pwn 0.5.43 → 0.5.44

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 67b8c9503fff9b4358ae2cf4645d6581a5758b6269c0f0cd752c56beca3d0005
-  data.tar.gz: 85edd938c4fed98afc834eed906f482824ffb75eae38ff0c514475562b3c7464
+  metadata.gz: 3f25e99b7bab77b60bf540f3a7116b5a73880b4a48bb657fab50d3b790fa1c55
+  data.tar.gz: 1b1f20af44bedd09315acfe8f0d7e96cb80c51709a38daf7686f806de07694a1
 SHA512:
-  metadata.gz: ab83130d2982492590513f40e755a7dc2453adad90acdb820e025e062fac610ecb8a0580c74019bab2e6e32f3481b9eb151c44998cf86ba5def959cc04464fcf
-  data.tar.gz: 39f243b2f75b10a7291711783f9cbf2a2b8da84771eca501e95e6c6f62defafb88d311725215d5d5cc80d47e7368f4c1ed697e515b5030adbeb92fd736b254e3
+  metadata.gz: e5a537100ad7b89d3f50fff3378a6d278cfd306fafcb28a25bdfef94c3284865b80936fa70010e67851a98f1b113466606c59175ddefaee25273492cdad16616
+  data.tar.gz: 8e686718096043e4b91a9f82a31ea5d584a7a80f9e7f07c7293c6a455910d06aad5e06b091b9111115e1f38f4bfae7031c8bfdab0c46c710afcc97773a42477c

data/.rubocop.yml

@@ -1,9 +1,26 @@
-inherit_from: .rubocop_todo.yml
 AllCops: 
   UseCache: false
   NewCops: enable
-Layout:
-  Max: 3000
+Layout/LineLength:
+  Max: 293
+Lint/UselessRescue:
+  Enabled: false
+Metrics/AbcSize:
+  Max: 537.6
+Metrics/BlockLength:
+  Max: 138
+Metrics/BlockNesting:
+  Max: 4
+Metrics/ClassLength:
+  Max: 134
+Metrics/CyclomaticComplexity:
+  Max: 103
+Metrics/MethodLength:
+  Max: 485
+Metrics/ModuleLength:
+  Max: 495
+Metrics/PerceivedComplexity:
+  Max: 101
 Style/HashEachMethods:
   Enabled: true
 Style/HashSyntax:
@@ -14,3 +31,5 @@ Style/HashTransformValues:
   Enabled: true
 Style/RedundantLineContinuation:
   Enabled: false
+
+inherit_from: .rubocop_todo.yml

data/.rubocop_todo.yml

@@ -1,11 +1,18 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2024-01-23 19:41:36 UTC using RuboCop version 1.60.1.
+# on 2024-03-04 01:40:30 UTC using RuboCop version 1.61.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
+# Offense count: 1
+# Configuration parameters: Severity, Include.
+# Include: **/*.gemspec
+Gemspec/RequiredRubyVersion:
+  Exclude:
+    - 'pwn.gemspec'
+
 # Offense count: 5
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
@@ -17,30 +24,43 @@ Layout/LineContinuationSpacing:
     - 'packer/provisioners/wpscan.rb'
     - 'vagrant/provisioners/beef.rb'
 
-# Offense count: 290
+# Offense count: 18
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
+# URISchemes: http, https
+Layout/LineLength:
+  Exclude:
+    - 'Vagrantfile'
+    - 'bin/pwn_diff_csv_files_w_column_exclude'
+    - 'lib/pwn/banner/jmp_esp.rb'
+    - 'lib/pwn/plugins/mail_agent.rb'
+    - 'lib/pwn/plugins/open_ai.rb'
+    - 'lib/pwn/reports/fuzz.rb'
+    - 'lib/pwn/reports/phone.rb'
+    - 'lib/pwn/reports/sast.rb'
+    - 'lib/pwn/reports/uri_buster.rb'
+    - 'lib/pwn/sast/banned_function_calls_c.rb'
+
+# Offense count: 294
 # This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AutoCorrect.
 Lint/UselessAssignment:
   Enabled: false
 
