pwn 0.5.532 → 0.5.534

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ac373c33f4440155c8497862905fccff4a379c9ead0e5db1aa47f3239cbb5f3
-  data.tar.gz: 23a97347a0f5cf48a8c29ba9c06a0e946cb27976b2c9d3b224e025d20e48447a
+  metadata.gz: db3ea69e1f438111e509b6804f35881807e884b9fc78f24ce1709b7b9eb48a81
+  data.tar.gz: abc44bd86a1c8e7e96021a01781695cc042d42ae80268e9f3628809c8952db3e
 SHA512:
-  metadata.gz: 49124cf7885e5208523b3c9cd03f7f033e05121abb21dd2087cbebe67dc9924753e5cd4758fb0a3cc9aa49c39fd0da952be85d31b37127acba419fad792fb6e5
-  data.tar.gz: dc46bce0905a436a7395f0d1c04dd4b69af82f44d3970dda76232466090f736eaee6cf40aed0dc5b4fb15114c7a0d4492044cc88422faa76f57ea72ca582148c
+  metadata.gz: a4d6cb9b3a97311baad192e618e0124cbfa11d29b172860cbbc247109d62de675f0f9279ebc487b923b5cb2d482d478a6261e7cbd6bf6fcd3b498dcef59fb89f
+  data.tar.gz: 4e44bdb57b158c6b5129b969dd3411f6a47c2cb15f663399a68df5043ad5bf48f50a20c484e20a05c16607d752d64ae5d1381cdaf53aadf5342ba10a09941cf6

data/.rubocop.yml

@@ -18,7 +18,7 @@ Metrics/CyclomaticComplexity:
 Metrics/MethodLength:
   Max: 733
 Metrics/ModuleLength:
-  Max: 1563
+  Max: 1574
 Metrics/PerceivedComplexity:
   Max: 157
 Style/HashEachMethods:

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2025-11-24 21:22:25 UTC using RuboCop version 1.81.7.
+# on 2026-01-26 19:15:57 UTC using RuboCop version 1.82.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -30,7 +30,13 @@ Lint/RedundantTypeConversion:
     - 'lib/pwn/plugins/jenkins.rb'
     - 'lib/pwn/plugins/repl.rb'
 
-# Offense count: 294
+# Offense count: 4
+Lint/ShadowedException:
+  Exclude:
+    - 'lib/pwn/sdr/decoder/flex.rb'
+    - 'lib/pwn/sdr/decoder/pocsag.rb'
+
+# Offense count: 301
 # This cop supports safe autocorrection (--autocorrect).
 Lint/UselessAssignment:
   Enabled: false
@@ -137,11 +143,13 @@ Style/MultipleComparison:
     - 'lib/pwn/www/duckduckgo.rb'
     - 'lib/pwn/www/twitter.rb'
 
-# Offense count: 1
+# Offense count: 5
 # This cop supports safe autocorrection (--autocorrect).
 Style/RedundantBegin:
   Exclude:
     - 'lib/pwn/plugins/transparent_browser.rb'
+    - 'lib/pwn/sdr/decoder/flex.rb'
+    - 'lib/pwn/sdr/decoder/pocsag.rb'
 
 # Offense count: 94
 # This cop supports safe autocorrection (--autocorrect).
@@ -151,6 +159,13 @@ Style/RedundantCondition:
   Exclude:
     - 'lib/pwn/plugins/packet.rb'
 
+# Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantSelf:
+  Exclude:
+    - 'lib/pwn/sdr/decoder/flex.rb'
+    - 'lib/pwn/sdr/decoder/pocsag.rb'
+
 # Offense count: 12
 # This cop supports safe autocorrection (--autocorrect).
 Style/RedundantStringEscape:
@@ -161,6 +176,13 @@ Style/RedundantStringEscape:
     - 'lib/pwn/sast/redos.rb'
     - 'vagrant/provisioners/kali_customize.rb'
 
