pwn 0.5.66 → 0.5.68

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9943bae307e743e8dbb7bdb1a1ccdd1c0b61f29e8413bceb25350fc6023fd289
-  data.tar.gz: 2f32981b889d1e6e21591094b4781162239c36e7b67f7cd0e91eab0c5c400ed1
+  metadata.gz: cca5ba837282d7ef87252c9d3181b4d049d5afea636969ef82bfff09511f9719
+  data.tar.gz: 4d83a544b2f94f45705e85ecaf23b6f50ce28bc4768621670b84a5c7add91e9d
 SHA512:
-  metadata.gz: 58eacda5cce4074c84615d5aee751ef4f642185521b641798563bbed6eb7348cf8a6cee5fe261084784b9c646a3c6cdddca8004f8fb157173861c75ea9e3d637
-  data.tar.gz: 958c25709cc837206df7d2890e06e2604a7d27fd61e97b30a48fe561306aacef3348d4e24f7eb23699ed371019adc28f31d688995f0451d414416b8992109226
+  metadata.gz: 8b227bd65016feaea205b104ea6f82021742f815802f49681a45110ff3806f5170a5d2c5d2e0d5d760494f558b522e8a0415ab76834d04a3520f0588d27c7bd9
+  data.tar.gz: 1428ae5ed10c526258affdbaf1a0480cd2ff737cc4e77d9f6f38d23668f9deebf0fcd6d93bccf192d671b5afdc12f3244462fddb39a1171857fef777261842cf

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2024-03-25 22:25:57 UTC using RuboCop version 1.62.1.
+# on 2024-03-26 16:48:38 UTC using RuboCop version 1.62.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -35,6 +35,12 @@ Layout/LineLength:
     - 'lib/pwn/reports/uri_buster.rb'
     - 'lib/pwn/sast/banned_function_calls_c.rb'
 
+# Offense count: 7
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Lint/NestedMethodDefinition:
+  Exclude:
+    - 'lib/pwn/plugins/repl.rb'
+
 # Offense count: 311
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AutoCorrect.
@@ -88,6 +94,14 @@ Metrics/ModuleLength:
     - 'lib/pwn/plugins/open_ai.rb'
     - 'lib/pwn/plugins/packet.rb'
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: prefer_alias, prefer_alias_method
+Style/Alias:
+  Exclude:
+    - 'lib/pwn/plugins/monkey_patch.rb'
+
 # Offense count: 160
 Style/ClassVars:
   Enabled: false
@@ -105,11 +119,10 @@ Style/ExplicitBlockArgument:
   Exclude:
     - 'lib/pwn/plugins/nmap_it.rb'
 
-# Offense count: 3
+# Offense count: 2
 # This cop supports safe autocorrection (--autocorrect).
 Style/IfUnlessModifier:
   Exclude:
-    - 'bin/pwn'
     - 'lib/pwn/plugins/baresip.rb'
     - 'lib/pwn/plugins/mail_agent.rb'
 
@@ -133,18 +146,3 @@ Style/RedundantStringEscape:
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
   Enabled: false
-
-# Offense count: 1
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowModifier.
-Style/SoleNestedConditional:
-  Exclude:
-    - 'bin/pwn'
-
-# Offense count: 1
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
-# SupportedStyles: single_quotes, double_quotes
-Style/StringLiterals:
-  Exclude:
-    - 'bin/pwn'

data/Gemfile

@@ -50,7 +50,7 @@ gem 'msfrpc-client', '1.1.2'
 gem 'netaddr', '2.0.6'
 gem 'net-ldap', '0.19.0'
 gem 'net-openvpn', '0.8.7'
-gem 'net-smtp', '0.4.0.1'
+gem 'net-smtp', '0.5.0'
 gem 'nexpose', '7.3.0'
 gem 'nokogiri', '1.16.3'
 gem 'nokogiri-diff', '0.3.0'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.66]:001 >>> PWN.help
+pwn[v0.5.68]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.66]:001 >>> PWN.help
+pwn[v0.5.68]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.66]:001 >>> PWN.help
+pwn[v0.5.68]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn

@@ -1,12 +1,8 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require 'base64'
 require 'optparse'
 require 'pwn'
-require 'pry'
-require 'tty-prompt'
-require 'yaml'
 
 opts = {}
 OptionParser.new do |options|
@@ -32,413 +28,23 @@ OptionParser.new do |options|
 end.parse!
 
