pwn 0.4.999 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb3d5fd053e85efd4cb96b6b48a647e8ad01e1d9a0fd0a4dc898466f468354b0
-  data.tar.gz: 1a67f6d0abbf5de7707ae00fe6a892dc2794d795b1ea1e112ad7075875fb0b6b
+  metadata.gz: 94644faaa467e91df066d60731b8390c0d249db0b1d3c9b8132c6d4cec2d5b18
+  data.tar.gz: 1d0551e2b75afc10db63a25367166bade4a9d5e4d333e5c67a3dc9e0f84badbc
 SHA512:
-  metadata.gz: 213b0757c5fe9a2b1ceec652c8530b5cef32f000ba373f9a2580b9693cf4e62dd8d04756a8458f02cabce51adb909083b53cf688d3a1b101d29d1a54559a1927
-  data.tar.gz: d4f228fe2c5977dc8869b8cbafbfbc4383fea2df21dffffa3c4ba00023b3e3841273fc2bc9c3508a08fc7800a3acfbd1afe6710b40c848973da75a037ac2444e
+  metadata.gz: ff9956bab45acfadc83e1de4e8dcfcc6f43a1308e24e2c0c06871be4a90020e5211bfd0635d4e48da8ac343b676efad310cd5831bc51809a5368ab947f7fdb1c
+  data.tar.gz: ea6b761dccae45b5f4b49ff0a23bc76fd2680dfb48ad46f3530f4989163a8e575439f9f60e2ca14722d1840126f31c72f56506e7d6fcef2312b5fc286c3e1023

data/CHANGELOG_BETWEEN_TAGS.txt

@@ -1,13 +1,156 @@
-b4b509b PWN::Plugins::IPInfo module - #bugfixes
-d89a977 PWN::Plugins::IPInfo module - committing any last minute changes
-30227da PWN::Plugins::IPInfo module - #bugfixes in cert key:value pairs when values should be arrays
-6265d2c pwn_www_checkip Driver - add optional --target parameter to provide info on hosts/IPs other than just a given source public IP
-fab43f7 PWN::Plugins::IPInfo module - add a few more cert attributes in detailed info response
-3114fa2 PWN::Plugins::Sock module - minor code cleanup #got_it_working
-aa01f39 PWN::Plugins::Sock module - add hostname to tls_sock object prior to connecting
-8c78ee4 Merge branch 'master' of ssh://github.com/ninp0/pwn
-2f3377e PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #ciphers
-4c792e8 Merge pull request #429 from ninp0/master
-813780b PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #ciphers
-997b2d0 PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #ciphers
-c0a5524 PWN::Plugins::Sock module - use lowest supported proto version when attempting to connect to a socket via the #connect method #ciphers
+4e36a03 PWN::Plugins::XXD module - break up hex array into one byte per element for easy hex editing #rubocop_fix
+dc1b690 PWN::Plugins::XXD module - break up hex array into one byte per element for easy hex editing
+10a34c1 PWN::Plugins::XXD module - #bugfix when space are in a given row and/or last line is shorter than typical length
+bbb94c9 Merge pull request #495 from ninp0/master
+977d319 PWN::Plugins::XXD module - implement optional parameter to return a hexdump as a single hash instead of an array of hashes in #dump method #bugfix
+f1d20fd Merge pull request #494 from ninp0/master
+5e474b6 PWN::Plugins::XXD module - convert string or hash returned from #dump method to file when calling the #reverse_dump method
+89929d0 Merge pull request #493 from ninp0/master
+bbc03f5 PWN::Plugins::XXD module - implement optional parameter to return a hexdump as a single hash instead of an array of hashes in #dump method #rubocop_fixes
+2e1da09 Merge pull request #492 from ninp0/master
+aa42a77 PWN::Plugins::XXD module - implement optional parameter to return a hexdump as a single hash instead of an array of hashes in #dump method
+97e5772 PWN::Plugins::XXD module - implement optional parameter to return a hexdump array (i.e. array containing a hash for each line) in #dump method
+d4dc1e3 Merge pull request #491 from ninp0/master
