pwn 0.5.498 → 0.5.499

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c41bc76760db0b513a3ad2e622d66299878abc0470557cf342afe18b5cee66e7
-  data.tar.gz: 56af59b296710ca0a24819d7dcd122e8e058b65152a9e04202a53ff0e41c6473
+  metadata.gz: 4e56e54848ac7ff737e0c074dba6ec24cd7fcb3eb60012eadd218b41fc951302
+  data.tar.gz: 2d2221ff56638e8bb30b7ce9e907f390e1bc84c3c63dddccb6a34b6e83d8e920
 SHA512:
-  metadata.gz: d1346423bc99955590ecd3eaa819b9af4bc584dee83e405557afc23e3a0819fb52a2a83952e09f72c37e648696fe58ad8abd6f20e91ef80821ff381728c160a0
-  data.tar.gz: 91408051ad834f50b5665f9bc1bad7b1a87e83e57641e34995aa8f79eca42e8fc98e2be59e44209609e4f0ffe212b8f774ebd4100803006c194c059e9050e69d
+  metadata.gz: bfc2c1f2ffbf9447c7c2fa25de875d353f0ebc3a98158ea36a34459b7ae07c93aac81e98bf25657d2cde2ec640a09122724797563d24c3f57dc688246578e4fa
+  data.tar.gz: fbe74658bc1c81f3dd5e8da72a36edaa0ac58362ba8ee82d39089ade0e721924f49c8077afb6ae0775299fbbf03a5885ebc37ceea50fd6802885b962145ae382

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.498]:001 >>> PWN.help
+pwn[v0.5.499]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.4.4@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.498]:001 >>> PWN.help
+pwn[v0.5.499]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-3.4.4@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.498]:001 >>> PWN.help
+pwn[v0.5.499]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/plugins/burp_suite.rb

@@ -50,7 +50,7 @@ module PWN
       # )
       private_class_method def self.init_introspection_thread(opts = {})
         #  if PWN::Env[:ai][:introspection] is true,
-        #  spin up PWN::Plugins::ThreadPool to
+        #  spin up Thread to:
         #  1. Periodically call get_proxy_history(burp_obj: burp_obj) method
         #  2. For each entry w/ empty comment,
         #     generate AI analysis via PWN::AI::Introspection.reflect_on
@@ -98,13 +98,34 @@ module PWN
               Analyze provided HTTP request/response pairs methodically: Start with a high-level overview, then dive into specifics, flag potential issues with evidence from the traffic, and end with PoC if applicable. Be verbose in reasoning but concise in output. Prioritize high-severity findings. If data is incomplete, request clarifications.
             '
 
+            get_highlight_color = lambda do |opts = {}|
+              ai_analysis = opts[:ai_analysis]
+
+              highlight_color = 'GRAY'
+              if ai_analysis =~ /"risk_score":\s*"(\d{1,3})%"/
+                score = Regexp.last_match(1).to_i
+                highlight_color = case score
+                                  when 0..24
+                                    'GREEN'
+                                  when 25..49
+                                    'YELLOW'
+                                  when 50..74
+                                    'ORANGE'
+                                  when 75..100
+                                    'RED'
+                                  end
+              end
+
+              highlight_color
+            end
+
             loop do
               # TODO: Implement sitemap and repeater into the loop.
               # Sitemap should work the same as proxy history.
               # Repeater should analyze the reqesut/response pair and suggest
               # modifications to the request to further probe for vulnerabilities.
-              proxy_history = get_proxy_history(burp_obj: burp_obj)
-              proxy_history.each do |entry|
+              sitemap = get_sitemap(burp_obj: burp_obj)
+              sitemap.each do |entry|
                 next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
 
                 request = entry[:request]
@@ -116,7 +137,6 @@ module PWN
 
                 request = Base64.strict_decode64(request)
                 response = Base64.strict_decode64(response)
-
                 http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
                 ai_analysis = PWN::AI::Introspection.reflect_on(
                   system_role_content: system_role_content,
@@ -127,33 +147,59 @@ module PWN
                 next if ai_analysis.nil? || ai_analysis.strip.empty?
 
                 entry[:comment] = ai_analysis
-                # Extract score and assign color highlight based on severity
-                if ai_analysis =~ /"risk_score":\s*"(\d{1,3})%"/
-                  score = Regexp.last_match(1).to_i
-                  highlight_color = case score
-                                    when 0..24
-                                      'GREEN'
-                                    when 25..49
-                                      'YELLOW'
-                                    when 50..74
-                                      'ORANGE'
-                                    when 75..100
-                                      'RED'
-                                    end
+                entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
+
+                update_sitemap(
+                  burp_obj: burp_obj,
+                  entry: entry
+                )
+              end
+
+              proxy_history = get_proxy_history(burp_obj: burp_obj)
+              proxy_history.each do |entry|
+                next unless entry.key?(:comment) && entry[:comment].to_s.strip.empty?
+
+                request = entry[:request]
+                response = entry[:response]
+                host = entry[:http_service][:host]
+                port = entry[:http_service][:port]
+                protocol = entry[:http_service][:protocol]
+                next if request.nil? || response.nil? || host.nil? || port.nil? || protocol.nil?
+
+                request = Base64.strict_decode64(request)
+                response = Base64.strict_decode64(response)
+
+                # If sitemap comment and highlight color exists, use that instead of re-analyzing
+                sitemap_entry = sitemap.find do |sitemap_item|
+                  sitemap_item[:http_service][:host] == host &&
+                    sitemap_item[:http_service][:port] == port &&
+                    sitemap_item[:http_service][:protocol] == protocol &&
+                    sitemap_item[:request] == entry[:request]
                 end
-                highlight_color ||= 'GRAY'
-                entry[:highlight] = highlight_color
 