 begin
-  def yaml_config_encrypted?(opts = {})
-    config = opts[:config]
-
-    config_contents = File.read(config)
-    config_contents.is_a?(String) && Base64.strict_encode64(Base64.decode64(config_contents)) == config_contents
-  end
-
-  def cleanup_pids(opts = {})
-    pids_arr = opts[:pids_arr]
-
-    pids_arr.each do |pid_line|
-      pid = pid_line[2].to_i
-      Process.kill('TERM', pid)
-    rescue Errno::ESRCH
-      next
-    end
-  end
-
-  def refresh_ps1_proc(opts = {})
-    mode = opts[:mode]
-
-    proc do |_target_self, _nest_level, pi|
-      pi.config.pwn_repl_line += 1
-      line_pad = format(
-        '%0.3d',
-        pi.config.pwn_repl_line
-      )
-
-      pi.config.prompt_name = :pwn
-      name = "\001\e[1m\002\001\e[31m\002#{pi.config.prompt_name}\001\e[0m\002"
-      version = "\001\e[36m\002v#{PWN::VERSION}\001\e[0m\002"
-      line_count = "\001\e[34m\002#{line_pad}\001\e[0m\002"
-      dchars = "\001\e[32m\002>>>\001\e[0m\002"
-      dchars = "\001\e[33m\002***\001\e[0m\002" if mode == :splat
-
-      if pi.config.pwn_asm
-        pi.config.prompt_name = 'pwn.asm'
-        name = "\001\e[1m\002\001\e[37m\002#{pi.config.prompt_name}\001\e[0m\002"
-        dchars = "\001\e[32m\002>>>\001\e[33m\002"
-        dchars = "\001\e[33m\002***\001\e[33m\002" if mode == :splat
-      end
-
-      if pi.config.pwn_ai
-        pi.config.prompt_name = 'pwn.ai'
-        pi.config.prompt_name = 'pwn.ai.SPEAKING' if pi.config.pwn_ai_speak
-        name = "\001\e[1m\002\001\e[33m\002#{pi.config.prompt_name}\001\e[0m\002"
-        dchars = "\001\e[32m\002>>>\001\e[33m\002"
-        dchars = "\001\e[33m\002***\001\e[33m\002" if mode == :splat
-        if pi.config.pwn_ai_debug
-          dchars = "\001\e[32m\002(DEBUG) >>>\001\e[33m\002"
-          dchars = "\001\e[33m\002(DEBUG) ***\001\e[33m\002" if mode == :splat
-        end
-      end
-
-      "#{name}[#{version}]:#{line_count} #{dchars} ".to_s.scrub
-    end
-  end
-
-  # Pry Monkey Patches \_(oo)_/
-  class Pry
-    # Overwrite Pry::History.push method in History class to get duplicate history entries
-    # in order to properly replay automation in this prototyping driver
-    class History
-      def push(line)
-        return line if line.empty? || invalid_readline_line?(line)
-
-        begin
-          last_line = @history[-1]
-        rescue IndexError
-          last_line = nil
-        end
-
-        @history << line
-        @history_line_count += 1
-        @saver.call(line) if !should_ignore?(line) &&
-                             Pry.config.history_save
-
-        line
-      end
-      alias << push
-    end
-
-    def handle_line(line, options)
-      if line.nil?
-        config.control_d_handler.call(self)
-        return
-      end
-
-      ensure_correct_encoding!(line)
-      Pry.history << line unless options[:generated]
-
-      @suppress_output = false
-      inject_sticky_locals!
-      begin
-        unless process_command_safely(line)
-          @eval_string += "#{line.chomp}\n" if !line.empty? || !@eval_string.empty?
-        end
-      rescue RescuableException => e
-        self.last_exception = e
-        result = e
-
-        Pry.critical_section do
-          show_result(result)
-        end
-        return
-      end
-
-      # This hook is supposed to be executed after each line of ruby code
-      # has been read (regardless of whether eval_string is yet a complete expression)
-      exec_hook :after_read, eval_string, self
-
-      begin
-        complete_expr = true if config.pwn_ai || config.pwn_asm
-        complete_expr = Pry::Code.complete_expression?(@eval_string) unless config.pwn_ai || config.pwn_asm
-      rescue SyntaxError => e
-        output.puts e.message.gsub(/^.*syntax error, */, "SyntaxError: ")
-        reset_eval_string
-      end
-
-      if complete_expr
-        @suppress_output = true if @eval_string =~ /;\Z/ ||
-                                   @eval_string.empty? ||
-                                   @eval_string =~ /\A *#.*\n\z/ ||
-                                   config.pwn_ai ||
-                                   config.pwn_asm
-
-        # A bug in jruby makes java.lang.Exception not rescued by
-        # `rescue Pry::RescuableException` clause.
-        #
-        # * https://github.com/pry/pry/issues/854
-        # * https://jira.codehaus.org/browse/JRUBY-7100
-        #
