pwn 0.5.539 → 0.5.540
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/pwn/ai/agent/assembly.rb +66 -0
- data/lib/pwn/ai/agent/btc.rb +47 -0
- data/lib/pwn/ai/agent/gqrx.rb +51 -0
- data/lib/pwn/ai/agent/hacker_one.rb +61 -0
- data/lib/pwn/ai/agent/sast.rb +47 -0
- data/lib/pwn/ai/agent/transparent_browser.rb +51 -0
- data/lib/pwn/ai/agent.rb +5 -0
- data/lib/pwn/blockchain/btc.rb +2 -5
- data/lib/pwn/plugins/assembly.rb +9 -9
- data/lib/pwn/plugins/burp_suite.rb +1 -1
- data/lib/pwn/plugins/transparent_browser.rb +2 -5
- data/lib/pwn/sast/pom_version.rb +2 -5
- data/lib/pwn/sast/test_case_engine.rb +2 -5
- data/lib/pwn/sdr/gqrx.rb +2 -4
- data/lib/pwn/version.rb +1 -1
- data/lib/pwn/www/hacker_one.rb +6 -15
- data/spec/lib/pwn/ai/agent/assembly_spec.rb +20 -0
- data/spec/lib/pwn/ai/agent/btc_spec.rb +20 -0
- data/spec/lib/pwn/ai/agent/gqrx_spec.rb +20 -0
- data/spec/lib/pwn/ai/agent/hacker_one_spec.rb +20 -0
- data/spec/lib/pwn/ai/agent/sast_spec.rb +20 -0
- data/spec/lib/pwn/ai/agent/transparent_browser_spec.rb +20 -0
- metadata +13 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4b2d2483fa867836d572d647e492b87e2f416dd89ead314312e25752c3cfe8e7
|
|
4
|
+
data.tar.gz: 9b207c60754610b4beda51a0cfd6d1f3ae7bdf1b4c26005af4f13bc408b32c75
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 543897559c8511d19a5509610a91a64c4f457521b22ba74b2924052d88404dea754904b16e7731b07c64b8afdf82d6a339041b5086686f9ee1df63e28911adfc
|
|
7
|
+
data.tar.gz: 0dd49afd240c38f3b7418cdec36b6ca33d16ff0f7bbb2fb4b00485767bd5db9af3075ab1c98dca459b6aed51088367e7212d3d25493ea243a1695506b12e6f72
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.540]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-4.0.1@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.540]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-4.0.1@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.540]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PWN
|
|
4
|
+
module AI
|
|
5
|
+
module Agent
|
|
6
|
+
# This module is an AI agent designed to analyze assembly code, including both opcodes and instructions, for various architectures and endianness. It provides insights into the functionality of the assembly code and can also convert it to C/C++ code when possible.
|
|
7
|
+
module Assembly
|
|
8
|
+
# Supported Method Parameters::
|
|
9
|
+
# ai_analysis = PWN::AI::Agent::Assembly.analyze(
|
|
10
|
+
# request: 'required - the assembly opcodes or instructions to be analyzed',
|
|
11
|
+
# type: 'required - :opcodes_to_asm|:asm_to_opcodes - specify the type of analysis to perform',
|
|
12
|
+
# arch: 'required - name of arch returned from `PWN::Plugins::Assembly.list_supported_archs` (e.g., :i386|:i686|:x86|:x64|:arm|:arm64, etc.)',
|
|
13
|
+
# endian: 'required - the endianness of the assembly code (e.g., :little|:big)'
|
|
14
|
+
# )
|
|
15
|
+
|
|
16
|
+
public_class_method def self.analyze(opts = {})
|
|
17
|
+
request = opts[:request]
|
|
18
|
+
raise 'ERROR: request parameter is required' if request.nil? || request.empty?
|
|
19
|
+
|
|
20
|
+
type = opts[:type]
|
|
21
|
+
raise 'ERROR: type parameter is required' if type.nil? || type.empty?
|
|
22
|
+
|
|
23
|
+
arch = opts[:arch]
|
|
24
|
+
raise 'ERROR: arch parameter is required' if arch.nil? || arch.empty?
|
|
25
|
+
|
|
26
|
+
endian = opts[:endian]
|
|
27
|
+
raise 'ERROR: endian parameter is required' if endian.nil? || endian.empty?
|
|
28
|
+
|
|
29
|
+
case type.to_s.downcase.to_sym
|
|
30
|
+
when :opcodes_to_asm
|
|
31
|
+
system_role_content = "Analyze the #{endian} endian #{arch} assembly opcodes below and provide a concise summary of their functionality. If possible, also convert the assembly to c/c++ code."
|
|
32
|
+
when :asm_to_opcodes
|
|
33
|
+
system_role_content = "Analyze the #{endian} endian #{arch} assembly instructions below and provide a concise summary of their functionality."
|
|
34
|
+
else
|
|
35
|
+
raise "ERROR: Unsupported type parameter value '#{type}'. Supported values are :opcodes_to_asm and :asm_to_opcodes."
