RubyGems - pwn - Versions diffs - 0.5.559 → 0.5.562 - Mend

pwn 0.5.559 → 0.5.562

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/Gemfile +14 -14
data/README.md +3 -3
data/documentation/vulnerability_report_template.md +37 -0
data/lib/pwn/ai/agent/vuln_gen.rb +28 -8
data/lib/pwn/version.rb +1 -1
metadata +31 -30

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fdc53928681345465ffd832c8007dbed9e641012d66b3b3771ef7cc782a22c91
-  data.tar.gz: 7b13ad851d000db26135e4222f9ba028fb23d1a33467814cf82df2793c622c59
+  metadata.gz: fcfdf05e72d9c3c650d02dfb875519d3a4d95591e1b32227355b316e6fc1a8a6
+  data.tar.gz: 1af1dc3a3a01390e7b1ee57a5168ed42f58534b2565ebb94da9df120cd5dc21c
 SHA512:
-  metadata.gz: 64453016db14a2a62549c8db83e75881a50f5f68a81d1e3eee611d36399affa44c7b676b42169184fadfdbda40384ef41ca5f2fb6f59a076a87f2977a1203d83
-  data.tar.gz: f5dd134b7c906cd4f200a09f19752c505933fb6bd94f2b7806584dd869ed4fe2d98eac6dc077cb7e492d33b26e2efef4af517177faf0f8bc2ad41350d0d509f0
+  metadata.gz: a7344c5b670d5fa5b93e1f93c3a0a79830a7d1f790b8276ebfe9e7de730ab6f06bfccbc8d43ed47827de7d0b5a2df295dde687ee8e4cc5f009e10935f83be4a9
+  data.tar.gz: 84d8a15f6eedf53563a3c0261c3c34544afefb195778f70bdfbf9a2db360b8e31e69ae6b747f243e6410715a50d816250655832386f01fa254d824dc9163cbee

