Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pwn_bdba_scan Driver - URL decoding issues when searching for product #503

Merged
merged 2 commits into from
Jan 29, 2024
Merged

pwn_bdba_scan Driver - URL decoding issues when searching for product #503

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
be1a6ec
pwn_bdba_scan Driver - URL decoding issues when searching for product…
ninp0 Jan 29, 2024
4a925f6
pwn_bdba_scan Driver - URL decoding issues when searching for product…
ninp0 Jan 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ $ cd /opt/pwn
$ ./install.sh
$ ./install.sh ruby-gem
$ pwn
pwn[v0.5.4]:001 >>> PWN.help
pwn[v0.5.6]:001 >>> PWN.help
```

[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
Expand All @@ -52,7 +52,7 @@ $ rvm use ruby-3.3.0@pwn
$ gem uninstall --all --executables pwn
$ gem install --verbose pwn
$ pwn
pwn[v0.5.4]:001 >>> PWN.help
pwn[v0.5.6]:001 >>> PWN.help
```

If you're using a multi-user install of RVM do:
Expand All @@ -62,7 +62,7 @@ $ rvm use ruby-3.3.0@pwn
$ rvmsudo gem uninstall --all --executables pwn
$ rvmsudo gem install --verbose pwn
$ pwn
pwn[v0.5.4]:001 >>> PWN.help
pwn[v0.5.6]:001 >>> PWN.help
```

PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`. The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:
Expand Down
14 changes: 13 additions & 1 deletion bin/pwn_bdba_groups
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,14 @@ OptionParser.new do |options|
options.on('-pID', '--parent-group-id=ID', '<Optional - Black Duck Binary Analysis Parent Group ID to Associate with Group>') do |p|
opts[:parent_group_id] = p
end

options.on('-bSEC', '--binary-cleanup-age=SEC', '<Optional - after how long the binary will be deleted in seconds (Default: 2_592_000 / 30 days)>') do |b|
opts[:binary_cleanup_age] = b
end

options.on('-PSEC', '--product-cleanup-age=SEC', '<Optional - after how long the product will be deleted in seconds (Default: 2_592_000 / 30 days)>') do |p|
opts[:product_cleanup_age] = p
end
end.parse!

if opts.empty?
Expand All @@ -47,6 +55,8 @@ begin

list_group_name = opts[:list_group_name]
parent_group_id = opts[:parent_group_id]
binary_cleanup_age = opts[:binary_cleanup_age]
product_cleanup_age = opts[:product_cleanup_age]

if list_group_name
groups_resp = PWN::Plugins::BlackDuckBinaryAnalysis.get_groups(
Expand Down Expand Up @@ -95,7 +105,9 @@ begin
create_group_resp = PWN::Plugins::BlackDuckBinaryAnalysis.create_group(
token: token,
name: group_name,
parent_id: parent_group_id
parent_id: parent_group_id,
binary_cleanup_age: binary_cleanup_age,
product_cleanup_age: product_cleanup_age
)

puts create_group_resp.to_json
Expand Down
12 changes: 3 additions & 9 deletions bin/pwn_bdba_scan
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,15 +146,9 @@ begin
find_product_attempts = scan_attempts
print 'Looking for Product in Apps by Group...'
loop do
# File encoding conducting by synopsis is kinda goofy.
# The encode space w/ + (which is expected) but dont
# encode + to %2B (whiich _isn't_ expected)
target_basename = CGI.escape(
File.basename(target_file)
).gsub(
'%2B',
'+'
)
# target_basename = CGI.unescape_uri_component(File.basename(target_file))
# ^ Synopsis unescapes it for us.
target_basename = File.basename(target_file)

find_product = scan_progress_resp[:products].find { |p| p[:name] == target_basename }

Expand Down
14 changes: 7 additions & 7 deletions lib/pwn/plugins/black_duck_binary_analysis.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ module BlackDuckBinaryAnalysis
response = bd_bin_analysis_rest_call(
http_method: :put,
token: token,
rest_call: "upload/#{CGI.escape(file_name)}",
rest_call: "upload/#{CGI.escape_uri_component(file_name)}",
http_headers: http_headers,
http_body: http_body
)
Expand Down Expand Up @@ -326,8 +326,8 @@ module BlackDuckBinaryAnalysis
# desc: 'optional - group description',
# parent_id: 'optional - parent group id',
# delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
# binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
# product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
# binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 2_592_000 / 30 days)',
# product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 2_592_000 / 30 days)',
# file_download_enabled: 'optional - allow download of uploaded binaries from group (Default: false),
# low_risk_tolerance: 'optional - low risk tolerance nil|true|false (Default: nil == company default)',
# include_historical_vulns: 'optional - include historical vulns nil|true|false (Default: nil == company default)',
Expand All @@ -345,8 +345,8 @@ module BlackDuckBinaryAnalysis
desc = opts[:desc]
parent_id = opts[:parent_id]
delete_binary = opts[:delete_binary] ||= 'C'
binary_cleanup_age = opts[:binary_cleanup_age] ||= 604_800
product_cleanup_age = opts[:product_cleanup_age] ||= 604_800
binary_cleanup_age = opts[:binary_cleanup_age] ||= 2_592_000
product_cleanup_age = opts[:product_cleanup_age] ||= 2_592_000
file_download_enabled = opts[:file_download_enabled] ||= false
low_risk_tolerance = opts[:low_risk_tolerance]
include_historical_vulns = opts[:include_historical_vulns]
Expand Down Expand Up @@ -654,8 +654,8 @@ module BlackDuckBinaryAnalysis
desc: 'optional - group description',
parent_id: 'optional - parent_id group id',
delete_binary: 'optional - delete binary after analysis C|Y|N (Default: C== company default)',
binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 604_800 / 1 week)',
product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 604_800 / 1 week)',
binary_cleanup_age: 'optional - after how long the binary will be deleted in seconds (Default: 2_592_000 / 30 days)',
product_cleanup_age: 'optional - after how long the product will be deleted in seconds (Default: 2_592_000 / 30 days)',
file_download_enabled: 'optional - allow download of uploaded binaries from group (Default: false),
low_risk_tolerance: 'optional - low risk tolerance nil|true|false (Default: nil == company default)',
include_historical_vulns: 'optional - include historical vulns nil|true|false (Default: nil == company default)',
Expand Down
2 changes: 1 addition & 1 deletion lib/pwn/version.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# frozen_string_literal: true

module PWN
VERSION = '0.5.4'
VERSION = '0.5.6'
end