pwn 0.4.932 → 0.4.933

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a151683e1b148504e35a466772275282931fdae1aef6465b5fdc2d92a606ecbb
-  data.tar.gz: f0afd548b3a84996e1a534f8c4545cb571f041f5a32397446ad06e6512411b26
+  metadata.gz: 8d8484dcd365421038169dafb7025a555b0113b35ea403797d9908420b7a6d65
+  data.tar.gz: 30481b814dd758f19c221df667f97ad1d32ed39f47fe5b336a6f722e292bb5ce
 SHA512:
-  metadata.gz: 106682955e1a25e77c5cf0e2859ae7bdbe0f5cb522e21b7fd6becad0f507d8e8f29ffc4040beb978ff5474a066a316067af1188eb1378eccf9fc448b3c4f5edf
-  data.tar.gz: 4c13875e6e80f671e0f072fe4512abc993c390bcf8c65a71cfb97a57b65aea85bed15af839a3e17b1da456fc58f5d17f98c9cf3584c66a219d94b3e8a7a6e9c8
+  metadata.gz: 2a9955f78cc4be05443bcc5e70671244fa0ebaa860a36665f7ba1d34cb12bcda3d648c32a12c1d217a71597181829f735dcfaede91e9c037c9ca5314ce866adf
+  data.tar.gz: d458845a6a1a259ec098757a54121f3890997d60b6479a5bf29fe1d5b9ee92d7800a93829da481e1a48fa14a0f818222a16ca11f100f12a0e7404d452e8472b7

data/Gemfile

@@ -11,22 +11,22 @@ gemspec
 # In some circumstances custom flags are passed to gems in order
 # to build appropriately.  Defer to ./reinstall_pwn_gemset.sh
 # to review these custom flags (e.g. pg, serialport, etc).
-gem 'activesupport', '7.1.1'
+gem 'activesupport', '7.1.2'
 gem 'anemone', '0.7.2'
 gem 'authy', '3.0.1'
-gem 'aws-sdk', '3.1.0'
+gem 'aws-sdk', '3.2.0'
 # gem 'bettercap', '1.6.2'
 gem 'barby', '0.6.8'
 gem 'brakeman', '6.0.1'
 gem 'bson', '4.15.0'
-gem 'bundler', '>=2.4.21'
+gem 'bundler', '>=2.4.22'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.22.0'
 gem 'colorize', '1.1.0'
 gem 'credit_card_validations', '6.1.0'
 gem 'eventmachine', '1.2.7'
 gem 'executable-hooks', '1.6.1'
-gem 'faker', '3.2.1'
+gem 'faker', '3.2.2'
 gem 'faye-websocket', '0.11.3'
 gem 'ffi', '1.16.3'
 gem 'fftw3', '0.3'
@@ -42,17 +42,17 @@ gem 'jsonpath', '1.1.5'
 gem 'jwt', '2.7.1'
 gem 'luhn', '1.0.2'
 gem 'mail', '2.8.1'
-gem 'mongo', '2.19.2'
+gem 'mongo', '2.19.3'
 gem 'msfrpc-client', '1.1.2'
 gem 'netaddr', '2.0.6'
 gem 'net-ldap', '0.18.0'
 gem 'net-openvpn', '0.8.7'
 gem 'net-smtp', '0.4.0'
 gem 'nexpose', '7.3.0'
-gem 'nokogiri', '1.15.4'
+gem 'nokogiri', '1.15.5'
 gem 'nokogiri-diff', '0.2.0'
 gem 'oily_png', '1.2.1'
-gem 'open3', '0.1.2'
+gem 'open3', '0.2.0'
 gem 'os', '1.1.4'
 gem 'packetfu', '2.0.0'
 gem 'pdf-reader', '2.11.0'
@@ -62,7 +62,7 @@ gem 'pry-doc', '1.4.0'
 gem 'rake', '13.1.0'
 gem 'rb-readline', '0.5.5'
 gem 'rbvmomi', '3.0.0'
-gem 'rdoc', '6.5.0'
+gem 'rdoc', '6.6.0'
 gem 'rest-client', '2.1.0'
 gem 'rex', '2.0.13'
 gem 'rmagick', '5.3.0'
@@ -77,19 +77,19 @@ gem 'ruby-nmap', '1.0.2'
 gem 'ruby-saml', '1.16.0'
 gem 'rvm', '1.11.3.9'
 gem 'savon', '2.14.0'
-gem 'selenium-devtools', '0.118.0'
+gem 'selenium-devtools', '0.119.0'
 gem 'serialport', '1.3.2'
 gem 'sinatra', '3.1.0'
 gem 'slack-ruby-client', '2.2.0'
 gem 'socksify', '1.7.1'
 gem 'spreadsheet', '1.3.0'
-gem 'sqlite3', '1.6.7'
+gem 'sqlite3', '1.6.9'
 gem 'thin', '1.8.2'
 gem 'tty-prompt', '0.23.1'
