pwn 0.5.493 → 0.5.494
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +2 -2
- data/README.md +3 -3
- data/lib/pwn/plugins/transparent_browser.rb +67 -38
- data/lib/pwn/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6a226c1c12aee43a0797ac73395608686c8d3af0c22d00ae91ae4a32963cdeab
|
|
4
|
+
data.tar.gz: 1aaac65edd8e5b056fa62e6a78038de56bbca3bec7191431ed164d07db93bba4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e033ff70444b1d95a997435ab995aea33648e2ac76ad3b28c0c5ee287519e812cadb4bd59f7b9d38d0e7fbe7ac56190c617599b8cc68291d5dcb4b067b718b88
|
|
7
|
+
data.tar.gz: 75e791c0ed1dfe955697c23505ccdb75f74c216b89adf5e021e66687e7329ebef33350cbc2f63cfe9411d735785d3f44a5a0b445017dc9136b8b4e83708b13b3
|
data/Gemfile
CHANGED
|
@@ -88,8 +88,8 @@ gem 'ruby-nmap', '1.0.3'
|
|
|
88
88
|
gem 'ruby-saml', '1.18.1'
|
|
89
89
|
gem 'rvm', '1.11.3.9'
|
|
90
90
|
gem 'savon', '2.15.1'
|
|
91
|
-
gem 'selenium-devtools', '0.
|
|
92
|
-
gem 'selenium-webdriver', '4.
|
|
91
|
+
gem 'selenium-devtools', '0.142.0'
|
|
92
|
+
gem 'selenium-webdriver', '4.38.0'
|
|
93
93
|
gem 'slack-ruby-client', '3.0.0'
|
|
94
94
|
gem 'socksify', '1.8.1'
|
|
95
95
|
gem 'spreadsheet', '1.3.4'
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.494]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.494]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.494]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -1150,43 +1150,60 @@ module PWN
|
|
|
1150
1150
|
devtools = browser_obj[:devtools]
|
|
1151
1151
|
debugger_state = devtools.instance_variable_get(:@debugger_state)
|
|
1152
1152
|
|
|
1153
|
+
method = nil
|
|
1153
1154
|
case action
|
|
1154
1155
|
when :enable
|
|
1155
|
-
|
|
1156
|
-
debugger_state
|
|
1157
|
-
|
|
1158
|
-
|
|
1156
|
+
while method != 'Debugger.scriptParsed'
|
|
1157
|
+
if debugger_state.is_a?(Hash)
|
|
1158
|
+
debugger_state = devtools.instance_variable_get(:@debugger_state)
|
|
1159
|
+
devtools.remove_instance_variable(:@debugger_state) unless debugger_state.nil?
|
|
1160
|
+
devtools.debugger.disable
|
|
1161
|
+
end
|
|
1162
|
+
debugger_state = {}
|
|
1163
|
+
breakpoint_arr = []
|
|
1164
|
+
|
|
1165
|
+
devtools.debugger.enable
|
|
1166
|
+
ws_msg = devtools_websocket_messages(browser_obj: browser_obj)
|
|
1167
|
+
method = ws_msg['method']
|
|
1168
|
+
|
|
1169
|
+
bcmd = 'EventBreakpoints.setInstrumentationBreakpoint'
|
|
1170
|
+
event = 'load'
|
|
1171
|
+
breakpoint = devtools.send_cmd(bcmd, eventName: event)
|
|
1172
|
+
breakpoint['result']['breakpointId'] = "#{bcmd}.#{event}.#{SecureRandom.uuid}"
|
|
1173
|
+
# bcmd = 'Debugger.setInstrumentationBreakpoint'
|
|
1174
|
+
# instrumentation = 'beforeScriptExecution'
|
|
1175
|
+
# breakpoint = devtools.send_cmd(bcmd, instrumentation: instrumentation)
|
|
1176
|
+
# breakpoint['result']['breakpointId'] = "#{bcmd}.#{instrumentation}.#{SecureRandom.uuid}"
|
|
1177
|
+
breakpoint_arr.push(breakpoint)
|
|
1178
|
+
debugger_state[:breakpoints] = breakpoint_arr
