pwn 0.5.76 → 0.5.77

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6341c999a95a8ef1867905f07a60fd054d0ad217912b5b50dbafa1d42c8c1aa9
-  data.tar.gz: dc476c26b6f833f7c78850e8a32f9ad5b68cb36f0110ca5b739b2d5e8a690a55
+  metadata.gz: 785ee96770cdafec2335a97bebd6ead037c1e101e71034a42ac7a2b2d9e1ad3f
+  data.tar.gz: ec5131e73e7880531e0eb1c7c3d61ba0736c0f8f1f65756a61d9deaf59dc458a
 SHA512:
-  metadata.gz: 30126968532893656b7d1db6bd1afb32a46b59831d9156fe7d1b4eaa317609b5c8e5a268e468ab4c7bc922b0731049485db14a703d24f958c600c6da564d77d3
-  data.tar.gz: a6a8d6b2d84a71bf9730885b1a7b1c2d746d1e6ac8c22183e089f03260cc57eeed8ed79f619093e11e087c4267dd3ca113fd9175bc9837d685c4b6795ea099e0
+  metadata.gz: b35076b724a522bd1ea40981ce5d37f1454162b64ba2120217e6b19f26856d8eacb1457032179148a136c375809dd09b7fad4348169e1a8cce8381f6bfe154ae
+  data.tar.gz: 0db05cecffa1a616df0dfc49d7b78e13f2f25099b350f31e24b2f69d534c876490df424b8ab9b7a63de249b0103e34bac58fd8df39c58ca8b41902cb10514978

data/Gemfile

@@ -26,7 +26,7 @@ gem 'colorize', '1.1.0'
 gem 'credit_card_validations', '6.1.0'
 gem 'eventmachine', '1.2.7'
 gem 'executable-hooks', '1.7.1'
-gem 'faker', '3.3.0'
+gem 'faker', '3.3.1'
 gem 'faye-websocket', '0.11.3'
 gem 'ffi', '1.16.3'
 gem 'fftw3', '0.3'
@@ -63,7 +63,7 @@ gem 'pdf-reader', '2.12.0'
 gem 'pg', '1.5.6'
 gem 'pry', '0.14.2'
 gem 'pry-doc', '1.5.0'
-gem 'rake', '13.1.0'
+gem 'rake', '13.2.0'
 gem 'rb-readline', '0.5.5'
 gem 'rbvmomi', '3.0.0'
 gem 'rdoc', '6.6.3.1'
@@ -75,7 +75,7 @@ gem 'rspec', '3.13.0'
 gem 'rtesseract', '3.1.3'
 gem 'rubocop', '1.62.1'
 gem 'rubocop-rake', '0.6.0'
-gem 'rubocop-rspec', '2.27.1'
+gem 'rubocop-rspec', '2.28.0'
 gem 'ruby-audio', '1.6.1'
 gem 'ruby-nmap', '1.0.3'
 gem 'ruby-saml', '1.16.0'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.76]:001 >>> PWN.help
+pwn[v0.5.77]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.76]:001 >>> PWN.help
+pwn[v0.5.77]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.76]:001 >>> PWN.help
+pwn[v0.5.77]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_defectdojo_importscan

@@ -38,6 +38,10 @@ OptionParser.new do |options|
     opts[:file] = f
   end
 
+  options.on('-TNAME', '--test-title=NAME', '<Optional - name of test to associate w/ scan type (Defaults to --scan-type value>') do |t|
+    opts[:test_title] = t
+  end
+
   options.on('-lUSER', '--lead-username=USER', '<Optional - username of lead to tie to engagement (Defaults to username)>') do |l|
     opts[:lead_username] = l
   end
@@ -58,6 +62,10 @@ OptionParser.new do |options|
     opts[:verified] = v
   end
 
+  options.on('-G', '--group-by', '<Optional - group findings by "component_name" || "component_name+component_version" || "file_path" || "finding_title" (defaults to nil)') do |g|
+    opts[:group_by] = g
+  end
+
   options.on('-g', '--create-finding-groups', '<Optional - group similar findings into one finding (defaults to false)') do |g|
     opts[:create_finding_groups] = g
   end
@@ -91,10 +99,12 @@ engagement_name = opts[:engagement_name]
 scan_type = opts[:scan_type]
 file = opts[:file]
 opts[:lead_username] ? (lead_username = opts[:lead_username]) : (lead_username = username)
+test_title = opts[:test_title]
 tags = opts[:tags]
 minimum_severity = opts[:minimum_severity]
 scan_date = opts[:scan_date]
 verified = opts[:verified]
+group_by = opts[:group_by]
 create_findings_groups = opts[:create_finding_groups]
 close_old_findings_product_scope = opts[:close_old_findings_product_scope]
 close_old_findings = opts[:close_old_findings]
@@ -113,11 +123,13 @@ begin
     engagement_name: engagement_name,
     scan_type: scan_type,
     file: file,
+    test_title: test_title,
     lead_username: lead_username,
     tags: tags,
     minimum_severity: minimum_severity,
     scan_date: scan_date,
     verified: verified,
+    group_by: group_by,
     create_findings_groups: create_findings_groups,
     close_old_findings_product_scope: close_old_findings_product_scope,
     close_old_findings: close_old_findings,

data/lib/pwn/plugins/defect_dojo.rb

@@ -432,6 +432,8 @@ module PWN
         http_body[:multipart] = true
         http_body[:file] = File.new(opts[:file].to_s.strip.chomp.scrub, 'rb') if File.exist?(opts[:file].to_s.strip.chomp.scrub)
 
+        http_body[:test_title] = opts[:test_title]
+
         # Ok lets determine the resource_uri for the lead username
         lead_username = opts[:lead_username].to_s.strip.chomp.scrub
         user_list = self.user_list(dd_obj: dd_obj)
@@ -469,6 +471,19 @@ module PWN
         # Defaults to false
         opts[:verified] ? (http_body[:verified] = true) : (http_body[:verified] = false)
 
+        valid_group_by = %w[
+          component_name
+          component_name+compoent_version
+          file_path
+          finding_title
+        ]
+
+        group_by = opts[:group_by]
+        # If group_by is set, ensure we have a valid group_by value
+        raise "ERROR: Invalid group_by value: #{group_by}.  Options are 'product' or 'engagement'" unless valid_group_by.include?(group_by) || group_by.nil?
+
+        http_body[:group_by] = group_by if group_by
+
         opts[:create_finding_groups] ? (http_body[:create_finding_groups_for_all_findings] = true) : (http_body[:create_finding_groups_for_all_findings] = false)
 
         opts[:close_old_findings_product_scope] ? (http_body[:close_old_findings_product_scope] = true) : (http_body[:close_old_findings_product_scope] = false)

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.76'
+  VERSION = '0.5.77'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.76
+  version: 0.5.77
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-27 00:00:00.000000000 Z
+date: 2024-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -212,14 +212,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 3.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 3.3.1
 - !ruby/object:Gem::Dependency
   name: faye-websocket
   requirement: !ruby/object:Gem::Requirement
@@ -716,14 +716,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 13.1.0
+        version: 13.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 13.1.0
+        version: 13.2.0
 - !ruby/object:Gem::Dependency
   name: rb-readline
   requirement: !ruby/object:Gem::Requirement
@@ -884,14 +884,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.27.1
+        version: 2.28.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.27.1
+        version: 2.28.0
 - !ruby/object:Gem::Dependency
   name: ruby-audio
   requirement: !ruby/object:Gem::Requirement