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
PWN::AI::Introspection.reflect_on(
|
|
39
|
+
system_role_content: system_role_content,
|
|
40
|
+
request: request,
|
|
41
|
+
suppress_pii_warning: true
|
|
42
|
+
)
|
|
43
|
+
rescue StandardError => e
|
|
44
|
+
raise e.backtrace
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
48
|
+
|
|
49
|
+
public_class_method def self.authors
|
|
50
|
+
"AUTHOR(S):
|
|
51
|
+
0day Inc. <support@0dayinc.com>
|
|
52
|
+
"
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# Display Usage for this Module
|
|
56
|
+
|
|
57
|
+
public_class_method def self.help
|
|
58
|
+
puts "USAGE:
|
|
59
|
+
|
|
60
|
+
#{self}.authors
|
|
61
|
+
"
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
end
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PWN
|
|
4
|
+
module AI
|
|
5
|
+
module Agent
|
|
6
|
+
# This module is an AI agent designed to analyze Bitcoin blockchain information. It provides insights and summaries based on the latest block data retrieved from a Bitcoin node using `PWN::Blockchain::BTC.get_latest_block`.
|
|
7
|
+
module BTC
|
|
8
|
+
# Supported Method Parameters::
|
|
9
|
+
# ai_analysis = PWN::AI::Agent::BTC.analyze(
|
|
10
|
+
# request: 'required - latest block information retrieved from a bitcoin node via `PWN::Blockchain::BTC.get_latest_block`'
|
|
11
|
+
# )
|
|
12
|
+
|
|
13
|
+
public_class_method def self.analyze(opts = {})
|
|
14
|
+
request = opts[:request]
|
|
15
|
+
raise 'ERROR: request parameter is required' if request.nil? || request.empty?
|
|
16
|
+
|
|
17
|
+
system_role_content = 'Provide a useful summary of this latest bitcoin block returned from a bitcoin node via getblockchaininfo.'
|
|
18
|
+
|
|
19
|
+
PWN::AI::Introspection.reflect_on(
|
|
20
|
+
system_role_content: system_role_content,
|
|
21
|
+
request: request,
|
|
22
|
+
suppress_pii_warning: true
|
|
23
|
+
)
|
|
24
|
+
rescue StandardError => e
|
|
25
|
+
raise e.backtrace
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
29
|
+
|
|
30
|
+
public_class_method def self.authors
|
|
31
|
+
"AUTHOR(S):
|
|
32
|
+
0day Inc. <support@0dayinc.com>
|
|
33
|
+
"
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# Display Usage for this Module
|
|
37
|
+
|
|
38
|
+
public_class_method def self.help
|
|
39
|
+
puts "USAGE:
|
|
40
|
+
|
|
41
|
+
#{self}.authors
|
|
42
|
+
"
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PWN
|
|
4
|
+
module AI
|
|
5
|
+
module Agent
|
|
6
|
+
# This module is an AI agent designed to analyze signal data captured by a software-defined-radio using GQRX. It uses the PWN::AI::Introspection.reflect_on method to analyze the signal data and provide insights based on the location where the data was captured. The agent can determine if the frequency is licensed or unlicensed based on FCC records and provide relevant information about the transmission. This module is useful for security professionals, researchers, and hobbyists interested in analyzing radio signals and understanding their context.
|
|
7
|
+
module SAST
|
|
8
|
+
# Supported Method Parameters::
|
|
9
|
+
# ai_analysis = PWN::AI::Agent::GQRX.analyze(
|
|
10
|
+
# request: 'required - A string containing the source code snippet to be analyzed for SAST antipatterns and vulnerabilities.'
|
|
11
|
+
# location: 'required - A string containing a city, state, country, or GPS coordinates where the signal data was captured. This information will be used to provide context for the analysis and to determine if the frequency is licensed or unlicensed based on FCC records.'
