pwn 0.5.62 → 0.5.63
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop_todo.yml +8 -13
- data/Gemfile +1 -1
- data/README.md +3 -3
- data/bin/pwn +7 -7
- data/etc/pwn.yaml.EXAMPLE +1 -1
- data/lib/pwn/plugins/ollama.rb +853 -0
- data/lib/pwn/plugins/vault.rb +199 -0
- data/lib/pwn/plugins.rb +2 -1
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/plugins/{ansible_vault_spec.rb → ollama_spec.rb} +3 -3
- data/spec/lib/pwn/plugins/vault_spec.rb +15 -0
- metadata +8 -6
- data/lib/pwn/plugins/ansible_vault.rb +0 -73
@@ -0,0 +1,199 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'base64'
|
4
|
+
require 'openssl'
|
5
|
+
require 'yaml'
|
6
|
+
|
7
|
+
module PWN
|
8
|
+
module Plugins
|
9
|
+
# Used to encrypt/decrypt configuration files leveraging AES256
|
10
|
+
module Vault
|
11
|
+
# Supported Method Parameters::
|
12
|
+
# PWN::Plugins::Vault.create(
|
13
|
+
# file: 'required - encrypted file to create'
|
14
|
+
# )
|
15
|
+
|
16
|
+
public_class_method def self.create(opts = {})
|
17
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
18
|
+
|
19
|
+
cipher = OpenSSL::Cipher.new('aes-256-cbc')
|
20
|
+
key = Base64.strict_encode64(cipher.random_key)
|
21
|
+
iv = Base64.strict_encode64(cipher.random_iv)
|
22
|
+
|
23
|
+
puts 'Please store the Key && IV in a secure location as they are required for decryption.'
|
24
|
+
puts "Key: #{key}"
|
25
|
+
puts "IV: #{iv}"
|
26
|
+
|
27
|
+
encrypt(
|
28
|
+
file: file,
|
29
|
+
key: key,
|
30
|
+
iv: iv
|
31
|
+
)
|
32
|
+
rescue StandardError => e
|
33
|
+
raise e
|
34
|
+
end
|
35
|
+
|
36
|
+
# Supported Method Parameters::
|
37
|
+
# PWN::Plugins::Vault.decrypt(
|
38
|
+
# file: 'required - file to encrypt',
|
39
|
+
# key: 'required - key to decrypt',
|
40
|
+
# iv: 'required - iv to decrypt'
|
41
|
+
# )
|
42
|
+
|
43
|
+
public_class_method def self.decrypt(opts = {})
|
44
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
45
|
+
key = opts[:key]
|
46
|
+
iv = opts[:iv]
|
47
|
+
|
48
|
+
raise 'ERROR: key and iv parameters are required.' if key.nil? || iv.nil?
|
49
|
+
|
50
|
+
cipher = OpenSSL::Cipher.new('aes-256-cbc')
|
51
|
+
cipher.decrypt
|
52
|
+
cipher.key = Base64.strict_decode64(key)
|
53
|
+
cipher.iv = Base64.strict_decode64(iv)
|
54
|
+
|
55
|
+
b64_decoded_file_contents = Base64.strict_decode64(File.read(file))
|
56
|
+
plain_text = cipher.update(b64_decoded_file_contents) + cipher.final
|
57
|
+
|
58
|
+
File.write(file, plain_text)
|
59
|
+
rescue StandardError => e
|
60
|
+
raise e
|
61
|
+
end
|
62
|
+
|
63
|
+
# Supported Method Parameters::
|
64
|
+
# PWN::Plugins::Vault.dump(
|
65
|
+
# file: 'required - file to encrypt',
|
66
|
+
# key: 'required - key to decrypt',
|
67
|
+
# iv: 'required - iv to decrypt'
|
68
|
+
# )
|
69
|
+
|
70
|
+
def self.dump(opts = {})
|
71
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
72
|
+
key = opts[:key]
|
73
|
+
iv = opts[:iv]
|
74
|
+
|
75
|
+
decrypt(
|
76
|
+
file: file,
|
77
|
+
key: key,
|
78
|
+
iv: iv
|
79
|
+
)
|
80
|
