knownsec / pocsuite3 Goto Github PK

比如在初始化的时候打开文件/数据库进行记录

然后在扫描过程按下CTRL+C或者所有扫描结束时能够在回调方法中关闭数据库连接

也能即时将已经处理过的信息输出显示,做好一些关闭资源收尾工作

C:\Users\aldin\Desktop\secmdb\pocsuite3-master\pocsuite3-master\pocsuite3>python3 console.py Traceback (most recent call last): File "console.py", line 10, in <module> import pocsuite3 File "C:\Program Files\Python36\lib\site-packages\pocsuite3\__init__.py", line 10, in <module> from .lib.core.common import set_paths File "C:\Program Files\Python36\lib\site-packages\pocsuite3\lib\core\common.py", line 22, in <module> from pocsuite3.lib.core.convert import stdout_encode File "C:\Program Files\Python36\lib\site-packages\pocsuite3\lib\core\convert.py", line 3, in <module> from pocsuite3.lib.core.settings import IS_WIN File "C:\Program Files\Python36\lib\site-packages\pocsuite3\lib\core\settings.py", line 10, in <module> REVISION = get_revision_number() File "C:\Program Files\Python36\lib\site-packages\pocsuite3\lib\core\revision.py", line 54, in get_revision_number match = re.search(r"(?i)[0-9a-f]{32}", stdout or "") File "C:\Program Files\Python36\lib\re.py", line 182, in search return _compile(pattern, flags).search(string) TypeError: cannot use a string pattern on a bytes-like object

解决办法：pocsuite3\lib\core\revision.py line55

stdout.decode('utf-8')

Hi guys,

Could you please add ColdFusion (CVE-2019-7839) module to pocsuite3? I just saw your video on youtube ( https://www.youtube.com/watch?v=-eZ70CUcf0I ) and would like to give it a try on my LAN.

Thanks

Hi,

Could you please add the PoC module for WebLogic CVE-2019-2725 as shown on your youtube video:

https://www.youtube.com/watch?v=NtjC7cheNd8&feature=youtu.be

Thank you for sharing with the community :)

Hi !

Sorry to disturb you, I was wondering if you could add the PoCs for Zimbra and Ruby on Rails like we saw in your videos:

Zimbra: https://youtu.be/QEMOQE_omg8

Ruby: https://youtu.be/K5FdAVVeeb8

btw thanks for sharing pocsuite3 with the community :)

咨询一下，怎么实现如图中所示的场景：

https://github.com/dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-

fbi!!!!open the door ????

Class DomePOC(POCBase):

    def _verify(self):
         ----verify----
         output = Output(self)
        # 验证代码
        if result:output.success(result)
        else:output.fail('target is not vulnerable')
        return result 

一旦加了使用Output函数就报错“xx object has no attribute mode”
错误代码：
File "C:\.py", line 113, in _verify2 output = Output(self) File "D:\Program Files (x86)\python\lib\site-packages\pocsuite3\lib\core\poc.py", line 247, in __init__ self.mode = poc.mode AttributeError: 'DomePOC' object has no attribute 'mode' [Finished in 14.9s]

情景如下：

-f _verify 验证一批目标并保存详细result结果包括每个目标的CMS版本为列表

-f _attack 模式攻击验证成功的目标，但是函数内需要获取CMS的版本怎么解决，难道只能再次调用获取版本的函数？

有时候var参数到最前面了 导致探测漏报 这是我从url.txt扫描一堆网站遇到的。单独扫描没有出现这个

POST /index.php?s=index/%5Cthink%5Capp/invokefunction HTTP/1.1
Host: x.x.x.x
Accept-Encoding: gzip, deflate
Accept: /
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36
Content-Length: 70
Content-Type: application/x-www-form-urlencoded

vars%5B1%5D%5B%5D=-1&vars%5B0%5D=phpinfo&function=call_user_func_array

报错信息
Traceback (most recent call last):
File "D:\Users\PC\Miniconda3\envs\py37\lib\site-packages\pocsuite3\lib\core\datatype.py", line 18, in getattr
return self[name]
KeyError: 'registered_pocs'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "D:/Users/PC/PycharmProjects/test/main.py", line 60, in
register_poc(verify_poc)
File "D:\Users\PC\Miniconda3\envs\py37\lib\site-packages\pocsuite3\lib\core\register.py", line 103, in register_poc
if module in kb.registered_pocs:
File "D:\Users\PC\Miniconda3\envs\py37\lib\site-packages\pocsuite3\lib\core\datatype.py", line 20, in getattr
raise AttributeError(name)
AttributeError: registered_pocs

Process finished with exit code 1

python版本为3,7,pocsuite版本是1.3.6
C:\Users\PC>activate py37

(py37) C:\Users\PC>python
Python 3.7.1 (default, Oct 28 2018, 08:39:03) [MSC v.1912 64 bit (AMD64)] :: Anaconda, Inc. on win32
Type "help", "copyright", "credits" or "license" for more information.

