RubyGems - pwn - Versions diffs - 0.5.154 → 0.5.155 - Mend

pwn 0.5.154 → 0.5.155

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/README.md +3 -3
data/bin/pwn_sast +1 -1
data/lib/pwn/plugins/ip_info.rb +11 -10
data/lib/pwn/plugins/thread_pool.rb +41 -19
data/lib/pwn/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cdc176de7f592b5c19650942854e4efa7d0158c835e89ace9f40af31a5a92f90
-  data.tar.gz: 3f756b2f5deb2589c2e9d30068d13b1e460b0e7091cdeae6a0097fa3947e98ce
+  metadata.gz: 750d1cd0053f38007697365f5dfbbbb8558623c4ba39230ace21d7ad85f37cad
+  data.tar.gz: e4d657864bb71497616619da64b73e2c2fa782ea11a3ade500cecea53cfae7a7
 SHA512:
-  metadata.gz: 7a6437ab3cb220bd0c374b9672848646bace31fd6ba283e717a67db97a7826a397a9e8a68d0339f209cffebb55d8e63c918ebd211335b9406961822b2136c715
-  data.tar.gz: 7ece6c1aeb18b7a16d772552717708c0df8b30483547e4080f2f2699173e52b1207b2a2b55ab3856cd077a958e065e89f32bf274d58894799db53b55db6a1939
+  metadata.gz: '0928635402765a9b79f4d324cc62efafcce43ff7ad5d7ccac30aa98ba34ead97cf3ff8a81b15e2a8faae3f5f59331f56e2c25837900110b3b8766854cad22962'
+  data.tar.gz: 1d48dcb220d837be65cd697e9e78e2cdf53a5f6e0a44365b39ccbfe4e0eacfaee576f9da301ac6b23f4cf4c3f93cd01cb7d3023166a5a674062f81b16cc9073e

