Sunday, May 29, 2022
HomeHackerA Light-weight, Versatile And Novel Open Supply Poc Verification Framework

A Light-weight, Versatile And Novel Open Supply Poc Verification Framework




pocsploit is a light-weight, versatile and novel open supply poc verification framework

Ache factors of the POC framework available in the market

  1. There are too many params, I do not know tips on how to get began, however solely a few of them are generally used.
  2. YAML poc framework(like nuclei & xray) isn’t versatile sufficient. the conversion value could be very excessive when writing poc. Typically it is onerous when encountering non-http protocols. (solely hex can be utilized)
  3. Typically POC has false positives, which might be prevented by correct fingerprint matching.
  4. It’s closely depending on the framework. Poc in pocsploit can be utilized within the framework and will also be used alone.

Benefits of pocsploit

  1. Lighter, doesn’t depend upon the framework, a single poc can run
  2. Simpler to rewrite Poc
  3. Extra versatile (in comparison with nuclei, xray, goby, and many others.)
  4. Fewer false positives, offering fingerprint prerequisite judgment, you’ll be able to first decide whether or not the positioning has the fingerprint of a sure part, after which carry out POC verification, which is extra correct
  5. There are various methods to make use of, offering poc / exp
  6. Detailed vulnerability info show
  7. Poc ecological sustainability: I’ll proceed to replace the Poc to modules/, and welcome everybody to hitch us Contribute Poc

Encountered code/poc points, please Submit situation

Poc Statistics

cve cnnvd others
345 7 102

Utilization

Set up necessities

pip3 set up -r necessities.txt
  • poc to confirm single web site
python3 pocsploit.py -iS "http://xxxx/" -r "modules/" -t 100 --poc
python3 pocslpoit.py -iS "http://xxxxx" -r "modules/vulnerabilities/thinkphp/thinkphp-5022-rce.py" --poc
  • exp to take advantage of many web sites (with urls in a file)
python3 pocslpoit.py -iF "urls.txt" -r "modules/vulnerabilities/" --exp
  • Activate fingerprint pre-verification, confirm the fingerprint first, after which enter the poc verification after matching
python3 pocslpoit.py -iS "http://xxxxx" -r "modules/vulnerabilities/thinkphp/thinkphp-5022-rce.py" --poc --fp
  • Output to file & console quiet mode
python3 pocslpoit.py -iS "http://xxxx" -r "modules/vulnerabilities/" --poc -o consequence/consequence.log -q
python3 pocsploit.py --help

others

OOB

Please config conf/config.py

P.S. The right way to construct your individual DNSLog,please go to Hyuga-DNSLog

  • DNSLOG_URI: DNSLog Handle
  • DNSLOG_TOKEN: Token
  • DNSLOG_IDENTIFY: your id



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments