pwn 0.4.741 → 0.4.742

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7d584af8d0758445720f5d35b48ce3f518f57c18fca496626ad5e170d1d4d6d6
-  data.tar.gz: 67695c0f58e76ac3ffee236312e2dcf45a2df36ef58f61f6a089bdd764e55641
+  metadata.gz: f03ccf5285b9493395a67e0b5b51843362dbfc39ba2326128beec08a9cae11e1
+  data.tar.gz: 48c793f00f5c0be3965bd431562bb8e8f30684b328dc9eced35ea920d745889b
 SHA512:
-  metadata.gz: e12c51833606be3cc64c6a492ab4bc1999299c71f4fe2d0071bfc5aba1d77404445b30ed156156eeee3203a9b287a787425e3624136b77b9acf451ba5ad4b773
-  data.tar.gz: 92ece1165b579ea8792122699d91d88f977945c4ea8e4d0a2f9095eca43c6d07b150bea49ec6edec280357c05d956cf4e76868ce9d707b37ba2393fa74d1fc3b
+  metadata.gz: 8a1516cc7f528b8775563dcfa0e835ac9764775b38b494da666bd2a9bcd86a7a7ac640c80a78fbd19a690645a9d9759dc48b3b346615f2222325f35d9c4f4572
+  data.tar.gz: 6b651741cecc34f0f23d3b0d6ec994dbabfba7febe50f3eec18b9d55f6d6f8c010dca588948b139d6affbc3b8433b63c81789b03c66d459f1dcc058f80f212cd

data/README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.741]:001 >>> PWN.help
+pwn[v0.4.742]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.741]:001 >>> PWN.help
+pwn[v0.4.742]:001 >>> PWN.help
 ```
 
 

data/bin/pwn_bdba_groups

@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+require 'optparse'
+require 'pwn'
+require 'yaml'
+
+opts = {}
+OptionParser.new do |options|
+  options.banner = "USAGE:
+    #{$PROGRAM_NAME} [opts]
+  "
+
+  options.on('-cCONFIG', '--config=CONFG', '<Required - Black Duck Binary Analysis YAML config>') do |c|
+    opts[:config] = c
+  end
+
+  options.on('-CGROUP', '--create=GROUP', '<Required - Black Duck Binary Analysis Group/Sub-Group to Create>') do |g|
+    opts[:group_name] = g
+  end
+
+  options.on('-pNAME', '--parent-group=NAME', '<Optional - Black Duck Binary Analysis Parent Group Name to Associate with Group>') do |p|
+    opts[:parent_group_name] = p
+  end
+end.parse!
+
+if opts.empty?
+  puts `#{$PROGRAM_NAME} --help`
+  exit 1
+end
+
+begin
+  pwn_provider = 'ruby-gem'
+  pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
+
+  config = opts[:config]
+  raise "ERROR: BDBA YAML Config File Not Found: #{config}" unless File.exist?(config)
+
+  yaml_config = YAML.load_file(config, symbolize_names: true)
+
+  token = yaml_config[:token]
+  raise "ERROR: BDBA Token Not Found: #{token}" if token.nil?
+
+  group_name = opts[:group_name]
+  raise "ERROR: BDBA Group Name Not Provided: #{group_name}" if group_name.nil?
+
+  parent_group_name = opts[:parent_group_name]
+
+  if parent_group_name
+    groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
+      token: token
+    )
+
+    parent_id = groups_resp[:data].find { |g| g[:name] == parent_group_name }[:id]
+  end
+
+  PWN::Plugins::BlackDuckBinaryAnalysis.create_group(
+    token: token,
+    name: group_name,
+    parent: parent_id
+  )
+rescue SystemExit, Interrupt
+  puts "\nGoodbye."
