pwn 0.5.62 → 0.5.63
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop_todo.yml +8 -13
- data/Gemfile +1 -1
- data/README.md +3 -3
- data/bin/pwn +7 -7
- data/etc/pwn.yaml.EXAMPLE +1 -1
- data/lib/pwn/plugins/ollama.rb +853 -0
- data/lib/pwn/plugins/vault.rb +199 -0
- data/lib/pwn/plugins.rb +2 -1
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/plugins/{ansible_vault_spec.rb → ollama_spec.rb} +3 -3
- data/spec/lib/pwn/plugins/vault_spec.rb +15 -0
- metadata +8 -6
- data/lib/pwn/plugins/ansible_vault.rb +0 -73
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'base64'
|
|
4
|
+
require 'openssl'
|
|
5
|
+
require 'yaml'
|
|
6
|
+
|
|
7
|
+
module PWN
|
|
8
|
+
module Plugins
|
|
9
|
+
# Used to encrypt/decrypt configuration files leveraging AES256
|
|
10
|
+
module Vault
|
|
11
|
+
# Supported Method Parameters::
|
|
12
|
+
# PWN::Plugins::Vault.create(
|
|
13
|
+
# file: 'required - encrypted file to create'
|
|
14
|
+
# )
|
|
15
|
+
|
|
16
|
+
public_class_method def self.create(opts = {})
|
|
17
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
|
18
|
+
|
|
19
|
+
cipher = OpenSSL::Cipher.new('aes-256-cbc')
|
|
20
|
+
key = Base64.strict_encode64(cipher.random_key)
|
|
21
|
+
iv = Base64.strict_encode64(cipher.random_iv)
|
|
22
|
+
|
|
23
|
+
puts 'Please store the Key && IV in a secure location as they are required for decryption.'
|
|
24
|
+
puts "Key: #{key}"
|
|
25
|
+
puts "IV: #{iv}"
|
|
26
|
+
|
|
27
|
+
encrypt(
|
|
28
|
+
file: file,
|
|
29
|
+
key: key,
|
|
30
|
+
iv: iv
|
|
31
|
+
)
|
|
32
|
+
rescue StandardError => e
|
|
33
|
+
raise e
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# Supported Method Parameters::
|
|
37
|
+
# PWN::Plugins::Vault.decrypt(
|
|
38
|
+
# file: 'required - file to encrypt',
|
|
39
|
+
# key: 'required - key to decrypt',
|
|
40
|
+
# iv: 'required - iv to decrypt'
|
|
41
|
+
# )
|
|
42
|
+
|
|
43
|
+
public_class_method def self.decrypt(opts = {})
|
|
44
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
|
45
|
+
key = opts[:key]
|
|
46
|
+
iv = opts[:iv]
|
|
47
|
+
|
|
48
|
+
raise 'ERROR: key and iv parameters are required.' if key.nil? || iv.nil?
|
|
49
|
+
|
|
50
|
+
cipher = OpenSSL::Cipher.new('aes-256-cbc')
|
|
51
|
+
cipher.decrypt
|
|
52
|
+
cipher.key = Base64.strict_decode64(key)
|
|
53
|
+
cipher.iv = Base64.strict_decode64(iv)
|
|
54
|
+
|
|
55
|
+
b64_decoded_file_contents = Base64.strict_decode64(File.read(file))
|
|
56
|
+
plain_text = cipher.update(b64_decoded_file_contents) + cipher.final
|
|
57
|
+
|
|
58
|
+
File.write(file, plain_text)
|
|
59
|
+
rescue StandardError => e
|
|
60
|
+
raise e
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
# Supported Method Parameters::
|
|
64
|
+
# PWN::Plugins::Vault.dump(
|
|
65
|
+
# file: 'required - file to encrypt',
|
|
66
|
+
# key: 'required - key to decrypt',
|
|
67
|
+
# iv: 'required - iv to decrypt'
|
|
68
|
+
# )
|
|
69
|
+
|
|
70
|
+
def self.dump(opts = {})
|
|
71
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
|
72
|
+
key = opts[:key]
|
|
73
|
+
iv = opts[:iv]
|
|
74
|
+
|
|
75
|
+
decrypt(
|
|
76
|
+
file: file,
|
|
77
|
+
key: key,
|
|
78
|
+
iv: iv
|
|
79
|
+
)
|
|
80
|
+
|
|
81
|
+
puts File.read(file)
|
|
82
|
+
|
|
83
|