+# Offense count: 6
+# This cop supports safe autocorrection (--autocorrect).
+Style/RescueModifier:
+  Exclude:
+    - 'lib/pwn/sdr/decoder/flex.rb'
+    - 'lib/pwn/sdr/decoder/pocsag.rb'
+
 # Offense count: 19
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:

data/Gemfile

@@ -20,7 +20,7 @@ gem 'base32', '0.3.4'
 gem 'bitcoin-ruby', '0.0.20'
 gem 'brakeman', '7.1.2'
 gem 'bson', '5.2.0'
-gem 'bundler', '>=4.0.3'
+gem 'bundler', '>=4.0.4'
 gem 'bundler-audit', '>=0.9.3'
 gem 'bunny', '2.24.0'
 gem 'colorize', '1.1.0'
@@ -29,7 +29,7 @@ gem 'curses', '1.5.3'
 gem 'diffy', '3.4.4'
 gem 'eventmachine', '1.2.7'
 gem 'executable-hooks', '1.7.1'
-gem 'faker', '3.5.3'
+gem 'faker', '3.6.0'
 gem 'faye-websocket', '0.12.0'
 gem 'ffi', '1.17.3'
 # gem 'fftw3', '0.3'
@@ -49,6 +49,7 @@ gem 'jwt', '3.1.2'
 gem 'libusb', '0.7.2'
 gem 'luhn', '3.0.0'
 gem 'mail', '2.9.0'
+gem 'mcp', '0.6.0'
 gem 'meshtastic', '0.0.151'
 gem 'metasm', '1.0.5'
 gem 'mongo', '2.22.0'
@@ -69,11 +70,11 @@ gem 'packetgen', '4.1.1'
 gem 'pdf-reader', '2.15.1'
 gem 'pg', '1.6.3'
 gem 'pry', '0.16.0'
-gem 'pry-doc', '1.6.0'
+gem 'pry-doc', '1.7.0'
 gem 'rake', '13.3.1'
 gem 'rb-readline', '0.5.5'
 gem 'rbvmomi2', '3.8.0'
-gem 'rdoc', '7.0.3'
+gem 'rdoc', '7.1.0'
 gem 'rest-client', '2.1.0'
 gem 'rex', '2.0.13'
 gem 'rmagick', '6.1.5'
@@ -89,7 +90,7 @@ gem 'ruby-saml', '1.18.1'
 gem 'rvm', '1.11.3.9'
 gem 'savon', '2.15.1'
 gem 'selenium-devtools', '0.143.0'
-gem 'selenium-webdriver', '4.39.0'
+gem 'selenium-webdriver', '4.40.0'
 gem 'slack-ruby-client', '3.1.0'
 gem 'socksify', '1.8.1'
 gem 'spreadsheet', '1.3.4'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.532]:001 >>> PWN.help
+pwn[v0.5.534]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-4.0.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.532]:001 >>> PWN.help
+pwn[v0.5.534]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-4.0.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.532]:001 >>> PWN.help
+pwn[v0.5.534]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/burp_suite.rb

@@ -124,6 +124,7 @@ module PWN
               highlight_color
             end
 
+            default_http_ports = [80, 443]
             loop do
               # TODO: Implement repeater into the loop?  This reduces load to LLM but is slooow.
               # Repeater should analyze the reqesut/response pair and suggest
@@ -133,15 +134,20 @@ module PWN
                 sitemap = get_sitemap(burp_obj: burp_obj)
                 proxy_history = get_proxy_history(burp_obj: burp_obj)
                 proxy_history.each do |entry|
-                  next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
-
                   request = entry[:request]
                   response = entry[:response]
-                  host = entry[:http_service][:host]
-                  port = entry[:http_service][:port]
-                  protocol = entry[:http_service][:protocol]
+                  http_service = entry[:http_service]
+                  protocol = http_service[:protocol]
+                  host = http_service[:host]
+                  port = http_service[:port]
                   next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
 