|
|
12
|
+
# )
|
|
13
|
+
|
|
14
|
+
public_class_method def self.analyze(opts = {})
|
|
15
|
+
request = opts[:request]
|
|
16
|
+
raise 'ERROR: request parameter is required' if request.nil? || request.empty?
|
|
17
|
+
|
|
18
|
+
location = opts[:location]
|
|
19
|
+
raise 'ERROR: location parameter is required' if location.nil? || location.empty?
|
|
20
|
+
|
|
21
|
+
system_role_content = "Analyze signal data captured by a software-defined-radio using GQRX at the following location: #{location}. Respond with just FCC information about the transmission if available. If the frequency is unlicensed or not found in FCC records, state that clearly. Be clear and concise in your analysis."
|
|
22
|
+
|
|
23
|
+
PWN::AI::Introspection.reflect_on(
|
|
24
|
+
system_role_content: system_role_content,
|
|
25
|
+
request: request,
|
|
26
|
+
suppress_pii_warning: true
|
|
27
|
+
)
|
|
28
|
+
rescue StandardError => e
|
|
29
|
+
raise e.backtrace
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
33
|
+
|
|
34
|
+
public_class_method def self.authors
|
|
35
|
+
"AUTHOR(S):
|
|
36
|
+
0day Inc. <support@0dayinc.com>
|
|
37
|
+
"
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
# Display Usage for this Module
|
|
41
|
+
|
|
42
|
+
public_class_method def self.help
|
|
43
|
+
puts "USAGE:
|
|
44
|
+
|
|
45
|
+
#{self}.authors
|
|
46
|
+
"
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PWN
|
|
4
|
+
module AI
|
|
5
|
+
module Agent
|
|
6
|
+
# This module is an AI agent designed to analyze various aspects of HackerOne bug bounty programs, including bounty program details, scope details, and hacktivity details. It provides insights and recommendations based on the provided data to help security researchers optimize their efforts on the platform.
|
|
7
|
+
module HackerOne
|
|
8
|
+
# Supported Method Parameters::
|
|
9
|
+
# ai_analysis = PWN::AI::Agent::HackerOne.analyze(
|
|
10
|
+
# request: 'required - dataset to analyze, such as bounty program details, scope details, or hacktivity details'
|
|
11
|
+
# type: 'required - type of analysis to perform, such as :bounty_programs, :scope_details, or :hacktivity'
|
|
12
|
+
# )
|
|
13
|
+
|
|
14
|
+
public_class_method def self.analyze(opts = {})
|
|
15
|
+
request = opts[:request]
|
|
16
|
+
raise 'ERROR: request parameter is required' if request.nil? || request.empty?
|
|
17
|
+
|
|
18
|
+
type = opts[:type]
|
|
19
|
+
raise 'ERROR: type parameter is required' if type.nil? || type.empty?
|
|
20
|
+
|
|
21
|
+
case type.to_s.downcase.to_sym
|
|
22
|
+
when :bounty_programs
|
|
23
|
+
system_role_content = 'Suggest an optimal bug bounty program to target on HackerOne to maximize potential earnings based on values within `min_payout` and publicly known vulnerabilities that have surfaced for the `name` of the program.'
|
|
24
|
+
when :scope_details
|
|
25
|
+
system_role_content = 'Analyze the scope details for the given bug bounty program on HackerOne. Identify key areas of interest, potential vulnerabilities, and any patterns that could inform a targeted security assessment based on the provided scope information.'
|
|
26
|
+
when :hacktivity
|
|
27
|
+
system_role_content = 'Analyze the hacktivity details for the given bug bounty program on HackerOne. Identify significant disclosed reports, common vulnerability types, and any trends that could inform future security assessments based on the provided hacktivity information.'