exit()

(py37) C:\Users\PC>pocsuite --version

,------. ,--. ,--. ,----. {1.3.6-nongit-20190425}
| .--. ',---. ,---.,---.,--.,----,-' '-.,---.'.-. | | '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' < | | --'' '-' \ --.-' ' '' | | | | \ --/'-' | --' ---' -------' ----'--' --' --------' http://pocsuite.org

[*] shutting down at 16:23:18

(py37) C:\Users\PC>

register_poc(DemoPOC)

Traceback (most recent call last): File "D:\python3.7\lib\site-packages\pocsuite3\lib\core\datatype.py", line 18, in __getattr__ return self[name] KeyError: 'registered_pocs'

In [7]: proxies = 'test'
In [8]: proxies = proxies or conf.proxies if 'proxies' in conf else {}
In [9]: proxies
Out[9]: {}

if 的优先级比 or 高，所以先执行了 if 表达式的内容

how to log output into log file?
i have a list of url more then 1000 url
i want to output valid vulnerable links to a file so i can check them later

☺☻Pocsuite3☺☻ > search think
+-------+--------------------+
| Index | Path |
+-------+--------------------+
| 0 | pocs\thinkphp_rce |
| 1 | pocs\thinkphp_rce2 |
+-------+--------------------+
☺☻Pocsuite3☺☻ > use 0
[12:54:49] [ERROR] load module failed! 'pocs\thinkphp_rce.py'
[12:54:49] [ERROR] No module named 'requests_toolbelt'

\pocsuite3\plugins\target_from_shodan.py
`class TargetFromShodan(PluginBase):
category = PLUGIN_TYPE.TARGETS

def init_shodan_api(self):
    self.shodan = Shodan()
    if self.shodan.get_resource_info():
        info_msg = "shodan credits limit {0}".format(self.shodan.credits)
        logger.info(info_msg)

def init(self):
    self.init_shodan_api()

`
其中init(self)应更正为 __init__(self)
不知道

有时候var参数到最前面了 导致探测漏报

POST /index.php?s=index/%5Cthink%5Capp/invokefunction HTTP/1.1
Host: x.x.x.x
Accept-Encoding: gzip, deflate
Accept: /
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36
Content-Length: 70
Content-Type: application/x-www-form-urlencoded

vars%5B1%5D%5B%5D=-1&vars%5B0%5D=phpinfo&function=call_user_func_array

rt

实际上框架是不能支持编译过后的pyc的poc的吧？
这里 是不能解码pyc文件的

如果poc脚本出现语法错误，cli.py 会提示漏洞状态为“failed”，并不会把异常抛出来。
这样导致写脚本的时候非常不方便。
请问如何才能开启调试模式？

源文件：
https://wx2.sinaimg.cn/mw690/00707GTely1g2f5sfc5kxj30bw0emjrp.jpg
执行自动转成小写：
https://wx1.sinaimg.cn/mw690/00707GTely1g2f5sfdhjij30sm0i1jsk.jpg

py2旧版posuite支持，为何新版反而阉割了？

root@instance-template-1:~# pocsuite -r ecshop_rce.py -u 139.199.96.158:443 --threads 5 --shell

,------. ,--. ,--. ,----. {1.3.6-nongit-20190425}
| .--. ',---. ,---.,---.,--.,----,-' '-.,---.'.-. | | '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' < | | --'' '-' \ --.-' ' '' | | | | \ --/'-' | --' ---' -------' ----'--' --' --------' http://pocsuite.org
[*] starting at 08:25:02

[08:25:02] [INFO] loading PoC script '/usr/local/lib/python3.6/dist-packages/pocsuite3/pocs/ecshop_rce.py'
[i] pocsusite is running in shell mode, you need to set connect back host:
----- Local IP Address -----
0 10.140.0.2
Choose>: ...

很多云服务器网卡地址只有内网地址，但实际有外网ip，建议可手动输入ip和port

需要交互输入命令，按照

单独使用OptString方法完全不起作用

于是定义方法并调用：

` def _options(self):
OptString('Y',require=True, description='XXX')

self._options()
`

会报错
'str' object has no attribute 'require'

难道不支持交互输入？

如图, poc目录有 但是未自动加载显示

多个poc使用提示poc not found

For building and debugging shellcodes, etc.

See:

• rasm2
• ragg2 https://r2wiki.readthedocs.io/en/latest/tools/ragg2/ , https://radare.gitbooks.io/radare2book/content/tools/ragg2/ragg2.html
• searching for ROP gadgets https://radare.gitbooks.io/radare2book/content/search_bytes/intro.html
• emulation https://radare.gitbooks.io/radare2book/content/analysis/emulation.html

http://radare.today/posts/payloads-in-c/

Hi,

Please add webmin PoC module (CVE-2019-15231) for version 1.890.