+rescue StandardError => e
+  raise e
+end

data/bin/pwn_bdba_scan

@@ -0,0 +1,105 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+require 'optparse'
+require 'pwn'
+require 'yaml'
+
+opts = {}
+OptionParser.new do |options|
+  options.banner = "USAGE:
+    #{$PROGRAM_NAME} [opts]
+  "
+
+  options.on('-cCONFIG', '--config=CONFG', '<Required - Black Duck Binary Analysis YAML config>') do |g|
+    opts[:config] = g
+  end
+
+  options.on('-pNAME', '--parent-group=NAME', '<Required - Black Duck Binary Analysis Parent Group Name to Associate with Binary Scan>') do |p|
+    opts[:parent_group_name] = p
+  end
+
+  options.on('-sFILE', '--scan=FILE', '<Required - File to Scan in Black Duck Binary Analysis>') do |f|
+    opts[:target_file] = f
+  end
+
+  options.on('-rPATH', '--report=PATH', '<Required - Path to Save Black Duck Binary Analysis Scan Report>') do |r|
+    opts[:report_path] = r
+  end
+
+  options.on('-tTYPE', '--report-type=TYPE', '<Optional - Black Duck Binary Analysis Scan Report Type csv_libs|csv_vulns|pdf (Default: csv_vulns)>') do |t|
+    opts[:report_type] = t
+  end
+end.parse!
+
+if opts.empty?
+  puts `#{$PROGRAM_NAME} --help`
+  exit 1
+end
+
+begin
+  pwn_provider = 'ruby-gem'
+  pwn_provider = ENV.fetch('PWN_PROVIDER') if ENV.keys.any? { |s| s == 'PWN_PROVIDER' }
+
+  config = opts[:config]
+  raise "ERROR: BDBA YAML Config File Not Found: #{config}" unless File.exist?(config)
+
+  yaml_config = YAML.load_file(config, symbolize_names: true)
+
+  token = yaml_config[:token]
+  raise "ERROR: BDBA Token Not Found: #{token}" if token.nil?
+
+  parent_group_name = opts[:parent_group_name]
+  raise "ERROR: BDBA Parent Group Name Not Provided: #{parent_group_name}" if parent_group_name.nil?
+
+  target_file = opts[:target_file]
+  raise "ERROR: BDBA Target File Not Found: #{target_file}" unless File.exist?(target_file)
+
+  report_path = opts[:report_path]
+  raise "ERROR: BDBA Report Path Not Provided: #{report_path}" if report_path.nil?
+
+  report_type_str = opts[:report_type] ||= 'csv_vulns'
+  report_type = report_type_str.to_s.to_sym
+
+  groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
+    token: token
+  )
+
+  parent_id = groups_resp[:data].find { |g| g[:name] == parent_group_name }[:id]
+
+  PWN::Plugins::BlackDuckBinaryAnalysis.upload_file(
+    token: token,
+    file: target_file,
+    group_id: parent_id
+  )
+
+  scan_progress_resp = {}
+  loop do
+    scan_progress_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_apps_by_group(
+      token: token,
+      group_id: parent_id
+    )
+
+    30.times do
+      print '.'
+      sleep 1
+    end
+
+    break if scan_progress_resp[:products].none? { |p| p[:status] == 'B' }
+  end
+
+  product_id = scan_progress_resp[:products].find { |p| p[:name] == File.basename(target_file) }[:product_id]
+
+  scan_report_resp = PWN::Plugins::BlackDuckBinaryAnalysis.generate_product_report(
+    token: token,
+    product_id: product_id,
+    type: report_type,
+    output_path: report_path
+  )
+
+  puts "Report Saved to: #{report_path}"
+rescue SystemExit, Interrupt
+  puts "\nGoodbye."
+rescue StandardError => e
+  raise e
+end

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.741'
+  VERSION = '0.4.742'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.741
+  version: 0.4.742
 platform: ruby
 authors:
 - 0day Inc.
@@ -1138,6 +1138,8 @@ executables:
 - pwn_android_war_dialer
 - pwn_autoinc_version
 - pwn_aws_describe_resources
+- pwn_bdba_groups
+- pwn_bdba_scan
 - pwn_burp_suite_pro_active_scan
 - pwn_char_base64_encoding
 - pwn_char_dec_encoding
@@ -1203,6 +1205,8 @@ files:
 - bin/pwn_android_war_dialer
 - bin/pwn_autoinc_version
 - bin/pwn_aws_describe_resources
+- bin/pwn_bdba_groups
+- bin/pwn_bdba_scan
 - bin/pwn_burp_suite_pro_active_scan
 - bin/pwn_char_base64_encoding
 - bin/pwn_char_dec_encoding