 gem 'tty-spinner', '0.9.3'
 gem 'watir', '7.3.0'
 gem 'waveform', '0.1.3'
 gem 'webrick', '1.8.1'
-gem 'whois', '5.1.0'
+gem 'whois', '5.1.1'
 gem 'whois-parser', '2.0.0'
 gem 'wicked_pdf', '2.7.0'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.4.932]:001 >>> PWN.help
+pwn[v0.4.933]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.932]:001 >>> PWN.help
+pwn[v0.4.933]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.4.932]:001 >>> PWN.help
+pwn[v0.4.933]:001 >>> PWN.help
 ```
 
 

data/bin/pwn_sast

@@ -97,6 +97,7 @@ begin
       Logger
       MD5
       OuterHTML
+      PaddingOracle
       Password
       PHPInputMechanisms
       PHPTypeJuggling

data/lib/pwn/sast/base64.rb

@@ -10,7 +10,7 @@ module PWN
       @@logger = PWN::Plugins::PWNLogger.create
 
       # Supported Method Parameters::
-      # PWN::SAST::Eval.scan(
+      # PWN::SAST::Base64.scan(
       #   dir_path: 'optional path to dir defaults to .'
       #   git_repo_root_uri: 'optional http uri of git repo scanned'
       # )
@@ -34,9 +34,7 @@ module PWN
 
             # TODO: Include regex to search for Base64 strings
             test_case_filter = "
-              grep -En \
-              -e 'base64' \
-              -e 'Base64' \
+              grep -Ein \
               -e 'BASE64' #{entry}
             "
 

data/lib/pwn/sast/padding_oracle.rb

@@ -0,0 +1,140 @@
+# frozen_string_literal: false
+
+require 'socket'
+
+module PWN
+  module SAST
+    # SAST Module used to identify padding oracle vulnerabilities involving weak CBC block cipher padding.
+    module PaddingOracle
+      @@logger = PWN::Plugins::PWNLogger.create
+
+      # Supported Method Parameters::
+      # PWN::SAST::PaddingOracle.scan(
+      #   dir_path: 'optional path to dir defaults to .'
+      #   git_repo_root_uri: 'optional http uri of git repo scanned'
+      # )
+
+      public_class_method def self.scan(opts = {})
+        dir_path = opts[:dir_path]
+        git_repo_root_uri = opts[:git_repo_root_uri].to_s.scrub
+        result_arr = []
+        logger_results = ''
+
+        PWN::Plugins::FileFu.recurse_dir(dir_path: dir_path) do |entry|
+          if File.file?(entry) && File.basename(entry) !~ /^pwn.+(html|json|db)$/ && File.basename(entry) !~ /\.JS-BEAUTIFIED$/ && entry !~ /test/i
+            line_no_and_contents_arr = []
+            entry_beautified = false
+
+            if File.extname(entry) == '.js' && (`wc -l #{entry}`.split.first.to_i < 20 || entry.include?('.min.js') || entry.include?('-all.js'))
+              js_beautify = `js-beautify #{entry} > #{entry}.JS-BEAUTIFIED`.to_s.scrub
+              entry = "#{entry}.JS-BEAUTIFIED"
+              entry_beautified = true
+            end
+
+            # TODO: Include regex to search for weak CBC block cipher padding
+            test_case_filter = "
+              grep -Ein \
+              -e 'AES/CBC/PKCS' #{entry}
+            "
+
+            str = `#{test_case_filter}`.to_s.scrub
+
+            if str.to_s.empty?
