knownsec / pocsuite3 Goto Github PK
View Code? Open in Web Editor NEWpocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Home Page: https://pocsuite.org
License: Other
pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
Home Page: https://pocsuite.org
License: Other
比如在初始化的时候打开文件/数据库进行记录
然后在扫描过程按下CTRL+C或者所有扫描结束时能够在回调方法中关闭数据库连接
也能即时将已经处理过的信息输出显示,做好一些关闭资源收尾工作
C:\Users\aldin\Desktop\secmdb\pocsuite3-master\pocsuite3-master\pocsuite3>python3 console.py Traceback (most recent call last): File "console.py", line 10, in <module> import pocsuite3 File "C:\Program Files\Python36\lib\site-packages\pocsuite3\__init__.py", line 10, in <module> from .lib.core.common import set_paths File "C:\Program Files\Python36\lib\site-packages\pocsuite3\lib\core\common.py", line 22, in <module> from pocsuite3.lib.core.convert import stdout_encode File "C:\Program Files\Python36\lib\site-packages\pocsuite3\lib\core\convert.py", line 3, in <module> from pocsuite3.lib.core.settings import IS_WIN File "C:\Program Files\Python36\lib\site-packages\pocsuite3\lib\core\settings.py", line 10, in <module> REVISION = get_revision_number() File "C:\Program Files\Python36\lib\site-packages\pocsuite3\lib\core\revision.py", line 54, in get_revision_number match = re.search(r"(?i)[0-9a-f]{32}", stdout or "") File "C:\Program Files\Python36\lib\re.py", line 182, in search return _compile(pattern, flags).search(string) TypeError: cannot use a string pattern on a bytes-like object
解决办法:pocsuite3\lib\core\revision.py line55
stdout.decode('utf-8')
Hi guys,
Could you please add ColdFusion (CVE-2019-7839) module to pocsuite3? I just saw your video on youtube ( https://www.youtube.com/watch?v=-eZ70CUcf0I ) and would like to give it a try on my LAN.
Thanks
Hi,
Could you please add the PoC module for WebLogic CVE-2019-2725 as shown on your youtube video:
https://www.youtube.com/watch?v=NtjC7cheNd8&feature=youtu.be
Thank you for sharing with the community :)
Hi !
Sorry to disturb you, I was wondering if you could add the PoCs for Zimbra and Ruby on Rails like we saw in your videos:
Zimbra: https://youtu.be/QEMOQE_omg8
Ruby: https://youtu.be/K5FdAVVeeb8
btw thanks for sharing pocsuite3 with the community :)
Class DomePOC(POCBase):
def _verify(self):
----verify----
output = Output(self)
# 验证代码
if result:output.success(result)
else:output.fail('target is not vulnerable')
return result
一旦加了使用Output函数就报错“xx object has no attribute mode”
错误代码:
File "C:\.py", line 113, in _verify2 output = Output(self) File "D:\Program Files (x86)\python\lib\site-packages\pocsuite3\lib\core\poc.py", line 247, in __init__ self.mode = poc.mode AttributeError: 'DomePOC' object has no attribute 'mode' [Finished in 14.9s]
情景如下:
-f _verify 验证一批目标并保存详细result结果包括每个目标的CMS版本为列表
-f _attack 模式攻击验证成功的目标,但是函数内需要获取CMS的版本怎么解决,难道只能再次调用获取版本的函数?
有时候var参数到最前面了 导致探测漏报 这是我从url.txt扫描一堆网站遇到的。单独扫描没有出现这个
POST /index.php?s=index/%5Cthink%5Capp/invokefunction HTTP/1.1
Host: x.x.x.x
Accept-Encoding: gzip, deflate
Accept: /
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36
Content-Length: 70
Content-Type: application/x-www-form-urlencoded
vars%5B1%5D%5B%5D=-1&vars%5B0%5D=phpinfo&function=call_user_func_array
报错信息
Traceback (most recent call last):
File "D:\Users\PC\Miniconda3\envs\py37\lib\site-packages\pocsuite3\lib\core\datatype.py", line 18, in getattr
return self[name]
KeyError: 'registered_pocs'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "D:/Users/PC/PycharmProjects/test/main.py", line 60, in
register_poc(verify_poc)
File "D:\Users\PC\Miniconda3\envs\py37\lib\site-packages\pocsuite3\lib\core\register.py", line 103, in register_poc
if module in kb.registered_pocs:
File "D:\Users\PC\Miniconda3\envs\py37\lib\site-packages\pocsuite3\lib\core\datatype.py", line 20, in getattr
raise AttributeError(name)
AttributeError: registered_pocs
Process finished with exit code 1
python版本为3,7,pocsuite版本是1.3.6
C:\Users\PC>activate py37
(py37) C:\Users\PC>python
Python 3.7.1 (default, Oct 28 2018, 08:39:03) [MSC v.1912 64 bit (AMD64)] :: Anaconda, Inc. on win32
Type "help", "copyright", "credits" or "license" for more information.
