
cmd: "L SQL #{squelch}",
|
|
137
137
|
resp_ok: 'RPRT 0'
|
|
@@ -149,7 +149,7 @@ begin
|
|
|
149
149
|
|
|
150
150
|
rf_gain = opts[:rf_gain] ||= 0.0
|
|
151
151
|
rf_gain = rf_gain.to_f
|
|
152
|
-
rf_gain_resp = PWN::
|
|
152
|
+
rf_gain_resp = PWN::SDR::GQRX.gqrx_cmd(
|
|
153
153
|
gqrx_sock: gqrx_sock,
|
|
154
154
|
cmd: "L RF_GAIN #{rf_gain}",
|
|
155
155
|
resp_ok: 'RPRT 0'
|
|
@@ -157,7 +157,7 @@ begin
|
|
|
157
157
|
|
|
158
158
|
intermediate_gain = opts[:intermediate_gain] ||= 32.0
|
|
159
159
|
intermediate_gain = intermediate_gain.to_f
|
|
160
|
-
intermediate_resp = PWN::
|
|
160
|
+
intermediate_resp = PWN::SDR::GQRX.gqrx_cmd(
|
|
161
161
|
gqrx_sock: gqrx_sock,
|
|
162
162
|
cmd: "L IF_GAIN #{intermediate_gain}",
|
|
163
163
|
resp_ok: 'RPRT 0'
|
|
@@ -165,7 +165,7 @@ begin
|
|
|
165
165
|
|
|
166
166
|
baseband_gain = opts[:baseband_gain] ||= 10.0
|
|
167
167
|
baseband_gain = baseband_gain.to_f
|
|
168
|
-
baseband_resp = PWN::
|
|
168
|
+
baseband_resp = PWN::SDR::GQRX.gqrx_cmd(
|
|
169
169
|
gqrx_sock: gqrx_sock,
|
|
170
170
|
cmd: "L BB_GAIN #{baseband_gain}",
|
|
171
171
|
resp_ok: 'RPRT 0'
|
|
@@ -175,7 +175,7 @@ begin
|
|
|
175
175
|
t_freq_pretty = target_freq.to_s.chars.insert(-4, '.').insert(-8, '.').join
|
|
176
176
|
puts "*** Scanning from #{s_freq_pretty} to #{t_freq_pretty}\n\n\n"
|
|
177
177
|
|
|
178
|
-
PWN::
|
|
178
|
+
PWN::SDR::GQRX.scan_range(
|
|
179
179
|
gqrx_sock: gqrx_sock,
|
|
180
180
|
demodulator_mode: demodulator_mode,
|
|
181
181
|
bandwidth: bandwidth,
|
|
@@ -192,5 +192,5 @@ rescue StandardError => e
|
|
|
192
192
|
rescue Interrupt, SystemExit
|
|
193
193
|
puts "\nGoodbye."
|
|
194
194
|
ensure
|
|
195
|
-
gqrx_sock = PWN::
|
|
195
|
+
gqrx_sock = PWN::SDR::GQRX.disconnect(gqrx_sock: gqrx_sock) unless gqrx_sock.nil?
|
|
196
196
|
end
|
|
@@ -44,7 +44,7 @@ begin
|
|
|
44
44
|
parity = opts[:parity]
|
|
45
45
|
flow_control = opts[:flow_control]
|
|
46
46
|
|
|
47
|
-
son_micro_rfid_obj = PWN::
|
|
47
|
+
son_micro_rfid_obj = PWN::SDR::SonMicroRFID.connect(
|
|
48
48
|
block_dev: block_dev,
|
|
49
49
|
baud: baud,
|
|
50
50
|
data_bits: data_bits,
|
|
@@ -60,7 +60,7 @@ begin
|
|
|
60
60
|
puts "Signals: #{son_micro_rfid_obj[:serial_conn].signals}"
|
|
61
61
|
end
|
|
62
62
|
|
|
63
|
-
exec_resp = PWN::
|
|
63
|
+
exec_resp = PWN::SDR::SonMicroRFID.exec(
|
|
64
64
|
son_micro_rfid_obj: son_micro_rfid_obj,
|
|
65
65
|
cmd: :firmware
|
|
66
66
|
)
|
|
@@ -76,7 +76,7 @@ begin
|
|
|
76
76
|
menu_msg = ''
|
|
77
77
|
loop do
|
|
78
78
|
unless menu_msg.include?('ERROR')
|
|
79
|
-
exec_resp = PWN::
|
|
79
|
+
exec_resp = PWN::SDR::SonMicroRFID.exec(
|
|
80
80
|
son_micro_rfid_obj: son_micro_rfid_obj,
|
|
81
81
|
cmd: :antenna_power,
|
|
82
82
|
params: :on
|
|
@@ -100,7 +100,7 @@ begin
|
|
|
100
100
|
when :R
|
|
101
101
|
menu_msg = 'READ TAG'
