Pocsuite3API
When writing PoC, please use the API that has been encapsulated by Pocsuite3.
General Method
| Methods | Instructions |
|---|---|
| from pocsuite3.api import logger | Log |
| from pocsuite3.api import requests | Patched requests |
| from pocsuite3.api import Seebug | Seebug API |
| from pocsuite3.api import ZoomEye | ZoomEye API |
| from pocsuite3.api import Shodan | Shodan API |
| from pocsuite3.api import Fofa | Fofa API |
| from pocsuite3.api import Quake | Quake API |
| from pocsuite3.api import Hunter | Hunter API |
| from pocsuite3.api import Censys | Censys API |
| from pocsuite3.api import CEye | CEye API |
| from pocsuite3.api import Interactsh | Interactsh API |
| from pocsuite3.api import crawl | Simple crawler |
| from pocsuite3.api import PHTTPServer | Http Service |
| from pocsuite3.api import REVERSE_PAYLOAD | Reverse shell payload |
| from pocsuite3.api import get_results | Get Results |
(TODO: Improve API documentation)
ShellCode Generation
In some special Linux and Windows environments, it is difficult to get the reverse shell. To overcome this, we have made shellcode for Windows/Linux x86/x64 environment.
Demo Poc: https://github.com/knownsec/pocsuite3/blob/master/pocsuite3/pocs/thinkphp_rce2.py
from pocsuite3.api import generate_shellcode_list
_list = generate_shellcode_list(listener_ip=get_listener_ip(), listener_port=get_listener_port(), os_target=OS.LINUX, os_target_arch=OS_ARCH.X86)
HTTP Service
For some vulnerabilities that require HTTP services, Pocsuite3 also provides corresponding APIs to support opening an HTTP service locally for verification.
Test cases can be viewed: https://github.com/knownsec/pocsuite3/blob/master/tests/test_httpserver.py
"""
If you have issues about development, please read:
https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md
for more about information, plz visit https://pocsuite.org
"""
from http.server import SimpleHTTPRequestHandler
from pocsuite3.api import Output, POCBase, register_poc
from pocsuite3.api import PHTTPServer
class MyRequestHandler(SimpleHTTPRequestHandler):
def do_GET(self):
path = self.path
status = 404
count = 0
xxe_dtd = '''xxx'''
if path == "/xxe_dtd":
count = len(xxe_dtd)
status = 200
self.send_response(status)
self.send_header('Content-Type', 'text/html')
self.send_header('Content-Length', '{}'.format(count))
self.end_headers()
self.wfile.write(xxe_dtd.encode())
return
self.send_response(status)
self.send_header('Content-Type', 'text/html')
self.send_header("Content-Length", "{}".format(count))
self.end_headers()
def do_HEAD(self):
status = 404
if self.path.endswith('jar'):
status = 200
self.send_response(status)
self.send_header("Content-type", "text/html")
self.send_header("Content-Length", "0")
self.end_headers()
class DemoPOC(POCBase):
vulID = '' # ssvid
version = '1.0'
author = ['seebug']
vulDate = '2018-03-08'
createDate = '2018-04-12'
updateDate = '2018-04-13'
references = ['']
name = ''
appPowerLink = ''
appName = ''
appVersion = ''
vulType = ''
desc = '''
'''
samples = []
install_requires = ['']
def _verify(self):
result = {}
'''Simple http server demo
default params:
bind_ip='0.0.0.0'
bind_port=666
is_ipv6=False
use_https=False
certfile=os.path.join(paths.POCSUITE_DATA_PATH, 'cacert.pem')
requestHandler=BaseRequestHandler
You can write your own handler, default list current directory
'''
httpd = PHTTPServer(requestHandler=MyRequestHandler)
httpd.start()
# Write your code
return self.parse_output(result)
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
_attack = _verify
register_poc(DemoPOC)