+                  uri = "#{protocol}://#{host}"
+                  uri = "#{protocol}://#{host}:#{port}" unless default_http_ports.include?(port)
+                  next unless in_scope(burp_obj: burp_obj, uri: uri)
+
+                  next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
+
                   # If sitemap comment and highlight color exists, use that instead of re-analyzing
                   sitemap_entry = nil
                   if sitemap.any?
@@ -186,15 +192,20 @@ module PWN
                 proxy_history = get_proxy_history(burp_obj: burp_obj)
                 sitemap = get_sitemap(burp_obj: burp_obj)
                 sitemap.each do |entry|
-                  next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
-
                   request = entry[:request]
                   response = entry[:response]
-                  host = entry[:http_service][:host]
-                  port = entry[:http_service][:port]
-                  protocol = entry[:http_service][:protocol]
+                  http_service = entry[:http_service]
+                  protocol = http_service[:protocol]
+                  host = http_service[:host]
+                  port = http_service[:port]
                   next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
 
+                  uri = "#{protocol}://#{host}"
+                  uri = "#{protocol}://#{host}:#{port}" unless default_http_ports.include?(port)
+                  next unless in_scope(burp_obj: burp_obj, uri: uri)
+
+                  next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
+
                   proxy_history_entry = nil
                   if proxy_history.any?
                     proxy_history_entry = proxy_history.find do |proxy_entry|
@@ -236,6 +247,9 @@ module PWN
               when :websocket_history
                 websocket_history = get_websocket_history(burp_obj: burp_obj)
                 websocket_history.each do |entry|
+                  uri = entry[:url]
+                  next unless in_scope(burp_obj: burp_obj, uri: uri)
+
                   next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
 
                   web_socket_id = entry[:web_socket_id]

data/lib/pwn/plugins/file_fu.rb

@@ -60,6 +60,50 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters:
+      # PWN::Plugins::FileFu.shift_file_up(
+      #   path:       'required - path to file to shift up',
+      #   bytes:      'required - number of bytes to shift up (remove from beginning)',
+      #   buffer_size: 'optional - buffer size to use when shifting (default: 256KB)'
+      # )
+
+      public_class_method def self.shift_file_up(opts = {})
+        path = opts[:path].to_s.scrub
+        raise "PWN Error: File #{path} does not exist" unless File.exist?(path)
+
+        bytes = opts[:bytes].to_i
+        raise 'PWN Error: bytes must be greater than or equal to 0' unless bytes >= 0
+
+        # Default buffer size = 256 KiB — good general-purpose value
+        buffer_size = (opts[:buffer_size] || (256 * 1024)).to_i
+        raise 'PWN Error: buffer_size must be greater than 0' unless buffer_size.positive?
+
+        # 'r+b' = read/write + binary mode
+        File.open(path, 'r+b') do |f|
+          size = f.stat.size
+          break if bytes >= size
+
+          read_pos  = bytes
+          write_pos = 0
+          buffer    = String.new(capacity: buffer_size)
+
+          while read_pos < size
+            f.seek(read_pos)
+            chunk = f.read(buffer_size, buffer) or break
+
+            bytes_read = chunk.bytesize
+
+            f.seek(write_pos)
+            f.write(buffer.byteslice(0, bytes_read))
+
+            read_pos  += bytes_read
+            write_pos += bytes_read
+          end
+
+          f.truncate(size - bytes)
+        end
+      end
+
       # Author(s):: 0day Inc. <support@0dayinc.com>
 
       public_class_method def self.authors
@@ -85,6 +129,12 @@ module PWN
             destination: 'required - destination folder to save extracted contents'
           )
 