|
|
102
102
|
begin
|
|
103
|
-
rfid_data = PWN::
|
|
103
|
+
rfid_data = PWN::SDR::SonMicroRFID.read_tag(son_micro_rfid_obj: son_micro_rfid_obj)
|
|
104
104
|
puts "\nRFID Data:"
|
|
105
105
|
puts "Tag ID: #{rfid_data[:tag_id]}"
|
|
106
106
|
puts "Block Data: #{rfid_data[:block_data]}" if rfid_data[:block_data]
|
|
@@ -110,7 +110,7 @@ begin
|
|
|
110
110
|
when :B
|
|
111
111
|
menu_msg = 'BACKUP TAG TO FILE'
|
|
112
112
|
begin
|
|
113
|
-
rfid_data = PWN::
|
|
113
|
+
rfid_data = PWN::SDR::SonMicroRFID.backup_tag(son_micro_rfid_obj: son_micro_rfid_obj)
|
|
114
114
|
puts "\nBackup successful. RFID Data:"
|
|
115
115
|
puts "Tag ID: #{rfid_data[:tag_id]}"
|
|
116
116
|
puts "Block Data: #{rfid_data[:block_data]}" if rfid_data[:block_data]
|
|
@@ -123,7 +123,7 @@ begin
|
|
|
123
123
|
next unless gets.chomp.strip.upcase == 'Y'
|
|
124
124
|
|
|
125
125
|
begin
|
|
126
|
-
rfid_data = PWN::
|
|
126
|
+
rfid_data = PWN::SDR::SonMicroRFID.clone_tag(son_micro_rfid_obj: son_micro_rfid_obj)
|
|
127
127
|
puts "\nClone successful. RFID Data:"
|
|
128
128
|
puts "Tag ID: #{rfid_data[:tag_id]}"
|
|
129
129
|
puts "Block Data: #{rfid_data[:block_data]}" if rfid_data[:block_data]
|
|
@@ -136,7 +136,7 @@ begin
|
|
|
136
136
|
next unless gets.chomp.strip.upcase == 'Y'
|
|
137
137
|
|
|
138
138
|
begin
|
|
139
|
-
rfid_data = PWN::
|
|
139
|
+
rfid_data = PWN::SDR::SonMicroRFID.load_tag_from_file(son_micro_rfid_obj: son_micro_rfid_obj)
|
|
140
140
|
puts "\nLoad successful. RFID Data:"
|
|
141
141
|
puts "Tag ID: #{rfid_data[:tag_id]}"
|
|
142
142
|
puts "Block Data: #{rfid_data[:block_data]}" if rfid_data[:block_data]
|
|
@@ -149,7 +149,7 @@ begin
|
|
|
149
149
|
next unless gets.chomp.strip.upcase == 'Y'
|
|
150
150
|
|
|
151
151
|
begin
|
|
152
|
-
rfid_data = PWN::
|
|
152
|
+
rfid_data = PWN::SDR::SonMicroRFID.update_tag(son_micro_rfid_obj: son_micro_rfid_obj)
|
|
153
153
|
puts "\nUpdate successful. RFID Data:"
|
|
154
154
|
puts "Tag ID: #{rfid_data[:tag_id]}"
|
|
155
155
|
puts "Block Data: #{rfid_data[:block_data]}" if rfid_data[:block_data]
|
|
@@ -159,7 +159,7 @@ begin
|
|
|
159
159
|
when :W
|
|
160
160
|
menu_msg = 'WARM RESET'
|
|
161
161
|
begin
|
|
162
|
-
exec_resp = PWN::
|
|
162
|
+
exec_resp = PWN::SDR::SonMicroRFID.exec(
|
|
163
163
|
son_micro_rfid_obj: son_micro_rfid_obj,
|
|
164
164
|
cmd: :reset
|
|
165
165
|
)
|
|
@@ -171,7 +171,7 @@ begin
|
|
|
171
171
|
exit
|
|
172
172
|
else
|
|
173
173
|
menu_msg = '****** ERROR: Invalid Menu Option Selected ******'
|
|
174
|
-
exec_resp = PWN::
|
|
174
|
+
exec_resp = PWN::SDR::SonMicroRFID.exec(
|
|
175
175
|
son_micro_rfid_obj: son_micro_rfid_obj,
|
|
176
176
|
cmd: :antenna_power,
|
|
177
177
|
params: :off
|
|
@@ -184,5 +184,5 @@ rescue StandardError => e
|
|
|
184
184
|
rescue SystemExit, Interrupt
|
|
185
185
|
puts "\nGoodbye."