|
|
28
|
+
else
|
|
29
|
+
raise "ERROR: type parameter value of #{type} is not supported"
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
PWN::AI::Introspection.reflect_on(
|
|
33
|
+
system_role_content: system_role_content,
|
|
34
|
+
request: request,
|
|
35
|
+
spinner: true,
|
|
36
|
+
suppress_pii_warning: true
|
|
37
|
+
)
|
|
38
|
+
rescue StandardError => e
|
|
39
|
+
raise e.backtrace
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
43
|
+
|
|
44
|
+
public_class_method def self.authors
|
|
45
|
+
"AUTHOR(S):
|
|
46
|
+
0day Inc. <support@0dayinc.com>
|
|
47
|
+
"
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
# Display Usage for this Module
|
|
51
|
+
|
|
52
|
+
public_class_method def self.help
|
|
53
|
+
puts "USAGE:
|
|
54
|
+
|
|
55
|
+
#{self}.authors
|
|
56
|
+
"
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PWN
|
|
4
|
+
module AI
|
|
5
|
+
module Agent
|
|
6
|
+
# This module is an AI agent designed to analyze SAST antipatterns within source code repositories. It identifies common coding mistakes, security vulnerabilities, and areas for improvement in code quality. The agent generates an EPSS score for each identified issue, indicating the likelihood of exploitation. It provides detailed explanations of the issues found, along with recommendations for remediation and best practices to enhance code security and maintainability.
|
|
7
|
+
module SAST
|
|
8
|
+
# Supported Method Parameters::
|
|
9
|
+
# ai_analysis = PWN::AI::Agent::SAST.analyze(
|
|
10
|
+
# request: 'required - A string containing the source code snippet to be analyzed for SAST antipatterns and vulnerabilities.'
|
|
11
|
+
# )
|
|
12
|
+
|
|
13
|
+
public_class_method def self.analyze(opts = {})
|
|
14
|
+
request = opts[:request]
|
|
15
|
+
raise 'ERROR: request parameter is required' if request.nil? || request.empty?
|
|
16
|
+
|
|
17
|
+
system_role_content = 'Your sole purpose is to analyze source code snippets and generate an Exploit Prediction Scoring System (EPSS) score between 0% - 100%. Just generate a score unless score is >= 75% in which a PoC and code fix should also be included.'
|
|
18
|
+
|
|
19
|
+
PWN::AI::Introspection.reflect_on(
|
|
20
|
+
system_role_content: system_role_content,
|
|
21
|
+
request: request,
|
|
22
|
+
suppress_pii_warning: true
|
|
23
|
+
)
|
|
24
|
+
rescue StandardError => e
|
|
25
|
+
raise e.backtrace
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
29
|
+
|
|
30
|
+
public_class_method def self.authors
|
|
31
|
+
"AUTHOR(S):
|
|
32
|
+
0day Inc. <support@0dayinc.com>
|
|
33
|
+
"
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# Display Usage for this Module
|
|
37
|
+
|
|
38
|
+
public_class_method def self.help
|
|
39
|
+
puts "USAGE:
|
|
40
|
+
|
|
41
|
+
#{self}.authors
|
|
42
|
+
"
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PWN
|
|
4
|
+
module AI
|
|
5
|
+
module Agent
|
|
6
|
+
# This module is an AI agent designed to analyze JavaScript code during a Chrome DevTools debugging session. It generates an Exploit Prediction Scoring System (EPSS) score for each step in the JavaScript code and provides proof-of-concept exploits and code fixes if the score is above a certain threshold.
|
|
7
|
+
module TransparentBrowser
|
|
8
|
+
# Supported Method Parameters::
|
|
9
|
+
# ai_analysis = PWN::AI::Agent::TransparentBrowser.analyze(
|
|
10
|
+
# request: 'required - current step in the JavaScript debugging session to analyze',
|
|
11
|
+
# source_to_review: 'required - the block of JavaScript code in which the current step resides'
|
|
12
|
+
# )
|
|
13
|
+
|
|
14
|
+
public_class_method def self.analyze(opts = {})
|
|
15
|
+
request = opts[:request]
|
|
16
|
+
raise 'ERROR: request parameter is required' if request.nil? || request.empty?
|
|
17
|
+
|
|
18
|
+
source_to_review = opts[:source_to_review]
|
|
19
|
+
raise 'ERROR: source_to_review parameter is required' if source_to_review.nil? || source_to_review.empty?
|
|
20
|
+
|
|
21
|
+
system_role_content = "Being an expert penetration tester skilled in code analysis, debugging, and exploitation while stepping through JavaScript in a Chrome DevTools debugging session: 1. Your sole purpose is to analyze each JavaScript step and generate an Exploit Prediction Scoring System (EPSS) score between 0% - 100%. The step currently resides in this block of JavaScript:\n```\n#{source_to_review}\n```\n2. If the score is >= 75%, generate a JavaScript proof-of-concept that would allow a threat actor to directly exploit or target a user for exploitation (i.e. no self-exploit). 3. If the EPSS score is >= 75% also provide a code fix. *** If the EPSS score is < 75%, no explanations or summaries - just the EPSS score."
