pwn 0.5.561 → 0.5.562

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: da1f346a63c2a3b01cdb7ec600e6ae7a727ae4598d271c314282e8277f09a27d
-  data.tar.gz: 8226717e5181b99a8d2640fc46d97b33d7f9904d01b62f57bb919b42d3b6275b
+  metadata.gz: fcfdf05e72d9c3c650d02dfb875519d3a4d95591e1b32227355b316e6fc1a8a6
+  data.tar.gz: 1af1dc3a3a01390e7b1ee57a5168ed42f58534b2565ebb94da9df120cd5dc21c
 SHA512:
-  metadata.gz: 5b7db3ff61f7a3c57271674712613d8501e10072f0a8442623f1ef9138d36e4444f90c3afd507f0b0946120e4e1c22393a6978c8d0d96c1aaeada080bcea0425
-  data.tar.gz: b0d75d83a38592831c55a21b5f00fd9a362e2ad1c224afe72f27a9065ca060065b3a5425b82a059c669ca3770e8b61b9abf6454829361750412646ec34d6844b
+  metadata.gz: a7344c5b670d5fa5b93e1f93c3a0a79830a7d1f790b8276ebfe9e7de730ab6f06bfccbc8d43ed47827de7d0b5a2df295dde687ee8e4cc5f009e10935f83be4a9
+  data.tar.gz: 84d8a15f6eedf53563a3c0261c3c34544afefb195778f70bdfbf9a2db360b8e31e69ae6b747f243e6410715a50d816250655832386f01fa254d824dc9163cbee

data/Gemfile

@@ -20,7 +20,7 @@ gem 'base32', '0.3.4'
 gem 'bitcoin-ruby', '0.0.20'
 gem 'brakeman', '8.0.4'
 gem 'bson', '5.2.0'
-gem 'bundler', '>=4.0.10'
+gem 'bundler', '>=4.0.11'
 gem 'bundler-audit', '>=0.9.3'
 gem 'bunny', '3.1.0'
 gem 'colorize', '1.1.0'
@@ -49,17 +49,17 @@ gem 'jwt', '3.1.2'
 gem 'libusb', '0.7.2'
 gem 'luhn', '3.0.0'
 gem 'mail', '2.9.0'
-gem 'mcp', '0.13.0'
+gem 'mcp', '0.14.0'
 gem 'meshtastic', '0.0.160'
 gem 'metasm', '1.0.5'
-gem 'mongo', '2.23.0'
+gem 'mongo', '2.24.0'
 gem 'msfrpc-client', '1.1.2'
 gem 'netaddr', '2.0.6'
 gem 'net-ldap', '0.20.0'
 gem 'net-openvpn', '0.8.7'
 gem 'net-smtp', '0.5.1'
 gem 'nexpose', '7.3.0'
-gem 'nokogiri', '1.19.2'
+gem 'nokogiri', '1.19.3'
 gem 'nokogiri-diff', '0.3.0'
 gem 'oily_png', '1.2.1'
 gem 'open3', '0.2.1'
@@ -73,7 +73,7 @@ gem 'pry', '0.16.0'
 gem 'pry-doc', '1.7.0'
 gem 'rake', '13.4.2'
 gem 'rb-readline', '0.5.5'
-gem 'rbvmomi2', '3.9.0'
+gem 'rbvmomi2', '3.10.0'
 gem 'rdoc', '7.0.3'
 gem 'rest-client', '2.1.0'
 gem 'rex', '2.0.13'
@@ -93,7 +93,7 @@ gem 'selenium-devtools', '0.147.0'
 gem 'selenium-webdriver', '4.43.0'
 gem 'slack-ruby-client', '3.1.0'
 gem 'socksify', '1.8.1'
-gem 'spreadsheet', '1.3.4'
+gem 'spreadsheet', '1.3.5'
 gem 'sqlite3', '2.9.3'
 gem 'thin', '2.0.1'
 gem 'tty-prompt', '0.23.1'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.561]:001 >>> PWN.help
+pwn[v0.5.562]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-4.0.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.561]:001 >>> PWN.help
+pwn[v0.5.562]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-4.0.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.561]:001 >>> PWN.help
+pwn[v0.5.562]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/documentation/vulnerability_report_template.md

@@ -0,0 +1,37 @@
+# Vulnerability Report Template
+
+**Program:** [HackerOne Program Name]
+**Report Date:** [YYYY-MM-DD]
+**Severity:** [Critical/High/Medium/Low]
+
+## 1. Detailed finding description with technical depth and PoC when possible
+
+[Insert deep technical analysis, affected endpoints, steps to reproduce, PoC code/requests here.]
+
+## 2. Business impact
+
+[Business/reputational/financial consequences.]
+
+## 3. Remediation recommendations, including compensating controls / stop gaps
+
+[Fix recommendations, WAF rules, logging, etc.]
+
+## 4. CVSS score, vector string, and first.org calculator URI
+
+**CVSS v3.1 Score:** X.X (High)
+**Vector:** AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
+**Calculator:** https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
+
+## 5. CWE category, brief description, and CWE URI
+
+**CWE-XXX:** [Name] - [Brief desc]
+https://cwe.mitre.org/data/definitions/XXX.html
+
+## 6. Relevant NIST 800-53 control
+
+**Control:** [e.g. SI-10, AC-6]
+[Description and how it maps.]
+
+---
+
+*Generated with PWN::AI::Agent::VulnGen*

data/lib/pwn/ai/agent/vuln_gen.rb

@@ -1,18 +1,29 @@
 # frozen_string_literal: true
 
+require 'fileutils'
+
 module PWN
   module AI
     module Agent
-      # This module is an AI agent designed to analyze generic vulnerability descriptions and generate detailed security findings, including business impact, remediation recommendations, CVSS scoring, CWE categorization, and relevant NIST 800-53 controls. It leverages the PWN::AI::Introspection.reflect_on method to process the input request and produce comprehensive markdown-formatted findings.
+      # This module is an AI agent designed to analyze generic vulnerability descriptions and generate detailed security findings following the exact bug bounty writeup structure:
+      # 1. Detailed finding description with technical depth and PoC when possible
+      # 2. Business impact
+      # 3. Remediation recommendations, including compensating controls / stop gaps
+      # 4. CVSS score, vector string, and first.org calculator URI
+      # 5. CWE category, brief description, and CWE URI
+      # 6. Relevant NIST 800-53 control
+      # It leverages the PWN::AI::Introspection.reflect_on method. Defaults to Jira for existing workflow compatibility.
       module VulnGen
         # Supported Method Parameters::
         # ai_analysis = PWN::AI::Agent::VulnGen.analyze(
         #   request: 'required - high level description of vulnerability discovered (e.g. "Discovered a SQLi vulnerability in /login"',
-        #   markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)'
+        #   markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)',
+        #   output_path: 'optional - path to save the generated markdown report'
         # )
 
         public_class_method def self.analyze(opts = {})
           request = opts[:request]
+          output_path = opts[:output_path]
           raise 'ERROR: request parameter is required' if request.nil? || request.empty?
 
           markup_type = opts[:markup_type] ||= :jira
@@ -34,28 +45,36 @@ module PWN
           end
 
           system_role_content = "
-          _ALWAYS_ Generate #{markup} security findings for the message provided with the following content:
+          _ALWAYS_ Generate #{markup} security findings for the message provided using **EXACTLY** this structure and section headers:
 
-          1. Detailed Finding Description: This should be a deep, detailed technical description that should include exploit proof-of-concepts when possible.
+          1. Detailed Finding Description: This should be a deep, detailed technical description that should include exploit proof-of-concepts when possible.  The description should be technical in nature and provide enough information for a security engineer to understand the vulnerability and how it can be exploited.  Code snippets should be included where applicable to demonstrate the vulnerability and potential exploit paths.
 
           2. Business Impact: This should describe, in business terms, the importance of fixing the issue.  Reputational and/or financial impact should be considered for this section.
 
           3. Remediation Recommendations:  Targeted towards technical engineers that can ascertain a reasonable approach to fix the vulnerability based upon common security remediation patterns.  Be sure to consider compensating controls / stop gaps that can be implemented (e.g. WAF, additional logging, etc.) until such time the vulnerability can be fixed.  Provide examples in cases where code fixes may be required.
 
-          4. CVSS Score (Severity), Base CVSS Vector string as /AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`, and first.org CVSS calculator URI as https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`.  The Vector string must be formatted like: `/AV:%s/AC:%s/PR:%s/UI:%s/S:%s/C:%s/I:%s/A:%s`.  Ensure the score and severity aligns with the vector string calculation.
+          4. CVSS Score (Severity), Base CVSS Vector string as /AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`, and first.org CVSS calculator URI as https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`.  The Vector string must be formatted like: `/AV:%s/AC:%s/PR:%s/UI:%s/S:%s/C:%s/I:%s/A:%s`.  _Ensure the CVSS score and severity aligns with the vector string calculation._
 
           5. CWE Category, Brief CWE description, and CWE URI
 
           6. NIST 800-53 Security Control that is impacted by this vulnerability.
           "
 
-          PWN::AI::Introspection.reflect_on(
+          analysis = PWN::AI::Introspection.reflect_on(
             system_role_content: system_role_content,
             request: request,
             suppress_pii_warning: true
           )
+
+          if output_path
+            FileUtils.mkdir_p(File.dirname(output_path))
+            File.write(output_path, analysis.to_s)
+            puts "\nVulnerability report written to: #{output_path}"
+          end
+
+          analysis
         rescue StandardError => e
-          raise e.backtrace
+          raise e
         end
 
         # Author(s):: 0day Inc. <support@0dayinc.com>
@@ -72,7 +91,8 @@ module PWN
           puts "USAGE:
             ai_analysis = #{self}.analyze(
               request: 'required - high level description of vulnerability discovered (e.g. \"Discovered a SQLi vulnerability in /login\"',
-              markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)'
+              markup_type: 'optional - specify the type of markup to generate :jira|:markdown|:html|:confluence|:xml (default: :jira)',
+              output_path: 'optional - full path to save the generated report as .md (e.g. /home/claw/reports/sqli-finding.md)'
             )
 
             #{self}.authors

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.561'
+  VERSION = '0.5.562'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.561
+  version: 0.5.562
 platform: ruby
 authors:
 - 0day Inc.
@@ -141,14 +141,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.10
+        version: 4.0.11
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.0.10
+        version: 4.0.11
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -533,14 +533,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.13.0
+        version: 0.14.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.13.0
+        version: 0.14.0
 - !ruby/object:Gem::Dependency
   name: meshtastic
   requirement: !ruby/object:Gem::Requirement
@@ -575,14 +575,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.23.0
+        version: 2.24.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.23.0
+        version: 2.24.0
 - !ruby/object:Gem::Dependency
   name: msfrpc-client
   requirement: !ruby/object:Gem::Requirement
@@ -673,14 +673,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.19.2
+        version: 1.19.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.19.2
+        version: 1.19.3
 - !ruby/object:Gem::Dependency
   name: nokogiri-diff
   requirement: !ruby/object:Gem::Requirement
@@ -869,14 +869,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: 3.10.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.9.0
+        version: 3.10.0
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
@@ -1149,14 +1149,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.3.4
+        version: 1.3.5
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -1463,6 +1463,7 @@ files:
 - documentation/pwn_wallpaper.jpg
 - documentation/ringing-spectrogram.png
 - documentation/ringing-waveform.png
+- documentation/vulnerability_report_template.md
 - etc/systemd/msfrpcd.service
 - etc/systemd/openvas.service
 - etc/userland/aws/apache2/jenkins_443.conf
@@ -2483,7 +2484,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.10
+rubygems_version: 4.0.11
 specification_version: 4
 summary: Automated Security Testing for CI/CD Pipelines & Beyond
 test_files: []