• Stars
    star
    3,641
  • Rank 12,151 (Top 0.3 %)
  • Language
    Python
  • License
    Other
  • Created over 5 years ago
  • Updated 7 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

pocsuite3

Python 3.x License Twitter

Legal Disclaimer

Usage of pocsuite3 for attacking targets without prior mutual consent is illegal. pocsuite3 is for security testing purposes only

法律免责声明

未经事先双方同意,使用 pocsuite3 攻击目标是非法的。 pocsuite3 仅用于安全测试目的

Overview

pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many nice features for the ultimate penetration testers and security researchers.

Features

  • PoC scripts can running with verify, attack, shell mode in different way
  • Plugin ecosystem
  • Dynamic loading PoC script from anywhere (local file, redis, database, Seebug ...)
  • Load multi-target from anywhere (CIDR, local file, redis, database, Zoomeye, Shodan ...)
  • Results can be easily exported
  • Dynamic patch and hook requests
  • Both command line tool and python package import to use
  • IPv6 support
  • Global HTTP/HTTPS/SOCKS proxy support
  • Simple spider API for PoC script to use
  • YAML PoC support, compatible with nuclei
  • Integrate with Seebug (for load PoC from Seebug website)
  • Integrate with ZoomEye, Shodan, etc. (for load target use Dork)
  • Integrate with Ceye, Interactsh (for verify blind DNS and HTTP request)
  • Friendly debug PoC scripts with IDEs
  • More ...

Screenshots

pocsuite3 console mode

asciicast

pocsuite3 shell mode

asciicast

pocsuite3 load PoC from Seebug

asciicast

pocsuite3 load multi-target from ZoomEye

asciicast

pocsuite3 load multi-target from Shodan

asciicast

pocsuite3 load nuclei template

Requirements

  • Python 3.7+
  • Works on Linux, Windows, Mac OSX, BSD, etc.

Installation

Paste at a terminal prompt:

Python pip

pip3 install pocsuite3

# use other pypi mirror
pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple pocsuite3

MacOS

brew update
brew info pocsuite3
brew install pocsuite3

Debian, Ubuntu, Kali

sudo apt update
sudo apt install pocsuite3

Docker

docker run -it pocsuite3/pocsuite3

ArchLinux

yay pocsuite3

Or click here to download the latest source zip package and extract

wget https://github.com/knownsec/pocsuite3/archive/master.zip
unzip master.zip
cd pocsuite3-master
pip3 install -r requirements.txt
python3 setup.py install

The latest version of this software is available at: https://pocsuite.org

Documentation

Documentation is available at: https://pocsuite.org

Usage

cli mode

	# basic usage, use -v to set the log level
	pocsuite -u http://example.com -r example.py -v 2

	# run poc with shell mode
	pocsuite -u http://example.com -r example.py -v 2 --shell

	# search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The threads is set to 20
	pocsuite -r redis.py --dork service:redis --threads 20

	# load all poc in the poc directory and save the result as html
	pocsuite -u http://example.com --plugins poc_from_pocs,html_report

	# load the target from the file, and use the poc under the poc directory to scan
	pocsuite -f batch.txt --plugins poc_from_pocs,html_report

	# load CIDR target
	pocsuite -u 10.0.0.0/24 -r example.py

	# the custom parameters `command` is implemented in ecshop poc, which can be set from command line options
	pocsuite -u http://example.com -r ecshop_rce.py --attack --command "whoami"

console mode
    poc-console

How to Contribute

  1. Check for open issues or open a fresh issue to start a discussion around a feature idea or a bug.
  2. Fork the repository on GitHub to start making your changes.
  3. Write a test which shows that the bug was fixed or that the feature works as expected.
  4. Send a pull request or bug to the maintainer until it gets merged or fixed. Make sure to add yourself to Contributors.

Links

More Repositories

1

404StarLink

404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
8,436
star
2

KCon

KCon is a famous Hacker Con powered by Knownsec Team.
JavaScript
4,578
star
3

ksubdomain

无状态子域名爆破工具
Go
2,242
star
4

Pocsuite

This project has stopped to maintenance, please to https://github.com/knownsec/pocsuite3 project.
Python
1,828
star
5

shellcodeloader

shellcodeloader
C++
1,668
star
6

Kunyu

Kunyu, more efficient corporate asset collection
Python
1,011
star
7

RD_Checklist

知道创宇研发技能表
Python
828
star
8

404StarLink-Project

Focus on promoting the evolution of tools in different aspects of security research.专注于推动安全研究各个领域工具化.(项目收录逐步迁移至 https://github.com/knownsec/404StarLink)
813
star
9

rtcp

利用 Python 的 Socket 端口转发,用于远程维护
Python
709
star
10

ZoomEye-python

ZoomEye-python: The official Python library and CLI by Knownsec 404 Team.
Python
530
star
11

LSpider

LSpider 一个为被动扫描器定制的前端爬虫
Python
345
star
12

gsm

使用树莓派配合硬件来进行短信转发
Go
342
star
13

wam

Web App Monitor
JavaScript
228
star
14

Ethereum-Smart-Contracts-Security-CheckList

Ethereum Smart Contracts Security CheckList From Knownsec 404 Team
155
star
15

VxPwn

VxWorks漏洞挖掘相关
Python
154
star
16

PortForward

The port forwarding tool developed by Golang solves the problem that the internal and external networks cannot communicate in certain scenarios
Go
135
star
17

ct

简单易用的域名爆破工具
Rust
102
star
18

Zoomeye-Tools

Zoomeye Tools是配合Zoomeye使用的Chrome插件
JavaScript
42
star
19

Decrypt-ransomware

Python
37
star
20

Minitools-bin_extractor

A simple script for quickly mining sensitive information in binary files.
Python
29
star
21

LBot

A simple xss bot template
Python
23
star
22

ZoomeyeGPT

JavaScript
21
star
23

404-Team-ShowCase

19
star
24

Minitools-cidrgen

cidrgen is based on cidr's subnet IP list generator
Go
15
star
25

Minitools-ipstatistics

ipstatistics is a script based on the ipip library that is used to quickly filter the ip list.
Python
14
star
26

workin

workin tornado
JavaScript
14
star
27

Minitools-CookieTest

A script used to quickly test APIs or required parameters and cookies for a certain request.
Python
9
star
28

helloworld

一些经典的笔试题目,进入知道创宇的 Hello World!
2
star