What is Pocsuite3？ #

Introduction #

Pocsuite3 is an open source remote vulnerability testing and PoC development framework developed by the Knownsec 404 Team. Since Pocsuite3 was open sourced in 2015, Knownsec 404 Team has been continuously maintaining and updating.

You can directly use Pocsuite3 to verify and exploit vulnerabilities, and you can also develop PoC/Exp based on Pocsuite3, because it is also a PoC development framework. at the same time, you can directly integrate Pocsuite3 in your vulnerability testing tool, which also provides standard the calling class.

Features #

Vulnerability Testing Framework #

Pocsuite3 is written in Python3, It supports three modes: verify, attack and shell. You can specify a single target or import multiple targets from a file, and use a single PoC or a set of PoCs to verify or exploit vulnerabilities. It can be run in command line mode, and also supports Metasploit-like interactive mode. In addition, it also includes some basic functions such as output results reports.

PoC/Exp Development Kit #

Pocsuite3 is also a PoC/Exp SDK, that is, a development kit. We encapsulate the basic PoC classes and some commonly used methods, such as Webshell related methods. To develop PoC/Exp based on Pocsuite3, you can just write the core code of the Vulnerability, without having to care about the overall result output and other processing. PoC/Exp written based on Pocsuite3 can be used directly by Pocsuite3, Seebug website also has thousands of PoC/Exp based on Pocsuite3.

Integratable Module #

In addition to being a security tool itself, Pocsuite3 can also be integrated into the vulnerability testing module as a Python package. You can also develop your own applications based on Pocsuite3. We have encapsulated PoC API in Pocsuite3 that can be imported by other programs. You can perform secondary development based on Pocsuite3 and use Pocsuite3 to develop your own vulnerability verification tools.

Integrate ZoomEye, Seebug, Ceye, Shodan, etc. #

Pocsuite3 also integrates the APIs of many security services such as ZoomEye, Seebug, Ceye, Shodan, etc. Through this function, you can obtain test targets with specified conditions in batches through the ZoomEye API (search through ZoomEye's Dork), and at the same time obtain the vulnerability PoC through the Seebug API. perform automated batch testing, and use Ceye to verify OOB DNS and HTTP requests.

Highlights #

• PoC scripts can running with verify, attack, shell mode in different way
• Dynamic loading PoC script from any where (local file, redis, database, Seebug ...)
• Load multi target from any where (CIDR, local file, redis, database, Zoomeye, Shodan ...)
• Results can be easily exported
• Plugin system, users can customize plugins of TARGETS, POCS, RESULTS, which is highly expandable
• Hook of network library (urllib3, requests), convenient for PoC writing and global control
• Can be used either as a command-line tool or imported as a Python module
• It supports IPv4 / IPv6
• Global HTTP/HTTPS/SOCKS proxy support
• YAML PoC support, compatible with nuclei
• Integrate with Seebug (for load PoC from Seebug website)
• Integrate with ZoomEye, Shodan, etc. (for load target use Dork)
• Integrate with Ceye, Interactsh (for verify OOB DNS and HTTP request)
• All code is open source
• more...

Compared with Metasploit, Pocsuite3 currently does not have the ability of post penetration stage, which is relatively lightweight. Compared with the PoC framework in YAML format, Pocsuite3 is more flexible and can directly use a large number of third-party libraries. As long as users can write python, they can get started quickly.

From version 2.0.0, Pocsuite3 support YAML based PoC, compatible with nuclei templates.