+c94e0c1 PWN::Plugins::BlackDuckBinaryAnalysis module - duplicate behavior or curl when uploading files by not specifying content-type HTTP header and populating the HTTP body with the raw binary contents #bugfix
+d931efa Merge pull request #490 from ninp0/master
+41c081e PWN::Plugins::BlackDuckBinaryAnalysis module - duplicate behavior or curl when uploading files by not specifying content-type HTTP header and populating the HTTP body with the raw binary contents
+37b7968 Merge pull request #489 from ninp0/master
+9c15b84 Merge branch 'master' of ssh://github.com/ninp0/pwn
+86764fc PWN::Plugins::XXD module - bugfix in #reverse_dump method #rubocop_fix
+778b6d6 PWN::Plugins::XXD module - bugfix in #reverse_dump method
+8f152cd Merge pull request #488 from ninp0/master
+c225ee4 PWN::Plugins::BlackDuckBinaryAnalysis module - explicitly set the content_type to "multipart/form-data" when http_body.key?(:multipart)
+618139f Merge pull request #487 from ninp0/master
+04b7295 PWN::Plugins::BlackDuckBinaryAnalysis module - change default parameter for scan_code_familiarity to false
+0e90eb4 Merge pull request #486 from ninp0/master
+994ede8 PWN::Banner::CodeCave module - bit more realistic #rubocop
+84da860 PWN::Banner::CodeCave module - bit more realistic
+dbd3818 Merge pull request #485 from ninp0/master
+59af310 aliases.rb Provisioner for Packer - update to ensure vim is compatible w/ xxd when hex-editing binaries
+3d82406 Merge pull request #484 from ninp0/master
+fd6cedb PWN::Banner::JmpEsp module - no nulls
+91baad5 PWN::Banner modules - add a couple more #bugfixes
+bdc6427 PWN::Banner modules - add a couple more
+b2b3768 Merge pull request #483 from ninp0/master
+6f2355f PWN::Plugins::OpenAI - #bugfix in #chat method when passing in max_tokens
+3ada78f PWN::Plugins::OpenAI - #bugfix in max_tokens
+0b03eee Merge pull request #482 from ninp0/master
+2fb01de PWN::Plugins::OpenAI - #bugfix in max_tokens
+19b093e PWN::Plugins::OpenAI - #bugfix in max_tokens
+879488e PWN::Plugins::OpenAI - #bugfix in max_tokens
+c69ad76 Merge pull request #481 from ninp0/master
+072f809 PWN::Banner::Cheshire module - initial commit
+6652474 Merge pull request #480 from ninp0/master
+885e774 PWN::Banner::Anon module - remove white background
+9c47423 Merge pull request #479 from ninp0/master
+176ebd2 PWN::Banner modules - adjust alignment && add Anon
+6af6a6d Rubocop
+95771a9 PWN::Banner::DontPanic module - initial commit
+15223aa PWN::Plugins::OpenAI module - tweak max_tokens to be 4_096 unless response_history is passed as a parameter #bugfix
+b0d7b89 Merge pull request #478 from ninp0/master
+ad7d769 PWN::Plugins::OpenAI module - tweak max_tokens to be 8_192 unless response_history is passed as a parameter
+ddeca39 Merge pull request #477 from ninp0/master
+36931f3 PWN::Plugins::OpenAI module - support both local images and those found at a given URI
+ce37bfc Merge pull request #476 from ninp0/master
+68a332a PWN::Plugins::OpenAI module - #bugfix in initial implementation of #vision method (i.e. analyze images)
+3e31d00 Merge pull request #475 from ninp0/master
+756db97 PWN::Plugins::OpenAI module - #bugfix in initial implementation of #vision method (i.e. analyze images)
+839bc30 PWN::Plugins::OpenAI module - #bugfix in initial implementation of #vision method (i.e. analyze images)
+92c95aa Merge pull request #474 from ninp0/master
+7732b1a PWN::Plugins::OpenAI module - initial implementation of #vision method (i.e. analyze images).  Additional #bugfix in pwn_simple_http_server driver.