+              # If str length is >= 64 KB do not include results. (Due to Mongo Document Size Restrictions)
+              logger_results = "#{logger_results}~" # Catching bugs is good :)
+            else
+              str = "1:Result larger than 64KB -> Size: #{str.to_s.length}.  Please click the \"Path\" link for more details." if str.to_s.length >= 64_000
+
+              hash_line = {
+                timestamp: Time.now.strftime('%Y-%m-%d %H:%M:%S.%9N %z').to_s,
+                security_references: security_references,
+                filename: { git_repo_root_uri: git_repo_root_uri, entry: entry },
+                line_no_and_contents: '',
+                raw_content: str,
+                test_case_filter: test_case_filter
+              }
+
+              # COMMMENT: Must be a better way to implement this (regex is kinda funky)
+              line_contents_split = str.split(/^(\d{1,}):|\n(\d{1,}):/)[1..-1]
+              line_no_count = line_contents_split.length # This should always be an even number
+              current_count = 0
+              while line_no_count > current_count
+                line_no = line_contents_split[current_count]
+                contents = line_contents_split[current_count + 1]
+                if Dir.exist?("#{dir_path}/.git") ||
+                   Dir.exist?('.git')
+
+                  repo_root = dir_path
+                  repo_root = '.' if Dir.exist?('.git')
+
+                  author = PWN::Plugins::Git.get_author(
+                    repo_root: repo_root,
+                    from_line: line_no,
+                    to_line: line_no,
+                    target_file: entry,
+                    entry_beautified: entry_beautified
+                  )
+                else
+                  author = 'N/A'
+                end
+                hash_line[:line_no_and_contents] = line_no_and_contents_arr.push(
+                  line_no: line_no,
+                  contents: contents,
+                  author: author
+                )
+
+                current_count += 2
+              end
+              result_arr.push(hash_line)
+              logger_results = "#{logger_results}x" # Seeing progress is good :)
+            end
+          end
+        end
+        logger_banner = "http://#{Socket.gethostname}:8808/doc_root/pwn-#{PWN::VERSION.to_s.scrub}/#{to_s.scrub.gsub('::', '/')}.html"
+        if logger_results.empty?
+          @@logger.info("#{logger_banner}: No files applicable to this test case.\n")
+        else
+          @@logger.info("#{logger_banner} => #{logger_results}complete.\n")
+        end
+        result_arr
+      rescue StandardError => e
+        raise e
+      end
+
+      # Used to dictate Security Control Requirements for a Given SAST module.
+
+      public_class_method def self.security_references
+        {
+          sast_module: self,
+          section: 'PUBLIC KEY INFRASTRUCTURE CERTIFICATES',
+          nist_800_53_uri: 'https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#/control/?version=5.1&number=SC-17',
+          cwe_id: '310',
+          cwe_uri: 'https://cwe.mitre.org/data/definitions/310.html'
+        }
+      rescue StandardError => e
+        raise e
+      end
+
+      # Author(s):: 0day Inc. <request.pentest@0dayinc.com>
+
+      public_class_method def self.authors
+        "AUTHOR(S):
+          0day Inc. <request.pentest@0dayinc.com>
+        "
+      end
+
+      # Display Usage for this Module
+
+      public_class_method def self.help
+        puts "USAGE:
+          sast_arr = #{self}.scan(
+            dir_path: 'optional path to dir defaults to .',
+            git_repo_root_uri: 'optional http uri of git repo scanned'
+          )
+
+          #{self}.authors
+        "
+      end
+    end
+  end
+end

data/lib/pwn/sast.rb

@@ -29,6 +29,7 @@ module PWN
     autoload :Logger, 'pwn/sast/logger'
     autoload :MD5, 'pwn/sast/md5'
     autoload :OuterHTML, 'pwn/sast/outer_html'
+    autoload :PaddingOracle, 'pwn/sast/padding_oracle'
     autoload :Password, 'pwn/sast/password'
     autoload :PHPInputMechanisms, 'pwn/sast/php_input_mechanisms'
     autoload :PHPTypeJuggling, 'pwn/sast/php_type_juggling'

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.932'
+  VERSION = '0.4.933'
 end

