saucer-man / saucerframe Goto Github PK

View Code? Open in Web Editor NEW

391.0 10.0 101.0 936 KB

python3批量poc检测工具

Python 100.00%

vulnerability-scanners vulnerability-detection exploit

saucerframe's Introduction

Saucerframe

saucerframe是一个基于python3的开源批量POC检测框架，默认使用协程异步请求，支持多线程并发，支持多种指定目标方式，可用于批量POC检测，也可根据需要扩展功能。欢迎star和pr

本项目用来交流学习，切勿用来做违法之事

特点

支持多线程并发/协程
指定目标支持多种方式
- 指定单个目标
- 从文本种获取目标
- 某一网段获取目标 e.g. 192.168.1.0/24
- 某一ip段获取目标 192.168.1.0-192.168.2.33
- 支持多种api批量获取目标: Shodan、Zoomeye、Fofa、Censys
支持全局代理(socks5|socks4|http)

更新历史

点击查看/关闭

- 2020-10-14 支持一次运行全部poc脚本

2019-11-25 重写进度条。
2019-08-10 增加输出等级，增加模块加载方式，支持同时指定多个poc和多种target加载方式。
2019-07-25 封装requests模块，新增全局代理选项，默认随机UA，重写censys api模块。
2019-07-14 增加进度条；去除并发数的限制；去除google api；优化了一些模块。
2019-05-09 增加logging模块，支持输出等级；增加censys api调用；IPY替换为内置库ipaddress、imp更新为importlib模块；规范大部分函数、变量命名；修改了程序逻辑。
2019-05-08 增加plugin目录，逐步添加plugin，方便poc调用。目前已添加随机user-agent
2019-04-18 更改默认并发方式为协程，自动根据扫描数量确定异步请求数量，优化了部分代码逻辑，速度提升
2019-02-26 增加协程模式，利用gevent模块实现异步请求。
2018-12-15 将第三方库colorama、IPy放进thirdlib中直接引用，减少依赖包的安装。
2018-12-10 测试框架编写完成

使用

安装方法：

git clone https://github.com/saucer-man/saucerframe.git 
cd saucerframe
pip install -r requirement.txt

使用方法：

python3 saucerframe.py -h
python3 saucerframe.py --show
python3 saucerframe.py -s script-name -iU target-url

具体的参数说明：

# 1. 指定poc脚本(必需,支持同时指定多个poc)
-s all 指定全部脚本
-s redis_unauth,mongodb_unauth  指定单个/多个脚本

# 2. 指定目标(必需)
-iU www.xxx.com  单个目标
-iF target.txt  从文本中加载
-iR 192.168.1.1-192.168.2.100  根据ip地址范围加载
-iN 192.168.1.0/24  根据网段加载
-aZ "redis"  ZoomEye api加载
-aS "redis"  Shodan api加载
-aC "redis"  Censys api加载
-aF "redis"  Fofa api加载

# 3. 其他(可选)
-h  查看帮助信息
-t 300  并发数(默认100)
--proxy socks5://127.0.0.1:1080  使用sock5代理
-o result.txt  指定输出文件
-v 4 指定终端输出详细级别(1-5, 默认为2)
--show  查看所有poc
-eT  并发采用多线程方式
-eG  并发采用协程方式(默认)

POC编写

介绍已移至wiki

感谢

框架起初设计过程中借鉴了POC-T和sqlmap等优秀开源项目的部分模式和代码，特此说明和感谢。

saucerframe's People

Contributors

Stargazers

Watchers

Forkers

huangqiuhao sry309 zack7wong loose-dreiy toygang luogan129 arongmh tomcatjerrydog xalxl sha-512 zhuomingliang soliontheroad whojeff j5s renjunfeng c0010 hulala789 150170410 sysrootman wang0098 kenanat huangyuan666 bla1n chennqqi attackgithub stevezheng matrixkung cross2to lanpan999 heartsmoking harry1080 qing-q zuihsouse wolfzzzz muyuxx austfish qboy0000 yanzlguohe morns0 r0ckysec 02bx grayguest cyhellolab blackstarkk ifishzz timeshu luckxiao520 muqiyip fevergeek wule108 coderzgh micsk thinkphpdev eniac888 pengtao007 wangjdmu longfeide2008 savfhfdhg 13957166977 110099 badguy0827 jigeqiu dk47os3r qswdlsr shsiming benniedaniel anonymouscyberwarrior reverse-dusk hahahacccc wendingzhongyuan jeromeyoung zan8in a1124510616 kagantua xingqianzhi m1k0er victoryxing126 apologizefor jaygith startagain2016 fleabane1 jimsonzhang 4sh3s lachlanneeley xsssends podvps ghostcg2022 zhouranxi mintuu322 cpt-jack-a-castle wx1029 grow520 wwwmd5vip 1756816846

saucerframe's Issues

Linux 系统中路径出错

在 Linux 系统中，\source_leak_check_payload.txt 这样的路径会错出，斜杠改为饭斜杠就正常了。

我想要对url.txt中的链接测试所有的weblogic漏洞，尝试用下面的命令运行Python脚本
python saucerframe.py -iF url.txt -s all
报错信息显示：[-] Script [all.py] not exist. Use [--show] to view all available script in ./scripts/
具体如下：