+
|
81
|
+
puts File.read(file)
|
82
|
+
|
83
|
+
encrypt(
|
84
|
+
file: file,
|
85
|
+
key: key,
|
86
|
+
iv: iv
|
87
|
+
)
|
88
|
+
rescue StandardError => e
|
89
|
+
raise e
|
90
|
+
end
|
91
|
+
|
92
|
+
# Supported Method Parameters::
|
93
|
+
# PWN::Plugins::Vault.edit(
|
94
|
+
# file: 'required - file to encrypt',
|
95
|
+
# key: 'required - key to decrypt',
|
96
|
+
# iv: 'required - iv to decrypt'
|
97
|
+
# )
|
98
|
+
|
99
|
+
def self.edit(opts = {})
|
100
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
101
|
+
key = opts[:key]
|
102
|
+
iv = opts[:iv]
|
103
|
+
editor = opts[:editor] ||= '/usr/bin/vim'
|
104
|
+
|
105
|
+
decrypt(
|
106
|
+
file: file,
|
107
|
+
key: key,
|
108
|
+
iv: iv
|
109
|
+
)
|
110
|
+
|
111
|
+
raise 'ERROR: Editor not found.' unless File.exist?(editor)
|
112
|
+
|
113
|
+
# Get realtive editor in case aliases are used
|
114
|
+
relative_editor = File.basename(editor)
|
115
|
+
system(relative_editor, file)
|
116
|
+
|
117
|
+
encrypt(
|
118
|
+
file: file,
|
119
|
+
key: key,
|
120
|
+
iv: iv
|
121
|
+
)
|
122
|
+
rescue StandardError => e
|
123
|
+
raise e
|
124
|
+
end
|
125
|
+
|
126
|
+
# Supported Method Parameters::
|
127
|
+
# PWN::Plugins::Vault.encrypt(
|
128
|
+
# file: 'required - file to encrypt',
|
129
|
+
# key: 'required - key to decrypt',
|
130
|
+
# iv: 'required - iv to decrypt'
|
131
|
+
# )
|
132
|
+
|
133
|
+
public_class_method def self.encrypt(opts = {})
|
134
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
135
|
+
key = opts[:key]
|
136
|
+
iv = opts[:iv]
|
137
|
+
|
138
|
+
raise 'ERROR: key and iv parameters are required.' if key.nil? || iv.nil?
|
139
|
+
|
140
|
+
cipher = OpenSSL::Cipher.new('aes-256-cbc')
|
141
|
+
cipher.encrypt
|
142
|
+
cipher.key = Base64.strict_decode64(key)
|
143
|
+
cipher.iv = Base64.strict_decode64(iv)
|
144
|
+
|
145
|
+
data = File.read(file)
|
146
|
+
encrypted = cipher.update(data) + cipher.final
|
147
|
+
encrypted_string = Base64.strict_encode64(encrypted)
|
148
|
+
|
149
|
+
File.write(file, encrypted_string)
|
150
|
+
rescue StandardError => e
|
151
|
+
raise e
|
152
|
+
end
|
153
|
+
|
154
|
+
# Author(s):: 0day Inc. <request.pentest@0dayinc.com>
|
155
|
+
|
156
|
+
public_class_method def self.authors
|
157
|
+
"AUTHOR(S):
|
158
|
+
0day Inc. <request.pentest@0dayinc.com>
|
159
|
+
"
|
160
|
+
end
|
161
|
+
|
162
|
+
# Display Usage for this Module
|
163
|
+
|
164
|
+
public_class_method def self.help
|
165
|
+
puts "USAGE:
|
166
|
+
#{self}.create(
|
167
|
+
file: 'required - file to encrypt'
|
168
|
+
)
|
169
|
+
|
170
|
+
#{self}.decrypt(
|
171
|
+
file: 'required - file to encrypt',
|
172
|
+
key: 'required - key to decrypt',
|
173
|
+
iv: 'required - iv to decrypt'
|
174
|
+
)
|
175
|
+
|
176
|
+
#{self}.dump(
|
177
|
+
file: 'required - file to encrypt',
|
178
|
+
key: 'required - key to decrypt',
|
179
|
+
iv: 'required - iv to decrypt'
|
180
|
+
)
|
181
|
+
|
182
|
+
#{self}.edit(
|
183
|
+
file: 'required - file to encrypt',
|
184
