pwn 0.5.76 → 0.5.77
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +3 -3
- data/README.md +3 -3
- data/bin/pwn_defectdojo_importscan +12 -0
- data/lib/pwn/plugins/defect_dojo.rb +15 -0
- data/lib/pwn/version.rb +1 -1
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 785ee96770cdafec2335a97bebd6ead037c1e101e71034a42ac7a2b2d9e1ad3f
|
4
|
+
data.tar.gz: ec5131e73e7880531e0eb1c7c3d61ba0736c0f8f1f65756a61d9deaf59dc458a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b35076b724a522bd1ea40981ce5d37f1454162b64ba2120217e6b19f26856d8eacb1457032179148a136c375809dd09b7fad4348169e1a8cce8381f6bfe154ae
|
7
|
+
data.tar.gz: 0db05cecffa1a616df0dfc49d7b78e13f2f25099b350f31e24b2f69d534c876490df424b8ab9b7a63de249b0103e34bac58fd8df39c58ca8b41902cb10514978
|
data/Gemfile
CHANGED
@@ -26,7 +26,7 @@ gem 'colorize', '1.1.0'
|
|
26
26
|
gem 'credit_card_validations', '6.1.0'
|
27
27
|
gem 'eventmachine', '1.2.7'
|
28
28
|
gem 'executable-hooks', '1.7.1'
|
29
|
-
gem 'faker', '3.3.
|
29
|
+
gem 'faker', '3.3.1'
|
30
30
|
gem 'faye-websocket', '0.11.3'
|
31
31
|
gem 'ffi', '1.16.3'
|
32
32
|
gem 'fftw3', '0.3'
|
@@ -63,7 +63,7 @@ gem 'pdf-reader', '2.12.0'
|
|
63
63
|
gem 'pg', '1.5.6'
|
64
64
|
gem 'pry', '0.14.2'
|
65
65
|
gem 'pry-doc', '1.5.0'
|
66
|
-
gem 'rake', '13.
|
66
|
+
gem 'rake', '13.2.0'
|
67
67
|
gem 'rb-readline', '0.5.5'
|
68
68
|
gem 'rbvmomi', '3.0.0'
|
69
69
|
gem 'rdoc', '6.6.3.1'
|
@@ -75,7 +75,7 @@ gem 'rspec', '3.13.0'
|
|
75
75
|
gem 'rtesseract', '3.1.3'
|
76
76
|
gem 'rubocop', '1.62.1'
|
77
77
|
gem 'rubocop-rake', '0.6.0'
|
78
|
-
gem 'rubocop-rspec', '2.
|
78
|
+
gem 'rubocop-rspec', '2.28.0'
|
79
79
|
gem 'ruby-audio', '1.6.1'
|
80
80
|
gem 'ruby-nmap', '1.0.3'
|
81
81
|
gem 'ruby-saml', '1.16.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
37
37
|
$ ./install.sh
|
38
38
|
$ ./install.sh ruby-gem
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.5.
|
40
|
+
pwn[v0.5.77]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.5.
|
55
|
+
pwn[v0.5.77]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
64
64
|
$ pwn
|
65
|
-
pwn[v0.5.
|
65
|
+
pwn[v0.5.77]:001 >>> PWN.help
|
66
66
|
```
|
67
67
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
@@ -38,6 +38,10 @@ OptionParser.new do |options|
|
|
38
38
|
opts[:file] = f
|
39
39
|
end
|
40
40
|
|
41
|
+
options.on('-TNAME', '--test-title=NAME', '<Optional - name of test to associate w/ scan type (Defaults to --scan-type value>') do |t|
|
42
|
+
opts[:test_title] = t
|
43
|
+
end
|
44
|
+
|
41
45
|
options.on('-lUSER', '--lead-username=USER', '<Optional - username of lead to tie to engagement (Defaults to username)>') do |l|
|
42
46
|
opts[:lead_username] = l
|
43
47
|
end
|
@@ -58,6 +62,10 @@ OptionParser.new do |options|
|
|
58
62
|
opts[:verified] = v
|
59
63
|
end
|
60
64
|
|
65
|
+
options.on('-G', '--group-by', '<Optional - group findings by "component_name" || "component_name+component_version" || "file_path" || "finding_title" (defaults to nil)') do |g|
|
66
|
+
opts[:group_by] = g
|
67
|
+
end
|
68
|
+
|
61
69
|
options.on('-g', '--create-finding-groups', '<Optional - group similar findings into one finding (defaults to false)') do |g|
|
62
70
|
opts[:create_finding_groups] = g
|
63
71
|
end
|
@@ -91,10 +99,12 @@ engagement_name = opts[:engagement_name]
|
|
91
99
|
scan_type = opts[:scan_type]
|
92
100
|
file = opts[:file]
|
93
101
|
opts[:lead_username] ? (lead_username = opts[:lead_username]) : (lead_username = username)
|
102
|
+
test_title = opts[:test_title]
|
94
103
|
tags = opts[:tags]
|
95
104
|
minimum_severity = opts[:minimum_severity]
|
96
105
|
scan_date = opts[:scan_date]
|
97
106
|
verified = opts[:verified]
|
107
|
+
group_by = opts[:group_by]
|
98
108
|
create_findings_groups = opts[:create_finding_groups]
|
99
109
|
close_old_findings_product_scope = opts[:close_old_findings_product_scope]
|
100
110
|
close_old_findings = opts[:close_old_findings]
|