data/Gemfile CHANGED Viewed

@@ -20,7 +20,7 @@ gem 'base32', '0.3.4'
 gem 'bitcoin-ruby', '0.0.20'
 gem 'brakeman', '8.0.4'
 gem 'bson', '5.2.0'
-gem 'bundler', '>=4.0.10'
+gem 'bundler', '>=4.0.11'
 gem 'bundler-audit', '>=0.9.3'
 gem 'bunny', '3.1.0'
 gem 'colorize', '1.1.0'
@@ -29,7 +29,7 @@ gem 'curses', '1.6.0'
 gem 'diffy', '3.4.4'
 gem 'eventmachine', '1.2.7'
 gem 'executable-hooks', '1.7.1'
-gem 'faker', '3.6.1'
+gem 'faker', '3.8.0'
 gem 'faye-websocket', '0.12.0'
 gem 'ffi', '1.17.4'
 # gem 'fftw3', '0.3'
@@ -49,17 +49,17 @@ gem 'jwt', '3.1.2'
 gem 'libusb', '0.7.2'
 gem 'luhn', '3.0.0'
 gem 'mail', '2.9.0'
-gem 'mcp', '0.11.0'
-gem 'meshtastic', '0.0.159'
+gem 'mcp', '0.14.0'
+gem 'meshtastic', '0.0.160'
 gem 'metasm', '1.0.5'
-gem 'mongo', '2.23.0'
+gem 'mongo', '2.24.0'
 gem 'msfrpc-client', '1.1.2'
 gem 'netaddr', '2.0.6'
 gem 'net-ldap', '0.20.0'
 gem 'net-openvpn', '0.8.7'
 gem 'net-smtp', '0.5.1'
 gem 'nexpose', '7.3.0'
-gem 'nokogiri', '1.19.2'
+gem 'nokogiri', '1.19.3'
 gem 'nokogiri-diff', '0.3.0'
 gem 'oily_png', '1.2.1'
 gem 'open3', '0.2.1'
@@ -71,9 +71,9 @@ gem 'pdf-reader', '2.15.1'
 gem 'pg', '1.6.3'
 gem 'pry', '0.16.0'
 gem 'pry-doc', '1.7.0'
-gem 'rake', '13.3.1'
+gem 'rake', '13.4.2'
 gem 'rb-readline', '0.5.5'
-gem 'rbvmomi2', '3.8.0'
+gem 'rbvmomi2', '3.10.0'
 gem 'rdoc', '7.0.3'
 gem 'rest-client', '2.1.0'
 gem 'rex', '2.0.13'
@@ -81,7 +81,7 @@ gem 'rmagick', '6.3.0'
 gem 'rqrcode', '3.2.0'
 gem 'rspec', '3.13.2'
 gem 'rtesseract', '3.1.4'
-gem 'rubocop', '1.86.0'
+gem 'rubocop', '1.86.1'
 gem 'rubocop-rake', '0.7.1'
 gem 'rubocop-rspec', '3.9.0'
 gem 'ruby-audio', '1.6.1'
@@ -89,12 +89,12 @@ gem 'ruby-nmap', '1.0.3'
 gem 'ruby-saml', '1.18.1'
 gem 'rvm', '1.11.3.9'
 gem 'savon', '2.15.1'
-gem 'selenium-devtools', '0.145.0'
-gem 'selenium-webdriver', '4.41.0'
+gem 'selenium-devtools', '0.147.0'
+gem 'selenium-webdriver', '4.43.0'
 gem 'slack-ruby-client', '3.1.0'
 gem 'socksify', '1.8.1'
-gem 'spreadsheet', '1.3.4'
-gem 'sqlite3', '2.9.2'
+gem 'spreadsheet', '1.3.5'
+gem 'sqlite3', '2.9.3'
 gem 'thin', '2.0.1'
 gem 'tty-prompt', '0.23.1'
 gem 'tty-spinner', '0.9.3'
@@ -105,4 +105,4 @@ gem 'webrick', '1.9.2'
 gem 'whois', '6.0.3'
 gem 'whois-parser', '2.0.0'
 gem 'wicked_pdf', '2.8.2'
-gem 'yard', '0.9.39'
+gem 'yard', '0.9.43'

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.559]:001 >>> PWN.help
+pwn[v0.5.562]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-4.0.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.559]:001 >>> PWN.help
+pwn[v0.5.562]:001 >>> PWN.help
 ```
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-4.0.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.559]:001 >>> PWN.help
+pwn[v0.5.562]:001 >>> PWN.help
 ```
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/documentation/vulnerability_report_template.md ADDED Viewed

@@ -0,0 +1,37 @@
+# Vulnerability Report Template
+**Program:** [HackerOne Program Name]
+**Report Date:** [YYYY-MM-DD]
+**Severity:** [Critical/High/Medium/Low]
+## 1. Detailed finding description with technical depth and PoC when possible
+[Insert deep technical analysis, affected endpoints, steps to reproduce, PoC code/requests here.]
+## 2. Business impact
+[Business/reputational/financial consequences.]
+## 3. Remediation recommendations, including compensating controls / stop gaps
+[Fix recommendations, WAF rules, logging, etc.]
+## 4. CVSS score, vector string, and first.org calculator URI
+**CVSS v3.1 Score:** X.X (High)
+**Vector:** AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
+**Calculator:** https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
+## 5. CWE category, brief description, and CWE URI
+**CWE-XXX:** [Name] - [Brief desc]
+https://cwe.mitre.org/data/definitions/XXX.html
+## 6. Relevant NIST 800-53 control
+**Control:** [e.g. SI-10, AC-6]
+[Description and how it maps.]
+---
+*Generated with PWN::AI::Agent::VulnGen*