|
|
22
|
+
|
|
23
|
+
PWN::AI::Introspection.reflect_on(
|
|
24
|
+
system_role_content: system_role_content,
|
|
25
|
+
request: request,
|
|
26
|
+
suppress_pii_warning: true
|
|
27
|
+
)
|
|
28
|
+
rescue StandardError => e
|
|
29
|
+
raise e.backtrace
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
33
|
+
|
|
34
|
+
public_class_method def self.authors
|
|
35
|
+
"AUTHOR(S):
|
|
36
|
+
0day Inc. <support@0dayinc.com>
|
|
37
|
+
"
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
# Display Usage for this Module
|
|
41
|
+
|
|
42
|
+
public_class_method def self.help
|
|
43
|
+
puts "USAGE:
|
|
44
|
+
|
|
45
|
+
#{self}.authors
|
|
46
|
+
"
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
data/lib/pwn/ai/agent.rb
CHANGED
|
@@ -8,8 +8,13 @@ module PWN
|
|
|
8
8
|
# Collection of Agentic AI Modules. These modules are designed to perform specific tasks autonomously, such as interacting with APIs, performing reconnaissance, or automating exploitation steps. Each module is designed to be used within an agentic AI framework, allowing for the creation of intelligent agents that can perform complex tasks without human intervention. The Agent module serves as a namespace for all agentic AI modules, providing a structured way to organize and access these functionalities. By using autoload, we ensure that each module is only loaded into memory when it's actually needed, optimizing resource usage and improving performance.
|
|
9
9
|
module Agent
|
|
10
10
|
# Agentic AI Modules
|
|
11
|
+
autoload :Assembly, 'pwn/ai/agent/assembly'
|
|
12
|
+
autoload :BTC, 'pwn/ai/agent/btc'
|
|
11
13
|
autoload :BurpSuite, 'pwn/ai/agent/burp_suite'
|
|
14
|
+
autoload :HackerOne, 'pwn/ai/agent/hacker_one'
|
|
15
|
+
autoload :GQRX, 'pwn/ai/agent/gqrx'
|
|
12
16
|
autoload :SAST, 'pwn/ai/agent/sast'
|
|
17
|
+
autoload :TransparentBrowser, 'pwn/ai/agent/transparent_browser'
|
|
13
18
|
|
|
14
19
|
# Display a List of Every PWN::AI Module
|
|
15
20
|
|
data/lib/pwn/blockchain/btc.rb
CHANGED
|
@@ -182,11 +182,8 @@ module PWN
|
|
|
182
182
|
|
|
183
183
|
public_class_method def self.get_latest_block
|
|
184
184
|
latest_block = btc_rpc_call(method: 'getblockchaininfo', params: [])
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
request: latest_block.to_s,
|
|
188
|
-
system_role_content: system_role_content,
|
|
189
|
-
suppress_pii_warning: true
|
|
185
|
+
ai_analysis = PWN::AI::Agent::BTC.analyze(
|
|
186
|
+
request: latest_block.to_s
|
|
190
187
|
)
|
|
191
188
|
puts ai_analysis
|
|
192
189
|
|
data/lib/pwn/plugins/assembly.rb
CHANGED
|
@@ -6,7 +6,7 @@ require 'tempfile'
|
|
|
6
6
|
|
|
7
7
|
module PWN
|
|
8
8
|
module Plugins
|
|
9
|
-
# This plugin
|
|
9
|
+
# This plugin provides methods for converting between hex escaped opcodes and assembly instructions using the Metasm library.
|
|
10
10
|
module Assembly
|
|
11
11
|
# Supported Method Parameters::
|
|
12
12
|
# PWN::Plugins::Assembly.opcodes_to_asm(
|
|
@@ -25,11 +25,11 @@ module PWN
|
|
|
25
25
|
|
|
26
26
|
raise 'ERROR: opcodes parameter is required.' if opcodes.nil?
|
|
27
27
|
|
|
28
|
-
|
|
29
|
-
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
28
|
+
ai_analysis = PWN::AI::Agent.analyze(
|
|
30
29
|
request: opcodes,
|
|
31
|
-
|
|
32
|
-
|
|
30
|
+
type: :opcodes_to_asm,
|
|
31
|
+
arch: arch,
|
|
32
|
+
endian: endian
|
|
33
33
|
)
|
|
34
34
|
|
|
35
35
|
case arch.to_s.downcase
|
|
@@ -138,11 +138,11 @@ module PWN
|
|
|
138
138
|
|
|
139
139
|
raise 'ERROR: asm parameter is required.' if asm.nil?