|
+
key: 'required - key to decrypt',
|
185
|
+
iv: 'required - iv to decrypt'
|
186
|
+
)
|
187
|
+
|
188
|
+
#{self}.encrypt(
|
189
|
+
file: 'required - file to encrypt',
|
190
|
+
key: 'required - key to decrypt',
|
191
|
+
iv: 'required - iv to decrypt'
|
192
|
+
)
|
193
|
+
|
194
|
+
#{self}.authors
|
195
|
+
"
|
196
|
+
end
|
197
|
+
end
|
198
|
+
end
|
199
|
+
end
|
data/lib/pwn/plugins.rb
CHANGED
@@ -6,7 +6,6 @@ module PWN
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
7
7
|
module Plugins
|
8
8
|
autoload :Android, 'pwn/plugins/android'
|
9
|
-
autoload :AnsibleVault, 'pwn/plugins/ansible_vault'
|
10
9
|
autoload :Assembly, 'pwn/plugins/assembly'
|
11
10
|
autoload :AuthenticationHelper, 'pwn/plugins/authentication_helper'
|
12
11
|
autoload :BareSIP, 'pwn/plugins/baresip'
|
@@ -44,6 +43,7 @@ module PWN
|
|
44
43
|
autoload :NmapIt, 'pwn/plugins/nmap_it'
|
45
44
|
autoload :OAuth2, 'pwn/plugins/oauth2'
|
46
45
|
autoload :OCR, 'pwn/plugins/ocr'
|
46
|
+
autoload :Ollama, 'pwn/plugins/ollama'
|
47
47
|
autoload :OpenAI, 'pwn/plugins/open_ai'
|
48
48
|
autoload :OpenVAS, 'pwn/plugins/openvas'
|
49
49
|
autoload :OwaspZap, 'pwn/plugins/owasp_zap'
|
@@ -66,6 +66,7 @@ module PWN
|
|
66
66
|
autoload :TransparentBrowser, 'pwn/plugins/transparent_browser'
|
67
67
|
autoload :TwitterAPI, 'pwn/plugins/twitter_api'
|
68
68
|
autoload :URIScheme, 'pwn/plugins/uri_scheme'
|
69
|
+
autoload :Vault, 'pwn/plugins/vault'
|
69
70
|
autoload :Voice, 'pwn/plugins/voice'
|
70
71
|
autoload :Vsphere, 'pwn/plugins/vsphere'
|
71
72
|
autoload :XXD, 'pwn/plugins/xxd'
|
data/lib/pwn/version.rb
CHANGED
@@ -2,14 +2,14 @@
|
|
2
2
|
|
3
3
|
require 'spec_helper'
|
4
4
|
|
5
|
-
describe PWN::Plugins::
|
5
|
+
describe PWN::Plugins::Ollama do
|
6
6
|
it 'should display information for authors' do
|
7
|
-
authors_response = PWN::Plugins::
|
7
|
+
authors_response = PWN::Plugins::Ollama
|
8
8
|
expect(authors_response).to respond_to :authors
|
9
9
|
end
|
10
10
|
|
11
11
|
it 'should display information for existing help method' do
|
12
|
-
help_response = PWN::Plugins::
|
12
|
+
help_response = PWN::Plugins::Ollama
|
13
13
|
expect(help_response).to respond_to :help
|
14
14
|
end
|
15
15
|
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe PWN::Plugins::Vault do
|
6
|
+
it 'should display information for authors' do
|
7
|
+
authors_response = PWN::Plugins::Vault
|
8
|
+
expect(authors_response).to respond_to :authors
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should display information for existing help method' do
|
12
|
+
help_response = PWN::Plugins::Vault
|
13
|
+
expect(help_response).to respond_to :help
|
14
|
+
end
|
15
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.63
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-03-
|
11
|
+
date: 2024-03-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -212,14 +212,14 @@ dependencies:
|
|
212
212
|
requirements:
|
213
213
|
- - '='
|
214
214
|
- !ruby/object:Gem::Version
|
215
|
-
version: 3.