-# Offense count: 694
-Lint/UselessRescue:
-  Enabled: false
-
-# Offense count: 291
-# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
-Metrics/AbcSize:
-  Max: 328
-
-# Offense count: 71
-# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+# Offense count: 3
+# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 # AllowedMethods: refine
 Metrics/BlockLength:
-  Max: 196
+  Exclude:
+    - '**/*.gemspec'
+    - 'lib/pwn/plugins/android.rb'
+    - 'lib/pwn/plugins/msr206.rb'
+    - 'lib/pwn/sast/banned_function_calls_c.rb'
 
-# Offense count: 49
-# Configuration parameters: CountBlocks.
+# Offense count: 44
+# Configuration parameters: CountBlocks, Max.
 Metrics/BlockNesting:
-  Max: 5
+  Enabled: false
 
 # Offense count: 1
 # Configuration parameters: LengthThreshold.
@@ -48,31 +68,36 @@ Metrics/CollectionLiteralLength:
   Exclude:
     - 'lib/pwn/plugins/uri_scheme.rb'
 
-# Offense count: 116
-# Configuration parameters: AllowedMethods, AllowedPatterns.
+# Offense count: 1
+# Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/CyclomaticComplexity:
-  Max: 231
+  Exclude:
+    - 'lib/pwn/plugins/android.rb'
 
-# Offense count: 536
-# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+# Offense count: 1
+# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
-  Max: 1001
+  Exclude:
+    - 'lib/pwn/banner/code_cave.rb'
 
-# Offense count: 56
-# Configuration parameters: CountComments, CountAsOne.
+# Offense count: 8
+# Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ModuleLength:
-  Max: 1187
-
-# Offense count: 108
-# Configuration parameters: AllowedMethods, AllowedPatterns.
-Metrics/PerceivedComplexity:
-  Max: 51
+  Exclude:
+    - 'lib/pwn/banner/code_cave.rb'
+    - 'lib/pwn/plugins/android.rb'
+    - 'lib/pwn/plugins/black_duck_binary_analysis.rb'
+    - 'lib/pwn/plugins/ibm_appscan.rb'
+    - 'lib/pwn/plugins/msr206.rb'
+    - 'lib/pwn/plugins/nessus_cloud.rb'
+    - 'lib/pwn/plugins/open_ai.rb'
+    - 'lib/pwn/plugins/packet.rb'
 
 # Offense count: 160
 Style/ClassVars:
   Enabled: false
 
-# Offense count: 278
+# Offense count: 280
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
 # SupportedStyles: assign_to_condition, assign_inside_condition
@@ -85,12 +110,13 @@ Style/ExplicitBlockArgument:
   Exclude:
     - 'lib/pwn/plugins/nmap_it.rb'
 
-# Offense count: 2
+# Offense count: 3
 # This cop supports safe autocorrection (--autocorrect).
 Style/IfUnlessModifier:
   Exclude:
     - 'bin/pwn'
     - 'lib/pwn/plugins/baresip.rb'
+    - 'lib/pwn/plugins/mail_agent.rb'
 
 # Offense count: 94
 # This cop supports safe autocorrection (--autocorrect).
@@ -108,7 +134,7 @@ Style/RedundantStringEscape:
     - 'lib/pwn/sast/redos.rb'
     - 'vagrant/provisioners/kali_customize.rb'
 
-# Offense count: 46
+# Offense count: 48
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
   Enabled: false
@@ -127,10 +153,3 @@ Style/SoleNestedConditional:
 Style/StringLiterals:
   Exclude:
     - 'bin/pwn'
-
-# Offense count: 637
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
-# URISchemes: http, https
-Layout/LineLength:
-  Max: 1620