|
|
1179
|
+
|
|
1180
|
+
devtools.runtime.disable
|
|
1181
|
+
devtools.log.disable
|
|
1182
|
+
devtools.network.disable
|
|
1183
|
+
devtools.page.disable
|
|
1184
|
+
puts debugger_state.inspect
|
|
1159
1185
|
end
|
|
1160
|
-
debugger_state = {}
|
|
1161
|
-
breakpoint_arr = []
|
|
1162
|
-
|
|
1163
|
-
# breakpoint = devtools.debugger.set_instrumentation_breakpoint(instrumentation: 'beforeScriptExecution')
|
|
1164
|
-
bcmd = 'EventBreakpoints.setInstrumentationBreakpoint'
|
|
1165
|
-
event = 'load'
|
|
1166
|
-
breakpoint = devtools.send_cmd(bcmd, eventName: event)
|
|
1167
|
-
breakpoint['result']['breakpointId'] = "#{bcmd}.#{event}.#{SecureRandom.uuid}"
|
|
1168
|
-
breakpoint_arr.push(breakpoint)
|
|
1169
|
-
debugger_state[:breakpoints] = breakpoint_arr
|
|
1170
|
-
|
|
1171
|
-
devtools.runtime.disable
|
|
1172
|
-
devtools.log.disable
|
|
1173
|
-
devtools.network.disable
|
|
1174
|
-
devtools.page.disable
|
|
1175
|
-
devtools.debugger.enable
|
|
1176
1186
|
when :pause
|
|
1177
|
-
|
|
1178
|
-
|
|
1187
|
+
while method != 'Debugger.paused'
|
|
1188
|
+
Timeout.timeout(9) { browser_obj[:browser].refresh }
|
|
1189
|
+
devtools.debugger.pause
|
|
1190
|
+
ws_msg = devtools_websocket_messages(browser_obj: browser_obj)
|
|
1191
|
+
method = ws_msg['method']
|
|
1192
|
+
end
|
|
1179
1193
|
when :resume
|
|
1180
|
-
|
|
1194
|
+
while method != 'Debugger.resumed'
|
|
1195
|
+
devtools.debugger.resume
|
|
1196
|
+
ws_msg = devtools_websocket_messages(browser_obj: browser_obj)
|
|
1197
|
+
method = ws_msg['method']
|
|
1198
|
+
end
|
|
1181
1199
|
when :disable
|
|
1182
1200
|
debugger_state = devtools.instance_variable_get(:@debugger_state)
|
|
1183
1201
|
devtools.remove_instance_variable(:@debugger_state) if debugger_state.is_a?(Hash)
|
|
1184
1202
|
devtools.debugger.disable
|
|
1185
1203
|
end
|
|
1186
1204
|
|
|
1187
|
-
|
|
1188
|
-
debugger_state
|
|
1189
|
-
devtools.instance_variable_set(:@debugger_state, debugger_state)
|
|
1205
|
+
debugger_state[:method] = method
|
|
1206
|
+
devtools.instance_variable_set(:@debugger_state, debugger_state) if debugger_state.is_a?(Hash)
|
|
1190
1207
|
devtools
|
|
1191
1208
|
rescue Timeout::Error
|
|
1192
1209
|
devtools
|
|
@@ -1226,6 +1243,8 @@ module PWN
|
|
|
1226
1243
|
return devtools
|
|
1227
1244
|
end
|
|
1228
1245
|
|
|
1246
|
+
system_role_content = 'Being an expert penetration tester skilled in code analysis, debugging, and exploitation while stepping through JavaScript in a Chrome DevTools debugging session: 1. Your sole purpose is to analyze each JavaScript step and generate an Exploit Prediction Scoring System (EPSS) score between 0% - 100%. 2. If the score is >= 75%, generate a JavaScript proof-of-concept that would allow a threat actor to directly exploit or target a user for exploitation (i.e. no self-exploit). 3. If the EPSS score is >= 75% also provide a code fix. *** If the EPSS score is < 75%, no explanations or summaries - just the EPSS score.'
