knownsec / pocsuite3

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.
https://pocsuite.org
Other
3.66k stars 783 forks source link
pentesting python security security-tools

pocsuite3

Python 3.x License Twitter

Legal Disclaimer

Usage of pocsuite3 for attacking targets without prior mutual consent is illegal. pocsuite3 is for security testing purposes only

法律免责声明

未经事先双方同意,使用 pocsuite3 攻击目标是非法的。 pocsuite3 仅用于安全测试目的

Overview

pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many nice features for the ultimate penetration testers and security researchers.

Features

Screenshots

pocsuite3 console mode

asciicast

pocsuite3 shell mode

asciicast

pocsuite3 load PoC from Seebug

asciicast

pocsuite3 load multi-target from ZoomEye

asciicast

pocsuite3 load multi-target from Shodan

asciicast

pocsuite3 load nuclei template

build a docker vulnerability environment

require Docker

write dockerfile in poc

class DemoPOC(POCBase):
    vulID = ''  # ssvid
    version = '1.0'
    author = ['']
    vulDate = '2029-5-8'
    createDate = '2019-5-8'
    updateDate = '2019-5-8'
    references = ['']
    name = 'Struts2 045 RCE CVE-2017'
    appPowerLink = ''
    appName = 'struts2'
    appVersion = ''
    vulType = ''
    desc = '''S2-045:影响版本Struts 2.3.20-2.3.28(除了2.3.20.3和2.3.24.3)'''
    samples = []
    category = POC_CATEGORY.EXPLOITS.WEBAPP
    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''

only run vulnerable environments

pocsuite -r pocs/Apache_Struts2/20170129_WEB_Apache_Struts2_045_RCE_CVE-2017-5638.py  --docker-start  --docker-port 127.0.0.1:8080:8080 --docker-env A=test --docker-port 8899:7890

,------.                        ,--. ,--.       ,----.   {2.0.6-cc19ae5}
|  .--. ',---. ,---.,---.,--.,--`--,-'  '-.,---.'.-.  |
|  '--' | .-. | .--(  .-'|  ||  ,--'-.  .-| .-. : .' <
|  | --'' '-' \ `--.-'  `'  ''  |  | |  | \   --/'-'  |
`--'     `---' `---`----' `----'`--' `--'  `----`----'   https://pocsuite.org
[*] starting at 15:34:12

[15:34:12] [INFO] loading PoC script 'pocs/Apache_Struts2/20170129_WEB_Apache_Struts2_045_RCE_CVE-2017-5638.py'
[15:34:12] [INFO] Image struts2_045_rce_cve-2017:pocsuite exists
[15:34:12] [INFO] Run container fa5b3b7bb2ea successful!
[15:34:12] [INFO] pocsusite got a total of 0 tasks
[15:34:12] [INFO] Scan completed,ready to print

run vulnerable environments and run poc

 pocsuite -r pocs/Apache_Struts2/20170129_WEB_Apache_Struts2_045_RCE_CVE-2017-5638.py -u http://127.0.0.1:8080/S2-032-showcase/fileupload/doUpload.action --docker-start  --docker-port 127.0.0.1:8080:8080 

,------.                        ,--. ,--.       ,----.   {2.0.6-cc19ae5}
|  .--. ',---. ,---.,---.,--.,--`--,-'  '-.,---.'.-.  |
|  '--' | .-. | .--(  .-'|  ||  ,--'-.  .-| .-. : .' <
|  | --'' '-' \ `--.-'  `'  ''  |  | |  | \   --/'-'  |
`--'     `---' `---`----' `----'`--' `--'  `----`----'   https://pocsuite.org
[*] starting at 15:38:46

