pwn 0.5.170 → 0.5.171
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop_todo.yml +9 -3
- data/README.md +3 -3
- data/lib/pwn/plugins/transparent_browser.rb +53 -24
- data/lib/pwn/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a0ba45977e6b882046ff2e106aac51f68b2a3b02ca5a7b1f456ca4dba60c700f
|
4
|
+
data.tar.gz: d2403e95658aa3a25042090535b37078a8d73e9d856c58328b57607627009c53
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1f431eeb61b4fa7e462b800c8a540ecf7aeec0b1174773953d0125477d7fe402da5f4a4ec0166f338fe0678ed04e6e0d12351522c5b8fe31fb4a7ecbf49018cd
|
7
|
+
data.tar.gz: ce1bff0fae0ad0aa18d2a3f4a5df1d085c248301a5a1fb661818197f175dc42575f87fef6c4dead341c94039002d0f4ec71fac9021c4198c81bc610b4c828e3a
|
data/.rubocop_todo.yml
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# This configuration was generated by
|
2
2
|
# `rubocop --auto-gen-config`
|
3
|
-
# on 2024-
|
3
|
+
# on 2024-06-17 17:41:04 UTC using RuboCop version 1.64.1.
|
4
4
|
# The point is for the user to remove these configuration records
|
5
5
|
# one by one as the offenses are removed from the code base.
|
6
6
|
# Note that changes in the inspected code, or installation of new
|
@@ -41,7 +41,7 @@ Lint/NestedMethodDefinition:
|
|
41
41
|
Exclude:
|
42
42
|
- 'lib/pwn/plugins/repl.rb'
|
43
43
|
|
44
|
-
# Offense count:
|
44
|
+
# Offense count: 307
|
45
45
|
# This cop supports unsafe autocorrection (--autocorrect-all).
|
46
46
|
# Configuration parameters: AutoCorrect.
|
47
47
|
Lint/UselessAssignment:
|
@@ -140,6 +140,12 @@ Style/MapIntoArray:
|
|
140
140
|
- 'lib/pwn/plugins/credit_card.rb'
|
141
141
|
- 'lib/pwn/plugins/nexpose_vuln_scan.rb'
|
142
142
|
|
143
|
+
# Offense count: 1
|
144
|
+
# This cop supports safe autocorrection (--autocorrect).
|
145
|
+
Style/RedundantBegin:
|
146
|
+
Exclude:
|
147
|
+
- 'lib/pwn/plugins/transparent_browser.rb'
|
148
|
+
|
143
149
|
# Offense count: 94
|
144
150
|
# This cop supports safe autocorrection (--autocorrect).
|
145
151
|
Style/RedundantCondition:
|
@@ -156,7 +162,7 @@ Style/RedundantStringEscape:
|
|
156
162
|
- 'lib/pwn/sast/redos.rb'
|
157
163
|
- 'vagrant/provisioners/kali_customize.rb'
|
158
164
|
|
159
|
-
# Offense count:
|
165
|
+
# Offense count: 55
|
160
166
|
# This cop supports unsafe autocorrection (--autocorrect-all).
|
161
167
|
Style/SlicingWithRange:
|
162
168
|
Enabled: false
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
37
37
|
$ ./install.sh
|
38
38
|
$ ./install.sh ruby-gem
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.5.
|
40
|
+
pwn[v0.5.171]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.3@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.5.
|
55
|
+
pwn[v0.5.171]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.3@pwn
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
64
64
|
$ pwn
|
65
|
-
pwn[v0.5.
|
65
|
+
pwn[v0.5.171]:001 >>> PWN.help
|
66
66
|
```
|
67
67
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
@@ -1,13 +1,13 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'em/pure_ruby'
|
4
|
+
require 'faye/websocket'
|
5
|
+
require 'rest-client'
|
4
6
|
require 'selenium/webdriver'
|
5
7
|
require 'selenium/devtools'
|
6
|
-
require 'rest-client'
|
7
8
|
require 'socksify'
|
8
9
|
require 'openssl'
|
9
|
-
require '
|
10
|
-
require 'faye/websocket'
|
10
|
+
require 'watir'
|
11
11
|
|
12
12
|
module PWN
|
13
13
|
module Plugins
|
@@ -261,6 +261,8 @@ module PWN
|
|
261
261
|
return nil
|
262
262
|
end
|
263
263
|
|
264
|
+
browser_obj[:devtools] = browser_obj[:browser].driver.devtools if with_devtools && (browser_obj[:type] == :chrome || browser_obj[:type] == :headless_chrome || browser_obj[:type] == :firefox || browser_obj[:type] == :headless_firefox)
|
265
|
+
|
264
266
|
browser_obj
|
265
267
|
rescue StandardError => e
|
266
268
|
raise e
|
@@ -275,11 +277,13 @@ module PWN
|
|
275
277
|
public_class_method def self.devtools_console(opts = {})
|
276
278
|
browser_obj = opts[:browser_obj]
|
277
279
|
browser_type = browser_obj[:type]
|
278
|
-
|
280
|
+
|
281
|
+
valid_browser_types = %i[chrome headless_chrome firefox headless_firefox]
|
282
|
+
raise 'ERROR: browser_type must be :chrome, :headless_chrome, :firefox, or :headless_firefox' unless valid_browser_types.include?(browser_type)
|
279
283
|
|
280
284
|
js = opts[:js] ||= "alert('ACK from => #{self}')"
|
281
285
|
|
282
|
-
devtools = browser_obj[:
|
286
|
+
devtools = browser_obj[:devtools]
|
283
287
|
devtools.send_cmd('Runtime.enable')
|
284
288
|
devtools.send_cmd('Console.enable')
|
285
289
|
devtools.send_cmd('DOM.enable')
|
@@ -287,52 +291,76 @@ module PWN
|
|
287
291
|
devtools.send_cmd('Log.enable')
|
288
292
|
devtools.send_cmd('Debugger.enable')
|
289
293
|
|
290
|
-
|
294
|
+
js_exp = {
|
291
295
|
expression: js
|
292
296
|
}
|
293
297
|
|
294
|
-
devtools.send_cmd('Runtime.evaluate', **
|
298
|
+
devtools.send_cmd('Runtime.evaluate', **js_exp)
