pwn 0.5.169 → 0.5.170

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b468f7a2bd8f09b41999bbb23f1d8d52c31aaf9c9b3ff447b80da50d571b2e21
-  data.tar.gz: 48a4f7139d1109d9d51205b3668d6892ee1260241b903cd8485ffc31e282f9fc
+  metadata.gz: ec94369fbeadf39f3526f3e5416570bd17fd654dd063b6f2a768c12db3f9e11d
+  data.tar.gz: 32f5580b118c1b9a091f1b601c1b6bc14c7780e277659a5dd71d46fe9981bf47
 SHA512:
-  metadata.gz: 718b412bf8236237894a8cab1345f023655bc2fd3c0f7f00e1f818868b4f8cb3c93f56981f3ccea8876f9b772310617468c5b40cbd3a7980532aa23fae0f6cc6
-  data.tar.gz: fb11ec3c92ab4e9e4f0c4744de3d188d85a3554a3e19441d58b50fbd2c53706b82ea9f515e9e61a9c8b4042fa537948b901a2842128c4f97ad3c4f41bed21057
+  metadata.gz: 110864b6f5fb845e160a7d9e0bc9895581f27e114862cd07318b1801227969dd895a0bbacb9cfb814e1cdc8137fe7167bbde74a3486ac6ebbebfdcfda8dfb49f
+  data.tar.gz: d2932152fa9fc13bf13466103fdc42d006a7e0745df2df0d9ce3b7e99944028afe19252e5f40903ac845876da00451da5e577ee9abd23c86c32e99a35477b3ae

data/Gemfile

@@ -20,7 +20,7 @@ gem 'barby', '0.6.9'
 gem 'base32', '0.3.4'
 gem 'brakeman', '6.1.2'
 gem 'bson', '5.0.0'
-gem 'bundler', '>=2.5.11'
+gem 'bundler', '>=2.5.13'
 gem 'bundler-audit', '0.9.1'
 gem 'bunny', '2.22.0'
 gem 'colorize', '1.1.0'
@@ -56,7 +56,7 @@ gem 'net-ldap', '0.19.0'
 gem 'net-openvpn', '0.8.7'
 gem 'net-smtp', '0.5.0'
 gem 'nexpose', '7.3.0'
-gem 'nokogiri', '1.16.5'
+gem 'nokogiri', '1.16.6'
 gem 'nokogiri-diff', '0.3.0'
 gem 'oily_png', '1.2.1'
 gem 'open3', '0.2.1'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.169]:001 >>> PWN.help
+pwn[v0.5.170]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.3@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.169]:001 >>> PWN.help
+pwn[v0.5.170]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.3@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.169]:001 >>> PWN.help
+pwn[v0.5.170]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/transparent_browser.rb

@@ -22,16 +22,17 @@ module PWN
 
       # Supported Method Parameters::
       # browser_obj1 = PWN::Plugins::TransparentBrowser.open(
-      #   browser_type: :firefox|:chrome|:headless|:rest|:websocket,
-      #   proxy: 'optional - scheme://proxy_host:port || tor',
-      #   with_devtools: 'optional - boolean (defaults to false)'
+      #   browser_type: 'optional - :firefox|:chrome|:headless|:rest|:websocket (defaults to :chrome)',
+      #   proxy: 'optional - scheme://proxy_host:port || tor (defaults to nil)',
+      #   with_devtools: 'optional - boolean (defaults to true)'
       # )
 
       public_class_method def self.open(opts = {})
-        browser_type = opts[:browser_type]
+        browser_type = opts[:browser_type] ||= :chrome
         proxy = opts[:proxy].to_s unless opts[:proxy].nil?
 
         browser_obj = {}
+        browser_obj[:type] = browser_type
 
         tor_obj = nil
         if opts[:proxy] == 'tor'
@@ -40,7 +41,7 @@ module PWN
           browser_obj[:tor_obj] = tor_obj
         end
 
-        opts[:with_devtools] ? (with_devtools = true) : (with_devtools = false)
+        with_devtools = opts[:with_devtools] ||= true
 
