search

knownsec / pocsuite3

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
https://pocsuite.org
Other
3.66k stars 783 forks source link

Adapt to goby templates #374

Open randolphcyg opened 1 year ago

randolphcyg commented 1 year ago

Is anybody working with add goby parser into pocsuite3?

I am working on it now.

After reading papers by knownsec and debug pocsuite3 program, this work has become smoother.

13ph03nix commented 1 year ago

I think no one else is working on this at the moment. If you're interested, your contributions would be very welcome!

randolphcyg commented 1 year ago

I think no one else is working on this at the moment. If you're interested, your contributions would be very welcome!

If the poc_code generated by the Nuclei YAML template is saved as Python code, is it appropriate to use Pocsuite3 -R to apply this Python code?

When I adapt the Goby JSON format template, I plan to convert json template to python template first, and then go to verify it separately, I don't know if this is appropriate?

So far, when I read the goby JSON template directly, I have successfully verified several vulnerabilities.

After fixing the obvious errors and optimizing the code, I try not to submit a merge request. The currently modified code is here: pocsuite3

13ph03nix commented 1 year ago

感谢贡献。

If the poc_code generated by the Nuclei YAML template is saved as Python code, is it appropriate to use Pocsuite3 -R to apply this Python code?

poc_code 直接存为 .py 然后用 -r 加载是可以的。

When I adapt the Goby JSON format template, I plan to convert json template to python template first, and then go to verify it separately, I don't know if this is appropriate?

我想这没有区别,可以使用 -r 加载 nuclei 模版,也可以将转换后的存为 Python 文件然后使用 -r 加载。如果检测到是 yaml,会自动转换为 Python 插件,这部分代码位于: https://github.com/knownsec/pocsuite3/blob/30a94290c4ff3dbfbcd56625b685b80541a5972f/pocsuite3/lib/core/register.py#L73-L77

粗略看了下代码,还有很多细节需要完善,建议对照 https://gobysec.net/exp#GoEXP%E6%BC%8F%E6%B4%9E%E6%89%8B%E5%86%8C 完善。 几点建议:

  1. 很多无用的代码可删除,而且 nuclei 和 goby 有很多差异,一个好的 goby parser 需要对 goby 本身有好的理解;
  2. 细节完善,比如 ResponseTest 中的 variable 部分: $status_code -> $code,$header -> $head;
  3. SetVariable 未实现;
  4. ...

Anyway,尽可能理解自己写的每一行代码~

最后,我目前是独立安全研究员,会在空闲时间关注这个项目。

randolphcyg commented 1 year ago

感谢宝贵的建议!

  1. 目前还没根据规范做过review,对适配模块的功能不够熟悉,因此很多无用代码还没删;
  2. 由于验证工作还没怎么完善,所以请求结果的处理逻辑还没有通用地处理;
  3. 当前仅仅根据goby官方文档映射了数据结构,还没完全符合要求,会继续修正和测试;
  4. 主要想先确认nuclei适配模块的设计逻辑,当前json.py后通过命令使用时没有通过,我会先解决这个问题;