data/Gemfile

@@ -60,7 +60,7 @@ gem 'os', '1.1.4'
 gem 'packetfu', '2.0.0'
 gem 'packetgen', '3.3.1'
 gem 'pdf-reader', '2.12.0'
-gem 'pg', '1.5.5'
+gem 'pg', '1.5.6'
 gem 'pry', '0.14.2'
 gem 'pry-doc', '1.5.0'
 gem 'rake', '13.1.0'
@@ -75,7 +75,7 @@ gem 'rspec', '3.13.0'
 gem 'rtesseract', '3.1.3'
 gem 'rubocop', '1.61.0'
 gem 'rubocop-rake', '0.6.0'
-gem 'rubocop-rspec', '2.27.0'
+gem 'rubocop-rspec', '2.27.1'
 gem 'ruby-audio', '1.6.1'
 gem 'ruby-nmap', '1.0.3'
 gem 'ruby-saml', '1.16.0'
@@ -97,3 +97,4 @@ gem 'webrick', '1.8.1'
 gem 'whois', '5.1.1'
 gem 'whois-parser', '2.0.0'
 gem 'wicked_pdf', '2.8.0'
+gem 'yard', '0.9.36'

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.43]:001 >>> PWN.help
+pwn[v0.5.44]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.43]:001 >>> PWN.help
+pwn[v0.5.44]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.43]:001 >>> PWN.help
+pwn[v0.5.44]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/bin/pwn

@@ -216,21 +216,21 @@ begin
     end
   end
 
-  Pry::Commands.create_command 'toggle-pwn-asm' do
-    description 'Toggle pwn.asm interface.'
+  Pry::Commands.create_command 'pwn-asm' do
+    description 'Initiate pwn.asm shell.'
 
     def process
       pi = pry_instance
-      pi.config.pwn_asm ? pi.config.pwn_asm = false : pi.config.pwn_asm = true
+      pi.config.pwn_asm = true
     end
   end
 
-  Pry::Commands.create_command 'toggle-pwn-gpt' do
-    description 'Toggle pwn.gpt chat interface.'
+  Pry::Commands.create_command 'pwn-gpt' do
+    description 'Initiate pwn.gpt chat interface.'
 
     def process
       pi = pry_instance
-      pi.config.pwn_gpt ? pi.config.pwn_gpt = false : pi.config.pwn_gpt = true
+      pi.config.pwn_gpt = true
       pi.config.color = false if pi.config.pwn_gpt
       pi.config.color = true unless pi.config.pwn_gpt
     end
@@ -254,6 +254,18 @@ begin
     end
   end
 
+  Pry::Commands.create_command 'back' do
+    description 'Jump back to pwn REPL when in pwn-asm || pwn-gpt.'
+
+    def process
+      pi = pry_instance
+      pi.config.pwn_asm = false if pi.config.pwn_asm
+      pi.config.pwn_gpt = false if pi.config.pwn_gpt
+      pi.config.pwn_gpt_debug = false if pi.config.pwn_gpt_debug
+      pi.config.pwn_gpt_speak = false if pi.config.pwn_gpt_speak
+    end
+  end
+
   # Define REPL Hooks
   # Welcome Banner Hook
   Pry.config.hooks.add_hook(:before_session, :welcome) do |output, _binding, _pi|

