Merge pull request 0dayInc#409 from ninp0/master

PWN::Plugins::BurpSuite module - add #uri_in_scope method to compare …

Author: ninp0

README.md

@@ -37,7 +37,7 @@ $ rvm use ruby-3.2.2@pwn
 $ rvm list gemsets
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.863]:001 >>> PWN.help
+pwn[v0.4.864]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.2.2@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.4.863]:001 >>> PWN.help
+pwn[v0.4.864]:001 >>> PWN.help
 ```
 
 

lib/pwn/plugins/burp_suite.rb

@@ -1,7 +1,9 @@
 # frozen_string_literal: true
 
-require 'socket'
 require 'base64'
+require 'json'
+require 'socket'
+require 'uri'
 
 module PWN
   module Plugins
@@ -76,6 +78,45 @@ module BurpSuite
         raise e
       end
 
+      # Supported Method Parameters::
+      # uri_in_scope_bool = PWN::Plugins::BurpSuite.uri_in_scope(
+      #   target_config: 'required - path to burp suite pro target config JSON file',
+      #   uri: 'required - URI to determine if in scope'
+      # )
+
+      public_class_method def self.uri_in_scope(opts = {})
+        target_config = opts[:target_config]
+        raise 'ERROR: target_config does not exist' unless File.exist?(target_config)
+
+        uri = opts[:uri]
+        raise 'ERROR: uri parameter is required' if uri.nil?
+
+        target_config_json = JSON.parse(
+          File.read(target_config),
+          symbolize_names: true
+        )
+
+        out_of_scope = target_config_json[:target][:scope][:exclude]
+        out_of_scope_arr = out_of_scope.select do |os|
+          URI.parse(uri).scheme =~ /#{os[:protocol]}/ &&
+            URI.parse(uri).host =~ /#{os[:host]}/ &&
+            URI.parse(uri).path =~ /#{os[:file]}/
+        end
+        return false unless out_of_scope_arr.empty?
+
+        in_scope = target_config_json[:target][:scope][:include]
+        in_scope_arr = in_scope.select do |is|
+          URI.parse(uri).scheme =~ /#{is[:protocol]}/ &&
+            URI.parse(uri).host =~ /#{is[:host]}/ &&
+            URI.parse(uri).path =~ /#{is[:file]}/
+        end
+        return false if in_scope_arr.empty?
+
+        true
+      rescue StandardError => e
+        raise e
+      end
+
       # Supported Method Parameters::
       # PWN::Plugins::BurpSuite.enable_proxy(
       #   burp_obj: 'required - burp_obj returned by #start method'
@@ -311,6 +352,12 @@ module BurpSuite
             burp_jar_path: 'required - path of burp suite pro jar file',
             headless: 'optional - run headless if set to true',
             browser_type: 'optional - defaults to :firefox. See PWN::Plugins::TransparentBrowser.help for a list of types',
+            target_config: 'optional - path to burp suite pro target config JSON file'
+          )
+
+          uri_in_scope_bool = #{self}.uri_in_scope(
+            target_config: 'required - path to burp suite pro target config JSON file',
+            uri: 'required - URI to determine if in scope'
           )
 
           #{self}.enable_proxy(

lib/pwn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PWN
-  VERSION = '0.4.863'
+  VERSION = '0.4.864'
 end