+
encrypt(
|
|
84
|
+
file: file,
|
|
85
|
+
key: key,
|
|
86
|
+
iv: iv
|
|
87
|
+
)
|
|
88
|
+
rescue StandardError => e
|
|
89
|
+
raise e
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# Supported Method Parameters::
|
|
93
|
+
# PWN::Plugins::Vault.edit(
|
|
94
|
+
# file: 'required - file to encrypt',
|
|
95
|
+
# key: 'required - key to decrypt',
|
|
96
|
+
# iv: 'required - iv to decrypt'
|
|
97
|
+
# )
|
|
98
|
+
|
|
99
|
+
def self.edit(opts = {})
|
|
100
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
|
101
|
+
key = opts[:key]
|
|
102
|
+
iv = opts[:iv]
|
|
103
|
+
editor = opts[:editor] ||= '/usr/bin/vim'
|
|
104
|
+
|
|
105
|
+
decrypt(
|
|
106
|
+
file: file,
|
|
107
|
+
key: key,
|
|
108
|
+
iv: iv
|
|
109
|
+
)
|
|
110
|
+
|
|
111
|
+
raise 'ERROR: Editor not found.' unless File.exist?(editor)
|
|
112
|
+
|
|
113
|
+
# Get realtive editor in case aliases are used
|
|
114
|
+
relative_editor = File.basename(editor)
|
|
115
|
+
system(relative_editor, file)
|
|
116
|
+
|
|
117
|
+
encrypt(
|
|
118
|
+
file: file,
|
|
119
|
+
key: key,
|
|
120
|
+
iv: iv
|
|
121
|
+
)
|
|
122
|
+
rescue StandardError => e
|
|
123
|
+
raise e
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
# Supported Method Parameters::
|
|
127
|
+
# PWN::Plugins::Vault.encrypt(
|
|
128
|
+
# file: 'required - file to encrypt',
|
|
129
|
+
# key: 'required - key to decrypt',
|
|
130
|
+
# iv: 'required - iv to decrypt'
|
|
131
|
+
# )
|
|
132
|
+
|
|
133
|
+
public_class_method def self.encrypt(opts = {})
|
|
134
|
+
file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
|
|
135
|
+
key = opts[:key]
|
|
136
|
+
iv = opts[:iv]
|
|
137
|
+
|
|
138
|
+
raise 'ERROR: key and iv parameters are required.' if key.nil? || iv.nil?
|
|
139
|
+
|
|
140
|
+
cipher = OpenSSL::Cipher.new('aes-256-cbc')
|
|
141
|
+
cipher.encrypt
|
|
142
|
+
cipher.key = Base64.strict_decode64(key)
|
|
143
|
+
cipher.iv = Base64.strict_decode64(iv)
|
|
144
|
+
|
|
145
|
+
data = File.read(file)
|
|
146
|
+
encrypted = cipher.update(data) + cipher.final
|
|
147
|
+
encrypted_string = Base64.strict_encode64(encrypted)
|
|
148
|
+
|
|
149
|
+
File.write(file, encrypted_string)
|
|
150
|
+
rescue StandardError => e
|
|
151
|
+
raise e
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
# Author(s):: 0day Inc. <request.pentest@0dayinc.com>
|
|
155
|
+
|
|
156
|
+
public_class_method def self.authors
|
|
157
|
+
"AUTHOR(S):
|
|
158
|
+
0day Inc. <request.pentest@0dayinc.com>
|
|
159
|
+
"
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
# Display Usage for this Module
|
|
163
|
+
|
|
164
|
+
public_class_method def self.help
|
|
165
|
+
puts "USAGE:
|
|
166
|
+
#{self}.create(
|
|
167
|
+
file: 'required - file to encrypt'
|
|
168
|
+
)
|
|
169
|
+
|
|
170
|
+
#{self}.decrypt(
|
|
171
|
+
file: 'required - file to encrypt',
|
|
172
|
+
key: 'required - key to decrypt',
|
|
173
|
+
iv: 'required - iv to decrypt'
|
|
174
|
+
)
|
|
175
|
+
|
|
176
|
+
#{self}.dump(
|
|
177
|
+
file: 'required - file to encrypt',
|
|
178
|
+
key: 'required - key to decrypt',
|
|
179
|
+
iv: 'required - iv to decrypt'
|
|
180
|
+
)
|
|
181
|
+
|
|
182
|
+
#{self}.edit(
|
|
183
|
+
file: 'required - file to encrypt',
|
|
184
|