-        # Until that gets fixed upstream, treat java.lang.Exception
-        # as an additional exception to be rescued explicitly.
-        #
-        # This workaround has a side effect: java exceptions specified
-        # in `Pry.config.unrescued_exceptions` are ignored.
-        jruby_exceptions = []
-        jruby_exceptions << Java::JavaLang::Exception if Helpers::Platform.jruby?
-
-        begin
-          # Reset eval string, in case we're evaluating Ruby that does something
-          # like open a nested REPL on this instance.
-          eval_string = @eval_string
-          reset_eval_string
-
-          result = evaluate_ruby(eval_string) unless config.pwn_ai ||
-                                                     config.pwn_asm
-
-          result = eval_string if config.pwn_ai ||
-                                  config.pwn_asm
-        rescue RescuableException, *jruby_exceptions => e
-          # Eliminate following warning:
-          # warning: singleton on non-persistent Java type X
-          # (http://wiki.jruby.org/Persistence)
-          if Helpers::Platform.jruby? && e.class.respond_to?('__persistent__')
-            e.class.__persistent__ = true
-          end
-          self.last_exception = e
-          result = e
-        end
-
-        Pry.critical_section do
-          show_result(result)
-        end
-      end
-
-      throw(:breakout) if current_binding.nil?
-    end
-
-    # Ensure the return value in pwn_ai mode reflects the input
-    def evaluate_ruby(code)
-      # if config.pwn_ai || config.pwn_asm
-      #   result = message = code.to_s
-      #   return
-      # end
-      inject_sticky_locals!
-      exec_hook :before_eval, code, self
-
-      result = current_binding.eval(code, Pry.eval_path, Pry.current_line)
-      set_last_result(result, code)
-    ensure
-      update_input_history(code)
-      exec_hook :after_eval, result, self
-    end
-  end
-
-  # Define Custom REPL Commands
-  Pry::Commands.create_command 'welcome-banner' do
-    description 'Display the random welcome banner, including basic usage.'
-
-    def process
-      puts PWN::Banner.welcome
-    end
-  end
-
-  Pry::Commands.create_command 'toggle-pager' do
-    description 'Toggle less on returned objects surpassing the terminal.'
-
-    def process
-      pi = pry_instance
-      pi.config.pager ? pi.config.pager = false : pi.config.pager = true
-    end
-  end
-
-  #  class PWNCompleter < Pry::InputCompleter
-  #    def call(input)
-  #    end
-  #  end
-
-  Pry::Commands.create_command 'pwn-asm' do
-    description 'Initiate pwn.asm shell.'
-
-    def process
-      pi = pry_instance
-      pi.config.pwn_asm = true
-      pi.custom_completions = proc do
-        prompt = TTY::Prompt.new
-        [pi.input.line_buffer]
-        # prompt.select(pi.input.line_buffer)
-      end
-    end
-  end
-
-  Pry::Commands.create_command 'pwn-ai' do
-    description 'Initiate pwn.ai chat interface.'
-
-    def process
-      pi = pry_instance
-      pi.config.pwn_ai = true
-      pi.config.color = false if pi.config.pwn_ai
-      pi.config.color = true unless pi.config.pwn_ai
-    end
-  end
-
-  Pry::Commands.create_command 'toggle-pwn-ai-debug' do
-    description 'Display the response_history object while using pwn.ai'
-
-    def process
-      pi = pry_instance
-      pi.config.pwn_ai_debug ? pi.config.pwn_ai_debug = false : pi.config.pwn_ai_debug = true
-    end
-  end
-
-  Pry::Commands.create_command 'toggle-pwn-ai-speaks' do
-    description 'Use speech capabilities within pwn.ai to speak answers.'
-
-    def process
-      pi = pry_instance
-      pi.config.pwn_ai_speak ? pi.config.pwn_ai_speak = false : pi.config.pwn_ai_speak = true
-    end
-  end
-
-  Pry::Commands.create_command 'back' do
-    description 'Jump back to pwn REPL when in pwn-asm || pwn-ai.'
-
-    def process
-      pi = pry_instance
-      pi.config.pwn_asm = false if pi.config.pwn_asm
-      pi.config.pwn_ai = false if pi.config.pwn_ai
-      pi.config.pwn_ai_debug = false if pi.config.pwn_ai_debug
-      pi.config.pwn_ai_speak = false if pi.config.pwn_ai_speak
-      pi.config.completer = Pry::InputCompleter
-    end
-  end
-
-  # Define REPL Hooks
-  # Welcome Banner Hook
-  Pry.config.hooks.add_hook(:before_session, :welcome) do |output, _binding, _pi|
-    output.puts PWN::Banner.welcome
-  end
-
-  # pwn.ai Hooks
-  Pry.config.hooks.add_hook(:before_session, :init_opts) do |_output, _binding, pi|