+          #{self}.shift_file_up(
+            path: 'required - path to file to shift up',
+            bytes: 'required - number of bytes to shift up',
+            buffer_size: 'optional - buffer size to use when shifting file up (default: 256 * 1024 / i.e 256KB)'
+          )
+
           #{self}.authors
         "
       end

data/lib/pwn/plugins/sock.rb

@@ -113,89 +113,151 @@ module PWN
 
       # Supported Method Parameters::
       # PWN::Plugins::Sock.check_port_in_use(
-      #   server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
       #   port: 'required - target port',
+      #   server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
       #   protocol: 'optional - :tcp || :udp (defaults to tcp)'
       # )
 
       public_class_method def self.check_port_in_use(opts = {})
-        server_ip = opts[:server_ip]
-        server_ip ||= '127.0.0.1'
-        port = opts[:port]
-        protocol = opts[:protocol]
-        protocol ||= :tcp
+        server_ip = opts[:server_ip] ||= '127.0.0.1'
+        port      = opts[:port]
+        protocol  = (opts[:protocol] ||= :tcp).to_s.downcase.to_sym
 
-        # TODO: Add proxy support
+        ct = 0.5 # connect timeout in seconds
 
-        ct = 1
-        s = Socket.tcp(server_ip, port, connect_timeout: ct) if protocol == :tcp
-        s = Socket.udp(server_ip, port, connect_timeout: ct) if protocol == :udp
-        s.close
+        case protocol
+        when :tcp
+          # Use &:close intead of block
+          Socket.tcp(server_ip, port, connect_timeout: ct, &:close)
+          # Port is already in use (or no permission)
+          true
 
-        true
-      rescue Errno::ECONNREFUSED,
-             Errno::EHOSTUNREACH,
-             Errno::ETIMEDOUT
+        when :udp
+          socket = UDPSocket.new
+          socket.bind(server_ip, port)
+          # Port is NOT in use (or at least we can use it)
+          false
+        else
+          raise "Unsupported protocol: #{protocol}"
+        end
+      rescue Errno::EADDRINUSE, # address already in use
+             Errno::EACCES # permission denied
+
+        state = true if protocol == :udp
+        state = false if protocol == :tcp
+
+        state
+      rescue Errno::ECONNREFUSED, # connection refused (usually means port exists but no listener)
+             Errno::EHOSTUNREACH, # host unreachable
+             Errno::ETIMEDOUT # connection timed out
+
+        # Port is NOT in use (or at least we can use it)
+        false
+      rescue SocketError => e
+        # Usually means invalid address / interface
+        raise "Socket error while checking port #{port}: #{e.message}"
+      rescue StandardError => e
+        warn "[!] Unexpected error while checking port: #{e.class} – #{e.message}"
         false
+      ensure
+        socket.close if protocol == :udp && !socket.nil?
       end
 
       # Supported Method Parameters::
-      # PWN::Plugins::Sock.listen(
-      #   server_ip: 'required - target host or ip to listen',
+      # listen_obj = PWN::Plugins::Sock.listen(
       #   port: 'required - target port',
+      #   server_ip: 'optional - target host or ip to listen (Defaults to 127.0.0.1')',
       #   protocol: 'optional - :tcp || :udp (defaults to tcp)',
-      #   tls: 'optional - boolean listen on TLS-enabled socket (defaults to false)'
+      #   tls: 'optional - boolean listen on TLS-enabled socket (defaults to false)',
+      #   detach: 'optional - boolean to detach listener to background (defaults to false)'
       # )
 
       public_class_method def self.listen(opts = {})
-        server_ip = opts[:server_ip].to_s.scrub
-        port = opts[:port].to_i
-        opts[:protocol].nil? ? protocol = :tcp : protocol = opts[:protocol].to_s.downcase.to_sym
-        tls = true if opts[:tls]
-        tls ||= false
+        port = opts[:port]
+        raise 'ERROR: Missing required parameter: port' if port.nil?
+
+        server_ip = opts[:server_ip] ||= '127.0.0.1'
+        protocol = (opts[:protocol] ||= :tcp).to_s.downcase.to_sym
+        tls = opts[:tls] || false
+        detach = opts[:detach] || false
+
+        listen_obj = nil
 