+
key: 'required - key to decrypt',
|
|
185
|
+
iv: 'required - iv to decrypt'
|
|
186
|
+
)
|
|
187
|
+
|
|
188
|
+
#{self}.encrypt(
|
|
189
|
+
file: 'required - file to encrypt',
|
|
190
|
+
key: 'required - key to decrypt',
|
|
191
|
+
iv: 'required - iv to decrypt'
|
|
192
|
+
)
|
|
193
|
+
|
|
194
|
+
#{self}.authors
|
|
195
|
+
"
|
|
196
|
+
end
|
|
197
|
+
end
|
|
198
|
+
end
|
|
199
|
+
end
|
data/lib/pwn/plugins.rb
CHANGED
|
@@ -6,7 +6,6 @@ module PWN
|
|
|
6
6
|
# http://www.rubyinside.com/ruby-techniques-revealed-autoload-1652.html
|
|
7
7
|
module Plugins
|
|
8
8
|
autoload :Android, 'pwn/plugins/android'
|
|
9
|
-
autoload :AnsibleVault, 'pwn/plugins/ansible_vault'
|
|
10
9
|
autoload :Assembly, 'pwn/plugins/assembly'
|
|
11
10
|
autoload :AuthenticationHelper, 'pwn/plugins/authentication_helper'
|
|
12
11
|
autoload :BareSIP, 'pwn/plugins/baresip'
|
|
@@ -44,6 +43,7 @@ module PWN
|
|
|
44
43
|
autoload :NmapIt, 'pwn/plugins/nmap_it'
|
|
45
44
|
autoload :OAuth2, 'pwn/plugins/oauth2'
|
|
46
45
|
autoload :OCR, 'pwn/plugins/ocr'
|
|
46
|
+
autoload :Ollama, 'pwn/plugins/ollama'
|
|
47
47
|
autoload :OpenAI, 'pwn/plugins/open_ai'
|
|
48
48
|
autoload :OpenVAS, 'pwn/plugins/openvas'
|
|
49
49
|
autoload :OwaspZap, 'pwn/plugins/owasp_zap'
|
|
@@ -66,6 +66,7 @@ module PWN
|
|
|
66
66
|
autoload :TransparentBrowser, 'pwn/plugins/transparent_browser'
|
|
67
67
|
autoload :TwitterAPI, 'pwn/plugins/twitter_api'
|
|
68
68
|
autoload :URIScheme, 'pwn/plugins/uri_scheme'
|
|
69
|
+
autoload :Vault, 'pwn/plugins/vault'
|
|
69
70
|
autoload :Voice, 'pwn/plugins/voice'
|
|
70
71
|
autoload :Vsphere, 'pwn/plugins/vsphere'
|
|
71
72
|
autoload :XXD, 'pwn/plugins/xxd'
|
data/lib/pwn/version.rb
CHANGED
|
@@ -2,14 +2,14 @@
|
|
|
2
2
|
|
|
3
3
|
require 'spec_helper'
|
|
4
4
|
|
|
5
|
-
describe PWN::Plugins::
|
|
5
|
+
describe PWN::Plugins::Ollama do
|
|
6
6
|
it 'should display information for authors' do
|
|
7
|
-
authors_response = PWN::Plugins::
|
|
7
|
+
authors_response = PWN::Plugins::Ollama
|
|
8
8
|
expect(authors_response).to respond_to :authors
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
it 'should display information for existing help method' do
|
|
12
|
-
help_response = PWN::Plugins::
|
|
12
|
+
help_response = PWN::Plugins::Ollama
|
|
13
13
|
expect(help_response).to respond_to :help
|
|
14
14
|
end
|
|
15
15
|
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'spec_helper'
|
|
4
|
+
|
|
5
|
+
describe PWN::Plugins::Vault do
|
|
6
|
+
it 'should display information for authors' do
|
|
7
|
+
authors_response = PWN::Plugins::Vault
|
|
8
|
+
expect(authors_response).to respond_to :authors
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
it 'should display information for existing help method' do
|
|
12
|
+
help_response = PWN::Plugins::Vault
|
|
13
|
+
expect(help_response).to respond_to :help
|
|
14
|
+
end
|
|
15
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.63
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-03-
|
|
11
|
+
date: 2024-03-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -212,14 +212,14 @@ dependencies:
|
|
|
212
212
|
requirements:
|
|
213
213
|
- - '='
|
|
214
214
|
- !ruby/object:Gem::Version
|
|
215
|
-
version: 3.
