pwn 0.5.76 → 0.5.77

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +3 -3
  3. data/README.md +3 -3
  4. data/bin/pwn_defectdojo_importscan +12 -0
  5. data/lib/pwn/plugins/defect_dojo.rb +15 -0
  6. data/lib/pwn/version.rb +1 -1
  7. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6341c999a95a8ef1867905f07a60fd054d0ad217912b5b50dbafa1d42c8c1aa9
4
- data.tar.gz: dc476c26b6f833f7c78850e8a32f9ad5b68cb36f0110ca5b739b2d5e8a690a55
3
+ metadata.gz: 785ee96770cdafec2335a97bebd6ead037c1e101e71034a42ac7a2b2d9e1ad3f
4
+ data.tar.gz: ec5131e73e7880531e0eb1c7c3d61ba0736c0f8f1f65756a61d9deaf59dc458a
5
5
  SHA512:
6
- metadata.gz: 30126968532893656b7d1db6bd1afb32a46b59831d9156fe7d1b4eaa317609b5c8e5a268e468ab4c7bc922b0731049485db14a703d24f958c600c6da564d77d3
7
- data.tar.gz: a6a8d6b2d84a71bf9730885b1a7b1c2d746d1e6ac8c22183e089f03260cc57eeed8ed79f619093e11e087c4267dd3ca113fd9175bc9837d685c4b6795ea099e0
6
+ metadata.gz: b35076b724a522bd1ea40981ce5d37f1454162b64ba2120217e6b19f26856d8eacb1457032179148a136c375809dd09b7fad4348169e1a8cce8381f6bfe154ae
7
+ data.tar.gz: 0db05cecffa1a616df0dfc49d7b78e13f2f25099b350f31e24b2f69d534c876490df424b8ab9b7a63de249b0103e34bac58fd8df39c58ca8b41902cb10514978
data/Gemfile CHANGED
@@ -26,7 +26,7 @@ gem 'colorize', '1.1.0'
26
26
  gem 'credit_card_validations', '6.1.0'
27
27
  gem 'eventmachine', '1.2.7'
28
28
  gem 'executable-hooks', '1.7.1'
29
- gem 'faker', '3.3.0'
29
+ gem 'faker', '3.3.1'
30
30
  gem 'faye-websocket', '0.11.3'
31
31
  gem 'ffi', '1.16.3'
32
32
  gem 'fftw3', '0.3'
@@ -63,7 +63,7 @@ gem 'pdf-reader', '2.12.0'
63
63
  gem 'pg', '1.5.6'
64
64
  gem 'pry', '0.14.2'
65
65
  gem 'pry-doc', '1.5.0'
66
- gem 'rake', '13.1.0'
66
+ gem 'rake', '13.2.0'
67
67
  gem 'rb-readline', '0.5.5'
68
68
  gem 'rbvmomi', '3.0.0'
69
69
  gem 'rdoc', '6.6.3.1'
@@ -75,7 +75,7 @@ gem 'rspec', '3.13.0'
75
75
  gem 'rtesseract', '3.1.3'
76
76
  gem 'rubocop', '1.62.1'
77
77
  gem 'rubocop-rake', '0.6.0'
78
- gem 'rubocop-rspec', '2.27.1'
78
+ gem 'rubocop-rspec', '2.28.0'
79
79
  gem 'ruby-audio', '1.6.1'
80
80
  gem 'ruby-nmap', '1.0.3'
81
81
  gem 'ruby-saml', '1.16.0'
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
37
37
  $ ./install.sh
38
38
  $ ./install.sh ruby-gem
39
39
  $ pwn
40
- pwn[v0.5.76]:001 >>> PWN.help
40
+ pwn[v0.5.77]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.5.76]:001 >>> PWN.help
55
+ pwn[v0.5.77]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
  If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
62
62
  $ rvmsudo gem uninstall --all --executables pwn
63
63
  $ rvmsudo gem install --verbose pwn
64
64
  $ pwn
65
- pwn[v0.5.76]:001 >>> PWN.help
65
+ pwn[v0.5.77]:001 >>> PWN.help
66
66
  ```
67
67
 
68
68
  PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
data/bin/pwn_defectdojo_importscan CHANGED
@@ -38,6 +38,10 @@ OptionParser.new do |options|
38
38
  opts[:file] = f
39
39
  end
40
40
 
41
+ options.on('-TNAME', '--test-title=NAME', '<Optional - name of test to associate w/ scan type (Defaults to --scan-type value>') do |t|
42
+ opts[:test_title] = t
43
+ end
44
+
41
45
  options.on('-lUSER', '--lead-username=USER', '<Optional - username of lead to tie to engagement (Defaults to username)>') do |l|
42
46
  opts[:lead_username] = l
43
47
  end
@@ -58,6 +62,10 @@ OptionParser.new do |options|
58
62
  opts[:verified] = v
59
63
  end
60
64
 
65
+ options.on('-G', '--group-by', '<Optional - group findings by "component_name" || "component_name+component_version" || "file_path" || "finding_title" (defaults to nil)') do |g|
66
+ opts[:group_by] = g
67
+ end
68
+
61
69
  options.on('-g', '--create-finding-groups', '<Optional - group similar findings into one finding (defaults to false)') do |g|
62
70
  opts[:create_finding_groups] = g
63
71
  end
@@ -91,10 +99,12 @@ engagement_name = opts[:engagement_name]
91
99
  scan_type = opts[:scan_type]
92
100
  file = opts[:file]
93
101
  opts[:lead_username] ? (lead_username = opts[:lead_username]) : (lead_username = username)
102
+ test_title = opts[:test_title]
94
103
  tags = opts[:tags]
95
104
  minimum_severity = opts[:minimum_severity]
96
105
  scan_date = opts[:scan_date]