+675e120 Merge pull request #473 from ninp0/master
+67687f5 pwn_bdba_scan Driver - #bugfix in target file basename when containing characters in scope for URL encoding
+b1c97fc pwn_simple_http_server - #bugfix when running w/ no flags
+bc1add9 Gemfile - comment out sinatra to get thin
+ca87e31 PWN::Plugins::CreditCard module - configure count parameter to default to 1
+88ac940 Merge pull request #472 from ninp0/master
+6094c98 PWN::Plugins::DefectDojo module - set close_old_findings = true if closee_old_findings_product_scope is set to true
+87a93ac Merge pull request #471 from ninp0/master
+1559e5f pwn_bdba_scan Driver - work-around for rare race condition in finding product when getting apps by group
+81da574 Merge pull request #470 from ninp0/master
+257d25d PWN::WWW::HackerOne module - implement #get_scope_details method #struct_tweak
+e183149 Merge pull request #469 from ninp0/master
+90602c5 PWN::WWW::HackerOne module - implement #get_scope_details method
+407a125 Merge pull request #468 from ninp0/master
+dd1316a PWN::Banner::WhiteRabbit - knock knock <>...follow the white rabbit. #better
+7b87b0d Merge pull request #467 from ninp0/master
+eda1eec PWN::Banner::WhiteRabbit - knock knock <>...follow the white rabbit. #tweak
+640ebb0 Merge pull request #466 from ninp0/master
+a2f489d PWN::Banner::WhiteRabbit - knock knock <>...follow the white rabbit. #bugfix
+58e8e3a PWN::Banner::WhiteRabbit - knock knock <>...follow the white rabbit. #rspec
+906f298 PWN::Banner::WhiteRabbit - knock knock <>...follow the white rabbit.
+23fcf53 Merge pull request #465 from ninp0/master
+4140ba4 PWN::WWW::* modules - update #help method to make the respective modules more clear to use.
+d699c31 Merge pull request #464 from ninp0/master
+4b0d1d2 Vagrant pwn.sh Provisioner - add safe.directory for PWN_ROOT
+2aabb4e Merge pull request #463 from ninp0/master
+6785669 .ruby-version - bump to 3.3.0
+bab66ab Merge pull request #462 from ninp0/master
+177f58d PWN::Plugins::DefectDojo module - add multiple tags to import-scan #workaround
+81b1d59 Merge pull request #461 from ninp0/master
+4c51da3 PWN::Plugins::DefectDojo module - remove redundant code #bugfix
+9a2be13 PWN::Plugins::DefectDojo module - remove redundant code
+23a612e PWN::Plugins::DefectDojo module - testing tags that are line feed delimited for multipart #try_again
+f01aee9 Merge pull request #460 from ninp0/master
+803f33f PWN::Plugins::DefectDojo module - testing tags that are line feed delimited for multipart #try_again
+36c37f8 Merge pull request #459 from ninp0/master
+ca7569f PWN::Plugins::DefectDojo module - testing tags that are line feed delimited for multipart #bugfix
+c417114 Merge pull request #458 from ninp0/master
+2296148 PWN::Plugins::DefectDojo module - testing http_body.to_json for multipart #nope
+a79d157 Merge pull request #457 from ninp0/master
+e801346 PWN::Plugins::DefectDojo module - testing http_body.to_json for multipart #bugfix
+2f5d836 Merge pull request #456 from ninp0/master
+b7755a1 PWN::Plugins::DefectDojo module - back to array but not populating despite swagger docs: https://demo.defectdojo.org/api/v2/oa3/swagger-ui/ #bug
+512bf08 Merge pull request #455 from ninp0/master
+75420fb PWN::Plugins::DefectDojo module - testing tag array compatibility #bugfix
+9ac3966 Merge pull request #454 from ninp0/master
+3027ed0 PWN::Plugins::DefectDojo module - cast comma-delimited string into array #bugfix
+a66ec1b Merge pull request #453 from ninp0/master
+513efe1 PWN::Plugins::DefectDojo module / pwn_defectdojo_importscan, pwn_defectdojo_reimportscan Drivers - implement --close_old_findings_product_scope, --close_old_findings, and --push_to_jira options
+0338b69 Merge pull request #452 from ninp0/master
+f776bb7 Gemfile - add gruff gem to create line charts for FFT data
+4ac46d6 Merge pull request #451 from ninp0/master
+b5c2b73 PWN::Plugins::OpenAI module - update default syatem_role_content
+249d4ec Merge pull request #450 from ninp0/master
+bdbdee5 PWN::SAST::PaddingOracle module - Initial Commit
+c13d34e Merge pull request #449 from ninp0/master
+c1b8ce9 Gemfile - re-enable credit_card_validations gem
+996a916 Merge pull request #448 from ninp0/master
+0587069 PWN::Plugins::OpenAI Module - incorporate a timeout parameter for every method and default Timeout from 60 seconds to 180 seconds (i.e. 1 minute to 3 minutes).
