Merge pull request #2 from knownsec/master

Merge for knownsec/pocsuite3

CHANGELOG.md

@@ -109,4 +109,13 @@ Cross-platform shell code generation
 
 # version 1.4.3
 ---------------
-* 加入PPT模式
+* 加入PPT模式
+
+# version 1.4.5
+---------------
+* update usage.md
+
+# version 1.4.6
+---------------
+* 修复`-v`出现的问题
+* 修复加载多个poc可能出现的问题

CONTRIBUTORS.md

@@ -21,4 +21,7 @@ Ro0tk1t <https://github.com/Ro0tk1t>
 
 hawoosec <hanwu@protonmail.com>
 * for reporting a bug
-* for contributing a minor patch
+* for contributing a minor patch
+
+Explorer1092 <https://github.com/Explorer1092>
+* update usage.md

docs/CODING.md

@@ -627,8 +627,8 @@ from pocsuite3.api import get_results
 def run_pocsuite():
     # config 配置可参见命令行参数， 用于初始化 pocsuite3.lib.core.data.conf
     config = {
-    'url': 'http://127.0.0.1:8080',
-    'poc': 'ecshop_rce',
+    'url': ['http://127.0.0.1:8080', 'http://127.0.0.1:21']
+    'poc': ['ecshop_rce', 'ftp_burst']
     }
 
     init_pocsuite(config)

docs/USAGE.md

@@ -13,81 +13,98 @@ Enter into `pocsuite` directory, execute `python cli.py`. It supports double mod
 You can also use ```python cli.py -h``` for more details.
 
 ```
-Usage: pocsuite [options]
+usage: pocsuite [options]
 
-Options:
+optional arguments:
   -h, --help            show this help message and exit
   --version             Show program's version number and exit
   --update              Update Pocsuite
-  -v VERBOSE            Verbosity level: 0-6 (default 1)
+  -v {0,1,2,3,4,5,6}    Verbosity level: 0-6 (default 1)
 
-  Target:
-    At least one of these options has to be provided to define the
-    target(s)
+Target:
+  At least one of these options has to be provided to define the target(s)
 
-    -u URL, --url=URL   Target URL (e.g. "http://www.site.com/vuln.php?id=1")
-    -f URL_FILE, --file=URL_FILE
+  -u URL [URL ...], --url URL [URL ...]
+                        Target URL (e.g. "http://www.site.com/vuln.php?id=1")
+  -f URL_FILE, --file URL_FILE
                         Scan multiple targets given in a textual file
-    -r POC              Load POC file from local or remote from seebug website
-
-  Mode:
-    Pocsuite running mode options
-
-    --verify            Run poc with verify mode
-    --attack            Run poc with attack mode
-    --shell             Run poc with shell mode
-
-  Request:
-    Network request options
-
-    --cookie=COOKIE     HTTP Cookie header value
-    --host=HOST         HTTP Host header value
-    --referer=REFERER   HTTP Referer header value
-    --user-agent=AGENT  HTTP User-Agent header value
-    --random-agent      Use randomly selected HTTP User-Agent header value
-    --proxy=PROXY       Use a proxy to connect to the target URL
-    --proxy-cred=PROXY_CRED
+  -r POC [POC ...]      Load POC file from local or remote from seebug website
+  -c CONFIGFILE         Load options from a configuration INI file
+
+Mode:
+  Pocsuite running mode options
+
+  --verify              Run poc with verify mode
+  --attack              Run poc with attack mode
+  --shell               Run poc with shell mode
+
+Request:
+  Network request options
+
+  --cookie COOKIE       HTTP Cookie header value
+  --host HOST           HTTP Host header value
+  --referer REFERER     HTTP Referer header value
+  --user-agent AGENT    HTTP User-Agent header value
+  --random-agent        Use randomly selected HTTP User-Agent header value
+  --proxy PROXY         Use a proxy to connect to the target URL
+  --proxy-cred PROXY_CRED
                         Proxy authentication credentials (name:password)
-    --timeout=TIMEOUT   Seconds to wait before timeout connection (default 30)
-    --retry=RETRY       Time out retrials times.
-    --delay=DELAY       Delay between two request of one thread
-    --headers=HEADERS   Extra headers (e.g. "key1: value1\nkey2: value2")
+  --timeout TIMEOUT     Seconds to wait before timeout connection (default 30)
+  --retry RETRY         Time out retrials times.
+  --delay DELAY         Delay between two request of one thread
+  --headers HEADERS     Extra headers (e.g. "key1: value1\nkey2: value2")
 
-  Account:
-    Telnet404 account options
+Account:
+  Telnet404 account options
 
-    --login-user=LOGIN_USER
+  --login-user LOGIN_USER
                         Telnet404 login user
-    --login-pass=LOGIN_PASS
+  --login-pass LOGIN_PASS
                         Telnet404 login password
-
-  Modules:
-    Modules(Seebug Zoomeye CEye Listener) options
-
-    --dork=DORK         Zoomeye dork used for search.
-    --max-page=MAX_PAGE
-                        Max page used in ZoomEye API(10 targets/Page).
-    --search-type=SEARCH_TYPE
+  --shodan-token SHODAN_TOKEN
+                        Shodan token
+  --censys-uid CENSYS_UID
+                        Censys uid
+  --censys-secret CENSYS_SECRET
+                        Censys secret
+
+Modules:
+  Modules(Seebug Zoomeye CEye Listener) options
+
+  --dork DORK           Zoomeye dork used for search.
+  --dork-zoomeye DORK_ZOOMEYE
+                        Zoomeye dork used for search.
+  --dork-shodan DORK_SHODAN
+                        Shodan dork used for search.
+  --dork-censys DORK_CENSYS
+                        Censys dork used for search.
+  --max-page MAX_PAGE   Max page used in ZoomEye API(10 targets/Page).
+  --search-type SEARCH_TYPE
                         search type used in ZoomEye API, web or host
-    --vul-keyword=VUL_KEYWORD
+  --vul-keyword VUL_KEYWORD
                         Seebug keyword used for search.
-    --ssv-id=SSVID      Seebug SSVID number for target PoC.
-    --rhost=CONNECT_BACK_HOST
+  --ssv-id SSVID        Seebug SSVID number for target PoC.
+  --lhost CONNECT_BACK_HOST
                         Connect back host for target PoC in shell mode
-    --rport=CONNECT_BACK_PORT
+  --lport CONNECT_BACK_PORT
                         Connect back port for target PoC in shell mode
+  --comparison          Compare popular web search engines
 
-  Optimization:
-    Optimization options
+Optimization:
+  Optimization options
 
-    --plugins=PLUGINS   Load plugins to execute
-    --pocs-path=POCS_PATH
+  --plugins PLUGINS     Load plugins to execute
+  --pocs-path POCS_PATH
                         User defined poc scripts path
-    --threads=THREADS   Max number of concurrent network requests (default 1)
-    --batch=BATCH       Automatically choose defaut choice without asking.
-    --requires          Check install_requires
-    --quiet             Activate quiet mode, working without logger.
-
+  --threads THREADS     Max number of concurrent network requests (default 1)
+  --batch BATCH         Automatically choose defaut choice without asking.
+  --requires            Check install_requires
+  --quiet               Activate quiet mode, working without logger.
+  --ppt                 Hiden sensitive information when published to the
+                        network
+
+Poc options:
+  definition options for PoC
 ```
 