data/spec/lib/pwn/sast/padding_oracle_spec.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe PWN::SAST::PaddingOracle do
+  it 'scan method should exist' do
+    scan_response = PWN::SAST::PaddingOracle
+    expect(scan_response).to respond_to :scan
+  end
+
+  it 'should display information for security_references' do
+    security_references_response = PWN::SAST::PaddingOracle
+    expect(security_references_response).to respond_to :security_references
+  end
+
+  it 'should display information for authors' do
+    authors_response = PWN::SAST::PaddingOracle
+    expect(authors_response).to respond_to :authors
+  end
+
+  it 'should display information for existing help method' do
+    help_response = PWN::SAST::PaddingOracle
+    expect(help_response).to respond_to :help
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.932
+  version: 0.4.933
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-10-30 00:00:00.000000000 Z
+date: 2023-11-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.1.1
+        version: 7.1.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.1.1
+        version: 7.1.2
 - !ruby/object:Gem::Dependency
   name: anemone
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.2.0
 - !ruby/object:Gem::Dependency
   name: barby
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.21
+        version: 2.4.22
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.4.21
+        version: 2.4.22
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -212,14 +212,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.1
+        version: 3.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.1
+        version: 3.2.2
 - !ruby/object:Gem::Dependency
   name: faye-websocket
   requirement: !ruby/object:Gem::Requirement
@@ -436,14 +436,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.19.2
+        version: 2.19.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.19.2
+        version: 2.19.3
 - !ruby/object:Gem::Dependency
   name: msfrpc-client
   requirement: !ruby/object:Gem::Requirement
@@ -534,14 +534,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.15.4
+        version: 1.15.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.15.4
+        version: 1.15.5
 - !ruby/object:Gem::Dependency
   name: nokogiri-diff
   requirement: !ruby/object:Gem::Requirement
@@ -576,14 +576,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.2.0
 - !ruby/object:Gem::Dependency
   name: os
   requirement: !ruby/object:Gem::Requirement
@@ -716,14 +716,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.5.0
+        version: 6.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.5.0
+        version: 6.6.0
 - !ruby/object:Gem::Dependency
   name: rest-client
   requirement: !ruby/object:Gem::Requirement
@@ -926,14 +926,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.118.0
+        version: 0.119.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.118.0
+        version: 0.119.0
 - !ruby/object:Gem::Dependency
   name: serialport
   requirement: !ruby/object:Gem::Requirement
@@ -1010,14 +1010,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.7
+        version: 1.6.9
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.7
+        version: 1.6.9
 - !ruby/object:Gem::Dependency
   name: thin
   requirement: !ruby/object:Gem::Requirement
@@ -1108,14 +1108,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.0
+        version: 5.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.1.0
+        version: 5.1.1
 - !ruby/object:Gem::Dependency
   name: whois-parser
   requirement: !ruby/object:Gem::Requirement
@@ -1772,6 +1772,7 @@ files:
 - lib/pwn/sast/logger.rb
 - lib/pwn/sast/md5.rb
 - lib/pwn/sast/outer_html.rb
+- lib/pwn/sast/padding_oracle.rb
 - lib/pwn/sast/password.rb
 - lib/pwn/sast/php_input_mechanisms.rb
 - lib/pwn/sast/php_type_juggling.rb
@@ -2086,6 +2087,7 @@ files:
 - spec/lib/pwn/sast/logger_spec.rb
 - spec/lib/pwn/sast/md5_spec.rb
 - spec/lib/pwn/sast/outer_html_spec.rb
+- spec/lib/pwn/sast/padding_oracle_spec.rb
 - spec/lib/pwn/sast/password_spec.rb
 - spec/lib/pwn/sast/php_input_mechanisms_spec.rb
 - spec/lib/pwn/sast/php_type_juggling_spec.rb
@@ -2182,7 +2184,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.21
+rubygems_version: 3.4.22
 signing_key:
 specification_version: 4
 summary: Automated Security Testing for CI/CD Pipelines & Beyond