-                entry.delete(:request)
-                entry.delete(:response)
-                entry.delete(:http_service)
+                if sitemap_entry.nil?
+                  http_request_response = PWN::Plugins::Char.force_utf8("#{request}\r\n\r\n#{response}")
+                  ai_analysis = PWN::AI::Introspection.reflect_on(
+                    system_role_content: system_role_content,
+                    request: http_request_response,
+                    suppress_pii_warning: true
+                  )
+
+                  next if ai_analysis.nil? || ai_analysis.strip.empty?
+
+                  entry[:comment] = ai_analysis
+                  entry[:highlight] = get_highlight_color.call(ai_analysis: ai_analysis)
+                else
+                  entry[:comment] = sitemap_entry[:comment]
+                  entry[:highlight] = sitemap_entry[:highlight]
+                end
 
                 update_proxy_history(
                   burp_obj: burp_obj,
                   entry: entry
                 )
               end
-              sleep 10
+              sleep 3
             end
           rescue Errno::ECONNREFUSED
             puts 'Thread Terminating...'
@@ -685,7 +731,7 @@ module PWN
       end
 
       # Supported Method Parameters::
-      # repeater_obj = PWN::Plugins::BurpSuite.update_proxy_history(
+      # json_proxy_history = PWN::Plugins::BurpSuite.update_proxy_history(
       #   burp_obj: 'required - burp_obj returned by #start method',
       #   entry: 'required - hash of the proxy history entry to update'
       # )
@@ -703,6 +749,11 @@ module PWN
         rest_browser = burp_obj[:rest_browser]
         mitm_rest_api = burp_obj[:mitm_rest_api]
 
+        # Only allow updating of comment and highlight fields
+        entry.delete(:request)
+        entry.delete(:response)
+        entry.delete(:http_service)
+
         put_body = entry.to_json
 
         proxy_history_resp = rest_browser.put(
@@ -951,6 +1002,40 @@ module PWN
         raise e
       end
 
+      # Supported Method Parameters::
+      # json_sitemap = PWN::Plugins::BurpSuite.update_sitemap(
+      #   burp_obj: 'required - burp_obj returned by #start method',
+      #   entry: 'required - hash of the sitemap entry to update'
+      # )
+
+      public_class_method def self.update_sitemap(opts = {})
+        burp_obj = opts[:burp_obj]
+        raise 'ERROR: burp_obj parameter is required' unless burp_obj.is_a?(Hash)
+
+        entry = opts[:entry]
+        raise 'ERROR: entry parameter is required and must be a hash' unless entry.is_a?(Hash)
+
+        rest_browser = burp_obj[:rest_browser]
+        mitm_rest_api = burp_obj[:mitm_rest_api]
+
+        # Only allow updating of comment and highlight fields
+        # NOTE we need the request as its used to identify the sitemap entry to update
+        entry.delete(:response)
+        entry.delete(:http_service)
+
+        put_body = entry.to_json
+
+        sitemap_resp = rest_browser.put(
+          "http://#{mitm_rest_api}/sitemap",
+          put_body,
+          content_type: 'application/json; charset=UTF8'
+        )
+
+        JSON.parse(sitemap_resp, symbolize_names: true)
+      rescue StandardError => e
+        raise e
+      end
+
       # Supported Method Parameters:
       # json_sitemap = PWN::Plugins::BurpSuite.import_openapi_to_sitemap(
       #   burp_obj: 'required - burp_obj returned by #start method',
@@ -1868,6 +1953,11 @@ module PWN
             return_as: 'optional - :base64 or :har (defaults to :base64)'
           )
 
+          json_proxy_history = #{self}.update_proxy_history(
+            burp_obj: 'required - burp_obj returned by #start method',
+            entry: 'required - proxy history entry hash to update'
+          )
+
           json_sitemap = #{self}.get_sitemap(
             burp_obj: 'required - burp_obj returned by #start method',
             keyword: 'optional - keyword to filter sitemap results (default: nil)',
@@ -1896,6 +1986,11 @@ module PWN
             }
           )
 
+          json_sitemap = #{self}.update_sitemap(
+            burp_obj: 'required - burp_obj returned by #start method',
+            entry: 'required - sitemap entry hash to update'
+          )
+
           json_sitemap = #{self}.import_openapi_to_sitemap(
             burp_obj: 'required - burp_obj returned by #start method',
             openapi_spec: 'required - path to OpenAPI JSON or YAML specification file',

data/lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.5.498'
+  VERSION = '0.5.499'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pwn
 version: !ruby/object:Gem::Version
-  version: 0.5.498
+  version: 0.5.499
 platform: ruby
 authors:
 - 0day Inc.