|
|
140
140
|
|
|
141
|
-
|
|
142
|
-
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
141
|
+
ai_analysis = PWN::AI::Agent.analyze(
|
|
143
142
|
request: asm,
|
|
144
|
-
|
|
145
|
-
|
|
143
|
+
type: :asm_to_opcodes,
|
|
144
|
+
arch: arch,
|
|
145
|
+
endian: endian
|
|
146
146
|
)
|
|
147
147
|
|
|
148
148
|
case arch.to_s.downcase
|
|
@@ -53,7 +53,7 @@ module PWN
|
|
|
53
53
|
# spin up Thread to:
|
|
54
54
|
# 1. Periodically call get_proxy_history(burp_obj: burp_obj) method
|
|
55
55
|
# 2. For each entry w/ empty comment,
|
|
56
|
-
# generate AI analysis via PWN::AI::
|
|
56
|
+
# generate AI analysis via PWN::AI::Agent::BurpSuite.analyze(...)
|
|
57
57
|
# and populate the comment field for the entry.
|
|
58
58
|
# 3. Update the highlight field based on EPSS score extracted from AI analysis.
|
|
59
59
|
# 4. Call update_proxy_history(burp_obj: burp_obj, entry: updated_entry)
|
|
@@ -1413,12 +1413,9 @@ module PWN
|
|
|
1413
1413
|
end
|
|
1414
1414
|
|
|
1415
1415
|
if current_step.length.positive?
|
|
1416
|
-
|
|
1417
|
-
|
|
1418
|
-
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
1419
|
-
system_role_content: system_role_content,
|
|
1416
|
+
ai_analysis = PWN::AI::Agent::TransparentBrowser.analyze(
|
|
1420
1417
|
request: current_step,
|
|
1421
|
-
|
|
1418
|
+
source_to_review: source_to_review
|
|
1422
1419
|
)
|
|
1423
1420
|
puts "^^^ #{ai_analysis}" unless ai_analysis.nil?
|
|
1424
1421
|
end
|
data/lib/pwn/sast/pom_version.rb
CHANGED
|
@@ -83,11 +83,8 @@ module PWN
|
|
|
83
83
|
source_code_snippet: contents
|
|
84
84
|
}.to_json
|
|
85
85
|
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
system_role_content: system_role_content,
|
|
89
|
-
request: request,
|
|
90
|
-
suppress_pii_warning: true
|
|
86
|
+
ai_analysis = PWN::AI::Agent::SAST.analyze(
|
|
87
|
+
request: request
|
|
91
88
|
)
|
|
92
89
|
ai_analysis ||= 'N/A'
|
|
93
90
|
|
|
@@ -125,11 +125,8 @@ module PWN
|
|
|
125
125
|
source_code_snippet: contents
|
|
126
126
|
}.to_json
|
|
127
127
|
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
system_role_content: system_role_content,
|
|
131
|
-
request: request,
|
|
132
|
-
suppress_pii_warning: true
|
|
128
|
+
ai_analysis = PWN::AI::Agent::SAST.analyze(
|
|
129
|
+
request: request
|
|
133
130
|
)
|
|
134
131
|
ai_analysis ||= 'N/A'
|
|
135
132
|
|
data/lib/pwn/sdr/gqrx.rb
CHANGED
|
@@ -957,11 +957,9 @@ module PWN
|
|
|
957
957
|
prev_freq_obj[:strength_db] = best_strength_db.round(1)
|
|
958
958
|
prev_freq_obj[:iteration] = iteration_total
|
|
959
959
|
|
|
960
|
-
|
|
961
|
-
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
960
|
+
ai_analysis = PWN::AI::Agent::GQRX.analyze(
|
|
962
961
|
request: prev_freq_obj.to_json,
|
|
963
|
-
|
|
964
|
-
suppress_pii_warning: true
|
|
962
|
+
location: location
|
|
965
963
|
)
|
|
966
964
|
|
|
967
965
|
prev_freq_obj[:ai_analysis] = ai_analysis unless ai_analysis.nil?