data/lib/pwn/plugins/assembly.rb

@@ -29,10 +29,40 @@ module PWN
           arch_obj = Metasm::Ia32.new(endian)
         when 'amd64', 'x86_64'
           arch_obj = Metasm::X86_64.new(endian)
+        when 'arc'
+          arch_obj = Metasm::ARC.new(endian)
         when 'armv4l', 'armv4b', 'armv5l', 'armv5b', 'armv6l', 'armv6b', 'armv7b', 'armv7l', 'arm', 'armhf'
           arch_obj = Metasm::ARM.new(endian)
         when 'aarch64', 'arm64'
           arch_obj = Metasm::ARM64.new(endian)
+        when 'bpf'
+          arch_obj = Metasm::BPF.new(endian)
+        when 'cy16'
+          arch_obj = Metasm::CY16.new(endian)
+        when 'dalvik'
+          arch_obj = Metasm::Dalvik.new(endian)
+        when 'ebpf'
+          arch_obj = Metasm::EBPF.new(endian)
+        when 'mcs51'
+          arch_obj = Metasm::MCS51.new(endian)
+        when 'mips'
+          arch_obj = Metasm::MIPS.new(endian)
+        when 'mips64'
+          arch_obj = Metasm::MIPS64.new(endian)
+        when 'msp430'
+          arch_obj = Metasm::MSP430.new(endian)
+        when 'openrisc'
+          arch_obj = Metasm::OpenRisc.new(endian)
+        when 'ppc'
+          arch_obj = Metasm::PPC.new(endian)
+        when 'sh4'
+          arch_obj = Metasm::SH4.new(endian)
+        when 'st20'
+          arch_obj = Metasm::ST20.new(endian)
+        when 'webasm'
+          arch_obj = Metasm::WebAsm.new(endian)
+        when 'z80'
+          arch_obj = Metasm::Z80.new(endian)
         else
           raise "Unsupported architecture: #{arch}"
         end
@@ -104,10 +134,40 @@ module PWN
           arch_obj = Metasm::Ia32.new(endian)
         when 'amd64', 'x86_64'
           arch_obj = Metasm::X86_64.new(endian)
+        when 'arc'
+          arch_obj = Metasm::ARC.new(endian)
         when 'armv4l', 'armv4b', 'armv5l', 'armv5b', 'armv6l', 'armv6b', 'armv7b', 'armv7l', 'arm', 'armhf'
           arch_obj = Metasm::ARM.new(endian)
         when 'aarch64', 'arm64'
           arch_obj = Metasm::ARM64.new(endian)
+        when 'bpf'
+          arch_obj = Metasm::BPF.new(endian)
+        when 'cy16'
+          arch_obj = Metasm::CY16.new(endian)
+        when 'dalvik'
+          arch_obj = Metasm::Dalvik.new(endian)
+        when 'ebpf'
+          arch_obj = Metasm::EBPF.new(endian)
+        when 'mcs51'
+          arch_obj = Metasm::MCS51.new(endian)
+        when 'mips'
+          arch_obj = Metasm::MIPS.new(endian)
+        when 'mips64'
+          arch_obj = Metasm::MIPS64.new(endian)
+        when 'msp430'
+          arch_obj = Metasm::MSP430.new(endian)
+        when 'openrisc'
+          arch_obj = Metasm::OpenRisc.new(endian)
+        when 'ppc'
+          arch_obj = Metasm::PPC.new(endian)
+        when 'sh4'
+          arch_obj = Metasm::SH4.new(endian)
+        when 'st20'
+          arch_obj = Metasm::ST20.new(endian)
+        when 'webasm'
+          arch_obj = Metasm::WebAsm.new(endian)
+        when 'z80'
+          arch_obj = Metasm::Z80.new(endian)
         else
           raise "Unsupported architecture: #{arch}"
         end

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.43'
+  VERSION = '0.5.44'
 end

data/packer/provisioners/aliases.rb

@@ -6,6 +6,7 @@ system("sudo touch #{alias_file}")
 system("sudo chmod 777 #{alias_file}")
 File.open(alias_file, 'w') do |f|
   f.puts '#!/bin/bash'
+  f.puts "alias file='file --keep-going --raw'"
   f.puts "alias grep='grep --color=auto'"
   f.puts "alias kpid='kill -15'"
   f.puts "alias ls='ls --color=auto'"

data/pwn.gemspec

@@ -6,7 +6,9 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'pwn/version'
 
 Gem::Specification.new do |spec|
-  spec.required_ruby_version = ">= #{File.read('.ruby-version').split('-').last.chomp}"
+  ruby_version = ">= #{File.read('.ruby-version').split('-').last.chomp}".freeze
+  # spec.required_ruby_version = ruby_version
+  spec.required_ruby_version = '>= 3.3.0'
   spec.name = 'pwn'
   spec.version = PWN::VERSION
   spec.authors = ['0day Inc.']

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.43
+  version: 0.5.44
 platform: ruby
 authors:
 - 0day Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-01 00:00:00.000000000 Z
+date: 2024-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -674,14 +674,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.5
+        version: 1.5.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.5.5
+        version: 1.5.6
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -884,14 +884,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.27.0
+        version: 2.27.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.27.0
+        version: 2.27.1
 - !ruby/object:Gem::Dependency
   name: ruby-audio
   requirement: !ruby/object:Gem::Requirement
@@ -1172,6 +1172,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.8.0
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.36
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.36
 description: https://github.com/0dayinc/pwn/README.md
 email:
 - request.pentest@0dayinc.com