[15:38:46] [INFO] loading PoC script 'pocs/Apache_Struts2/20170129_WEB_Apache_Struts2_045_RCE_CVE-2017-5638.py'
[15:38:46] [INFO] Image struts2_045_rce_cve-2017:pocsuite exists
[15:38:47] [INFO] Run container 1a6eae1e8953 successful!
[15:38:47] [INFO] pocsusite got a total of 1 tasks
[15:38:47] [INFO] running poc:'Struts2 045 RCE CVE-2017' target 'http://127.0.0.1:8080/S2-032-showcase/fileupload/doUpload.action'
[15:39:17] [+] URL : http://127.0.0.1:8080/S2-032-showcase/fileupload/doUpload.action
[15:39:17] [+] Headers : {'Server': 'Apache-Coyote/1.1', 'nyvkx': '788544', 'Set-Cookie': 'JSESSIONID=0A9892431B32A541B51D4721FA0D2728; Path=/S2-032-showcase/; HttpOnly', 'Content-Type': 'text/html;charset=ISO-8859-1', 'Transfer-Encoding': 'chunked', 'Date': 'Mon, 25 Dec 2023 07:39:17 GMT'}
[15:39:17] [INFO] Scan completed,ready to print

+------------------------------------------------------------------+--------------------------+--------+-----------+---------+---------+
| target-url                                                       |         poc-name         | poc-id | component | version |  status |
+------------------------------------------------------------------+--------------------------+--------+-----------+---------+---------+
| http://127.0.0.1:8080/S2-032-showcase/fileupload/doUpload.action | Struts2 045 RCE CVE-2017 |        |  struts2  |         | success |
+------------------------------------------------------------------+--------------------------+--------+-----------+---------+---------+
success : 1 / 1

Introduction to vulnerability environment construction

Docker Environment:
  Docker Environment options

  --docker-start        Run the docker for PoC
  --docker-port DOCKER_PORT
                        Publish a container's port(s) to the host
  --docker-volume DOCKER_VOLUME
                        Bind mount a volume
  --docker-env DOCKER_ENV
                        Set environment variables
  --docker-only         Only run docker environment

The usage is roughly the same as docker’s command line parameters.

Requirements

Installation

Paste at a terminal prompt:

Python pip

pip3 install pocsuite3

# use other pypi mirror
pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple pocsuite3

MacOS

brew update
brew info pocsuite3
brew install pocsuite3

Debian, Ubuntu, Kali

sudo apt update
sudo apt install pocsuite3

Docker

docker run -it pocsuite3/pocsuite3

ArchLinux

yay pocsuite3

Or click here to download the latest source zip package and extract

wget https://github.com/knownsec/pocsuite3/archive/master.zip
unzip master.zip
cd pocsuite3-master
pip3 install -r requirements.txt
python3 setup.py install

The latest version of this software is available at: https://pocsuite.org

Documentation

Documentation is available at: https://pocsuite.org

Usage

cli mode

    # basic usage, use -v to set the log level
    pocsuite -u http://example.com -r example.py -v 2

    # run poc with shell mode
    pocsuite -u http://example.com -r example.py -v 2 --shell

    # search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The threads is set to 20
    pocsuite -r redis.py --dork service:redis --threads 20

    # load all poc in the poc directory and save the result as html
    pocsuite -u http://example.com --plugins poc_from_pocs,html_report

    # load the target from the file, and use the poc under the poc directory to scan
    pocsuite -f batch.txt --plugins poc_from_pocs,html_report

    # load CIDR target
    pocsuite -u 10.0.0.0/24 -r example.py

    # the custom parameters `command` is implemented in ecshop poc, which can be set from command line options
    pocsuite -u http://example.com -r ecshop_rce.py --attack --command "whoami"

console mode
    poc-console

How to Contribute

  1. Check for open issues or open a fresh issue to start a discussion around a feature idea or a bug.
  2. Fork the repository on GitHub to start making your changes.
  3. Write a test which shows that the bug was fixed or that the feature works as expected.
  4. Send a pull request or bug to the maintainer until it gets merged or fixed. Make sure to add yourself to Contributors.

Links