pwn 0.5.545 → 0.5.546
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +0 -1
- data/README.md +3 -3
- data/Rakefile +1 -1
- data/lib/pwn/ai/agent/vuln_gen.rb +61 -0
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/ai/agent/vuln_gen_spec.rb +20 -0
- metadata +3 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 34ca1351b29912cd044d8e4292edf889671ff7d85c3a9182a490d01d76b2f090
|
|
4
|
+
data.tar.gz: 2c3b2a78840db9a71157bfb3b12989f265c704c5974b7743351981e5a4d51dad
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a7d5fb3fa68334caa81ba313e923e6f3acdade24ad4261d30a02bab95b753d8def34ebb4624b6243181d7aa3e7a1140f6ec7d619ef7a4506f56f03cddedad630
|
|
7
|
+
data.tar.gz: fb111ab08c77c8b1c60a62d834b8df6275a825542163361a9f9b04acbaab817426075d24913bc2cde8828bd41266af20ee598973ab69e75a71cd4d5ecf7f0efa
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ $ cd /opt/pwn
|
|
|
37
37
|
$ ./install.sh
|
|
38
38
|
$ ./install.sh ruby-gem
|
|
39
39
|
$ pwn
|
|
40
|
-
pwn[v0.5.
|
|
40
|
+
pwn[v0.5.546]:001 >>> PWN.help
|
|
41
41
|
```
|
|
42
42
|
|
|
43
43
|
[](https://youtu.be/G7iLUY4FzsI)
|
|
@@ -52,7 +52,7 @@ $ rvm use ruby-4.0.1@pwn
|
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
|
53
53
|
$ gem install --verbose pwn
|
|
54
54
|
$ pwn
|
|
55
|
-
pwn[v0.5.
|
|
55
|
+
pwn[v0.5.546]:001 >>> PWN.help
|
|
56
56
|
```
|
|
57
57
|
|
|
58
58
|
If you're using a multi-user install of RVM do:
|
|
@@ -62,7 +62,7 @@ $ rvm use ruby-4.0.1@pwn
|
|
|
62
62
|
$ rvmsudo gem uninstall --all --executables pwn
|
|
63
63
|
$ rvmsudo gem install --verbose pwn
|
|
64
64
|
$ pwn
|
|
65
|
-
pwn[v0.5.
|
|
65
|
+
pwn[v0.5.546]:001 >>> PWN.help
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
|
data/Rakefile
CHANGED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PWN
|
|
4
|
+
module AI
|
|
5
|
+
module Agent
|
|
6
|
+
# This module is an AI agent designed to analyze generic vulnerability descriptions and generate detailed security findings, including business impact, remediation recommendations, CVSS scoring, CWE categorization, and relevant NIST 800-53 controls. It leverages the PWN::AI::Introspection.reflect_on method to process the input request and produce comprehensive markdown-formatted findings.
|
|
7
|
+
module VulnGen
|
|
8
|
+
# Supported Method Parameters::
|
|
9
|
+
# ai_analysis = PWN::AI::Agent::VulnGen.analyze(
|
|
10
|
+
# request: 'required - high level description of vulnerability discovered (e.g. "Discovered a SQLi vulnerability in /login"'
|
|
11
|
+
# )
|
|
12
|
+
|
|
13
|
+
public_class_method def self.analyze(opts = {})
|
|
14
|
+
request = opts[:request]
|
|
15
|
+
raise 'ERROR: request parameter is required' if request.nil? || request.empty?
|
|
16
|
+
|
|
17
|
+
system_role_content = '
|
|
18
|
+
_ALWAYS_ Generate markdown security findings for the message provided with the following content:
|
|
19
|
+
|
|
20
|
+
1. Detailed Finding Description: This should be a deep, detailed technical description that should include exploit proof-of-concepts when possible.
|
|
21
|
+
|
|
22
|
+
2. Business Impact: This should describe, in business terms, the importance of fixing the issue. Reputational and/or financial impact should be considered for this section.
|
|
23
|
+
|
|
24
|
+
3. Remediation Recommendations: Targeted towards technical engineers that can ascertain a reasonable approach to fix the vulnerability based upon common security remediation patterns. Be sure to consider compensating controls / stop gaps that can be implemented (e.g. WAF, additional logging, etc.) until such time the vulnerability can be fixed. Provide examples in cases where code fixes may be required.
