knownsec / pocsuite3

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
https://pocsuite.org
Other
3.66k stars 783 forks source link

ftp_burst 暴力破解 有问题 #315

Closed asd1054 closed 2 years ago

asd1054 commented 2 years ago

image

image

这ftp 爆破 怎么还是走的http协议, 而且 我 想批量跑host的 结果 文件 内容 不加上 http:// 根本识别不了target啊,

13ph03nix commented 2 years ago

self.url 属性会对协议进行处理,方便 requests 库使用,用户传输的原始 target 可以通过 self.target 获取。ftp 爆破这个只用到了 host 和 port,不影响 poc 的执行。 https://github.com/knownsec/pocsuite3/blob/b9eccd74ecaaa18ff859afa8e4852e3eb56b918f/pocsuite3/lib/core/common.py#L257

https://github.com/knownsec/pocsuite3/blob/b9eccd74ecaaa18ff859afa8e4852e3eb56b918f/pocsuite3/pocs/ftp_burst.py#L44

verify verify2
13ph03nix commented 2 years ago

317