|
data/lib/pwn/version.rb
CHANGED
data/lib/pwn/www/hacker_one.rb
CHANGED
|
@@ -135,12 +135,9 @@ module PWN
|
|
|
135
135
|
|
|
136
136
|
programs_arr.sort_by! { |p| -p[:min_payout].gsub('$', '').gsub(',', '').to_f }
|
|
137
137
|
|
|
138
|
-
|
|
139
|
-
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
138
|
+
ai_analysis = PWN::AI::Agent::HackerOne.analyze(
|
|
140
139
|
request: programs_arr.to_json,
|
|
141
|
-
|
|
142
|
-
spinner: true,
|
|
143
|
-
suppress_pii_warning: true
|
|
140
|
+
type: :bounty_programs
|
|
144
141
|
)
|
|
145
142
|
puts "\n\n#{ai_analysis}" unless ai_analysis.nil?
|
|
146
143
|
|
|
@@ -281,12 +278,9 @@ module PWN
|
|
|
281
278
|
scope_details: json_resp_hash
|
|
282
279
|
}
|
|
283
280
|
|
|
284
|
-
|
|
285
|
-
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
281
|
+
ai_analysis = PWN::AI::Agent::HackerOne.analyze(
|
|
286
282
|
request: json_resp.to_json,
|
|
287
|
-
|
|
288
|
-
spinner: true,
|
|
289
|
-
suppress_pii_warning: true
|
|
283
|
+
type: :scope_details
|
|
290
284
|
)
|
|
291
285
|
puts "\n\n#{ai_analysis}" unless ai_analysis.nil?
|
|
292
286
|
|
|
@@ -430,12 +424,9 @@ module PWN
|
|
|
430
424
|
hacktivity: json_resp_hash
|
|
431
425
|
}
|
|
432
426
|
|
|
433
|
-
|
|
434
|
-
ai_analysis = PWN::AI::Introspection.reflect_on(
|
|
427
|
+
ai_analysis = PWN::AI::Agent::HackerOne.analyze(
|
|
435
428
|
request: json_resp.to_json,
|
|
436
|
-
|
|
437
|
-
spinner: true,
|
|
438
|
-
suppress_pii_warning: true
|
|
429
|
+
type: :hacktivity
|
|
439
430
|
)
|
|
440
431
|
puts "\n\n#{ai_analysis}" unless ai_analysis.nil?
|
|
441
432
|
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'spec_helper'
|
|
4
|
+
|
|
5
|
+
describe PWN::AI::Agent::Assembly do
|
|
6
|
+
it 'scan method should exist' do
|
|
7
|
+
scan_response = PWN::AI::Agent::Assembly
|
|
8
|
+
expect(scan_response).to respond_to :scan
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
it 'should display information for authors' do
|
|
12
|
+
authors_response = PWN::AI::Agent::Assembly
|
|
13
|
+
expect(authors_response).to respond_to :authors
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it 'should display information for existing help method' do
|
|
17
|
+
help_response = PWN::AI::Agent::Assembly
|
|
18
|
+
expect(help_response).to respond_to :help
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'spec_helper'
|
|
4
|
+
|
|
5
|
+
describe PWN::AI::Agent::BTC do
|
|
6
|
+
it 'scan method should exist' do
|
|
7
|
+
scan_response = PWN::AI::Agent::BTC
|
|
8
|
+
expect(scan_response).to respond_to :scan
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
it 'should display information for authors' do
|
|
12
|
+
authors_response = PWN::AI::Agent::BTC
|
|
13
|
+
expect(authors_response).to respond_to :authors
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it 'should display information for existing help method' do
|
|
17
|
+
help_response = PWN::AI::Agent::BTC
|
|
18
|
+
expect(help_response).to respond_to :help
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'spec_helper'
|
|
4
|
+
|
|
5
|
+
describe PWN::AI::Agent::GQRX do
|
|
6
|
+
it 'scan method should exist' do
|
|
7
|
+
scan_response = PWN::AI::Agent::GQRX
|
|
8
|
+
expect(scan_response).to respond_to :scan
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
it 'should display information for authors' do
|
|
12
|
+
authors_response = PWN::AI::Agent::GQRX
|
|
13
|
+
expect(authors_response).to respond_to :authors
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it 'should display information for existing help method' do
|
|
17
|
+