Thanks

[19:13:45] [ERROR] [Errno 2] No such file or directory: 'usr/local/lib/python3/7/dist-packages/pocsuite3/pocs/test.py'

加载本身demo的POC 也是提示错误，在对应的路径下有poc，请问如何处理？

执行pocsuite --version的时候，出现error提示

Pocsuite3 > list
Traceback (most recent call last):
File "console.py", line 28, in
main()
File "console.py", line 24, in main
poc.start()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 77, in start
command_handler(args)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 414, in command_list
with open(found, encoding='utf-8') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/usr/local/lib/python3/7/dist-packages/pocsuite3-1/2/0-py3/7/egg/pocsuite3/pocs/thinkphp_rce2.py'

一个小bug
POCBase类不支持初始化方法"def init(self)"
调用POC会报错
AttributeError: '_POCDome' object has no attribute 'current_protocol
除了__init__方法改名还有没有完善的解决方案？

clone安装

pip install 安装的

是我环境的问题？怎么解决？

[16:23:43] [INFO] loading PoC script from seebug website using search keyword 'redis'
Telnet404 email account:[email protected]
Telnet404 password:
[16:24:48] [ERROR] HTTPSConnectionPool(host='api.zoomeye.org', port=443): Read timed out. (read timeout=30)
[16:24:48] [ERROR] The username or password is incorrect. Please enter the correct username and password.
[16:24:48] [ERROR] [PLUGIN] ZoomEye login faild
[16:24:48] [INFO] [PLUGIN] try fetch targets from zoomeye with dork: port:6379

比如 pocs/ftp_burst.py

使用配置
config = { 'url': 'https://www.baidu.com/', 'poc': os.path.join(paths.POCSUITE_ROOT_PATH, "../tests/ftp_burst.py"), 'verbose': 0 }

如何更改默认端口21 到其他端口？

when running pocsuite3 on vps it show only one interface can you add an option to add a custom connect back ip rather then preselected interfaces on host machine
thanks

[i] pocsusite is running in shell mode, you need to set connect back host:
----- Local IP Address -----
0 10.0.0.4
Choose>:

Pocsuite3 > show all
Traceback (most recent call last):
File "console.py", line 28, in
main()
File "console.py", line 24, in main
poc.start()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 77, in start
command_handler(args)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 231, in command_show
getattr(self, func)(*args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 425, in _show_all
self.command_list(args, kwargs)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 414, in command_list
with open(found, encoding='utf-8') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/usr/local/lib/python3/7/dist-packages/pocsuite3-1/2/0-py3/7/egg/pocsuite3/pocs/thinkphp_rce2.py'
➜ pocsuite3 python3 console.py

                          ,--. ,--.

,---. ,---. ,---.,---.,--.,----,-' '-.,---. {1.2.0-nongit-20190318} | .-. | .-. | .--( .-'| || ,--'-. .-| .-. : | '-' ' '-' \ --.-' ' '' | | | | \ --. | |-' ---' -------' ----'--' --' ----'
`--' http://pocsuite.org

[15:58:32] [INFO] Load Pocs :12
Pocsuite3 > list all
Traceback (most recent call last):
File "console.py", line 28, in
main()
File "console.py", line 24, in main
poc.start()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 77, in start
command_handler(args)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 414, in command_list
with open(found, encoding='utf-8') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/usr/local/lib/python3/7/dist-packages/pocsuite3-1/2/0-py3/7/egg/pocsuite3/pocs/thinkphp_rce2.py'
➜ pocsuite3 python3 console.py

                          ,--. ,--.

,---. ,---. ,---.,---.,--.,----,-' '-.,---. {1.2.0-nongit-20190318} | .-. | .-. | .--( .-'| || ,--'-. .-| .-. : | '-' ' '-' \ --.-' ' '' | | | | \ --. | |-' ---' -------' ----'--' --' ----'
`--' http://pocsuite.org

[15:58:48] [INFO] Load Pocs :12
Pocsuite3 > list
Traceback (most recent call last):
File "console.py", line 28, in
main()
File "console.py", line 24, in main
poc.start()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 77, in start
command_handler(args)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 414, in command_list
with open(found, encoding='utf-8') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/usr/local/lib/python3/7/dist-packages/pocsuite3-1/2/0-py3/7/egg/pocsuite3/pocs/thinkphp_rce2.py'