|
|
186
186
|
ensure
|
|
187
|
-
PWN::
|
|
187
|
+
PWN::SDR::SonMicroRFID.disconnect(son_micro_rfid_obj: son_micro_rfid_obj) if son_micro_rfid_obj
|
|
188
188
|
end
|
data/lib/pwn/ai.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module PWN
|
|
4
|
-
# This file, using the autoload directive loads
|
|
4
|
+
# This file, using the autoload directive loads AI modules
|
|
5
5
|
# into memory only when they're needed. For more information, see:
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
|
7
7
|
module AI
|
data/lib/pwn/aws.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module PWN
|
|
4
|
-
# This file, using the autoload directive loads
|
|
4
|
+
# This file, using the autoload directive loads AWS modules
|
|
5
5
|
# into memory only when they're needed. For more information, see:
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
|
7
7
|
module AWS
|
data/lib/pwn/banner.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module PWN
|
|
4
|
-
# This file, using the autoload directive loads
|
|
4
|
+
# This file, using the autoload directive loads Banner modules
|
|
5
5
|
# into memory only when they're needed. For more information, see:
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
|
7
7
|
module Banner
|
data/lib/pwn/blockchain.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module PWN
|
|
4
|
-
# This file, using the autoload directive loads
|
|
4
|
+
# This file, using the autoload directive loads Blockchain modules
|
|
5
5
|
# into memory only when they're needed. For more information, see:
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
|
7
7
|
module Blockchain
|
data/lib/pwn/ffi.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module PWN
|
|
4
|
-
# This file, using the autoload directive loads
|
|
4
|
+
# This file, using the autoload directive loads FFI modules
|
|
5
5
|
# into memory only when they're needed. For more information, see:
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
|
7
7
|
module FFI
|
|
@@ -60,7 +60,7 @@ module PWN
|
|
|
60
60
|
burp_obj = opts[:burp_obj]
|
|
61
61
|
raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
|
|
62
62
|
|
|
63
|
-
valid_types = %i[sitemap
|
|
63
|
+
valid_types = %i[proxy_history sitemap websocket_history]
|
|
64
64
|
type = opts[:type]
|
|
65
65
|
raise "ERROR: type parameter is required and must be one of: #{valid_types.join(', ')}" unless valid_types.include?(type)
|
|
66
66
|
|
|
@@ -129,10 +129,10 @@ module PWN
|
|
|
129
129
|
# Repeater should analyze the reqesut/response pair and suggest
|
|
130
130
|
# modifications to the request to further probe for vulnerabilities _quickly_.
|
|
131
131
|
case type
|
|
132
|
-
when :
|
|
133
|
-
proxy_history = get_proxy_history(burp_obj: burp_obj)
|
|
132
|
+
when :proxy_history
|
|
134
133
|
sitemap = get_sitemap(burp_obj: burp_obj)
|
|
135
|
-
|
|
134
|
+
proxy_history = get_proxy_history(burp_obj: burp_obj)
|
|
135
|
+
proxy_history.each do |entry|
|
|
136
136
|
next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
|
|
137
137
|
|
|
138
138
|
request = entry[:request]
|
|
@@ -142,24 +142,26 @@ module PWN
|
|
|
142
142
|
protocol = entry[:http_service][:protocol]
|
|
143
143
|
next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
|
|
144
144
|
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
145
|
+
# If sitemap comment and highlight color exists, use that instead of re-analyzing
|
|
146
|
+
sitemap_entry = nil
|
|
147
|
+
if sitemap.any?
|
|
148
|
+
sitemap_entry = sitemap.find do |site|
|
|
149
|
+
next unless site.key?(:http_service) && site.key?(:request)
|
|
149
150
|
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
151
|
+
site[:http_service][:host] == host &&
|
|
152
|
+
site[:http_service][:port] == port &&
|
|
153
|
+
site[:http_service][:protocol] == protocol &&
|
|
154
|
+
site[:request] == entry[:request]
|
|
154
155
|
end
|
|
155
156
|
end
|
|
156
157
|
|
|
157
|
-
if
|
|
158
|
-
entry[:comment] =
|
|
159
|
-
entry[:highlight] =
|
|
158
|
+
if sitemap_entry.is_a?(Hash) && sitemap_entry[:comment].length.positive?
