pwn 0.4.821 → 0.4.822

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/bin/pwn_www_uri_buster +4 -1
  4. data/lib/pwn/reports/fuzz.rb +2 -2
  5. data/lib/pwn/reports/phone.rb +2 -2
  6. data/lib/pwn/reports/sast.rb +14 -14
  7. data/lib/pwn/reports/uri_buster.rb +2 -2
  8. data/lib/pwn/version.rb +1 -1
  9. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c3ac59fc7a7af44959a91da6100a3897e8ccb88d4903aa47e379a2215869b7f3
4
- data.tar.gz: 0b3430348fd739d3abb05923c9666af5cdb5ae48b0365e1bc0007971ca24c3ac
3
+ metadata.gz: f74787e4225e95cfc3678bed3f65ac08eb691ff80ee479df3c55d7dfaf1a26b1
4
+ data.tar.gz: 9b44b5ec18e38cc69eab3db9d05f505149c371c1f701ab5d74c62724e10a6e5b
5
5
  SHA512:
6
- metadata.gz: 4fec522538dbe120a41397dfe8adfbf6670287d833ba11548f7ffb3f774bad51867fe33aa8071b14f162b22b6e3f23c80c99aa3b399c13188748228c25c6c626
7
- data.tar.gz: 2b1b6882395861c9550f1ec89960ee2ba88d1df670ec5aa76113ec8f7990ba5576e6eaa468fe74b168bc398e83f3a10f4e3af9ea1f225d261ff0a68cbf9739be
6
+ metadata.gz: c8084d62bbe11ca69e1baef76ed1483ee3e3a9488d4d8215f3123097970296e1544177c37d3cf6e44186ad8059fc2d0a5e9d95bbfd6d578b9151edf6cf6148eb
7
+ data.tar.gz: 9da62eb3b1e55dd040d45f8b69225354b9a66c0d155284c5a99d3ac29687476a550a609314e7885b057da31a0d630f1bedc244e129baa8f152b544cd1d43c4f0
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.821]:001 >>> PWN.help
40
+ pwn[v0.4.822]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.821]:001 >>> PWN.help
55
+ pwn[v0.4.822]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_www_uri_buster CHANGED
@@ -109,10 +109,13 @@ def request_path(opts = {})
109
109
  rescue Errno::ECONNREFUSED
110
110
  raise 'ERROR: Connection(s) Refused. Try lowering the --max-threads value.'
111
111
  rescue Errno::ECONNRESET,
112
+ OpenSSL::SSL::SSLError,
112
113
  RestClient::Exceptions::ReadTimeout,
113
114
  RestClient::Exceptions::OpenTimeout,
114
115
  RestClient::ServerBrokeConnection,
115
- OpenSSL::SSL::SSLError => e
116
+ SOCKSError => e
117
+
118
+ # May be best to switch Tor channel if SOCKSError is rescued
116
119
  rest_client_resp_hash = {
117
120
  request_timestamp: Time.now.strftime('%Y-%m-%d_%H-%M-%S'),
118
121
  http_uri: http_uri,
data/lib/pwn/reports/fuzz.rb CHANGED
@@ -32,7 +32,7 @@ module PWN
32
32
  end
33
33
 
34
34
  # Report All the Bugs!!! \o/
35
- html_report = %q{<!DOCTYPE HTML>
35
+ html_report = %{<!DOCTYPE HTML>
36
36
  <html>
37
37
  <head>
38
38
  <!-- favicon.ico from https://0dayinc.com -->
@@ -168,7 +168,7 @@ module PWN
168
168
  }
169
169
  });
170
170
  },
171
- "ajax": "pwn_fuzz_net_app_proto.json",
171
+ "ajax": "#{report_name}.json",
172
172
  //"deferRender": true,
173
173
  "dom": "fplitfpliS",
174
174
  "autoWidth": false,
data/lib/pwn/reports/phone.rb CHANGED
@@ -24,7 +24,7 @@ module PWN
24
24
  JSON.pretty_generate(results_hash)
25
25
  )
26
26
 
27
- html_report = %q{<!DOCTYPE HTML>
27
+ html_report = %{<!DOCTYPE HTML>
28
28
  <html>
29
29
  <head>
30
30
  <!-- favicon.ico from https://0dayinc.com -->
@@ -169,7 +169,7 @@ module PWN
169
169
  }
170
170
  });
171
171
  },
172
- "ajax": "pwn_phone.json",
172
+ "ajax": "#{report_name}.json",
173
173
  //"deferRender": true,
174
174
  "dom": "fplitfpliS",
175
175
  "autoWidth": false,
data/lib/pwn/reports/sast.rb CHANGED
@@ -31,7 +31,7 @@ module PWN
31
31
  JSON.pretty_generate(results_hash)
32
32
  )
33
33
 
34
- html_report = %q{<!DOCTYPE HTML>
34
+ html_report = %{<!DOCTYPE HTML>
35
35
  <html>
36
36
  <head>
37
37
  <!-- favicon.ico from https://0dayinc.com -->
@@ -160,7 +160,7 @@ module PWN
160
160
  }
161
161
  });
162
162
  },
163
- "ajax": "pwn_scan_git_source.json",
163
+ "ajax": "#{report_name}.json",
164
164
  //"deferRender": true,
165
165
  "dom": "fplitfpliS",
166
166
  "autoWidth": false,
@@ -175,7 +175,7 @@ module PWN
175
175
  "render": function (data, type, row, meta) {
176
176
  var sast_dirname = data['sast_module'].split('::')[0].toLowerCase() + '/' + data['sast_module'].split('::')[1].toLowerCase();
177
177
  var sast_module = data['sast_module'].split('::')[2];
178
- var sast_test_case = sast_module.replace(/\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
178
+ var sast_test_case = sast_module.replace(/\\.?([A-Z])/g, function (x,y){ if (sast_module.match(/\\.?([A-Z][a-z])/g) ) { return "_" + y.toLowerCase(); } else { return y.toLowerCase(); } }).replace(/^_/g, "");
179
179
 