help_response = PWN::AI::Agent::GQRX
|
|
18
|
+
expect(help_response).to respond_to :help
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'spec_helper'
|
|
4
|
+
|
|
5
|
+
describe PWN::AI::Agent::HackerOne do
|
|
6
|
+
it 'scan method should exist' do
|
|
7
|
+
scan_response = PWN::AI::Agent::HackerOne
|
|
8
|
+
expect(scan_response).to respond_to :scan
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
it 'should display information for authors' do
|
|
12
|
+
authors_response = PWN::AI::Agent::HackerOne
|
|
13
|
+
expect(authors_response).to respond_to :authors
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it 'should display information for existing help method' do
|
|
17
|
+
help_response = PWN::AI::Agent::HackerOne
|
|
18
|
+
expect(help_response).to respond_to :help
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'spec_helper'
|
|
4
|
+
|
|
5
|
+
describe PWN::AI::Agent::SAST do
|
|
6
|
+
it 'scan method should exist' do
|
|
7
|
+
scan_response = PWN::AI::Agent::SAST
|
|
8
|
+
expect(scan_response).to respond_to :scan
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
it 'should display information for authors' do
|
|
12
|
+
authors_response = PWN::AI::Agent::SAST
|
|
13
|
+
expect(authors_response).to respond_to :authors
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it 'should display information for existing help method' do
|
|
17
|
+
help_response = PWN::AI::Agent::SAST
|
|
18
|
+
expect(help_response).to respond_to :help
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'spec_helper'
|
|
4
|
+
|
|
5
|
+
describe PWN::AI::Agent::TransparentBrowser do
|
|
6
|
+
it 'scan method should exist' do
|
|
7
|
+
scan_response = PWN::AI::Agent::TransparentBrowser
|
|
8
|
+
expect(scan_response).to respond_to :scan
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
it 'should display information for authors' do
|
|
12
|
+
authors_response = PWN::AI::Agent::TransparentBrowser
|
|
13
|
+
expect(authors_response).to respond_to :authors
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it 'should display information for existing help method' do
|
|
17
|
+
help_response = PWN::AI::Agent::TransparentBrowser
|
|
18
|
+
expect(help_response).to respond_to :help
|
|
19
|
+
end
|
|
20
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.540
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -1759,7 +1759,13 @@ files:
|
|
|
1759
1759
|
- lib/pwn.rb
|
|
1760
1760
|
- lib/pwn/ai.rb
|
|
1761
1761
|
- lib/pwn/ai/agent.rb
|
|
1762
|
+
- lib/pwn/ai/agent/assembly.rb
|
|
1763
|
+
- lib/pwn/ai/agent/btc.rb
|
|
1762
1764
|
- lib/pwn/ai/agent/burp_suite.rb
|
|
1765
|
+
- lib/pwn/ai/agent/gqrx.rb
|
|
1766
|
+
- lib/pwn/ai/agent/hacker_one.rb
|
|
1767
|
+
- lib/pwn/ai/agent/sast.rb
|
|
1768
|
+
- lib/pwn/ai/agent/transparent_browser.rb
|
|
1763
1769
|
- lib/pwn/ai/grok.rb
|
|
1764
1770
|
- lib/pwn/ai/introspection.rb
|
|
1765
1771
|
- lib/pwn/ai/ollama.rb
|
|
@@ -2120,7 +2126,13 @@ files:
|
|
|
2120
2126
|
- packer/provisioners/zzuf.sh
|
|
2121
2127
|
- pwn.gemspec
|
|
2122
2128
|
- reinstall_gemset.sh
|
|
2129
|
+
- spec/lib/pwn/ai/agent/assembly_spec.rb
|
|
2130
|
+
- spec/lib/pwn/ai/agent/btc_spec.rb
|
|
2123
2131
|
- spec/lib/pwn/ai/agent/burp_suite_spec.rb
|
|
2132
|
+
- spec/lib/pwn/ai/agent/gqrx_spec.rb
|
|
2133
|
+
- spec/lib/pwn/ai/agent/hacker_one_spec.rb
|
|
2134
|
+
- spec/lib/pwn/ai/agent/sast_spec.rb
|
|
2135
|
+
- spec/lib/pwn/ai/agent/transparent_browser_spec.rb
|
|
2124
2136
|
- spec/lib/pwn/ai/agent_spec.rb
|
|
2125
2137
|
- spec/lib/pwn/ai/grok_spec.rb
|
|
2126
2138
|
- spec/lib/pwn/ai/introspection_spec.rb
|