|
|
215
|
+
version: 3.3.0
|
|
216
216
|
type: :runtime
|
|
217
217
|
prerelease: false
|
|
218
218
|
version_requirements: !ruby/object:Gem::Requirement
|
|
219
219
|
requirements:
|
|
220
220
|
- - '='
|
|
221
221
|
- !ruby/object:Gem::Version
|
|
222
|
-
version: 3.
|
|
222
|
+
version: 3.3.0
|
|
223
223
|
- !ruby/object:Gem::Dependency
|
|
224
224
|
name: faye-websocket
|
|
225
225
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -1736,7 +1736,6 @@ files:
|
|
|
1736
1736
|
- lib/pwn/ffi.rb
|
|
1737
1737
|
- lib/pwn/plugins.rb
|
|
1738
1738
|
- lib/pwn/plugins/android.rb
|
|
1739
|
-
- lib/pwn/plugins/ansible_vault.rb
|
|
1740
1739
|
- lib/pwn/plugins/assembly.rb
|
|
1741
1740
|
- lib/pwn/plugins/authentication_helper.rb
|
|
1742
1741
|
- lib/pwn/plugins/baresip.rb
|
|
@@ -1773,6 +1772,7 @@ files:
|
|
|
1773
1772
|
- lib/pwn/plugins/nmap_it.rb
|
|
1774
1773
|
- lib/pwn/plugins/oauth2.rb
|
|
1775
1774
|
- lib/pwn/plugins/ocr.rb
|
|
1775
|
+
- lib/pwn/plugins/ollama.rb
|
|
1776
1776
|
- lib/pwn/plugins/open_ai.rb
|
|
1777
1777
|
- lib/pwn/plugins/openvas.rb
|
|
1778
1778
|
- lib/pwn/plugins/owasp_zap.rb
|
|
@@ -1796,6 +1796,7 @@ files:
|
|
|
1796
1796
|
- lib/pwn/plugins/transparent_browser.rb
|
|
1797
1797
|
- lib/pwn/plugins/twitter_api.rb
|
|
1798
1798
|
- lib/pwn/plugins/uri_scheme.rb
|
|
1799
|
+
- lib/pwn/plugins/vault.rb
|
|
1799
1800
|
- lib/pwn/plugins/voice.rb
|
|
1800
1801
|
- lib/pwn/plugins/vsphere.rb
|
|
1801
1802
|
- lib/pwn/plugins/xxd.rb
|
|
@@ -2062,7 +2063,6 @@ files:
|
|
|
2062
2063
|
- spec/lib/pwn/banner_spec.rb
|
|
2063
2064
|
- spec/lib/pwn/ffi_spec.rb
|
|
2064
2065
|
- spec/lib/pwn/plugins/android_spec.rb
|
|
2065
|
-
- spec/lib/pwn/plugins/ansible_vault_spec.rb
|
|
2066
2066
|
- spec/lib/pwn/plugins/assembly_spec.rb
|
|
2067
2067
|
- spec/lib/pwn/plugins/authentication_helper_spec.rb
|
|
2068
2068
|
- spec/lib/pwn/plugins/baresip_spec.rb
|
|
@@ -2099,6 +2099,7 @@ files:
|
|
|
2099
2099
|
- spec/lib/pwn/plugins/nmap_it_spec.rb
|
|
2100
2100
|
- spec/lib/pwn/plugins/oauth2_spec.rb
|
|
2101
2101
|
- spec/lib/pwn/plugins/ocr_spec.rb
|
|
2102
|
+
- spec/lib/pwn/plugins/ollama_spec.rb
|
|
2102
2103
|
- spec/lib/pwn/plugins/open_ai_spec.rb
|
|
2103
2104
|
- spec/lib/pwn/plugins/openvas_spec.rb
|
|
2104
2105
|
- spec/lib/pwn/plugins/owasp_zap_spec.rb
|
|
@@ -2122,6 +2123,7 @@ files:
|
|
|
2122
2123
|
- spec/lib/pwn/plugins/transparent_browser_spec.rb
|
|
2123
2124
|
- spec/lib/pwn/plugins/twitter_api_spec.rb
|
|
2124
2125
|
- spec/lib/pwn/plugins/uri_scheme_spec.rb
|
|
2126
|
+
- spec/lib/pwn/plugins/vault_spec.rb
|
|
2125
2127
|
- spec/lib/pwn/plugins/voice_spec.rb
|
|
2126
2128
|
- spec/lib/pwn/plugins/vsphere_spec.rb
|
|
2127
2129
|
- spec/lib/pwn/plugins/xxd_spec.rb
|
|