-    if opts[:yaml_config_path] && File.exist?(opts[:yaml_config_path])
-      yaml_config_path = opts[:yaml_config_path]
-      is_encrypted = yaml_config_encrypted?(config: yaml_config_path)
-
-      if is_encrypted
-        # TODO: Implement "something you know, something you have, && something you are?"
-        decryption_file = opts[:decryption_file] ||= "#{Dir.home}/pwn.decryptor.yaml"
-        yaml_decryptor = YAML.load_file(decryption_file, symbolize_names: true) if File.exist?(decryption_file)
-
-        key = opts[:key] ||= yaml_decryptor[:key] ||= ENV.fetch('PWN_DECRYPTOR_KEY')
-        key = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'Decryption Key') if key.nil?
-
-        iv = opts[:iv] ||= yaml_decryptor[:iv] ||= ENV.fetch('PWN_DECRYPTOR_IV')
-        iv = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'Decryption IV') if iv.nil?
-
-        encrypted_config_dump = PWN::Plugins::Vault.dump(
-          file: yaml_config_path,
-          key: key,
-          iv: iv
-        )
-        yaml_config = YAML.load(encrypted_config_dump, symbolize_names: true)
-      else
-        yaml_config = YAML.load_file(yaml_config_path, symbolize_names: true)
-      end
-
-      pi.config.pwn_ai_key = yaml_config[:ai_key]
-      Pry.config.pwn_ai_key = pi.config.pwn_ai_key
-    end
-  end
-
-  Pry.config.hooks.add_hook(:after_read, :pwn_asm_hook) do |request, pi|
-    if pi.config.pwn_asm && !request.chomp.empty?
-      request = pi.input.line_buffer
-
-      # Analyze request to determine if it should be processed as opcodes or asm.
-      straight_hex = /^[a-fA-F0-9\s]+$/
-      hex_esc_strings = /\\x[\da-fA-F]{2}/
-      hex_comma_delim_w_dbl_qt = /"(?:[0-9a-fA-F]{2})",?/
-      hex_comma_delim_w_sng_qt = /'(?:[0-9a-fA-F]{2})',?/
-      hex_byte_array_as_str = /^\[\s*(?:"[0-9a-fA-F]{2}",\s*)*"[0-9a-fA-F]{2}"\s*\]$/
-
-      if request.match?(straight_hex) ||
-         request.match?(hex_esc_strings) ||
-         request.match?(hex_comma_delim_w_dbl_qt) ||
-         request.match?(hex_comma_delim_w_sng_qt) ||
-         request.match?(hex_byte_array_as_str)
-
-        response = PWN::Plugins::Assembly.opcodes_to_asm(
-          opcodes: request,
-          opcodes_always_strings_obj: true
-        )
-      else
-        response = PWN::Plugins::Assembly.asm_to_opcodes(asm: request)
-      end
-      puts "\001\e[31m\002#{response}\001\e[0m\002"
-    end
-  end
-
-  Pry.config.hooks.add_hook(:after_read, :pwn_ai_hook) do |request, pi|
-    if pi.config.pwn_ai && !request.chomp.empty?
-      request = pi.input.line_buffer.to_s
-      debug = pi.config.pwn_ai_debug
-      ai_key = pi.config.pwn_ai_key
-      ai_key ||= ''
-      if ai_key.empty?
-        ai_key = PWN::Plugins::AuthenticationHelper.mask_password(
-          prompt: 'OpenAI API Key'
-        )
-        pi.config.pwn_ai_key = ai_key
-      end
-
-      response_history = pi.config.pwn_ai_response_history
-      speak_answer = pi.config.pwn_ai_speak
-      response = PWN::Plugins::OpenAI.chat(
-        token: ai_key,
-        request: request.chomp,
-        temp: 1,
-        response_history: response_history,
-        speak_answer: speak_answer
-      )
-      last_response = response[:choices].last[:content]
-      puts "\n\001\e[32m\002#{last_response}\001\e[0m\002\n\n"
-
-      response_history = {
-        id: response[:id],
-        object: response[:object],
-        model: response[:model],
-        usage: response[:usage]
-      }
-      response_history[:choices] ||= response[:choices]
-
-      if debug
-        puts 'DEBUG: response_history => '
-        pp response_history
-        puts "\nresponse_history[:choices] Length: #{response_history[:choices].length}\n" unless response_history.nil?
-      end
-      pi.config.pwn_ai_response_history = response_history
-    end
-  end
-
-  # Define PS1 Prompt
-  Pry.config.pwn_repl_line = 0
-  Pry.config.prompt_name = :pwn
-  arrow_ps1_proc = refresh_ps1_proc
-  splat_ps1_proc = refresh_ps1_proc(mode: :splat)
-  prompt_ps1 = [arrow_ps1_proc, splat_ps1_proc]
-  prompt = Pry::Prompt.new(
-    :pwn,
-    'PWN Prototyping REPL',
-    prompt_ps1
-  )
-
-  # Start PWN REPL
   pwn_pid = Process.pid
-  Pry.start(
-    self,
-    prompt: prompt
-  )
+  PWN::Plugins::REPL.start(opts)
 rescue StandardError => e
   raise e
 ensure
-  proc_list_arr = PWN::Plugins::PS.list
+  ps_list_arr = PWN::Plugins::PS.list
 