         case protocol
         when :tcp
+          server = TCPServer.open(server_ip, port)
+
           if tls
-            # Multi-threaded - Not working
-            sock = TCPServer.open(server_ip, port)
             tls_context = OpenSSL::SSL::SSLContext.new
             tls_context.set_params(verify_mode: OpenSSL::SSL::VERIFY_NONE)
-            listen_obj = OpenSSL::SSL::SSLServer.new(sock, tls_context)
-            # loop do
-            #   Thread.start(listen_obj.accept) do |client_thread|
-            #     while (client_input = client_thread.gets)
-            #       puts client_input
-            #     end
-            #     client_thread.close
-            #   end
-            # end
+            # TODO: min_version, ciphers, etc.
+            listen_obj = OpenSSL::SSL::SSLServer.new(server, tls_context)
           else
-            # Multi-threaded
-            listen_obj = TCPServer.open(server_ip, port)
+            listen_obj = server
+          end
+
+          unless detach
+            # Default blocking mode - simple accept-and-handle loop
+            # puts "[*] Listening on #{server_ip}:#{port} (#{tls ? 'TLS' : 'plain'} TCP)..."
+
             loop do
-              Thread.start(listen_obj.accept) do |client_thread|
-                while (client_input = client_thread.gets)
-                  puts client_input
+              client = listen_obj.accept
+              Thread.new(client) do |c|
+                peer = c.peeraddr
+                puts "[+] Connection from #{peer}"
+
+                while (data = c.gets)
+                  puts "[#{peer}] #{data.strip}"
+                  # Optional: echo back
+                  # c.puts "ECHO: #{data}"
                 end
-                client_thread.close
+              rescue Errno::ECONNRESET, Errno::EPIPE, IOError
+                # Client disconnected
+              ensure
+                client.close unless client.nil?
               end
             end
           end
+
         when :udp
-          # Single Threaded
           listen_obj = UDPSocket.new
           listen_obj.bind(server_ip, port)
-          while (client_input = listen_obj.recvmsg)
-            puts client_input[0]
+
+          # puts "[*] Listening on #{server_ip}:#{port} (UDP)..."
+
+          unless detach
+            # Simple single-threaded UDP receive loop
+            loop do
+              msg, addrinfo = listen_obj.recvmsg
+              next unless msg && !msg.empty?
+
+              peer = "#{addrinfo.ip_address}:#{addrinfo.ip_port}"
+              puts "[#{peer}] #{msg.inspect}"
+              # Optional: echo back
+              # listen_obj.send("ECHO: #{msg}", 0, addrinfo.ip_address, addrinfo.ip_port)
+            end
           end
+
         else
           raise "Unsupported protocol: #{protocol}"
         end
+
+        loop do
+          listening = check_port_in_use(
+            server_ip: server_ip,
+            port: port,
+            protocol: protocol
+          )
+          break if listening
+        end
+
+        listen_obj
+      rescue Interrupt
+        puts "\n[!] Caught interrupt, shutting down listener..."
       rescue StandardError => e
-        raise e
+        raise
       ensure
-        listen_obj = disconnect(sock_obj: listen_obj) unless listen_obj.nil?
+        listen_obj.close unless listen_obj.nil? || detach
       end
 
       # Supported Method Parameters::
@@ -275,11 +337,12 @@ module PWN
             protocol: 'optional - :tcp || :udp (defaults to tcp)'
           )
 
-          #{self}.listen(
-            server_ip: 'required - target host or ip to listen',
+          listen_obj = #{self}.listen(
             port: 'required - target port',
+            server_ip: 'optional - target host or ip to listen (Defaults to 127.0.0.1')',
             protocol: 'optional - :tcp || :udp (defaults to tcp)',
-            tls: 'optional - boolean listen on TLS-enabled socket (defaults to false)'
+            tls: 'optional - boolean listen on TLS-enabled socket (defaults to false)',
+            detach: 'optional - boolean to detach listener to background (defaults to false)'
           )
 
           cert_obj = #{self}.get_tls_cert(