|
|
159
|
+
entry[:comment] = sitemap_entry[:comment]
|
|
160
|
+
entry[:highlight] = sitemap_entry[:highlight]
|
|
160
161
|
else
|
|
161
162
|
request = Base64.strict_decode64(request)
|
|
162
163
|
response = Base64.strict_decode64(response)
|
|
164
|
+
|
|
163
165
|
http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
|
|
164
166
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
165
167
|
system_role_content: system_role_content,
|
|
@@ -173,16 +175,17 @@ module PWN
|
|
|
173
175
|
entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
|
|
174
176
|
end
|
|
175
177
|
|
|
176
|
-
|
|
178
|
+
update_proxy_history(
|
|
177
179
|
burp_obj: burp_obj,
|
|
178
180
|
entry: entry
|
|
179
181
|
)
|
|
180
182
|
end
|
|
183
|
+
sleep Random.rand(30..60)
|
|
181
184
|
|
|
182
|
-
when :
|
|
183
|
-
sitemap = get_sitemap(burp_obj: burp_obj)
|
|
185
|
+
when :sitemap
|
|
184
186
|
proxy_history = get_proxy_history(burp_obj: burp_obj)
|
|
185
|
-
|
|
187
|
+
sitemap = get_sitemap(burp_obj: burp_obj)
|
|
188
|
+
sitemap.each do |entry|
|
|
186
189
|
next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
|
|
187
190
|
|
|
188
191
|
request = entry[:request]
|
|
@@ -192,26 +195,24 @@ module PWN
|
|
|
192
195
|
protocol = entry[:http_service][:protocol]
|
|
193
196
|
next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
|
|
194
197
|
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
next unless site.key?(:http_service) && site.key?(:request)
|
|
198
|
+
proxy_history_entry = nil
|
|
199
|
+
if proxy_history.any?
|
|
200
|
+
proxy_history_entry = proxy_history.find do |proxy_entry|
|
|
201
|
+
next unless proxy_entry.key?(:http_service) && proxy_entry.key?(:request)
|
|
200
202
|
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
203
|
+
proxy_entry[:http_service][:host] == host &&
|
|
204
|
+
proxy_entry[:http_service][:port] == port &&
|
|
205
|
+
proxy_entry[:http_service][:protocol] == protocol &&
|
|
206
|
+
proxy_entry[:request] == entry[:request]
|
|
205
207
|
end
|
|
206
208
|
end
|
|
207
209
|
|
|
208
|
-
if
|
|
209
|
-
entry[:comment] =
|
|
210
|
-
entry[:highlight] =
|
|
210
|
+
if proxy_history_entry.is_a?(Hash) && proxy_history_entry[:comment].length.positive?
|
|
211
|
+
entry[:comment] = proxy_history_entry[:comment]
|
|
212
|
+
entry[:highlight] = proxy_history_entry[:highlight]
|
|
211
213
|
else
|
|
212
214
|
request = Base64.strict_decode64(request)
|
|
213
215
|
response = Base64.strict_decode64(response)
|
|
214
|
-
|
|
215
216
|
http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
|
|
216
217
|
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
217
218
|
system_role_content: system_role_content,
|
|
@@ -225,11 +226,12 @@ module PWN
|
|
|
225
226
|
entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
|
|
226
227
|
end
|
|
227
228
|
|
|
228
|
-
|
|
229
|
+
update_sitemap(
|
|
229
230
|
burp_obj: burp_obj,
|
|
230
231
|
entry: entry
|
|
231
232
|
)
|
|
232
233
|
end
|
|
234
|
+
sleep Random.rand(60..90)
|
|
233
235
|
|
|
234
236
|
when :websocket_history
|
|
235
237
|
websocket_history = get_websocket_history(burp_obj: burp_obj)
|
|
@@ -259,18 +261,17 @@ module PWN
|
|
|
259
261
|
entry: entry
|
|
260
262
|
)
|
|
261
263
|
end
|
|
264
|
+
sleep Random.rand(3..10)
|
|
262
265
|
end
|
|
263
|
-
|
|
264
|
-
sleep Random.rand(30..60)
|
|
265
266
|
end
|
|
266
267
|
rescue Errno::ECONNREFUSED
|
|
267
|
-
puts
|
|
268
|
+
puts "BurpSuite:#{type} AI Introspection Thread >>> Terminating API Calls..."