-  kid_pids_arr = proc_list_arr.select { |proc_line| proc_line[3] == pwn_pid.to_s }
+  kid_pids_arr = ps_list_arr.select { |ps_line| ps_line[3] == pwn_pid.to_s }
   # pp kid_pids_arr
 
   grandkid_pids_arr = []
   kid_pids_arr.each do |kid_pid|
-    gk_arr = proc_list_arr.select { |proc_line| proc_line[3] == kid_pid[2] }
+    gk_arr = ps_list_arr.select { |ps_line| ps_line[3] == kid_pid[2] }
     gk_arr.each { |gk| grandkid_pids_arr.push(gk) }
   end
   # pp grandkid_pids_arr
 
-  cleanup_pids(pids_arr: grandkid_pids_arr)
-  cleanup_pids(pids_arr: kid_pids_arr)
+  PWN::Plugins::PS.cleanup_pids(pids_arr: grandkid_pids_arr)
+  PWN::Plugins::PS.cleanup_pids(pids_arr: kid_pids_arr)
 end

data/lib/pwn/plugins/monkey_patch.rb

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+
+module PWN
+  module Plugins
+    # This module provides the abilty to centralize monkey patches used in PWN
+    module MonkeyPatch
+      # Supported Method Parameters::
+      # PWN::Plugins::MonkeyPatch.pry
+
+      public_class_method def self.pry
+        # Overwrite Pry::History.push method in History class
+        # to get duplicate history entries in order to properly
+        # replay automation in this prototyping driver
+        Pry::History.class_eval do
+          def push(line)
+            return line if line.empty? || invalid_readline_line?(line)
+
+            begin
+              last_line = @history[-1]
+            rescue IndexError
+              last_line = nil
+            end
+
+            @history << line
+            @history_line_count += 1
+            @saver.call(line) if !should_ignore?(line) &&
+                                 Pry.config.history_save
+
+            line
+          end
+          alias << push
+        end
+
+        Pry.class_eval do
+          def handle_line(line, options)
+            if line.nil?
+              config.control_d_handler.call(self)
+              return
+            end
+
+            ensure_correct_encoding!(line)
+            Pry.history << line unless options[:generated]
+
+            @suppress_output = false
+            inject_sticky_locals!
+            begin
+              # unless process_command_safely(line)
+              unless process_command_safely(line) && (
+                       line.empty? || @eval_string.empty?
+                     )
+                # @eval_string += "#{line.chomp}\n" if !line.empty? || !@eval_string.empty?
+                @eval_string += "#{line.chomp}\n"
+              end
+            rescue RescuableException => e
+              self.last_exception = e
+              result = e
+
+              Pry.critical_section do
+                show_result(result)
+              end
+              return
+            end
+
+            # This hook is supposed to be executed after each line of ruby code
+            # has been read (regardless of whether eval_string is yet a complete expression)
+            exec_hook :after_read, eval_string, self
+
+            begin
+              complete_expr = true if config.pwn_ai || config.pwn_asm
+              complete_expr = Pry::Code.complete_expression?(@eval_string) unless config.pwn_ai || config.pwn_asm
+            rescue SyntaxError => e
+              output.puts e.message.gsub(/^.*syntax error, */, 'SyntaxError: ')
+              reset_eval_string
+            end
+
+            if complete_expr
+              @suppress_output = true if @eval_string =~ /;\Z/ ||
+                                         @eval_string.empty? ||
+                                         @eval_string =~ /\A *#.*\n\z/ ||
+                                         config.pwn_ai ||
+                                         config.pwn_asm
+
+              # A bug in jruby makes java.lang.Exception not rescued by
+              # `rescue Pry::RescuableException` clause.
+              #
+              # * https://github.com/pry/pry/issues/854
+              # * https://jira.codehaus.org/browse/JRUBY-7100
+              #
+              # Until that gets fixed upstream, treat java.lang.Exception
+              # as an additional exception to be rescued explicitly.
+              #
+              # This workaround has a side effect: java exceptions specified
+              # in `Pry.config.unrescued_exceptions` are ignored.
+              jruby_exceptions = []
+              jruby_exceptions << Java::JavaLang::Exception if Pry::Helpers::Platform.jruby?
+
+              begin
+                # Reset eval string, in case we're evaluating Ruby that does something
+                # like open a nested REPL on this instance.
+                eval_string = @eval_string
+                reset_eval_string
+
+                result = evaluate_ruby(eval_string) unless config.pwn_ai ||
+                                                           config.pwn_asm
+
+                result = eval_string if config.pwn_ai ||
+                                        config.pwn_asm
+              rescue RescuableException, *jruby_exceptions => e
+                # Eliminate following warning:
+                # warning: singleton on non-persistent Java type X
+                # (http://wiki.jruby.org/Persistence)
+                e.class.__persistent__ = true if Helpers::Platform.jruby? && e.class.respond_to?('__persistent__')
+                self.last_exception = e
+                result = e
+              end
+
+              Pry.critical_section do
+                show_result(result)
+              end
+            end
+
+            throw(:breakout) if current_binding.nil?
+          end
+
+          # Ensure the return value in pwn_ai mode reflects the input
+          def evaluate_ruby(code)
+            # if config.pwn_ai || config.pwn_asm
+            #   result = message = code.to_s
+            #   return
+            # end
+            inject_sticky_locals!
+            exec_hook :before_eval, code, self
+
+            result = current_binding.eval(code, Pry.eval_path, Pry.current_line)
+            set_last_result(result, code)
+          ensure
+            update_input_history(code)
+            exec_hook :after_eval, result, self
+          end
+        end
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          #{self}.pry
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/plugins/ps.rb

@@ -47,6 +47,23 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # PWN::Plugins::PS.cleanup_pids(
+      #   pids_arr: 'required - array of pids to kill'
+      # )
+      public_class_method def self.cleanup_pids(opts = {})
+        pids_arr = opts[:pids_arr]
+
+        pids_arr.each do |pid_line|
+          pid = pid_line[2].to_i
+          Process.kill('TERM', pid)
+        rescue Errno::ESRCH
+          next
+        end
+      rescue StandardError => e
+        raise e
+      end
+
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
 
       public_class_method def self.authors
@@ -61,6 +78,10 @@ module PWN
         puts "USAGE:
           proc_list_arr = #{self}.list
 