|
215
|
+
version: 3.3.0
|
216
216
|
type: :runtime
|
217
217
|
prerelease: false
|
218
218
|
version_requirements: !ruby/object:Gem::Requirement
|
219
219
|
requirements:
|
220
220
|
- - '='
|
221
221
|
- !ruby/object:Gem::Version
|
222
|
-
version: 3.
|
222
|
+
version: 3.3.0
|
223
223
|
- !ruby/object:Gem::Dependency
|
224
224
|
name: faye-websocket
|
225
225
|
requirement: !ruby/object:Gem::Requirement
|
@@ -1736,7 +1736,6 @@ files:
|
|
1736
1736
|
- lib/pwn/ffi.rb
|
1737
1737
|
- lib/pwn/plugins.rb
|
1738
1738
|
- lib/pwn/plugins/android.rb
|
1739
|
-
- lib/pwn/plugins/ansible_vault.rb
|
1740
1739
|
- lib/pwn/plugins/assembly.rb
|
1741
1740
|
- lib/pwn/plugins/authentication_helper.rb
|
1742
1741
|
- lib/pwn/plugins/baresip.rb
|
@@ -1773,6 +1772,7 @@ files:
|
|
1773
1772
|
- lib/pwn/plugins/nmap_it.rb
|
1774
1773
|
- lib/pwn/plugins/oauth2.rb
|
1775
1774
|
- lib/pwn/plugins/ocr.rb
|
1775
|
+
- lib/pwn/plugins/ollama.rb
|
1776
1776
|
- lib/pwn/plugins/open_ai.rb
|
1777
1777
|
- lib/pwn/plugins/openvas.rb
|
1778
1778
|
- lib/pwn/plugins/owasp_zap.rb
|
@@ -1796,6 +1796,7 @@ files:
|
|
1796
1796
|
- lib/pwn/plugins/transparent_browser.rb
|
1797
1797
|
- lib/pwn/plugins/twitter_api.rb
|
1798
1798
|
- lib/pwn/plugins/uri_scheme.rb
|
1799
|
+
- lib/pwn/plugins/vault.rb
|
1799
1800
|
- lib/pwn/plugins/voice.rb
|
1800
1801
|
- lib/pwn/plugins/vsphere.rb
|
1801
1802
|
- lib/pwn/plugins/xxd.rb
|
@@ -2062,7 +2063,6 @@ files:
|
|
2062
2063
|
- spec/lib/pwn/banner_spec.rb
|
2063
2064
|
- spec/lib/pwn/ffi_spec.rb
|
2064
2065
|
- spec/lib/pwn/plugins/android_spec.rb
|
2065
|
-
- spec/lib/pwn/plugins/ansible_vault_spec.rb
|
2066
2066
|
- spec/lib/pwn/plugins/assembly_spec.rb
|
2067
2067
|
- spec/lib/pwn/plugins/authentication_helper_spec.rb
|
2068
2068
|
- spec/lib/pwn/plugins/baresip_spec.rb
|
@@ -2099,6 +2099,7 @@ files:
|
|
2099
2099
|
- spec/lib/pwn/plugins/nmap_it_spec.rb
|
2100
2100
|
- spec/lib/pwn/plugins/oauth2_spec.rb
|
2101
2101
|
- spec/lib/pwn/plugins/ocr_spec.rb
|
2102
|
+
- spec/lib/pwn/plugins/ollama_spec.rb
|
2102
2103
|
- spec/lib/pwn/plugins/open_ai_spec.rb
|
2103
2104
|
- spec/lib/pwn/plugins/openvas_spec.rb
|
2104
2105
|
- spec/lib/pwn/plugins/owasp_zap_spec.rb
|
@@ -2122,6 +2123,7 @@ files:
|
|
2122
2123
|
- spec/lib/pwn/plugins/transparent_browser_spec.rb
|
2123
2124
|
- spec/lib/pwn/plugins/twitter_api_spec.rb
|
2124
2125
|
- spec/lib/pwn/plugins/uri_scheme_spec.rb
|
2126
|
+
- spec/lib/pwn/plugins/vault_spec.rb
|
2125
2127
|
- spec/lib/pwn/plugins/voice_spec.rb
|
2126
2128
|
- spec/lib/pwn/plugins/vsphere_spec.rb
|
2127
2129
|