         # Let's crank up the default timeout from 30 seconds to 15 min for slow sites
         Watir.default_timeout = 900
@@ -265,6 +266,36 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # console_resp = PWN::Plugins::TransparentBrowser.devtools_console(
+      #   browser_obj: browser_obj1,
+      #   js: 'required - JavaScript expression to evaluate'
+      # )
+
+      public_class_method def self.devtools_console(opts = {})
+        browser_obj = opts[:browser_obj]
+        browser_type = browser_obj[:type]
+        raise 'Error: sorry, this method only supports browser_obj[:type] == :chrome' unless browser_type == :chrome
+
+        js = opts[:js] ||= "alert('ACK from => #{self}')"
+
+        devtools = browser_obj[:browser].driver.devtools
+        devtools.send_cmd('Runtime.enable')
+        devtools.send_cmd('Console.enable')
+        devtools.send_cmd('DOM.enable')
+        devtools.send_cmd('Page.enable')
+        devtools.send_cmd('Log.enable')
+        devtools.send_cmd('Debugger.enable')
+
+        expression_cmd = {
+          expression: js
+        }
+
+        devtools.send_cmd('Runtime.evaluate', **expression_cmd)
+      rescue StandardError => e
+        raise e
+      end
+
       # Supported Method Parameters::
       # browser_obj = PWN::Plugins::TransparentBrowser.linkout(
       #   browser_obj: browser_obj1
@@ -364,21 +395,27 @@ module PWN
       public_class_method def self.help
         puts "USAGE:
           browser_obj1 = #{self}.open(
-            browser_type: :firefox|:chrome|:headless_chrome|:headless_firefox|:rest|:websocket,
-            proxy: 'optional scheme://proxy_host:port || tor',
-            with_devtools: 'optional - boolean (defaults to false)'
+            browser_type: 'optional - :firefox|:chrome|:headless|:rest|:websocket (defaults to :chrome)',
+            proxy: 'optional scheme://proxy_host:port || tor (defaults to nil)',
+            with_devtools: 'optional - boolean (defaults to true)'
           )
-          puts browser_obj1.public_methods
+          browser = browser_obj1[:browser]
+          puts browser.public_methods
 
           ********************************************************
-          * DevTools Interaction Only works w/ Chrome
+          * DevTools Interaction
           * All DevTools Commands can be found here:
           * https://chromedevtools.github.io/devtools-protocol/
           * Examples
-          devtools = browser_obj1.driver.devtools
+          devtools = browser.driver.devtools
           puts devtools.public_methods
           puts devtools.instance_variables
-          puts devtools.instance_variable_get('@messages')
+          puts devtools.instance_variable_get('@session_id')
+
+          websocket = devtools.instance_variable_get('@ws')
+          puts websocket.public_methods
+          puts websocket.instance_variables
+          puts websocket.instance_variable_get('@messages')
 
           * Tracing
           devtools.send_cmd('Tracing.start')
@@ -406,7 +443,7 @@ module PWN
             devtools.send_cmd('Console.clearMessages')
             devtools.send_cmd('Log.clear')
             console_events = []
-            b.driver.on_log_event(:console) { |event| console_events.push(event) }
+            browser.driver.on_log_event(:console) { |event| console_events.push(event) }
 
             devtools.send_cmd('Debugger.stepInto')
             puts \"Step: \#{step}\"
@@ -447,6 +484,11 @@ module PWN
           * End of DevTools Examples
           ********************************************************
 
+          console_resp = #{self}.devtools_console(
+            browser_obj: 'required - browser_obj returned from #open method)',
+            js: 'required - JavaScript expression to evaluate'
+          )
+
           browser_obj1 = #{self}.linkout(
             browser_obj: 'required - browser_obj returned from #open method)'
           )

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.169'
+  VERSION = '0.5.170'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.169
+  version: 0.5.170
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-12 00:00:00.000000000 Z
+date: 2024-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.5.11
+        version: 2.5.13
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.5.11
+        version: 2.5.13
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
@@ -618,14 +618,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.16.5
+        version: 1.16.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.16.5
+        version: 1.16.6
 - !ruby/object:Gem::Dependency
   name: nokogiri-diff
   requirement: !ruby/object:Gem::Requirement
@@ -2320,7 +2320,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
+rubygems_version: 3.5.13
 signing_key:
 specification_version: 4
 summary: Automated Security Testing for CI/CD Pipelines & Beyond