+          #{self}.cleanup_pids(
+            pids_arr: 'required - array of pids to kill'
+          )
+
           #{self}.authors
         "
       end

data/lib/pwn/plugins/repl.rb

@@ -0,0 +1,317 @@
+# frozen_string_literal: true
+
+require 'pry'
+require 'tty-prompt'
+require 'yaml'
+
+module PWN
+  module Plugins
+    # This module contains methods related to the pwn REPL Driver.
+    module REPL
+      # Supported Method Parameters::
+      # PWN::Plugins::REPL.refresh_ps1_proc(
+      #   mode: 'required - :splat or nil'
+      # )
+
+      public_class_method def self.refresh_ps1_proc(opts = {})
+        mode = opts[:mode]
+
+        proc do |_target_self, _nest_level, pi|
+          pi.config.pwn_repl_line += 1
+          line_pad = format(
+            '%0.3d',
+            pi.config.pwn_repl_line
+          )
+
+          pi.config.prompt_name = :pwn
+          name = "\001\e[1m\002\001\e[31m\002#{pi.config.prompt_name}\001\e[0m\002"
+          version = "\001\e[36m\002v#{PWN::VERSION}\001\e[0m\002"
+          line_count = "\001\e[34m\002#{line_pad}\001\e[0m\002"
+          dchars = "\001\e[32m\002>>>\001\e[0m\002"
+          dchars = "\001\e[33m\002***\001\e[0m\002" if mode == :splat
+
+          if pi.config.pwn_asm
+            pi.config.prompt_name = 'pwn.asm'
+            name = "\001\e[1m\002\001\e[37m\002#{pi.config.prompt_name}\001\e[0m\002"
+            dchars = "\001\e[32m\002>>>\001\e[33m\002"
+            dchars = "\001\e[33m\002***\001\e[33m\002" if mode == :splat
+          end
+
+          if pi.config.pwn_ai
+            pi.config.prompt_name = 'pwn.ai'
+            pi.config.prompt_name = 'pwn.ai.SPEAKING' if pi.config.pwn_ai_speak
+            name = "\001\e[1m\002\001\e[33m\002#{pi.config.prompt_name}\001\e[0m\002"
+            dchars = "\001\e[32m\002>>>\001\e[33m\002"
+            dchars = "\001\e[33m\002***\001\e[33m\002" if mode == :splat
+            if pi.config.pwn_ai_debug
+              dchars = "\001\e[32m\002(DEBUG) >>>\001\e[33m\002"
+              dchars = "\001\e[33m\002(DEBUG) ***\001\e[33m\002" if mode == :splat
+            end
+          end
+
+          "#{name}[#{version}]:#{line_count} #{dchars} ".to_s.scrub
+        end
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::REPL.add_commands
+
+      public_class_method def self.add_commands
+        # Define Custom REPL Commands
+        Pry::Commands.create_command 'welcome-banner' do
+          description 'Display the random welcome banner, including basic usage.'
+
+          def process
+            puts PWN::Banner.welcome
+          end
+        end
+
+        Pry::Commands.create_command 'toggle-pager' do
+          description 'Toggle less on returned objects surpassing the terminal.'
+
+          def process
+            pi = pry_instance
+            pi.config.pager ? pi.config.pager = false : pi.config.pager = true
+          end
+        end
+
+        #  class PWNCompleter < Pry::InputCompleter
+        #    def call(input)
+        #    end
+        #  end
+
+        Pry::Commands.create_command 'pwn-asm' do
+          description 'Initiate pwn.asm shell.'
+
+          def process
+            pi = pry_instance
+            pi.config.pwn_asm = true
+            pi.custom_completions = proc do
+              prompt = TTY::Prompt.new
+              [pi.input.line_buffer]
+              # prompt.select(pi.input.line_buffer)
+            end
+          end
+        end
+
+        Pry::Commands.create_command 'pwn-ai' do
+          description 'Initiate pwn.ai chat interface.'
+
+          def process
+            pi = pry_instance
+            pi.config.pwn_ai = true
+            pi.config.color = false if pi.config.pwn_ai
+            pi.config.color = true unless pi.config.pwn_ai
+          end
+        end
+
+        Pry::Commands.create_command 'toggle-pwn-ai-debug' do
+          description 'Display the response_history object while using pwn.ai'
+
+          def process
+            pi = pry_instance
+            pi.config.pwn_ai_debug ? pi.config.pwn_ai_debug = false : pi.config.pwn_ai_debug = true
+          end
+        end
+
+        Pry::Commands.create_command 'toggle-pwn-ai-speaks' do
+          description 'Use speech capabilities within pwn.ai to speak answers.'
+
+          def process
+            pi = pry_instance
+            pi.config.pwn_ai_speak ? pi.config.pwn_ai_speak = false : pi.config.pwn_ai_speak = true
+          end
+        end
+
+        Pry::Commands.create_command 'back' do
+          description 'Jump back to pwn REPL when in pwn-asm || pwn-ai.'
+
+          def process
+            pi = pry_instance
+            pi.config.pwn_asm = false if pi.config.pwn_asm
+            pi.config.pwn_ai = false if pi.config.pwn_ai
+            pi.config.pwn_ai_debug = false if pi.config.pwn_ai_debug
+            pi.config.pwn_ai_speak = false if pi.config.pwn_ai_speak
+            pi.config.completer = Pry::InputCompleter
+          end
+        end
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::REPL.add_hooks(
+      #   opts: 'required - Hash object passed in via pwn OptParser'
+      # )
+
+      public_class_method def self.add_hooks(opts = {})
+        # Define REPL Hooks
+        # Welcome Banner Hook
+        Pry.config.hooks.add_hook(:before_session, :welcome) do |output, _binding, _pi|
+          output.puts PWN::Banner.welcome
+        end
+
+        # pwn.ai Hooks
+        Pry.config.hooks.add_hook(:before_session, :init_opts) do |_output, _binding, pi|
+          if opts[:yaml_config_path] && File.exist?(opts[:yaml_config_path])
