How to use the pocsuite3.api.POCBase function in pocsuite3
To help you get started, we’ve selected a few pocsuite3 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
knownsec / pocsuite3 / tests / login_demo.py View on Github 
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# @Time : 2019/2/26 2:33 PM
# @Author : chenghsm
# @File : login_demo.py
# @Descript: 自定义命令参数登录例子
from collections import OrderedDict
from pocsuite3.api import Output, POCBase, POC_CATEGORY, register_poc, requests
from pocsuite3.api import OptString
class DemoPOC(POCBase):
vulID = '00000' # ssvid
version = '1.0'
author = ['chenghs']
vulDate = '2019-2-26'
createDate = '2019-2-26'
updateDate = '2019-2-25'
references = ['']
name = '自定义命令参数登录例子'
appPowerLink = 'http://www.knownsec.com/'
appName = 'test'
appVersion = 'test'
vulType = 'demo'
desc = '''这个例子说明了你可以使用console模式设置一些参数或者使用命令中的'--'来设置自定义的参数'''
samples = []
category = POC_CATEGORY.EXPLOITS.WEBAPP# 用于VNC认证爆破,参考:https://github.com/c0ny1/pwcracker/blob/master/plus/vnc.py
from Crypto.Cipher import DES
# 将输入的url转换为ip:port,供socket使用
from pocsuite3.lib.utils import url2ip
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY
'''
基于socket的未授权访问参考:https://github.com/knownsec/pocsuite3/blob/0f68c1cef3804c5d43be6cfd11c2298f3d77f0ad/pocsuite3/pocs/redis_unauthorized_access.py
'''
class VNC_POC(POCBase):
vulID = 'VNC-unauthorized-access' # ssvid ID 如果是提交漏洞的同时提交 PoC,则写成 0
appName = 'VNC'
appVersion = ''
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = "INFORMATION_DISCLOSURE"
vulDate = '2020-04-14' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-14' # 编写 PoC 的日期
updateDate = '2020-04-14' # PoC 更新的时间,默认和编写时间一样
references = ['https://mntn0x.github.io/2019/08/02/RealVNC%E6%BC%8F%E6%B4%9E/'] # 漏洞地址来源,0day不用写
name = 'VNC未授权访问漏洞' # PoC 名称
cvss = u"高危"
def _verify(self):# 输出报告
def save_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail()
return output
'''
CVE-2019-5475/CVE-2019-15588
需要管理员权限
'''
class Nexus2_RCE_POC(POCBase):
vulID = 'Nexus2-CVE-2019-5475_15588'
appName = 'Nexus2'
appVersion = 'Nexus Repository Manager OSS/Pro <= 2.14.13'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2019-09-09' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2019-09-13' # 编写 PoC 的日期
updateDate = '2020-02-17' # PoC 更新的时间,默认和编写时间一样
references = ['https://hackerone.com/reports/654888'] # 漏洞地址来源,0day不用写
name = 'Nexus2 RCE' # PoC 名称
appPowerLink = ['https://support.sonatype.com/hc/en-us'] # 漏洞厂商主页地址
desc = '''
Nexus Repository Manager 2 RCE
''' # 漏洞简要描述
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写import json
import base64
# 为了拿到password-top100.txt
from pocsuite3.lib.core.data import paths
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase, logger
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
'''
CVE-2020-10204: Nexus 3 EL injection
Admin access is required
'''
class Nexus3_2020_10204_EL_INJECTION_POC(POCBase):
vulID = 'Nexus3-CVE-2020-10204'
appName = 'Nexus3'
appVersion = 'Nexus Repository Manager OSS/Pro <=3.21.1'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2020-04-01' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-03' # 编写 PoC 的日期
updateDate = '2020-04-03' # PoC 更新的时间,默认和编写时间一样
references = ['https://support.sonatype.com/hc/en-us/articles/360044356194-CVE-2020-10204-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31'] # 漏洞地址来源,0day不用写
name = 'Nexus3 EL injection' # PoC 名称
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"高危"
# 使用随机字符串作为banner,计算数字之后返回for more about information, plz visit http://pocsuite.org
"""
import base64
import binascii
from collections import OrderedDict
from urllib.parse import urljoin
from requests.exceptions import ReadTimeout
from pocsuite3.api import Output, POCBase, POC_CATEGORY, register_poc, requests, REVERSE_PAYLOAD, OptString, OptItems, \
OptDict, VUL_TYPE
from pocsuite3.lib.utils import get_middle_text
class DemoPOC(POCBase):
vulID = '97343' # ssvid
version = '3.0'
author = ['seebug']
vulDate = '2018-06-14'
createDate = '2018-06-14'
updateDate = '2018-06-14'
references = ['https://www.seebug.org/vuldb/ssvid-97343']
name = 'Ecshop 2.x/3.x Remote Code Execution'
appPowerLink = ''
appName = 'ECSHOP'
appVersion = '2.x,3.x'
vulType = VUL_TYPE.CODE_EXECUTION
desc = '''近日,Ecshop爆出全版本SQL注入及任意代码执行漏洞,受影响的版本有:Ecshop 2.x,Ecshop 3.x-3.6.0'''
samples = []
install_requires = ['']
category = POC_CATEGORY.EXPLOITS.WEBAPPimport json
import base64
# 为了拿到password-top100.txt
from pocsuite3.lib.core.data import paths
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase, logger
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
'''
