Merge pull request #231 from ninp0/master

PWN::Plugins::Sock module - implement #get_random_unused_port method …

Author: ninp0

README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.636]:001 >>> PWN.help
+pwn[v0.4.637]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.636]:001 >>> PWN.help
+pwn[v0.4.637]:001 >>> PWN.help
 ```
 
 

lib/pwn/plugins/baresip.rb

@@ -84,12 +84,13 @@ module BareSIP
         raise "no http_listen value found in #{config}." if http_list_entry.empty?
 
         # Update http_listen value in respective config with random available port
-        random_port = -1
-        port_in_use = true
-        while port_in_use
-          random_port = Random.rand(1024..65_535)
-          port_in_use = PWN::Plugins::Sock.check_port_in_use(port: random_port)
-        end
+        # random_port = -1
+        # port_in_use = true
+        # while port_in_use
+        #   random_port = Random.rand(1024..65_535)
+        #   port_in_use = PWN::Plugins::Sock.check_port_in_use(port: random_port)
+        # end
+        random_port = PWN::Plugins::Sock.get_random_unused_port
         http_listen_ip_port = "127.0.0.1:#{random_port}"
 
         updated_config_content = ''

lib/pwn/plugins/burp_suite.rb

@@ -40,8 +40,11 @@ module BurpSuite
         burp_obj = {}
         burp_obj[:pid] = Process.spawn(burp_cmd_string)
         rest_browser = PWN::Plugins::TransparentBrowser.open(browser_type: :rest)
-        burp_obj[:mitm_proxy] = '127.0.0.1:8080'
-        burp_obj[:burpbuddy_api] = '127.0.0.1:8001'
+        random_mitm_port = PWN::Plugins::Sock.get_random_unused_port
+        random_bb_port = random_mitm_port
+        random_bb_port = PWN::Plugins::Sock.get_random_unused_port while random_bb_port == random_mitm_port
+        burp_obj[:mitm_proxy] = "127.0.0.1:#{random_mitm_port}"
+        burp_obj[:burpbuddy_api] = "127.0.0.1:#{random_bb_port}"
         burp_obj[:rest_browser] = rest_browser
 
         # Proxy always listens on localhost...use SSH tunneling if remote access is required
@@ -54,7 +57,7 @@ module BurpSuite
 
         # Wait for TCP 8001 to open prior to returning burp_obj
         loop do
-          s = TCPSocket.new('127.0.0.1', 8001)
+          s = TCPSocket.new('127.0.0.1', random_bb_port)
           s.close
           break
         rescue Errno::ECONNREFUSED

lib/pwn/plugins/owasp_zap.rb

@@ -75,7 +75,7 @@ module OwaspZap
       #   api_key: 'required - api key for API authorization',
       #   zap_bin_path: 'optional - path to zap.sh file'
       #   headless: 'optional - run zap headless if set to true',
-      #   proxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:8080)',
+      #   proxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:<Random 1024-65535>)',
       # )
 
       public_class_method def self.start(opts = {})
@@ -118,7 +118,8 @@ module OwaspZap
           proxy_uri = URI.parse(proxy)
           owasp_zap_cmd = "#{owasp_zap_cmd} -host #{proxy_uri.host} -port #{proxy_uri.port}"
         else
-          proxy = 'http://127.0.0.1:8080'
+          random_port = PWN::Plugins::Sock.get_random_unused_port
+          proxy = "http://127.0.0.1:#{random_port}"
           proxy_uri = URI.parse(proxy)
         end
         zap_obj[:host] = proxy_uri.host.to_s.scrub
@@ -499,7 +500,7 @@ module OwaspZap
             api_key: 'required - api key for API authorization',
             zap_bin_path: 'optional - path to zap.sh file',
             headless: 'optional - run zap headless if set to true',
-            proxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:8080)'
+            proxy: 'optional - change local zap proxy listener (defaults to http://127.0.0.1:<Random 1024-65535>)'
           )
           puts zap_obj.public_methods
 

lib/pwn/plugins/sock.rb

@@ -47,10 +47,40 @@ module Sock
         raise e
       end
 
+      # Supported Method Parameters::
+      # PWN::Plugins::Sock.get_random_unused_port(
+      #   server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
+      #   protocol: 'optional - :tcp || :udp (defaults to tcp)'
+      # )
+
+      public_class_method def self.get_random_unused_port(opts = {})
+        server_ip = opts[:server_ip]
+        server_ip ||= '127.0.0.1'
+        port = -1
+        protocol = opts[:protocol]
+        protocol ||= :tcp
+
+        port_in_use = true
+        while port_in_use
+          port = Random.rand(1024..65_535)
+          port_in_use = check_port_in_use(
+            server_ip: server_ip,
+            port: port,
+            protocol: protocol
+          )
+        end
+
+        port
+      rescue Errno::ECONNREFUSED,
+             Errno::EHOSTUNREACH,
+             Errno::ETIMEDOUT
+        false
+      end
+
       # Supported Method Parameters::
       # PWN::Plugins::Sock.check_port_in_use(
-      #   port: 'required - target port',
       #   server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
+      #   port: 'required - target port',
       #   protocol: 'optional - :tcp || :udp (defaults to tcp)'
       # )
 
@@ -163,9 +193,14 @@ module Sock
             tls: 'optional - boolean connect to target socket using TLS (defaults to false)'
           )
 
-          #{self}.check_port_availability(
-            port: 'required - target port',
+          port = #{self}.get_random_unused_port(
+            server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
+            protocol: 'optional - :tcp || :udp (defaults to tcp)'
+          )
+
+          #{self}.check_port_in_use(
             server_ip: 'optional - target host or ip to check (Defaults to 127.0.0.1)',
+            port: 'required - target port',
             protocol: 'optional - :tcp || :udp (defaults to tcp)'
           )
 

lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.636'
+  VERSION = '0.4.637'
 end