pocsuite-z

Legal Disclaimer

Usage of pocsuite for attacking targets without prior mutual consent is illegal.
pocsuite is for security testing purposes only

法律免责声明

未经事先双方同意，使用 pocsuite-z 攻击目标是非法的。
pocsuite-z 仅用于安全测试目的

Overview

pocsuite-z is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team ,and enhanced by z3r0yu. It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security researchers.

Features

• PoC scripts can running with attack,verify, shell mode in different way
• Plugin ecosystem
• Dynamic loading PoC script from any where (local file, redis , database, Seebug ...)
• Load multi-target from any where (CIDR, local file, redis , database, Zoomeye, Shodan ...)
• Results can be easily exported
• Dynamic patch and hook requests
• Both command line tool and python package import to use
• IPV6 support
• Global HTTP/HTTPS/SOCKS proxy support
• Simple spider API for PoC script to use
• Integrate with Seebug (for load PoC from Seebug website)
• Integrate with ZoomEye (for load target from ZoomEye Dork)
• Integrate with Shodan (for load target from Shodan Dork)
• Integrate with Ceye (for verify blind DNS and HTTP request)
• Integrate with Fofa (for load target from Fofa Dork)
• Friendly debug PoC scripts with IDEs
• Integrate with Google (for load target from Google Dork)
• Add PoCs from some_pocsuite
• Integrate with Fofa crawler (for load target from Fofa Dork)
• More ...

Screenshots

pocsuite3 console mode

pocsuite3 shell mode

pocsuite3 load PoC from Seebug

pocsuite3 load multi-target from ZoomEye

pocsuite3 load multi-target from Shodan

Requirements

• Python 3.4+
• Works on Linux, Windows, Mac OSX, BSD

Installation

git clone it

git clone https://github.com/zer0yu/pocsuite-z.git

or click here to download the latest source zip package and extract

$ wget https://github.com/zer0yu/pocsuite-z/archive/master.zip
$ unzip master.zip

The latest version of this software is available from: https://github.com/zer0yu/pocsuite-z

Documentation

Documentation is available in the docs directory.

常用命令

命令行模式下
	pocsuite -u http://example.com -r example.py -v 2 # 基础用法 v2开启详细信息

	pocsuite -u http://example.com -r example.py -v 2 --shell # shell反连模式，基础用法 v2开启详细信息

	pocsuite -r redis.py --dork service:redis --threads 20 # 从zoomeye搜索redis目标批量检测，线程设置为20

	python pocsuite3/cli.py -r pocsuite3/pocs/CVE-2020-5902.py --dork-google 'intitle:"BIG-IP" inurl:"tmui"' --thread 10 # 从google搜索目标并进行批量检测

	pocsuite -u http://example.com --plugins poc_from_pocs,html_report # 加载poc目录下所有poc,并将结果保存为html

	pocsuite -f batch.txt --plugins poc_from_pocs,html_report # 从文件中加载目标，并使用poc目录下poc批量扫描

	pocsuite -u 10.0.0.0/24 -r example.py --plugins target_from_cidr # 加载CIDR目标

	pocsuite -u http://example.com -r ecshop_rce.py --attack --command "whoami" # ecshop poc中实现了自定义命令`command`,可以从外部参数传递。

console模式
    poc-console

How to Contribute

1. Check for open issues or open a fresh issue to start a discussion around a feature idea or a bug.
2. Fork the repository on GitHub to start making your changes to the dev branch (or branch off of it).
3. Write a test which shows that the bug was fixed or that the feature works as expected.
4. Send a pull request and bug the maintainer until it gets merged and published. Make sure to add yourself to THANKS.

Links

• Contributors
• Change Log
• Bug tracking
• Copyright
• Pocsuite
• Seebug
• ZoomEye
• Knownsec