data/lib/pwn/ai/agent/vuln_gen.rb CHANGED Viewed

@@ -1,18 +1,29 @@
 # frozen_string_literal: true
+require 'fileutils'
 module PWN
   module AI
     module Agent
-      # This module is an AI agent designed to analyze generic vulnerability descriptions and generate detailed security findings, including business impact, remediation recommendations, CVSS scoring, CWE categorization, and relevant NIST 800-53 controls. It leverages the PWN::AI::Introspection.reflect_on method to process the input request and produce comprehensive markdown-formatted findings.
+      # This module is an AI agent designed to analyze generic vulnerability descriptions and generate detailed security findings following the exact bug bounty writeup structure:
+      # 1. Detailed finding description with technical depth and PoC when possible
+      # 2. Business impact
+      # 3. Remediation recommendations, including compensating controls / stop gaps
+      # 4. CVSS score, vector string, and first.org calculator URI
+      # 5. CWE category, brief description, and CWE URI
+      # 6. Relevant NIST 800-53 control
+      # It leverages the PWN::AI::Introspection.reflect_on method. Defaults to Jira for existing workflow compatibility.
       module VulnGen
         # Supported Method Parameters::
         # ai_analysis = PWN::AI::Agent::VulnGen.analyze(
         #   request: 'required - high level description of vulnerability discovered (e.g. "Discovered a SQLi vulnerability in /login"',
-        #   markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)'
+        #   markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)',
+        #   output_path: 'optional - path to save the generated markdown report'
         # )
         public_class_method def self.analyze(opts = {})
           request = opts[:request]
+          output_path = opts[:output_path]
           raise 'ERROR: request parameter is required' if request.nil? || request.empty?
           markup_type = opts[:markup_type] ||= :jira
@@ -34,28 +45,36 @@ module PWN
           end
           system_role_content = "
-          _ALWAYS_ Generate #{markup} security findings for the message provided with the following content:
+          _ALWAYS_ Generate #{markup} security findings for the message provided using **EXACTLY** this structure and section headers:
-          1. Detailed Finding Description: This should be a deep, detailed technical description that should include exploit proof-of-concepts when possible.
+          1. Detailed Finding Description: This should be a deep, detailed technical description that should include exploit proof-of-concepts when possible.  The description should be technical in nature and provide enough information for a security engineer to understand the vulnerability and how it can be exploited.  Code snippets should be included where applicable to demonstrate the vulnerability and potential exploit paths.
           2. Business Impact: This should describe, in business terms, the importance of fixing the issue.  Reputational and/or financial impact should be considered for this section.
           3. Remediation Recommendations:  Targeted towards technical engineers that can ascertain a reasonable approach to fix the vulnerability based upon common security remediation patterns.  Be sure to consider compensating controls / stop gaps that can be implemented (e.g. WAF, additional logging, etc.) until such time the vulnerability can be fixed.  Provide examples in cases where code fixes may be required.
-          4. CVSS Score (Severity), Base CVSS Vector string as /AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`, and first.org CVSS calculator URI as https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`.  The Vector string must be formatted like: `/AV:%s/AC:%s/PR:%s/UI:%s/S:%s/C:%s/I:%s/A:%s`.  Ensure the score and severity aligns with the vector string calculation.
+          4. CVSS Score (Severity), Base CVSS Vector string as /AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`, and first.org CVSS calculator URI as https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`.  The Vector string must be formatted like: `/AV:%s/AC:%s/PR:%s/UI:%s/S:%s/C:%s/I:%s/A:%s`.  _Ensure the CVSS score and severity aligns with the vector string calculation._
           5. CWE Category, Brief CWE description, and CWE URI
           6. NIST 800-53 Security Control that is impacted by this vulnerability.
           "
-          PWN::AI::Introspection.reflect_on(
+          analysis = PWN::AI::Introspection.reflect_on(
             system_role_content: system_role_content,
             request: request,
             suppress_pii_warning: true
           )
+          if output_path
+            FileUtils.mkdir_p(File.dirname(output_path))
+            File.write(output_path, analysis.to_s)
+            puts "\nVulnerability report written to: #{output_path}"
+          end
+          analysis
         rescue StandardError => e
-          raise e.backtrace
+          raise e
         end
         # Author(s):: 0day Inc. <support@0dayinc.com>
@@ -72,7 +91,8 @@ module PWN
           puts "USAGE:
             ai_analysis = #{self}.analyze(
               request: 'required - high level description of vulnerability discovered (e.g. \"Discovered a SQLi vulnerability in /login\"',
-              markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)'
+              markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)',
+              output_path: 'optional - full path to save the generated report as .md (e.g. /home/claw/reports/sqli-finding.md)'
             )
             #{self}.authors