exit()
(py37) C:\Users\PC>pocsuite --version
,------. ,--. ,--. ,----. {1.3.6-nongit-20190425}
| .--. ',---. ,---.,---.,--.,----,-' '-.,---.'.-. | | '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' < | | --'' '-' \
--.-' ' '' | | | | \ --/'-' |
--' ---'
-------'
----'--'
--' ----
----' http://pocsuite.org
[*] shutting down at 16:23:18
(py37) C:\Users\PC>
register_poc(DemoPOC)
Traceback (most recent call last): File "D:\python3.7\lib\site-packages\pocsuite3\lib\core\datatype.py", line 18, in __getattr__ return self[name] KeyError: 'registered_pocs'
In [7]: proxies = 'test'
In [8]: proxies = proxies or conf.proxies if 'proxies' in conf else {}
In [9]: proxies
Out[9]: {}
if
的优先级比 or
高,所以先执行了 if 表达式的内容
how to log output into log file?
i have a list of url more then 1000 url
i want to output valid vulnerable links to a file so i can check them later
☺☻Pocsuite3☺☻ > search think
+-------+--------------------+
| Index | Path |
+-------+--------------------+
| 0 | pocs\thinkphp_rce |
| 1 | pocs\thinkphp_rce2 |
+-------+--------------------+
☺☻Pocsuite3☺☻ > use 0
[12:54:49] [ERROR] load module failed! 'pocs\thinkphp_rce.py'
[12:54:49] [ERROR] No module named 'requests_toolbelt'
\pocsuite3\plugins\target_from_shodan.py
`class TargetFromShodan(PluginBase):
category = PLUGIN_TYPE.TARGETS
def init_shodan_api(self):
self.shodan = Shodan()
if self.shodan.get_resource_info():
info_msg = "shodan credits limit {0}".format(self.shodan.credits)
logger.info(info_msg)
def init(self):
self.init_shodan_api()
`
其中init(self)应更正为 __init__(self)
不知道
有时候var参数到最前面了 导致探测漏报
POST /index.php?s=index/%5Cthink%5Capp/invokefunction HTTP/1.1
Host: x.x.x.x
Accept-Encoding: gzip, deflate
Accept: /
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36
Content-Length: 70
Content-Type: application/x-www-form-urlencoded
vars%5B1%5D%5B%5D=-1&vars%5B0%5D=phpinfo&function=call_user_func_array
rt
实际上框架是不能支持编译过后的pyc的poc的吧?
这里 是不能解码pyc文件的
如果poc脚本出现语法错误,cli.py 会提示漏洞状态为“failed”,并不会把异常抛出来。
这样导致写脚本的时候非常不方便。
请问如何才能开启调试模式?
py2旧版posuite支持,为何新版反而阉割了?
root@instance-template-1:~# pocsuite -r ecshop_rce.py -u 139.199.96.158:443 --threads 5 --shell
,------. ,--. ,--. ,----. {1.3.6-nongit-20190425}
| .--. ',---. ,---.,---.,--.,----,-' '-.,---.'.-. | | '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' < | | --'' '-' \
--.-' ' '' | | | | \ --/'-' |
--' ---'
-------'
----'--'
--' ----
----' http://pocsuite.org
[*] starting at 08:25:02
[08:25:02] [INFO] loading PoC script '/usr/local/lib/python3.6/dist-packages/pocsuite3/pocs/ecshop_rce.py'
[i] pocsusite is running in shell mode, you need to set connect back host:
----- Local IP Address -----
0 10.140.0.2
Choose>: ...
很多云服务器网卡地址只有内网地址,但实际有外网ip,建议可手动输入ip和port
需要交互输入命令,按照
单独使用OptString
方法完全不起作用
于是定义方法并调用:
` def _options(self):
OptString('Y',require=True, description='XXX')
self._options()
`
会报错
'str' object has no attribute 'require'
难道不支持交互输入?
For building and debugging shellcodes, etc.
See:
[19:13:45] [ERROR] [Errno 2] No such file or directory: 'usr/local/lib/python3/7/dist-packages/pocsuite3/pocs/test.py'
加载本身demo的POC 也是提示错误,在对应的路径下有poc,请问如何处理?