Pocsuite3 > list

+-------+----------------------------------------------+-------------------------------------------------------------------- ------+
| Index | Path | Name |
+-------+----------------------------------------------+-------------------------------------------------------------------- ------+
| 0 | pocs/thinkphp_rce | ThinkPHP 5.x (v5.0.23及v5.1.31以下版本) 远程命令执行漏洞利用（GetSh ell） |
| 1 | pocs/ecshop_rce | Ecshop 2.x/3.x Remote Code Execution |
| 2 | pocs/drupalgeddon2 | Drupal core Remote Code Execution |
| 3 | pocs/libssh_auth_bypass | libssh CVE-2018-10933 身份验证绕过漏洞

此处使用了Vulhub - Docker-Compose file for vulnerability environment
https://vulhub.org/#/environments/drupal/CVE-2018-7600/搭建的漏洞环境。使用vulhub文档中给出的poc测试复现成功，使用pocsuite3如下图：

Pocsuite3 (pocs/drupalgeddon2) > run
[10:37:58] [INFO] pocsusite got a total of 1 tasks
[10:37:58] [INFO] running poc:'Drupal core Remote Code Execution' target 'http://10.9.8.24:8080/'

+------------------------+-----------------------------------+--------+-----------+---------+--------+
| target-url | poc-name | poc-id | component | version | status |
+------------------------+-----------------------------------+--------+-----------+---------+--------+
| http://10.9.8.24:8080/ | Drupal core Remote Code Execution | 97207 | Drupal | | failed |
+------------------------+-----------------------------------+--------+-----------+---------+--------+
success : 0 / 1

错误应用程序名称: python.exe，版本: 3.7.3150.1013，时间戳: 0x5cababbb 错误模块名称: python37.dll，版本: 3.7.3150.1013，时间戳: 0x5cabab78 异常代码: 0xc0000005 错误偏移量: 0x0018281a 错误进程 ID: 0x1624 错误应用程序启动时间: 0x01d507fef2991ace 错误应用程序路径: d:\program files (x86)\python37\python.exe 错误模块路径: d:\program files (x86)\python37\python37.dll 报告 ID: 378d56d6-e186-4f59-8eea-007e34f45918 错误程序包全名: 错误程序包相对应用程序 ID:

pocsuite --update

                          ,--. ,--.

,---. ,---. ,---.,---.,--.,----,-' '-.,---. {1.2.0-nongit-20190318} | .-. | .-. | .--( .-'| || ,--'-. .-| .-. : | '-' ' '-' \ --.-' ' '' | | | | \ --. | |-' ---' -------' ----'--' --' ----'
`--' http://pocsuite.org

[*] starting at 14:42:02

Traceback (most recent call last):
File "/usr/local/lib/python3.7/dist-packages/pocsuite3/cli.py", line 54, in main
init()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3/lib/core/option.py", line 577, in init
_set_pocs_modules()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3/lib/core/option.py", line 328, in _set_pocs_modules
if not load_poc_sucess:
UnboundLocalError: local variable 'load_poc_sucess' referenced before assignment

[*] shutting down at 14:42:02

Hi,
when i try to load a poc from seebug it give me this message:

➜ pocsuite3 git:(master) ✗ pocsuite -r ssvid-89339 --dork service:redis --max-page 1 --threads 10

,------. ,--. ,--. ,----. {1.2.5-nongit-20190323}
| .--. ',---. ,---.,---.,--.,----,-' '-.,---.'.-. | | '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' < | | --'' '-' \ --.-' ' '' | | | | \ --/'-' | --' ---' -------' ----'--' --' --------' http://pocsuite.org
[*] starting at 15:41:32

[15:41:33] [INFO] loading Poc script 'https://www.seebug.org/vuldb/ssvid-89339'
[15:41:33] [ERROR] no PoC script was loaded!
[15:41:33] [ERROR] no target(s) was added!
[15:41:33] [INFO] pocsusite got a total of 0 tasks
[15:41:33] [INFO] staring 10 threads

[*] shutting down at 15:41:33

here we go zimbra

https://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html

[13:55:15] [INFO] loading PoC script '/usr/local/lib/python3.5/dist-packages/pocsuite3/pocs/libssh_auth_bypass.py'
[13:55:15] [INFO] PoC script "libssh CVE-2018-10933 身份验证绕过漏洞" requires "paramiko" to be installed
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/cli.py", line 53, in main
init()
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/lib/core/option.py", line 646, in init
_init_targets_plugins()
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/lib/core/option.py", line 613, in _init_targets_plugins
plugin.init()
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/plugins/target_from_shodan.py", line 21, in init
self.init_shodan_api()
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/plugins/target_from_shodan.py", line 16, in init_shodan_api
if self.shodan.get_resource_info():
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/modules/shodan/init.py", line 63, in get_resource_info
if self.check_token():
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/modules/shodan/init.py", line 38, in check_token
if self.token_is_available():
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/modules/shodan/init.py", line 28, in token_is_available
if self.token:
AttributeError: 'Shodan' object has no attribute 'token'

I don't know how to solve this problem