+            yaml_config_path = opts[:yaml_config_path]
+            is_encrypted = PWN::Plugins::Vault.file_encrypted?(file: yaml_config_path)
+
+            if is_encrypted
+              # TODO: Implement "something you know, something you have, && something you are?"
+              decryption_file = opts[:decryption_file] ||= "#{Dir.home}/pwn.decryptor.yaml"
+              yaml_decryptor = YAML.load_file(decryption_file, symbolize_names: true) if File.exist?(decryption_file)
+
+              key = opts[:key] ||= yaml_decryptor[:key] ||= ENV.fetch('PWN_DECRYPTOR_KEY')
+              key = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'Decryption Key') if key.nil?
+
+              iv = opts[:iv] ||= yaml_decryptor[:iv] ||= ENV.fetch('PWN_DECRYPTOR_IV')
+              iv = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'Decryption IV') if iv.nil?
+
+              decrypted_yaml_config = PWN::Plugins::Vault.dump(
+                file: yaml_config_path,
+                key: key,
+                iv: iv
+              )
+              yaml_config = YAML.load(decrypted_yaml_config, symbolize_names: true)
+            else
+              yaml_config = YAML.load_file(yaml_config_path, symbolize_names: true)
+            end
+
+            pi.config.pwn_ai_key = yaml_config[:ai_key]
+            Pry.config.pwn_ai_key = pi.config.pwn_ai_key
+          end
+        end
+
+        Pry.config.hooks.add_hook(:after_read, :pwn_asm_hook) do |request, pi|
+          if pi.config.pwn_asm && !request.chomp.empty?
+            request = pi.input.line_buffer
+
+            # Analyze request to determine if it should be processed as opcodes or asm.
+            straight_hex = /^[a-fA-F0-9\s]+$/
+            hex_esc_strings = /\\x[\da-fA-F]{2}/
+            hex_comma_delim_w_dbl_qt = /"(?:[0-9a-fA-F]{2})",?/
+            hex_comma_delim_w_sng_qt = /'(?:[0-9a-fA-F]{2})',?/
+            hex_byte_array_as_str = /^\[\s*(?:"[0-9a-fA-F]{2}",\s*)*"[0-9a-fA-F]{2}"\s*\]$/
+
+            if request.match?(straight_hex) ||
+               request.match?(hex_esc_strings) ||
+               request.match?(hex_comma_delim_w_dbl_qt) ||
+               request.match?(hex_comma_delim_w_sng_qt) ||
+               request.match?(hex_byte_array_as_str)
+
+              response = PWN::Plugins::Assembly.opcodes_to_asm(
+                opcodes: request,
+                opcodes_always_strings_obj: true
+              )
+            else
+              response = PWN::Plugins::Assembly.asm_to_opcodes(asm: request)
+            end
+            puts "\001\e[31m\002#{response}\001\e[0m\002"
+          end
+        end
+
+        Pry.config.hooks.add_hook(:after_read, :pwn_ai_hook) do |request, pi|
+          if pi.config.pwn_ai && !request.chomp.empty?
+            request = pi.input.line_buffer.to_s
+            debug = pi.config.pwn_ai_debug
+            ai_key = pi.config.pwn_ai_key
+            ai_key ||= ''
+            if ai_key.empty?
+              ai_key = PWN::Plugins::AuthenticationHelper.mask_password(
+                prompt: 'OpenAI API Key'
+              )
+              pi.config.pwn_ai_key = ai_key
+            end
+
+            response_history = pi.config.pwn_ai_response_history
+            speak_answer = pi.config.pwn_ai_speak
+            response = PWN::Plugins::OpenAI.chat(
+              token: ai_key,
+              request: request.chomp,
+              temp: 1,
+              response_history: response_history,
+              speak_answer: speak_answer
+            )
+            last_response = response[:choices].last[:content]
+            puts "\n\001\e[32m\002#{last_response}\001\e[0m\002\n\n"
+
+            response_history = {
+              id: response[:id],
+              object: response[:object],
+              model: response[:model],
+              usage: response[:usage]
+            }
+            response_history[:choices] ||= response[:choices]
+
+            if debug
+              puts 'DEBUG: response_history => '
+              pp response_history
+              puts "\nresponse_history[:choices] Length: #{response_history[:choices].length}\n" unless response_history.nil?
+            end
+            pi.config.pwn_ai_response_history = response_history
+          end
+        end
+      rescue StandardError => e
+        raise e
+      end
+
+      # Supported Method Parameters::
+      # PWN::Plugins::REPL.start(
+      #   opts: 'required - Hash object passed in via pwn OptParser'
+      # )
+
+      public_class_method def self.start(opts = {})
+        # Monkey Patch Pry, add commands, && hooks
+        PWN::Plugins::MonkeyPatch.pry
+        add_commands
+        add_hooks(opts)
+
+        # Define PS1 Prompt
+        Pry.config.pwn_repl_line = 0
+        Pry.config.prompt_name = :pwn
+        arrow_ps1_proc = refresh_ps1_proc
+        splat_ps1_proc = refresh_ps1_proc(mode: :splat)
+        ps1 = [arrow_ps1_proc, splat_ps1_proc]
+        prompt = Pry::Prompt.new(:pwn, 'PWN Prototyping REPL', ps1)
+
+        # Start PWN REPL
+        Pry.start(self, prompt: prompt)
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          #{self}.refresh_ps1_proc(
+            mode: 'required - :splat or nil'
+          )
+
+          #{self}.add_commands
+
+          #{self}.add_hooks(
+            opts: 'required - Hash object passed in via pwn OptParser'
+          )
+
+          #{self}.start(
+            opts: 'required - Hash object passed in via pwn OptParser'
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/plugins/vault.rb