|
|
268
269
|
rescue StandardError => e
|
|
269
270
|
puts "BurpSuite AI Introspection Thread Error: #{e}"
|
|
270
271
|
puts e.backtrace
|
|
271
272
|
raise e
|
|
272
273
|
ensure
|
|
273
|
-
puts
|
|
274
|
+
puts "BurpSuite:#{type} AI Introspection Thread >>> Goodbye."
|
|
274
275
|
end
|
|
275
276
|
|
|
276
277
|
burp_obj[:introspection_threads] = introspection_thread_arr.push(introspection_thread)
|
data/lib/pwn/plugins.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module PWN
|
|
4
|
-
# This file, using the autoload directive loads
|
|
4
|
+
# This file, using the autoload directive loads Plugins modules
|
|
5
5
|
# into memory only when they're needed. For more information, see:
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
|
7
7
|
module Plugins
|
|
@@ -25,11 +25,9 @@ module PWN
|
|
|
25
25
|
autoload :DetectOS, 'pwn/plugins/detect_os'
|
|
26
26
|
autoload :EIN, 'pwn/plugins/ein'
|
|
27
27
|
autoload :FileFu, 'pwn/plugins/file_fu'
|
|
28
|
-
autoload :FlipperZero, 'pwn/plugins/flipper_zero'
|
|
29
28
|
autoload :Fuzz, 'pwn/plugins/fuzz'
|
|
30
29
|
autoload :Git, 'pwn/plugins/git'
|
|
31
30
|
autoload :Github, 'pwn/plugins/github'
|
|
32
|
-
autoload :GQRX, 'pwn/plugins/gqrx'
|
|
33
31
|
autoload :HackerOne, 'pwn/plugins/hacker_one'
|
|
34
32
|
autoload :Hunter, 'pwn/plugins/hunter'
|
|
35
33
|
autoload :IPInfo, 'pwn/plugins/ip_info'
|
|
@@ -47,8 +45,6 @@ module PWN
|
|
|
47
45
|
autoload :NmapIt, 'pwn/plugins/nmap_it'
|
|
48
46
|
autoload :OAuth2, 'pwn/plugins/oauth2'
|
|
49
47
|
autoload :OCR, 'pwn/plugins/ocr'
|
|
50
|
-
autoload :Ollama, 'pwn/plugins/ollama'
|
|
51
|
-
autoload :OpenAI, 'pwn/plugins/open_ai'
|
|
52
48
|
autoload :OpenAPI, 'pwn/plugins/open_api'
|
|
53
49
|
autoload :OpenVAS, 'pwn/plugins/openvas'
|
|
54
50
|
autoload :Packet, 'pwn/plugins/packet'
|
|
@@ -57,13 +53,11 @@ module PWN
|
|
|
57
53
|
autoload :PS, 'pwn/plugins/ps'
|
|
58
54
|
autoload :RabbitMQ, 'pwn/plugins/rabbit_mq'
|
|
59
55
|
autoload :REPL, 'pwn/plugins/repl'
|
|
60
|
-
autoload :RFIDler, 'pwn/plugins/rfidler'
|
|
61
56
|
autoload :ScannableCodes, 'pwn/plugins/scannable_codes'
|
|
62
57
|
autoload :Serial, 'pwn/plugins/serial'
|
|
63
58
|
autoload :Shodan, 'pwn/plugins/shodan'
|
|
64
59
|
autoload :SlackClient, 'pwn/plugins/slack_client'
|
|
65
60
|
autoload :Sock, 'pwn/plugins/sock'
|
|
66
|
-
autoload :SonMicroRFID, 'pwn/plugins/son_micro_rfid'
|
|
67
61
|
autoload :Spider, 'pwn/plugins/spider'
|
|
68
62
|
autoload :SSN, 'pwn/plugins/ssn'
|
|
69
63
|
autoload :ThreadPool, 'pwn/plugins/thread_pool'
|
data/lib/pwn/reports.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module PWN
|
|
4
|
-
# This file, using the autoload directive loads
|
|
4
|
+
# This file, using the autoload directive loads Report modules
|
|
5
5
|
# into memory only when they're needed. For more information, see:
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
|
7
7
|
module Reports
|
data/lib/pwn/sast.rb
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
module PWN
|
|
4
|
-
# This file, using the autoload directive loads
|
|
5
|
-
#
|
|
4
|
+
# This file, using the autoload directive loads SAST modules
|
|
5
|
+
# into memory only when they're needed. For more information, see:
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
|
7
7
|
module SAST
|
|
8
8
|
# Zero False Negative SAST Modules
|