+0aaf3a1 Merge pull request #447 from ninp0/master
+712ca6f README.md - update docs to reflect easiest installation leveraging a fresh install of Kali
+5916b99 Merge pull request #446 from ninp0/master
+79ed55f pwn_bdba_scan Driver - Reattempt Scan if find_product returns nil
+86c2dc2 Merge pull request #445 from ninp0/master
+a454bc0 PWN::SAST::TypeScriptTypeJuggling && PWN::SAST::PHPTypeJuggling modules - #bugfixes
+714c7ea Merge pull request #444 from ninp0/master
+8dac465 pwn_sast Driver - Incorporate new SAST module PWN::SAST::TypeScriptTypeJuggling #add_spec
+80e2639 pwn_sast Driver - Incorporate new SAST module PWN::SAST::TypeScriptTypeJuggling
+1ce797d Merge pull request #443 from ninp0/master
+b79e7de pwn_bdba_scan Driver - include RestClient::Exceptions::OpenTimeout in rescue block for reattempts
+e6131e1 Merge pull request #442 from ninp0/master
+dfd6c6f Gemfile - disable credit_card_validations until such time didww/credit_card_validations/pull/121 is merged and a new gem version is released #disable_require_in_module
+0cc90bc pwn_bdba_scan Driver - add --sleep-between-scan-attempts flag with a default of 60 seconds
+eb2f6b3 Merge pull request #441 from ninp0/master
+dae6e57 pwn_bdba_scan Driver - include RestClient Exceptions for the --scan-attempts flag as well
+dcb2432 Merge pull request #440 from ninp0/master
+13c22cf PWN::Plugins::BlackDuckBinaryAnalysis module - clearer e.response.body data
+b093f8f Merge pull request #439 from ninp0/master
+aa27268 PWN::Plugins::BlackDuckBinaryAnalysis module - catch RestClient::ExceptionWithResponse to provide additional context as needed.
+36e269f Merge pull request #438 from ninp0/master
+9e66b99 pwn_bdba_scan Driver - more concise messaging to stdout
+a90c931 Merge pull request #437 from ninp0/master
+4a006d2 pwn_bdba_scan Driver - off-by-one on scan-attempts #bugfix
+e45160e pwn_bdba_scan Driver - #bugfix on abort queued scan reattempts
+2a94182 Merge pull request #436 from ninp0/master
+7fa05e1 pwn_bdba_groups Driver - bugfix in casting parent_group_id to integer when filtering group name by parent group id
+1b1636f Merge pull request #435 from ninp0/master
+5e02561 pwn_bdba_groups Driver - bugfix in response when passing --list-group flag with --parent-group-id flag
+e6120e6 Merge pull request #434 from ninp0/master
+7b4698c pwn_bdba_groups Driver - bugfix in --parent-group-id parameter && pwn_bdba_scan Driver - clearer messaging to STDOUT when queue timeout / scan aborts are triggered
+d190ee9 README.md - update installation && upgrade procedures if using a multi-user install of RVM
+6aed9c7 Merge pull request #433 from ninp0/master
+2e0cdf0 pwn_bdba_scan Driver - add --queue-timeout && --scan-attempts parameters
+a656fd7 Merge pull request #432 from ninp0/master
+86aa399 Merge pull request #431 from ninp0/master
+29ad011 Merge pull request #430 from ninp0/master

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.4.999]:001 >>> PWN.help
+pwn[v0.5.0]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.999]:001 >>> PWN.help
+pwn[v0.5.0]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.4.999]:001 >>> PWN.help
+pwn[v0.5.0]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/xxd.rb

@@ -75,12 +75,13 @@ module PWN
         if hexdump.is_a?(Hash)
           hexdump = hexdump.map do |k, v|
             format(
-              "%<s1>07s0: %<s2>-40s %<s3>-16s\n",
+              "%<s1>s: %<s2>s %<s3>s\n",
               s1: k,
               s2: v[:hex].each_slice(2).map(&:join).join(' '),
               s3: v[:ascii]
             )
           end.join
+          puts k
           puts hexdump
         end
 

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.999'
+  VERSION = '0.5.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.4.999
+  version: 0.5.0
 platform: ruby
 authors:
 - 0day Inc.