180
180
  return '<tr><td style="width:150px;" align="left"><a href="https://github.com/0dayinc/pwn/tree/master/lib/' + htmlEntityEncode(sast_dirname) + '/' + htmlEntityEncode(sast_test_case) + '.rb" target="_blank">' + htmlEntityEncode(data['sast_module'].split("::")[2]) + '</a><br /><br /><a href="' + htmlEntityEncode(data['nist_800_53_uri']) + '" target="_blank">NIST 800-53: ' + htmlEntityEncode(data['section']) + '</a><br /><br /><a href="' + htmlEntityEncode(data['cwe_uri']) + '" target="_blank">CWE:' + htmlEntityEncode(data['cwe_id']) + '</a></td></tr>';
181
181
  }
@@ -202,16 +202,16 @@ module PWN
202
202
 
203
203
  var filename_link = row.filename;
204
204
 
205
- var bug_comment = 'Timestamp: ' + row.timestamp + '\n' +
205
+ var bug_comment = 'Timestamp: ' + row.timestamp + '\\n' +
206
206
  'Test Case: http://' + window.location.hostname + ':8808/doc_root/pwn-0.1.0/' +
207
- row.security_references['sast_module'].replace(/::/g, "/") + '\n' +
208
- 'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\n\n' +
207
+ row.security_references['sast_module'].replace(/::/g, "/") + '\\n' +
208
+ 'Source Code Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
209
209
  'Test Case Request:\n' +
210
- $("<div/>").html(row.test_case_filter.replace(/\s{2,}/g, " ")).text() + '\n\n' +
211
- 'Test Case Response:\n' +
212
- '\tCommitted by: ' + $("<div/>").html(data[i]['author']).text() + '\t' +
210
+ $("<div/>").html(row.test_case_filter.replace(/\\s{2,}/g, " ")).text() + '\\n\\n' +
211
+ 'Test Case Response:\\n' +
212
+ '\\tCommitted by: ' + $("<div/>").html(data[i]['author']).text() + '\\t' +
213
213
  data[i]['line_no'] + ': ' +
214
- $("<div/>").html(data[i]['contents'].replace(/\s{2,}/g, " ")).text() + '\n\n';
214
+ $("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
215
215
 
216
216
  var author_and_email_arr = data[i]['author'].split(" ");
217
217
  var email = author_and_email_arr[author_and_email_arr.length - 1];
@@ -220,11 +220,11 @@ module PWN
220
220
 
221
221
  var uri = '#uri';
222
222
 
223
- var canned_email_results = 'Timestamp: ' + row.timestamp + '\n' +
224
- 'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '\n\n' +
225
- 'Source Code in Question:\n\n' +
223
+ var canned_email_results = 'Timestamp: ' + row.timestamp + '\\n' +
224
+ 'Source Code File Impacted: ' + $("<div/>").html(filename_link).text() + '\\n\\n' +
225
+ 'Source Code in Question:\\n\\n' +
226
226
  data[i]['line_no'] + ': ' +
227
- $("<div/>").html(data[i]['contents'].replace(/\s{2,}/g, " ")).text() + '\n\n';
227
+ $("<div/>").html(data[i]['contents'].replace(/\\s{2,}/g, " ")).text() + '\\n\\n';
228
228
 
229
229
  var canned_email = email.replace("&lt;", "").replace("&gt;", "") + '?subject=Potential%20Bug%20within%20Source%20File:%20'+ encodeURIComponent(row.filename) +'&body=Greetings,%0A%0AThe%20following%20information%20likely%20represents%20a%20bug%20discovered%20through%20automated%20security%20testing%20initiatives:%0A%0A' + encodeURIComponent(canned_email_results) + 'Is%20this%20something%20that%20can%20be%20addressed%20immediately%20or%20would%20filing%20a%20bug%20be%20more%20appropriate?%20%20Please%20let%20us%20know%20at%20your%20earliest%20convenience%20to%20ensure%20we%20can%20meet%20security%20expectations%20for%20this%20release.%20%20Thanks%20and%20have%20a%20great%20day!';
230
230
 
data/lib/pwn/reports/uri_buster.rb CHANGED
@@ -24,7 +24,7 @@ module PWN
24
24
  JSON.pretty_generate(results_hash)
25
25
  )
26
26
 
27
- html_report = %q{<!DOCTYPE HTML>
27
+ html_report = %{<!DOCTYPE HTML>
28
28
  <html>
29
29
  <head>
30
30
  <!-- favicon.ico from https://0dayinc.com -->
@@ -156,7 +156,7 @@ module PWN
156
156
  }
157
157
  });
158
158
  },
159
- "ajax": "pwn_www_uri_buster.json",
159
+ "ajax": "#{report_name}.json",
160
160
  //"deferRender": true,
161
161
  "dom": "fplitfpliS",
162
162
  "autoWidth": false,
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.821'
4
+ VERSION = '0.4.822'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.821
4
+ version: 0.4.822
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.