@@ -184,6 +184,21 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # PWN::Plugins::Vault.file_encrypted?(
+      #   file: 'required - file to check if encrypted'
+      # )
+      public_class_method def self.file_encrypted?(opts = {})
+        file = opts[:file].to_s.scrub if File.exist?(opts[:file].to_s.scrub)
+
+        raise 'ERROR: File does not exist.' unless File.exist?(file)
+
+        file_contents = File.read(file)
+        file_contents.is_a?(String) && Base64.strict_encode64(Base64.strict_decode64(file_contents)) == file_contents
+      rescue StandardError => e
+        raise e
+      end
+
       # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
 
       public_class_method def self.authors
@@ -231,6 +246,10 @@ module PWN
             iv: 'required - iv to decrypt'
           )
 
+          #{self}.file_encrypted?(
+            file: 'required - file to check if encrypted'
+          )
+
           #{self}.authors
         "
       end

data/lib/pwn/plugins.rb

@@ -37,6 +37,7 @@ module PWN
     autoload :Log, 'pwn/plugins/log'
     autoload :MailAgent, 'pwn/plugins/mail_agent'
     autoload :Metasploit, 'pwn/plugins/metasploit'
+    autoload :MonkeyPatch, 'pwn/plugins/monkey_patch'
     autoload :MSR206, 'pwn/plugins/msr206'
     autoload :NessusCloud, 'pwn/plugins/nessus_cloud'
     autoload :NexposeVulnScan, 'pwn/plugins/nexpose_vuln_scan'
@@ -52,6 +53,7 @@ module PWN
     autoload :Pony, 'pwn/plugins/pony'
     autoload :PS, 'pwn/plugins/ps'
     autoload :RabbitMQ, 'pwn/plugins/rabbit_mq'
+    autoload :REPL, 'pwn/plugins/repl'
     autoload :RFIDler, 'pwn/plugins/rfidler'
     autoload :ScannableCodes, 'pwn/plugins/scannable_codes'
     autoload :Serial, 'pwn/plugins/serial'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.66'
+  VERSION = '0.5.68'
 end

data/spec/lib/pwn/plugins/monkey_patch_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Plugins::MonkeyPatch do
+  it 'should display information for authors' do
+    authors_response = PWN::Plugins::MonkeyPatch
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Plugins::MonkeyPatch
+    expect(help_response).to respond_to :help
+  end
+end

data/spec/lib/pwn/plugins/repl_spec.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::Plugins::REPL do
+  it 'should display information for authors' do
+    authors_response = PWN::Plugins::REPL
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::Plugins::REPL
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.66
+  version: 0.5.68
 platform: ruby
 authors:
 - 0day Inc.
@@ -534,14 +534,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.4.0.1
+        version: 0.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.4.0.1
+        version: 0.5.0
 - !ruby/object:Gem::Dependency
   name: nexpose
   requirement: !ruby/object:Gem::Requirement
@@ -1767,6 +1767,7 @@ files:
 - lib/pwn/plugins/log.rb
 - lib/pwn/plugins/mail_agent.rb
 - lib/pwn/plugins/metasploit.rb
+- lib/pwn/plugins/monkey_patch.rb
 - lib/pwn/plugins/msr206.rb
 - lib/pwn/plugins/nessus_cloud.rb
 - lib/pwn/plugins/nexpose_vuln_scan.rb
@@ -1783,6 +1784,7 @@ files:
 - lib/pwn/plugins/ps.rb
 - lib/pwn/plugins/pwn_logger.rb
 - lib/pwn/plugins/rabbit_mq.rb
+- lib/pwn/plugins/repl.rb
 - lib/pwn/plugins/rfidler.rb
 - lib/pwn/plugins/scannable_codes.rb
 - lib/pwn/plugins/serial.rb
@@ -2094,6 +2096,7 @@ files:
 - spec/lib/pwn/plugins/log_spec.rb
 - spec/lib/pwn/plugins/mail_agent_spec.rb
 - spec/lib/pwn/plugins/metasploit_spec.rb
+- spec/lib/pwn/plugins/monkey_patch_spec.rb
 - spec/lib/pwn/plugins/msr206_spec.rb
 - spec/lib/pwn/plugins/nessus_cloud_spec.rb
 - spec/lib/pwn/plugins/nexpose_vuln_scan_spec.rb
@@ -2110,6 +2113,7 @@ files:
 - spec/lib/pwn/plugins/ps_spec.rb
 - spec/lib/pwn/plugins/pwn_logger_spec.rb
 - spec/lib/pwn/plugins/rabbit_mq_spec.rb
+- spec/lib/pwn/plugins/repl_spec.rb
 - spec/lib/pwn/plugins/rfidler_spec.rb
 - spec/lib/pwn/plugins/scannable_codes_spec.rb
 - spec/lib/pwn/plugins/serial_spec.rb