希望能够找到一个解决方法，o(￣▽￣)ブ

'str' object has no attribute 'get'

请问我的是框架还是 poc问题

在扫描中出现 url列表溢出 UnicodeError: label empty or too long 错误

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python36\lib\site-packages\gevent\threadpool.py", line 281, in _worker
value = func(*args, **kwargs)
UnicodeError: encoding with 'idna' codec failed (UnicodeError: label empty or too long)
2019-10-19T09:11:05Z (<ThreadPool at 0x318f33f0b8 5/10/10 hub=<Hub at 0x31f8b22438 thread_ident=0x4484>>, ) failed with UnicodeError

[12554 of 1214235][Elapsed Time: 0:55:41] Traceback (most recent call last):
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python36\lib\encodings\idna.py", line 165, in encode
raise UnicodeError("label empty or too long")
UnicodeError: label empty or too long

The above exception was the direct cause of the following exception:

建议增加一个 random_user_agent 类所有request,可以携带上

import random

# random user agent
def get_ua():
    # define random user-agent
    first_num = random.randint(55, 75)
    third_num = random.randint(0, 3200)
    fourth_num = random.randint(0, 140)
    os_type = [
        '(Windows NT 6.1; WOW64)', '(Windows NT 10.0; WOW64)', '(X11; Linux x86_64)','(X11; Linux i686) ',
        '(Macintosh;U; Intel Mac OS X 10_12_6;en-AU)','(iPhone; U; CPU iPhone OS 11_0_6 like Mac OS X; en-SG)','(Windows NT 10.0; Win64; x64; Xbox; Xbox One) ','(iPad; U; CPU OS 11_3_2 like Mac OS X; en-US) ','(Macintosh; Intel Mac OS X 10_14_1)'
    ]
    chrome_version = 'Chrome/{}.0.{}.{}'.format(
        first_num, third_num, fourth_num)

    ua = ' '.join(['Mozilla/5.0', random.choice(os_type), 'AppleWebKit/537.36',
                   '(KHTML, like Gecko)', chrome_version, 'Safari/537.36']
                  )
    return ua

# common headers
headers = {
    'Accept-Encoding': 'gzip, deflate, br',
    'Connection': 'Close',
    'Accept': '*/*',
    'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
    'User-Agent': get_ua(),
    'Referer': 'https://www.baidu.com/'
}

expected str, bytes or os.PathLike object, not list

写poc时爆这个错，完全不知道在哪出的错

unable to run saucerframe.py

root@kali:~/saucerframe# python3 saucerframe.py
Traceback (most recent call last):
File "saucerframe.py", line 9, in
from gevent import monkey
ModuleNotFoundError: No module named 'gevent'

help

                           __  https://saucer-man.com                         
                          / |

___ __ _ _ _ ___ ___ _ | | _ __ __ _ _ __ ___ ___
/ _|/ | | | |/ __/ _ \ '__| _| '__/ _ | ' ` _ \ / _
_ \ (| | || | (| / | | | | | | (| | | | | | | /
|/_,|_,|__|| || || _,|| || ||_|

[-] Use -s to load script. Example: [-s spider] or [-s ./script/spider.py]

[*] shutting down at 08:35:44

请问大佬我的fofa输入api密钥和邮箱为啥一直显示不匹配啊，其他api都能调用

请问有开启全部POC检测选项吗

请问有开启全部POC检测选项吗，不用一个一个去指定script

error

Traceback (most recent call last):
File "C:\Users\MSI\Desktop\saucerframe\lib\controller\engine.py", line 67, in scan
status = module_obj.poc(payload)
File "C:\Users\MSI\Desktop\saucerframe\scripts\csbrute.py", line 99, in poc
host = socket.gethostbyname(o.hostname)
File "C:\Python39\lib\site-packages\gevent_socketcommon.py", line 198, in gethostbyname
return get_hub().resolver.gethostbyname(hostname)
File "C:\Python39\lib\site-packages\gevent\resolver\thread.py", line 57, in gethostbyname
return self.pool.apply(_socket.gethostbyname, args)
File "C:\Python39\lib\site-packages\gevent\pool.py", line 161, in apply
return self.spawn(func, *args, **kwds).get()
File "src\gevent\event.py", line 329, in gevent._gevent_cevent.AsyncResult.get
File "src\gevent\event.py", line 359, in gevent._gevent_cevent.AsyncResult.get
File "src\gevent\event.py", line 347, in gevent._gevent_cevent.AsyncResult.get
File "src\gevent\event.py", line 327, in gevent._gevent_cevent.AsyncResult._raise_exception
File "C:\Python39\lib\site-packages\gevent_compat.py", line 65, in reraise
raise value.with_traceback(tb)
File "C:\Python39\lib\site-packages\gevent\threadpool.py", line 167, in __run_task
thread_result.set(func(*args, **kwargs))
socket.gaierror: [Errno 11001] getaddrinfo failed