@@ -1,73 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require 'yaml'
|
|
4
|
-
module PWN
|
|
5
|
-
module Plugins
|
|
6
|
-
# Used to encrypt/decrypt configuration files leveraging AES256
|
|
7
|
-
# (ansible-vault utility wrapper)
|
|
8
|
-
module AnsibleVault
|
|
9
|
-
# Supported Method Parameters::
|
|
10
|
-
# PWN::Plugins::AnsibleVault.encrypt(
|
|
11
|
-
# yaml_config: 'required - yaml config to encrypt',
|
|
12
|
-
# vpassfile: 'required - path to anisble-vault pass file'
|
|
13
|
-
# )
|
|
14
|
-
|
|
15
|
-
public_class_method def self.encrypt(opts = {})
|
|
16
|
-
yaml_config = opts[:yaml_config].to_s.scrub if File.exist?(opts[:yaml_config].to_s.scrub)
|
|
17
|
-
vpassfile = opts[:vpassfile].to_s.scrub if File.exist?(opts[:vpassfile].to_s.scrub)
|
|
18
|
-
|
|
19
|
-
`sudo ansible-vault encrypt #{yaml_config} --vault-password-file #{vpassfile}`
|
|
20
|
-
rescue StandardError => e
|
|
21
|
-
raise e
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
# Supported Method Parameters::
|
|
25
|
-
# PWN::Plugins::AnsibleVault.decrypt(
|
|
26
|
-
# yaml_config: 'required - yaml config to decrypt',
|
|
27
|
-
# vpassfile: 'required - path to anisble-vault pass file'
|
|
28
|
-
# )
|
|
29
|
-
|
|
30
|
-
public_class_method def self.decrypt(opts = {})
|
|
31
|
-
yaml_config = opts[:yaml_config].to_s.scrub if File.exist?(opts[:yaml_config].to_s.scrub)
|
|
32
|
-
vpassfile = opts[:vpassfile].to_s.scrub if File.exist?(opts[:vpassfile].to_s.scrub)
|
|
33
|
-
|
|
34
|
-
if File.extname(yaml_config) == '.yaml'
|
|
35
|
-
config_resp = YAML.safe_load(`sudo ansible-vault view #{yaml_config} --vault-password-file #{vpassfile}`)
|
|
36
|
-
else
|
|
37
|
-
config_resp = `sudo ansible-vault view #{yaml_config} --vault-password-file #{vpassfile}`
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
config_resp
|
|
41
|
-
rescue StandardError => e
|
|
42
|
-
raise e
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
# Author(s):: 0day Inc. <request.pentest@0dayinc.com>
|
|
46
|
-
|
|
47
|
-
public_class_method def self.authors
|
|
48
|
-
"AUTHOR(S):
|
|
49
|
-
0day Inc. <request.pentest@0dayinc.com>
|
|
50
|
-
"
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
# Display Usage for this Module
|
|
54
|
-
|
|
55
|
-
public_class_method def self.help
|
|
56
|
-
puts "USAGE:
|
|
57
|
-
|
|
58
|
-
#{self}.encrypt(
|
|
59
|
-
yaml_config: 'required - yaml config to encrypt',
|
|
60
|
-
vpassfile: 'required - path to anisble-vault pass file'
|
|
61
|
-
)
|
|
62
|
-
|
|
63
|
-
#{self}.decrypt(
|
|
64
|
-
yaml_config: 'required - yaml config to decrypt',
|
|
65
|
-
vpassfile: 'required - path to anisble-vault pass file'
|
|
66
|
-
)
|
|
67
|
-
|
|
68
|
-
#{self}.authors
|
|
69
|
-
"
|
|
70
|
-
end
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
end
|