CVE-2020-10199: Nexus 3 EL injection
Admin access is required
'''
class Nexus3_2020_10199_EL_INJECTION_POC(POCBase):
vulID = 'Nexus3-CVE-2020-10199'
appName = 'Nexus3'
appVersion = 'Nexus Repository Manager OSS/Pro <=3.21.1'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2020-04-01' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-08' # 编写 PoC 的日期
updateDate = '2020-04-08' # PoC 更新的时间,默认和编写时间一样
references = ['https://support.sonatype.com/hc/en-us/articles/360044882533'] # 漏洞地址来源,0day不用写
name = 'Nexus3 EL injection' # PoC 名称
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"高危"
# 使用随机字符串作为banner,计算数字之后返回"""
If you have issues about development, please read:
https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md
for more about information, plz visit http://pocsuite.org
"""
from collections import OrderedDict
from urllib.parse import urljoin
from pocsuite3.api import POCBase, Output, register_poc, logger, requests, OptDict, VUL_TYPE
from pocsuite3.api import REVERSE_PAYLOAD, POC_CATEGORY
class DemoPOC(POCBase):
vulID = '97550'
version = '3'
author = ['seebug']
vulDate = '2018-09-25'
createDate = '2018-09-25'
updateDate = '2018-09-25'
references = ['https://www.seebug.org/vuldb/ssvid-97550']
name = 'Western Digital My Cloud(NAS)登录绕过导致无限制远程命令执行'
appPowerLink = 'https://www.wdc.com/en-us/'
appName = 'WD NAS 登陆绕过导致无限远程命令执行'
appVersion = ''
vulType = VUL_TYPE.CODE_EXECUTION
desc = '''
Western Digital My Cloud(NAS)登录绕过导致无限制远程命令执行
'''
samples = ['96.234.71.117:80']import sys
import random
import json
import base64
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
'''
CVE-2020-11753: Nexus 3 groovy injection(Improper Access Controls)
Admin access is required
This is a feature removed since 3.22.0
'''
class Nexus3_2020_11753_groovy_INJECTION_POC(POCBase):
vulID = 'Nexus3-groovy-injection'
appName = 'Nexus3'
appVersion = 'Nexus Repository Manager OSS/Pro <=3.21.2(官方说是3.21.1 and 3.22.0)'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2020-04-16' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-03' # 编写 PoC 的日期
updateDate = '2020-04-17' # PoC 更新的时间,默认和编写时间一样
references = ['https://support.sonatype.com/hc/en-us/articles/360046233714-CVE-2020-11753-Nexus-Repository-Manager-3-Improper-Access-Controls-2020-04-16'] # 漏洞地址来源,0day不用写
name = 'Nexus3 groovy injection' # PoC 名称
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"高危"#!/usr/bin/env python
#coding=utf-8
import traceback
# 将输入的url转换为ip:port,供socket使用
from pocsuite3.lib.utils import url2ip
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
class Elasticsearch_POC(POCBase):
vulID = 'Elasticsearch-unauthorized-access' # ssvid ID 如果是提交漏洞的同时提交 PoC,则写成 0
appName = 'Elasticsearch'
appVersion = ''
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.INFORMATION_DISCLOSURE
vulDate = '2020-04-17' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-17' # 编写 PoC 的日期
updateDate = '2020-04-17' # PoC 更新的时间,默认和编写时间一样
references = ['https://github.com/chaitin/xray/blob/master/pocs/elasticsearch-unauth.yml', 'https://www.cnblogs.com/xiaozi/p/8275201.html'] # 漏洞地址来源,0day不用写
name = 'Elasticsearch未授权访问漏洞' # PoC 名称
cvss = u"高危"
'''import re
from pocsuite3.api import Output, POCBase, POC_CATEGORY, register_poc, requests, VUL_TYPE
class DemoPOC(POCBase):
vulID = '97898' # ssvid
version = '1.0'
author = ['w7ay']
vulDate = '2019-04-04'
createDate = '2019-04-04'
updateDate = '2019-04-04'
references = ['https://www.seebug.org/vuldb/ssvid-97898']
name = 'Confluence Widget Connector path traversal (CVE-2019-3396)'
appPowerLink = ''
appName = 'Confluence'
appVersion = ''
vulType = VUL_TYPE.CODE_EXECUTION
desc = '''2019 年 3 月 28 日,Confluence 官方发布预警 ,指出 Confluence Server 与 Confluence Data Center 中的 Widget Connector 存在服务端模板注入漏洞,攻击 者能利用此漏洞能够实现目录穿越与远程代码执行,同时该漏洞被赋予编号 CVE2019-3396。'''
samples = []
install_requires = ['']
category = POC_CATEGORY.EXPLOITS.WEBAPPpocsuite3
Open-sourced remote vulnerability testing framework.
Package Health Score
62 / 100Popular pocsuite3 functions
- pocsuite3.api.logger
- pocsuite3.api.logger.info
- pocsuite3.api.Output
- pocsuite3.api.POC_CATEGORY
- pocsuite3.api.POCBase
- pocsuite3.api.register_poc
- pocsuite3.api.requests
- pocsuite3.api.requests.get
- pocsuite3.api.requests.post
- pocsuite3.api.VUL_TYPE
- pocsuite3.lib.core.common.data_to_stdout
- pocsuite3.lib.core.data.conf
- pocsuite3.lib.core.data.kb
- pocsuite3.lib.core.data.logger
- pocsuite3.lib.core.data.logger.debug
- pocsuite3.lib.core.data.logger.error
- pocsuite3.lib.core.data.logger.info
- pocsuite3.lib.core.data.paths
- pocsuite3.lib.core.datatype.AttribDict
- pocsuite3.lib.request.requests.get