|
|
1247
|
+
|
|
1229
1248
|
page_state_arr = []
|
|
1230
1249
|
steps.times do |s|
|
|
1231
1250
|
step_num = s + 1
|
|
@@ -1257,12 +1276,17 @@ module PWN
|
|
|
1257
1276
|
source_lines = source_code.split("\n")
|
|
1258
1277
|
source_lines_str = source_lines[from_line_num..to_line_num].join("\n")
|
|
1259
1278
|
source_to_review = source_lines_str[from_column_num..to_column_num]
|
|
1260
|
-
|
|
1261
|
-
|
|
1262
|
-
|
|
1263
|
-
|
|
1264
|
-
|
|
1265
|
-
|
|
1279
|
+
source_before = source_to_review.dup
|
|
1280
|
+
|
|
1281
|
+
if source_to_review.length.positive?
|
|
1282
|
+
puts source_to_review
|
|
1283
|
+
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
1284
|
+
system_role_content: system_role_content,
|
|
1285
|
+
request: source_to_review
|
|
1286
|
+
)
|
|
1287
|
+
puts "^^^ #{ai_analysis}" unless ai_analysis.nil?
|
|
1288
|
+
# gets
|
|
1289
|
+
end
|
|
1266
1290
|
end
|
|
1267
1291
|
|
|
1268
1292
|
case action
|
|
@@ -1299,12 +1323,17 @@ module PWN
|
|
|
1299
1323
|
source_lines = source_code.split("\n")
|
|
1300
1324
|
source_lines_str = source_lines[from_line_num..to_line_num].join("\n")
|
|
1301
1325
|
source_to_review = source_lines_str[from_column_num..to_column_num]
|
|
1302
|
-
|
|
1303
|
-
|
|
1304
|
-
|
|
1305
|
-
|
|
1306
|
-
|
|
1307
|
-
|
|
1326
|
+
source_after = source_to_review.dup
|
|
1327
|
+
|
|
1328
|
+
if source_to_review.length.positive? && source_to_review != source_before
|
|
1329
|
+
puts source_to_review
|
|
1330
|
+
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
1331
|
+
system_role_content: system_role_content,
|
|
1332
|
+
request: source_to_review
|
|
1333
|
+
)
|
|
1334
|
+
puts "^^^ #{ai_analysis}" unless ai_analysis.nil?
|
|
1335
|
+
# gets
|
|
1336
|
+
end
|
|
1308
1337
|
end
|
|
1309
1338
|
puts "\n" * 6
|
|
1310
1339
|
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.494
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -1079,28 +1079,28 @@ dependencies:
|
|
|
1079
1079
|
requirements:
|
|
1080
1080
|
- - '='
|
|
1081
1081
|
- !ruby/object:Gem::Version
|
|
1082
|
-
version: 0.
|
|
1082
|
+
version: 0.142.0
|
|
1083
1083
|
type: :runtime
|
|
1084
1084
|
prerelease: false
|
|
1085
1085
|
version_requirements: !ruby/object:Gem::Requirement
|
|
1086
1086
|
requirements:
|
|
1087
1087
|
- - '='
|
|
1088
1088
|
- !ruby/object:Gem::Version
|
|
1089
|
-
version: 0.
|
|
1089
|
+
version: 0.142.0
|
|
1090
1090
|
- !ruby/object:Gem::Dependency
|
|
1091
1091
|
name: selenium-webdriver
|
|
1092
1092
|
requirement: !ruby/object:Gem::Requirement
|
|
1093
1093
|
requirements:
|
|
1094
1094
|
- - '='
|
|
1095
1095
|
- !ruby/object:Gem::Version
|
|
1096
|
-
version: 4.
|
|
1096
|
+
version: 4.38.0
|
|
1097
1097
|
type: :runtime
|
|
1098
1098
|
prerelease: false
|
|
1099
1099
|
version_requirements: !ruby/object:Gem::Requirement
|
|
1100
1100
|
requirements:
|
|
1101
1101
|
- - '='
|
|
1102
1102
|
- !ruby/object:Gem::Version
|
|
1103
|
-
version: 4.
|
|
1103
|
+
version: 4.38.0
|
|
1104
1104
|
- !ruby/object:Gem::Dependency
|
|
1105
1105
|
name: slack-ruby-client
|
|
1106
1106
|
requirement: !ruby/object:Gem::Requirement
|