/pocsuite3

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

Primary LanguagePythonOtherNOASSERTION

pocsuite3

Python 3.x License Twitter build

Legal Disclaimer

Usage of pocsuite for attacking targets without prior mutual consent is illegal.
pocsuite is for security testing purposes only

法律免责声明

未经事先双方同意,使用pocsuite攻击目标是非法的。
pocsuite仅用于安全测试目的

Overview

pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security researchers.

Features

  • PoC scripts can running with attack,verify, shell mode in different way
  • Plugin ecosystem
  • Dynamic loading PoC script from any where (local file, redis , database, Seebug ...)
  • Load multi-target from any where (CIDR, local file, redis , database, Zoomeye, Shodan ...)
  • Results can be easily exported
  • Dynamic patch and hook requests
  • Both command line tool and python package import to use
  • IPV6 support
  • Global HTTP/HTTPS/SOCKS proxy support
  • Simple spider API for PoC script to use
  • Integrate with Seebug (for load PoC from Seebug website)
  • Integrate with ZoomEye (for load target from ZoomEye Dork)
  • Integrate with Shodan (for load target from Shodan Dork)
  • Integrate with Ceye (for verify blind DNS and HTTP request)
  • Integrate with Fofa (for load target from Fofa Dork)
  • Friendly debug PoC scripts with IDEs
  • More ...

Screenshots

pocsuite3 console mode

asciicast

pocsuite3 shell mode

asciicast

pocsuite3 load PoC from Seebug

asciicast

pocsuite3 load multi-target from ZoomEye

asciicast

pocsuite3 load multi-target from Shodan

asciicast

Requirements

  • Python 3.4+
  • Works on Linux, Windows, Mac OSX, BSD

Installation

The quick way:

$ pip3 install pocsuite3

Or click here to download the latest source zip package and extract

$ wget https://github.com/knownsec/pocsuite3/archive/master.zip
$ unzip master.zip

The latest version of this software is available from: http://pocsuite.org

Documentation

Documentation is available in the docs directory.

常用命令

命令行模式下
	pocsuite -u http://example.com -r example.py -v 2 # 基础用法 v2开启详细信息

	pocsuite -u http://example.com -r example.py -v 2 --shell # shell反连模式,基础用法 v2开启详细信息

	pocsuite -r redis.py --dork service:redis --threads 20 # 从zoomeye搜索redis目标批量检测,线程设置为20

	pocsuite -u http://example.com --plugins poc_from_pocs,html_report # 加载poc目录下所有poc,并将结果保存为html

	pocsuite -f batch.txt --plugins poc_from_pocs,html_report # 从文件中加载目标,并使用poc目录下poc批量扫描

	pocsuite -u 10.0.0.0/24 -r example.py --plugins target_from_cidr # 加载CIDR目标

	pocsuite -u http://example.com -r ecshop_rce.py --attack --command "whoami" # ecshop poc中实现了自定义命令`command`,可以从外部参数传递。

console模式 
    poc-console

How to Contribute

  1. Check for open issues or open a fresh issue to start a discussion around a feature idea or a bug.
  2. Fork the repository on GitHub to start making your changes to the dev branch (or branch off of it).
  3. Write a test which shows that the bug was fixed or that the feature works as expected.
  4. Send a pull request and bug the maintainer until it gets merged and published. Make sure to add yourself to THANKS.

Links