data/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.154]:001 >>> PWN.help
+pwn[v0.5.155]:001 >>> PWN.help
 ```
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.1@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.154]:001 >>> PWN.help
+pwn[v0.5.155]:001 >>> PWN.help
 ```
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.1@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.154]:001 >>> PWN.help
+pwn[v0.5.155]:001 >>> PWN.help
 ```
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn_sast CHANGED Viewed

@@ -117,7 +117,7 @@ begin
       TypeScriptTypeJuggling
       Version
       WindowLocationHash
-    ]
+    ].sort.uniq
   end
   if list_test_cases

data/lib/pwn/plugins/ip_info.rb CHANGED Viewed

@@ -128,7 +128,7 @@ module PWN
       # PWN::Plugins::IPInfo.bruteforce_subdomains(
       #   parent_domain: 'required - Parent Domain to brute force',
       #   dictionary: 'required - Dictionary to use for subdomain brute force',
-      #   max_threads: 'optional - Maximum number of threads to use (default: 10)',
+      #   max_threads: 'optional - Maximum number of threads to use (default: 9)',
       #   proxy: 'optional - use a proxy',
       #   tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
       #   results_file: 'optional - File to write results to (default: /tmp/parent_domain-timestamp-pwn_bruteforce_subdomains.txt)'
@@ -141,15 +141,14 @@ module PWN
         dictionary = opts[:dictionary] ||= default_dictionary
         raise "ERROR: Dictionary file not found: #{dictionary}" unless File.exist?(dictionary)
-        max_threads = opts[:max_threads].to_i
-        max_threads = 8 unless max_threads.positive?
+        max_threads = opts[:max_threads]
         proxy = opts[:proxy]
         tls_port = opts[:tls_port]
         timestamp = Time.now.strftime('%Y-%m-%d_%H.%M.%S')
         results_file = opts[:results_file] ||= "/tmp/SUBS.#{parent_domain}-#{timestamp}-pwn_bruteforce_subdomains.txt"
-        File.write(results_file, '[')
+        File.write(results_file, "[\n")
         # Break up dictonary file into sublines and process each subline in a thread
         dict_lines = File.readlines(dictionary).shuffle
@@ -158,17 +157,16 @@ module PWN
           enumerable_array: dict_lines,
           max_threads: max_threads
         ) do |subline|
+          print '.'
           subdomain = subline.to_s.scrub.strip.chomp
           target = parent_domain if subdomain.empty?
-          target = "#{subdomain}.#{parent_domain}"
+          target = "#{subdomain}.#{parent_domain}" unless subdomain.empty?
           ip_info_resp = get(
             target: target,
             proxy: proxy,
             tls_port: tls_port,
             skip_api: true
           )
-          puts "SUBD: #{target} RESP: #{ip_info_resp}" if ip_info_resp.empty?
-          puts "SUBD: #{target} RESP:\n#{ip_info_resp}" if ip_info_resp.any?
           mutex.synchronize do
             File.open(results_file, 'a') do |file|
@@ -185,8 +183,11 @@ module PWN
         raise e
       ensure
         # Strip trailing comma and close JSON array
-        File.readlines(results_file)[-1].chomp!(',')
-        File.append(results_file, ']')
+        final_results = File.readlines(results_file)
+        # Strip trailing comma from last line
+        last_line = final_results[-1][0..-2]
+        final_results[-1] = last_line
+        File.write(results_file, "#{final_results.join}\n]")
       end
       # Author(s):: 0day Inc. <support@0dayinc.com>
@@ -211,7 +212,7 @@ module PWN
           #{self}.bruteforce_subdomains(
             parent_domain: 'required - Parent Domain to brute force',
             dictionary: 'required - Dictionary to use for subdomain brute force',
-            max_threads: 'optional - Maximum number of threads to use (default: 10)',
+            max_threads: 'optional - Maximum number of threads to use (default: 9)',
             proxy: 'optional - use a proxy',
             tls_port: 'optional port to check cert for Domain Name (default: 443). Will not execute if proxy parameter is set.',
             results_file: 'optional - File to write results to (default: /tmp/parent_domain-timestamp-pwn_bruteforce_subdomains.txt)'

data/lib/pwn/plugins/thread_pool.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require 'concurrent-ruby'
 module PWN
   module Plugins
     # This plugin makes the creation of a thread pool much simpler.
@@ -27,34 +29,54 @@ module PWN
         detach = opts[:detach] ||= false
         puts "Initiating Thread Pool of #{max_threads} Worker Threads...."
-        queue = SizedQueue.new(max_threads)
-        threads = Array.new(max_threads) do
-          Thread.new do
-            until (this_thread = queue.pop) == :POOL_EXHAUSTED
-              yield this_thread
-            end
-          end
-        end
-        enumerable_array.uniq.sort.each do |this_thread|
-          queue << this_thread
-        end
+        pool = Concurrent::FixedThreadPool.new(max_threads)
-        max_threads.times do
-          queue << :POOL_EXHAUSTED
+        enumerable_array.each do |this_thread|
+          pool.post do
+            yield this_thread
+          end
         end
-        if detach
-          puts 'Detaching from thread pool...'
-        else
-          threads.each(&:join)
-        end
+        pool.shutdown
+        pool.wait_for_termination unless detach
       rescue Interrupt
         puts "\nGoodbye."
       rescue StandardError => e
+        puts e.backtrace
         raise e
       end
+      # public_class_method def self.fill(opts = {})
+      #   enumerable_array = opts[:enumerable_array]
+      #   max_threads = opts[:max_threads].to_i
+      #   max_threads = 9 if max_threads.zero?
+      #   detach = opts[:detach] ||= false
+      #   puts "Initiating Thread Pool of #{max_threads} Worker Threads...."
+      #   queue = SizedQueue.new(max_threads)
+      #   threads = Array.new(max_threads) do
+      #     Thread.new do
+      #       until (this_thread = queue.pop) == :POOL_EXHAUSTED
+      #         yield this_thread
+      #       end
+      #     end
+      #   end
+      #   enumerable_array.uniq.each do |this_thread|
+      #     queue << this_thread
+      #   end
+      #   max_threads.times do
+      #     queue << :POOL_EXHAUSTED
+      #   end
+      #   threads.each(&:join) unless detach
+      # rescue Interrupt
+      #   puts "\nGoodbye."
+      # rescue StandardError => e
+      #   raise e
+      # end
       # Author(s):: 0day Inc. <support@0dayinc.com>
       public_class_method def self.authors

data/lib/pwn/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module PWN
-  VERSION = '0.5.154'
+  VERSION = '0.5.155'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.154
+  version: 0.5.155
 platform: ruby
 authors:
 - 0day Inc.