执行pocsuite --version的时候,出现error提示
Pocsuite3 > list
Traceback (most recent call last):
File "console.py", line 28, in
main()
File "console.py", line 24, in main
poc.start()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 77, in start
command_handler(args)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 414, in command_list
with open(found, encoding='utf-8') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/usr/local/lib/python3/7/dist-packages/pocsuite3-1/2/0-py3/7/egg/pocsuite3/pocs/thinkphp_rce2.py'
def build_url(self):
if self.target and not conf.console_mode:
pr = urlparse(parse_target_url(self.target))
rport = pr.port if pr.port else 0
rhost = pr.hostname
ssl = False
if pr.scheme == 'https': # ssl只是一种数据传输通道,不只是为http设计的
ssl = True
self.setg_option("rport", rport)
self.setg_option("rhost", rhost)
self.setg_option("ssl", ssl)
return parse_target_url(self.target)
一个小bug
POCBase类不支持初始化方法"def init(self)"
调用POC会报错
AttributeError: '_POCDome' object has no attribute 'current_protocol
除了__init__方法改名还有没有完善的解决方案?
[16:23:43] [INFO] loading PoC script from seebug website using search keyword 'redis'
Telnet404 email account:[email protected]
Telnet404 password:
[16:24:48] [ERROR] HTTPSConnectionPool(host='api.zoomeye.org', port=443): Read timed out. (read timeout=30)
[16:24:48] [ERROR] The username or password is incorrect. Please enter the correct username and password.
[16:24:48] [ERROR] [PLUGIN] ZoomEye login faild
[16:24:48] [INFO] [PLUGIN] try fetch targets from zoomeye with dork: port:6379
比如 pocs/ftp_burst.py
使用配置
config = { 'url': 'https://www.baidu.com/', 'poc': os.path.join(paths.POCSUITE_ROOT_PATH, "../tests/ftp_burst.py"), 'verbose': 0 }
如何更改默认端口21 到其他端口?
when running pocsuite3 on vps it show only one interface can you add an option to add a custom connect back ip rather then preselected interfaces on host machine
thanks
[i] pocsusite is running in shell mode, you need to set connect back host:
----- Local IP Address -----
0 10.0.0.4
Choose>:
Pocsuite3 > show all
Traceback (most recent call last):
File "console.py", line 28, in
main()
File "console.py", line 24, in main
poc.start()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 77, in start
command_handler(args)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 231, in command_show
getattr(self, func)(*args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 425, in _show_all
self.command_list(args, kwargs)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 414, in command_list
with open(found, encoding='utf-8') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/usr/local/lib/python3/7/dist-packages/pocsuite3-1/2/0-py3/7/egg/pocsuite3/pocs/thinkphp_rce2.py'
➜ pocsuite3 python3 console.py
,--. ,--.
,---. ,---. ,---.,---.,--.,----,-' '-.,---. {1.2.0-nongit-20190318} | .-. | .-. | .--( .-'| || ,--'-. .-| .-. : | '-' ' '-' \
--.-' ' '' | | | | \ --. | |-'
---' ---
----' ----'
--' --'
----'
`--' http://pocsuite.org
[15:58:32] [INFO] Load Pocs :12
Pocsuite3 > list all
Traceback (most recent call last):
File "console.py", line 28, in
main()
File "console.py", line 24, in main
poc.start()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 77, in start
command_handler(args)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 414, in command_list
with open(found, encoding='utf-8') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/usr/local/lib/python3/7/dist-packages/pocsuite3-1/2/0-py3/7/egg/pocsuite3/pocs/thinkphp_rce2.py'
➜ pocsuite3 python3 console.py
,--. ,--.
,---. ,---. ,---.,---.,--.,----,-' '-.,---. {1.2.0-nongit-20190318} | .-. | .-. | .--( .-'| || ,--'-. .-| .-. : | '-' ' '-' \
--.-' ' '' | | | | \ --. | |-'
---' ---
----' ----'
--' --'
----'
`--' http://pocsuite.org
[15:58:48] [INFO] Load Pocs :12
Pocsuite3 > list
Traceback (most recent call last):
File "console.py", line 28, in
main()
File "console.py", line 24, in main
poc.start()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 77, in start
command_handler(args)
File "/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/lib/core/interpreter.py", line 414, in command_list
with open(found, encoding='utf-8') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/local/lib/python3.7/dist-packages/pocsuite3-1.2.0-py3.7.egg/pocsuite3/usr/local/lib/python3/7/dist-packages/pocsuite3-1/2/0-py3/7/egg/pocsuite3/pocs/thinkphp_rce2.py'
Pocsuite3 > list
+-------+----------------------------------------------+-------------------------------------------------------------------- ------+