- spec/lib/pwn/plugins/xxd_spec.rb
|
@@ -1,73 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'yaml'
|
4
|
-
module PWN
|
5
|
-
module Plugins
|
6
|
-
# Used to encrypt/decrypt configuration files leveraging AES256
|
7
|
-
# (ansible-vault utility wrapper)
|
8
|
-
module AnsibleVault
|
9
|
-
# Supported Method Parameters::
|
10
|
-
# PWN::Plugins::AnsibleVault.encrypt(
|
11
|
-
# yaml_config: 'required - yaml config to encrypt',
|
12
|
-
# vpassfile: 'required - path to anisble-vault pass file'
|
13
|
-
# )
|
14
|
-
|
15
|
-
public_class_method def self.encrypt(opts = {})
|
16
|
-
yaml_config = opts[:yaml_config].to_s.scrub if File.exist?(opts[:yaml_config].to_s.scrub)
|
17
|
-
vpassfile = opts[:vpassfile].to_s.scrub if File.exist?(opts[:vpassfile].to_s.scrub)
|
18
|
-
|
19
|
-
`sudo ansible-vault encrypt #{yaml_config} --vault-password-file #{vpassfile}`
|
20
|
-
rescue StandardError => e
|
21
|
-
raise e
|
22
|
-
end
|
23
|
-
|
24
|
-
# Supported Method Parameters::
|
25
|
-
# PWN::Plugins::AnsibleVault.decrypt(
|
26
|
-
# yaml_config: 'required - yaml config to decrypt',
|
27
|
-
# vpassfile: 'required - path to anisble-vault pass file'
|
28
|
-
# )
|
29
|
-
|
30
|
-
public_class_method def self.decrypt(opts = {})
|
31
|
-
yaml_config = opts[:yaml_config].to_s.scrub if File.exist?(opts[:yaml_config].to_s.scrub)
|
32
|
-
vpassfile = opts[:vpassfile].to_s.scrub if File.exist?(opts[:vpassfile].to_s.scrub)
|
33
|
-
|
34
|
-
if File.extname(yaml_config) == '.yaml'
|
35
|
-
config_resp = YAML.safe_load(`sudo ansible-vault view #{yaml_config} --vault-password-file #{vpassfile}`)
|
36
|
-
else
|
37
|
-
config_resp = `sudo ansible-vault view #{yaml_config} --vault-password-file #{vpassfile}`
|
38
|
-
end
|
39
|
-
|
40
|
-
config_resp
|
41
|
-
rescue StandardError => e
|
42
|
-
raise e
|
43
|
-
end
|
44
|
-
|
45
|
-
# Author(s):: 0day Inc. <request.pentest@0dayinc.com>
|
46
|
-
|
47
|
-
public_class_method def self.authors
|
48
|
-
"AUTHOR(S):
|
49
|
-
0day Inc. <request.pentest@0dayinc.com>
|
50
|
-
"
|
51
|
-
end
|
52
|
-
|
53
|
-
# Display Usage for this Module
|
54
|
-
|
55
|
-
public_class_method def self.help
|
56
|
-
puts "USAGE:
|
57
|
-
|
58
|
-
#{self}.encrypt(
|
59
|
-
yaml_config: 'required - yaml config to encrypt',
|
60
|
-
vpassfile: 'required - path to anisble-vault pass file'
|
61
|
-
)
|
62
|
-
|
63
|
-
#{self}.decrypt(
|
64
|
-
yaml_config: 'required - yaml config to decrypt',
|
65
|
-
vpassfile: 'required - path to anisble-vault pass file'
|
66
|
-
)
|
67
|
-
|
68
|
-
#{self}.authors
|
69
|
-
"
|
70
|
-
end
|
71
|
-
end
|
72
|
-
end
|
73
|
-
end
|