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.5.559'
+  VERSION = '0.5.562'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.559
+  version: 0.5.562
 platform: ruby
 authors:
 - 0day Inc.
@@ -141,14 +141,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.10
+        version: 4.0.11
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.10
+        version: 4.0.11
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -267,14 +267,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.6.1
+        version: 3.8.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.6.1
+        version: 3.8.0
 - !ruby/object:Gem::Dependency
   name: faye-websocket
   requirement: !ruby/object:Gem::Requirement
@@ -533,28 +533,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.11.0
+        version: 0.14.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.11.0
+        version: 0.14.0
 - !ruby/object:Gem::Dependency
   name: meshtastic
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.159
+        version: 0.0.160
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.0.159
+        version: 0.0.160
 - !ruby/object:Gem::Dependency
   name: metasm
   requirement: !ruby/object:Gem::Requirement
@@ -575,14 +575,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.23.0
+        version: 2.24.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.23.0
+        version: 2.24.0
 - !ruby/object:Gem::Dependency
   name: msfrpc-client
   requirement: !ruby/object:Gem::Requirement
@@ -673,14 +673,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.19.2
+        version: 1.19.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.19.2
+        version: 1.19.3
 - !ruby/object:Gem::Dependency
   name: nokogiri-diff
   requirement: !ruby/object:Gem::Requirement
@@ -841,14 +841,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 13.3.1
+        version: 13.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 13.3.1
+        version: 13.4.2
 - !ruby/object:Gem::Dependency
   name: rb-readline
   requirement: !ruby/object:Gem::Requirement
@@ -869,14 +869,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.8.0
+        version: 3.10.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.8.0
+        version: 3.10.0
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
@@ -981,14 +981,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.86.0
+        version: 1.86.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.86.0
+        version: 1.86.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -1093,28 +1093,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.145.0
+        version: 0.147.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.145.0
+        version: 0.147.0
 - !ruby/object:Gem::Dependency
   name: selenium-webdriver
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.41.0
+        version: 4.43.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.41.0
+        version: 4.43.0
 - !ruby/object:Gem::Dependency
   name: slack-ruby-client
   requirement: !ruby/object:Gem::Requirement
@@ -1149,28 +1149,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.2
+        version: 2.9.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.2
+        version: 2.9.3
 - !ruby/object:Gem::Dependency
   name: thin
   requirement: !ruby/object:Gem::Requirement
@@ -1317,14 +1317,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.9.39
+        version: 0.9.43
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.9.39
+        version: 0.9.43
 description: https://github.com/0dayinc/pwn/README.md
 email:
 - request.pentest@0dayinc.com
@@ -1463,6 +1463,7 @@ files:
 - documentation/pwn_wallpaper.jpg
 - documentation/ringing-spectrogram.png
 - documentation/ringing-waveform.png
+- documentation/vulnerability_report_template.md
 - etc/systemd/msfrpcd.service
 - etc/systemd/openvas.service
 - etc/userland/aws/apache2/jenkins_443.conf
@@ -2483,7 +2484,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.10
+rubygems_version: 4.0.11
 specification_version: 4
 summary: Automated Security Testing for CI/CD Pipelines & Beyond
 test_files: []