|
|
25
|
+
|
|
26
|
+
4. CVSS Score (Severity), Base CVSS Vector string as /AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`, and first.org CVSS calculator URI as https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:`N|L|A|P`/AC:`L|H`/PR:`N|L|H`/UI:`N|R`/S:`U|C`/C:`N|L|H`/I:`N|L|H`/A:`N|L|H`. The Vector string must be formatted like: `/AV:%s/AC:%s/PR:%s/UI:%s/S:%s/C:%s/I:%s/A:%s`. Ensure the score and severity aligns with the vector string calculation.
|
|
27
|
+
|
|
28
|
+
5. CWE Category, Brief CWE description, and CWE URI
|
|
29
|
+
|
|
30
|
+
6. NIST 800-53 Security Control that is impacted by this vulnerability.
|
|
31
|
+
'
|
|
32
|
+
|
|
33
|
+
PWN::AI::Introspection.reflect_on(
|
|
34
|
+
system_role_content: system_role_content,
|
|
35
|
+
request: request,
|
|
36
|
+
suppress_pii_warning: true
|
|
37
|
+
)
|
|
38
|
+
rescue StandardError => e
|
|
39
|
+
raise e.backtrace
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
# Author(s):: 0day Inc. <support@0dayinc.com>
|
|
43
|
+
|
|
44
|
+
public_class_method def self.authors
|
|
45
|
+
"AUTHOR(S):
|
|
46
|
+
0day Inc. <support@0dayinc.com>
|
|
47
|
+
"
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
# Display Usage for this Module
|
|
51
|
+
|
|
52
|
+
public_class_method def self.help
|
|
53
|
+
puts "USAGE:
|
|
54
|
+
|
|
55
|
+
#{self}.authors
|
|
56
|
+
"
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
data/lib/pwn/version.rb
CHANGED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'spec_helper'
|
|
4
|
+
|
|
5
|
+
describe PWN::AI::Agent::VulnGen do
|
|
6
|
+
it 'analyze method should exist' do
|
|
7
|
+
analyze_response = PWN::AI::Agent::VulnGen
|
|
8
|
+
expect(analyze_response).to respond_to :analyze
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
it 'should display information for authors' do
|
|
12
|
+
authors_response = PWN::AI::Agent::VulnGen
|
|
13
|
+
expect(authors_response).to respond_to :authors
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
it 'should display information for existing help method' do
|
|
17
|
+
help_response = PWN::AI::Agent::VulnGen
|
|
18
|
+
expect(help_response).to respond_to :help
|
|
19
|
+
end
|
|
20
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.
|
|
4
|
+
version: 0.5.546
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 0day Inc.
|
|
@@ -1766,6 +1766,7 @@ files:
|
|
|
1766
1766
|
- lib/pwn/ai/agent/hacker_one.rb
|
|
1767
1767
|
- lib/pwn/ai/agent/sast.rb
|
|
1768
1768
|
- lib/pwn/ai/agent/transparent_browser.rb
|
|
1769
|
+
- lib/pwn/ai/agent/vuln_gen.rb
|
|
1769
1770
|
- lib/pwn/ai/grok.rb
|
|
1770
1771
|
- lib/pwn/ai/introspection.rb
|
|
1771
1772
|
- lib/pwn/ai/ollama.rb
|
|
@@ -2133,6 +2134,7 @@ files:
|
|
|
2133
2134
|
- spec/lib/pwn/ai/agent/hacker_one_spec.rb
|
|
2134
2135
|
- spec/lib/pwn/ai/agent/sast_spec.rb
|
|
2135
2136
|
- spec/lib/pwn/ai/agent/transparent_browser_spec.rb
|
|
2137
|
+
- spec/lib/pwn/ai/agent/vuln_gen_spec.rb
|
|
2136
2138
|
- spec/lib/pwn/ai/agent_spec.rb
|
|
2137
2139
|
- spec/lib/pwn/ai/grok_spec.rb
|
|
2138
2140
|
- spec/lib/pwn/ai/introspection_spec.rb
|