@@ -113,11 +123,13 @@ begin
|
|
113
123
|
engagement_name: engagement_name,
|
114
124
|
scan_type: scan_type,
|
115
125
|
file: file,
|
126
|
+
test_title: test_title,
|
116
127
|
lead_username: lead_username,
|
117
128
|
tags: tags,
|
118
129
|
minimum_severity: minimum_severity,
|
119
130
|
scan_date: scan_date,
|
120
131
|
verified: verified,
|
132
|
+
group_by: group_by,
|
121
133
|
create_findings_groups: create_findings_groups,
|
122
134
|
close_old_findings_product_scope: close_old_findings_product_scope,
|
123
135
|
close_old_findings: close_old_findings,
|
@@ -432,6 +432,8 @@ module PWN
|
|
432
432
|
http_body[:multipart] = true
|
433
433
|
http_body[:file] = File.new(opts[:file].to_s.strip.chomp.scrub, 'rb') if File.exist?(opts[:file].to_s.strip.chomp.scrub)
|
434
434
|
|
435
|
+
http_body[:test_title] = opts[:test_title]
|
436
|
+
|
435
437
|
# Ok lets determine the resource_uri for the lead username
|
436
438
|
lead_username = opts[:lead_username].to_s.strip.chomp.scrub
|
437
439
|
user_list = self.user_list(dd_obj: dd_obj)
|
@@ -469,6 +471,19 @@ module PWN
|
|
469
471
|
# Defaults to false
|
470
472
|
opts[:verified] ? (http_body[:verified] = true) : (http_body[:verified] = false)
|
471
473
|
|
474
|
+
valid_group_by = %w[
|
475
|
+
component_name
|
476
|
+
component_name+compoent_version
|
477
|
+
file_path
|
478
|
+
finding_title
|
479
|
+
]
|
480
|
+
|
481
|
+
group_by = opts[:group_by]
|
482
|
+
# If group_by is set, ensure we have a valid group_by value
|
483
|
+
raise "ERROR: Invalid group_by value: #{group_by}. Options are 'product' or 'engagement'" unless valid_group_by.include?(group_by) || group_by.nil?
|
484
|
+
|
485
|
+
http_body[:group_by] = group_by if group_by
|
486
|
+
|
472
487
|
opts[:create_finding_groups] ? (http_body[:create_finding_groups_for_all_findings] = true) : (http_body[:create_finding_groups_for_all_findings] = false)
|
473
488
|
|
474
489
|
opts[:close_old_findings_product_scope] ? (http_body[:close_old_findings_product_scope] = true) : (http_body[:close_old_findings_product_scope] = false)
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.77
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-03
|
11
|
+
date: 2024-04-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -212,14 +212,14 @@ dependencies:
|
|
212
212
|
requirements:
|
213
213
|
- - '='
|
214
214
|
- !ruby/object:Gem::Version
|
215
|
-
version: 3.3.
|
215
|
+
version: 3.3.1
|
216
216
|
type: :runtime
|
217
217
|
prerelease: false
|
218
218
|
version_requirements: !ruby/object:Gem::Requirement
|
219
219
|
requirements:
|
220
220
|
- - '='
|
221
221
|
- !ruby/object:Gem::Version
|
222
|
-
version: 3.3.
|
222
|
+
version: 3.3.1
|
223
223
|
- !ruby/object:Gem::Dependency
|
224
224
|
name: faye-websocket
|
225
225
|
requirement: !ruby/object:Gem::Requirement
|
@@ -716,14 +716,14 @@ dependencies:
|
|
716
716
|
requirements:
|
717
717
|
- - '='
|
718
718
|
- !ruby/object:Gem::Version
|
719
|
-
version: 13.
|
719
|
+
version: 13.2.0
|
720
720
|
type: :development
|
721
721
|
prerelease: false
|
722
722
|
version_requirements: !ruby/object:Gem::Requirement
|
723
723
|
requirements:
|
724
724
|
- - '='
|
725
725
|
- !ruby/object:Gem::Version
|
726
|
-
version: 13.
|
726
|
+
version: 13.2.0
|
727
727
|
- !ruby/object:Gem::Dependency
|
728
728
|
name: rb-readline
|
729
729
|
requirement: !ruby/object:Gem::Requirement
|
@@ -884,14 +884,14 @@ dependencies:
|
|
884
884
|
requirements:
|
885
885
|
- - '='
|
886
886
|
- !ruby/object:Gem::Version
|
887
|
-
version: 2.
|
887
|
+
version: 2.28.0
|
888
888
|
type: :runtime
|
889
889
|
prerelease: false
|
890
890
|
version_requirements: !ruby/object:Gem::Requirement
|
891
891
|
requirements:
|
892
892
|
- - '='
|
893
893
|
- !ruby/object:Gem::Version
|
894
|
-
version: 2.
|
894
|
+
version: 2.28.0
|
895
895
|
- !ruby/object:Gem::Dependency
|
896
896
|
name: ruby-audio
|
897
897
|
requirement: !ruby/object:Gem::Requirement
|