|
295
299
|
rescue StandardError => e
|
296
300
|
raise e
|
297
301
|
end
|
298
302
|
|
299
303
|
# Supported Method Parameters::
|
300
|
-
# browser_obj = PWN::Plugins::TransparentBrowser.
|
304
|
+
# browser_obj = PWN::Plugins::TransparentBrowser.dump_links(
|
301
305
|
# browser_obj: browser_obj1
|
302
306
|
# )
|
303
307
|
|
304
|
-
public_class_method def self.
|
308
|
+
public_class_method def self.dump_links(opts = {})
|
305
309
|
browser_obj = opts[:browser_obj]
|
306
310
|
|
307
|
-
browser_obj[:browser].links
|
308
|
-
|
311
|
+
links = browser_obj[:browser].links
|
312
|
+
|
313
|
+
dump_links_arr = []
|
314
|
+
links.each do |link|
|
315
|
+
link_hash = {}
|
316
|
+
|
317
|
+
link_hash[:text] = link.text
|
318
|
+
link_hash[:href] = link.href
|
319
|
+
link_hash[:id] = link.id
|
320
|
+
link_hash[:name] = link.name
|
321
|
+
link_hash[:class_name] = link.class_name
|
322
|
+
link_hash[:html] = link.html
|
323
|
+
link_hash[:target] = link.target
|
324
|
+
dump_links_arr.push(link_hash)
|
325
|
+
|
326
|
+
yield link if block_given?
|
309
327
|
end
|
310
328
|
|
311
|
-
|
329
|
+
dump_links_arr
|
312
330
|
rescue StandardError => e
|
313
331
|
raise e
|
314
332
|
end
|
315
333
|
|
316
334
|
# Supported Method Parameters::
|
317
|
-
# browser_obj = PWN::Plugins::TransparentBrowser.
|
335
|
+
# browser_obj = PWN::Plugins::TransparentBrowser.find_elements_by_text(
|
318
336
|
# browser_obj: browser_obj1,
|
319
337
|
# text: 'required - text to search for in the DOM'
|
320
338
|
# )
|
321
339
|
|
322
|
-
public_class_method def self.
|
340
|
+
public_class_method def self.find_elements_by_text(opts = {})
|
323
341
|
browser_obj = opts[:browser_obj]
|
324
342
|
text = opts[:text].to_s
|
325
343
|
|
326
|
-
|
327
|
-
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
|
344
|
+
elements = browser_obj[:browser].elements
|
345
|
+
elements_found_arr = []
|
346
|
+
elements.each do |element|
|
347
|
+
begin
|
348
|
+
if element.text == text || element.value == text
|
349
|
+
element_hash = {}
|
350
|
+
element_hash[:tag_name] = element.tag_name
|
351
|
+
element_hash[:html] = element.html
|
352
|
+
elements_found_arr.push(element_hash)
|
353
|
+
|
354
|
+
yield element if block_given?
|
355
|
+
end
|
356
|
+
rescue NoMethodError
|
357
|
+
next
|
358
|
+
end
|
332
359
|
end
|
333
360
|
|
334
|
-
|
361
|
+
elements_found_arr
|
335
362
|
rescue StandardError => e
|
363
|
+
puts e.backtrace
|
336
364
|
raise e
|
337
365
|
end
|
338
366
|
|
@@ -353,6 +381,7 @@ module PWN
|
|
353
381
|
|
354
382
|
string.each_char do |char|
|
355
383
|
yield char
|
384
|
+
|
356
385
|
sleep Random.rand(rand_sleep_float)
|
357
386
|
end
|
358
387
|
rescue StandardError => e
|
@@ -489,11 +518,11 @@ module PWN
|
|
489
518
|
js: 'required - JavaScript expression to evaluate'
|
490
519
|
)
|
491
520
|
|
492
|
-
browser_obj1 = #{self}.
|
521
|
+
browser_obj1 = #{self}.dump_links(
|
493
522
|
browser_obj: 'required - browser_obj returned from #open method)'
|
494
523
|
)
|
495
524
|
|
496
|
-
browser_obj1 = #{self}.
|
525
|
+
browser_obj1 = #{self}.find_elements_by_text(
|
497
526
|
browser_obj: 'required - browser_obj returned from #open method)',
|
498
527
|
text: 'required - text to search for in the DOM'
|
499
528
|
)
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.171
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-06-
|
11
|
+
date: 2024-06-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|