| Index | Path | Name |
+-------+----------------------------------------------+-------------------------------------------------------------------- ------+
| 0 | pocs/thinkphp_rce | ThinkPHP 5.x (v5.0.23及v5.1.31以下版本) 远程命令执行漏洞利用(GetSh ell) |
| 1 | pocs/ecshop_rce | Ecshop 2.x/3.x Remote Code Execution |
| 2 | pocs/drupalgeddon2 | Drupal core Remote Code Execution |
| 3 | pocs/libssh_auth_bypass | libssh CVE-2018-10933 身份验证绕过漏洞
此处使用了Vulhub - Docker-Compose file for vulnerability environment
https://vulhub.org/#/environments/drupal/CVE-2018-7600/搭建的漏洞环境。使用vulhub文档中给出的poc测试复现成功,使用pocsuite3如下图:
Pocsuite3 (pocs/drupalgeddon2) > run
[10:37:58] [INFO] pocsusite got a total of 1 tasks
[10:37:58] [INFO] running poc:'Drupal core Remote Code Execution' target 'http://10.9.8.24:8080/'
+------------------------+-----------------------------------+--------+-----------+---------+--------+
| target-url | poc-name | poc-id | component | version | status |
+------------------------+-----------------------------------+--------+-----------+---------+--------+
| http://10.9.8.24:8080/ | Drupal core Remote Code Execution | 97207 | Drupal | | failed |
+------------------------+-----------------------------------+--------+-----------+---------+--------+
success : 0 / 1
错误应用程序名称: python.exe,版本: 3.7.3150.1013,时间戳: 0x5cababbb 错误模块名称: python37.dll,版本: 3.7.3150.1013,时间戳: 0x5cabab78 异常代码: 0xc0000005 错误偏移量: 0x0018281a 错误进程 ID: 0x1624 错误应用程序启动时间: 0x01d507fef2991ace 错误应用程序路径: d:\program files (x86)\python37\python.exe 错误模块路径: d:\program files (x86)\python37\python37.dll 报告 ID: 378d56d6-e186-4f59-8eea-007e34f45918 错误程序包全名: 错误程序包相对应用程序 ID:
pocsuite --update
,--. ,--.
,---. ,---. ,---.,---.,--.,----,-' '-.,---. {1.2.0-nongit-20190318} | .-. | .-. | .--( .-'| || ,--'-. .-| .-. : | '-' ' '-' \
--.-' ' '' | | | | \ --. | |-'
---' ---
----' ----'
--' --'
----'
`--' http://pocsuite.org
[*] starting at 14:42:02
Traceback (most recent call last):
File "/usr/local/lib/python3.7/dist-packages/pocsuite3/cli.py", line 54, in main
init()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3/lib/core/option.py", line 577, in init
_set_pocs_modules()
File "/usr/local/lib/python3.7/dist-packages/pocsuite3/lib/core/option.py", line 328, in _set_pocs_modules
if not load_poc_sucess:
UnboundLocalError: local variable 'load_poc_sucess' referenced before assignment
[*] shutting down at 14:42:02
Hi,
when i try to load a poc from seebug it give me this message:
➜ pocsuite3 git:(master) ✗ pocsuite -r ssvid-89339 --dork service:redis --max-page 1 --threads 10
,------. ,--. ,--. ,----. {1.2.5-nongit-20190323}
| .--. ',---. ,---.,---.,--.,----,-' '-.,---.'.-. | | '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' < | | --'' '-' \
--.-' ' '' | | | | \ --/'-' |
--' ---'
-------'
----'--'
--' ----
----' http://pocsuite.org
[*] starting at 15:41:32
[15:41:33] [INFO] loading Poc script 'https://www.seebug.org/vuldb/ssvid-89339'
[15:41:33] [ERROR] no PoC script was loaded!
[15:41:33] [ERROR] no target(s) was added!
[15:41:33] [INFO] pocsusite got a total of 0 tasks
[15:41:33] [INFO] staring 10 threads
[*] shutting down at 15:41:33
[13:55:15] [INFO] loading PoC script '/usr/local/lib/python3.5/dist-packages/pocsuite3/pocs/libssh_auth_bypass.py'
[13:55:15] [INFO] PoC script "libssh CVE-2018-10933 身份验证绕过漏洞" requires "paramiko" to be installed
Traceback (most recent call last):
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/cli.py", line 53, in main
init()
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/lib/core/option.py", line 646, in init
_init_targets_plugins()
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/lib/core/option.py", line 613, in _init_targets_plugins
plugin.init()
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/plugins/target_from_shodan.py", line 21, in init
self.init_shodan_api()
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/plugins/target_from_shodan.py", line 16, in init_shodan_api
if self.shodan.get_resource_info():
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/modules/shodan/init.py", line 63, in get_resource_info
if self.check_token():
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/modules/shodan/init.py", line 38, in check_token
if self.token_is_available():
File "/usr/local/lib/python3.5/dist-packages/pocsuite3/modules/shodan/init.py", line 28, in token_is_available
if self.token:
AttributeError: 'Shodan' object has no attribute 'token'
I don't know how to solve this problem
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.