97
106
  verified = opts[:verified]
107
+ group_by = opts[:group_by]
98
108
  create_findings_groups = opts[:create_finding_groups]
99
109
  close_old_findings_product_scope = opts[:close_old_findings_product_scope]
100
110
  close_old_findings = opts[:close_old_findings]
@@ -113,11 +123,13 @@ begin
113
123
  engagement_name: engagement_name,
114
124
  scan_type: scan_type,
115
125
  file: file,
126
+ test_title: test_title,
116
127
  lead_username: lead_username,
117
128
  tags: tags,
118
129
  minimum_severity: minimum_severity,
119
130
  scan_date: scan_date,
120
131
  verified: verified,
132
+ group_by: group_by,
121
133
  create_findings_groups: create_findings_groups,
122
134
  close_old_findings_product_scope: close_old_findings_product_scope,
123
135
  close_old_findings: close_old_findings,
data/lib/pwn/plugins/defect_dojo.rb CHANGED
@@ -432,6 +432,8 @@ module PWN
432
432
  http_body[:multipart] = true
433
433
  http_body[:file] = File.new(opts[:file].to_s.strip.chomp.scrub, 'rb') if File.exist?(opts[:file].to_s.strip.chomp.scrub)
434
434
 
435
+ http_body[:test_title] = opts[:test_title]
436
+
435
437
  # Ok lets determine the resource_uri for the lead username
436
438
  lead_username = opts[:lead_username].to_s.strip.chomp.scrub
437
439
  user_list = self.user_list(dd_obj: dd_obj)
@@ -469,6 +471,19 @@ module PWN
469
471
  # Defaults to false
470
472
  opts[:verified] ? (http_body[:verified] = true) : (http_body[:verified] = false)
471
473
 
474
+ valid_group_by = %w[
475
+ component_name
476
+ component_name+compoent_version
477
+ file_path
478
+ finding_title
479
+ ]
480
+
481
+ group_by = opts[:group_by]
482
+ # If group_by is set, ensure we have a valid group_by value
483
+ raise "ERROR: Invalid group_by value: #{group_by}. Options are 'product' or 'engagement'" unless valid_group_by.include?(group_by) || group_by.nil?
484
+
485
+ http_body[:group_by] = group_by if group_by
486
+
472
487
  opts[:create_finding_groups] ? (http_body[:create_finding_groups_for_all_findings] = true) : (http_body[:create_finding_groups_for_all_findings] = false)
473
488
 
474
489
  opts[:close_old_findings_product_scope] ? (http_body[:close_old_findings_product_scope] = true) : (http_body[:close_old_findings_product_scope] = false)
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.5.76'
4
+ VERSION = '0.5.77'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.76
4
+ version: 0.5.77
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-27 00:00:00.000000000 Z
11
+ date: 2024-04-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -212,14 +212,14 @@ dependencies:
212
212
  requirements:
213
213
  - - '='
214
214
  - !ruby/object:Gem::Version
215
- version: 3.3.0
215
+ version: 3.3.1
216
216
  type: :runtime
217
217
  prerelease: false
218
218
  version_requirements: !ruby/object:Gem::Requirement
219
219
  requirements:
220
220
  - - '='
221
221
  - !ruby/object:Gem::Version
222
- version: 3.3.0
222
+ version: 3.3.1
223
223
  - !ruby/object:Gem::Dependency
224
224
  name: faye-websocket
225
225
  requirement: !ruby/object:Gem::Requirement
@@ -716,14 +716,14 @@ dependencies:
716
716
  requirements:
717
717
  - - '='
718
718
  - !ruby/object:Gem::Version
719
- version: 13.1.0
719
+ version: 13.2.0
720
720
  type: :development
721
721
  prerelease: false
722
722
  version_requirements: !ruby/object:Gem::Requirement
723
723
  requirements:
724
724
  - - '='
725
725
  - !ruby/object:Gem::Version
726
- version: 13.1.0
726
+ version: 13.2.0
727
727
  - !ruby/object:Gem::Dependency
728
728
  name: rb-readline
729
729
  requirement: !ruby/object:Gem::Requirement
@@ -884,14 +884,14 @@ dependencies:
884
884
  requirements:
885
885
  - - '='
886
886
  - !ruby/object:Gem::Version
887
- version: 2.27.1
887
+ version: 2.28.0
888
888
  type: :runtime
889
889
  prerelease: false
890
890
  version_requirements: !ruby/object:Gem::Requirement
891
891
  requirements:
892
892
  - - '='
893
893
  - !ruby/object:Gem::Version
894
- version: 2.27.1
894
+ version: 2.28.0
895
895
  - !ruby/object:Gem::Dependency
896
896
  name: ruby-audio
897
897
  requirement: !ruby/object:Gem::Requirement