 **-f, --file URLFILE**

pocsuite3/__init__.py

@@ -1,5 +1,5 @@
 __title__ = 'pocsuite'
-__version__ = '1.4.4'
+__version__ = '1.4.6'
 __author__ = 'Knownsec Security Team'
 __author_email__ = 's1@seebug.org'
 __license__ = 'GPL 2.0'

pocsuite3/lib/core/option.py

@@ -57,10 +57,13 @@ def set_verbosity():
     elif conf.verbose == 2:
         logger.setLevel(logging.DEBUG)
     elif conf.verbose == 3:
+        logger.setLevel(logging.DEBUG)
         logger.setLevel(CUSTOM_LOGGING.SYSINFO)
     elif conf.verbose == 4:
+        logger.setLevel(logging.DEBUG)
         logger.setLevel(CUSTOM_LOGGING.WARNING)
     elif conf.verbose >= 5:
+        logger.setLevel(logging.DEBUG)
         logger.setLevel(CUSTOM_LOGGING.ERROR)
 
 
@@ -308,53 +311,55 @@ def _set_pocs_modules():
     # TODO
     # load poc scripts .pyc file support
     if conf.poc:
-        load_poc_sucess = False
         # step1. load system packed poc from pocsuite3/pocs folder
-        for found in glob.glob(os.path.join(paths.POCSUITE_POCS_PATH, "*.py*")):
-            dirname, filename = os.path.split(found)
-            poc_name = os.path.splitext(filename)[0]
-            for poc in conf.poc:
-                if found.endswith(('__init__.py', '__init__.pyc')):
-                    continue
-                if poc in (filename, poc_name):
-                    info_msg = "loading PoC script '{0}'".format(found)
+        exists_poc_with_ext = list(filter(lambda x: x not in ['__init__.py', '__init__.pyc'], os.listdir(paths.POCSUITE_POCS_PATH)))
+        exists_pocs = dict([os.path.splitext(x) for x in exists_poc_with_ext])
+        for poc in conf.poc:
+            load_poc_sucess = False
+            if any([poc in exists_poc_with_ext, poc in exists_pocs]):
+                poc_name, poc_ext = os.path.splitext(poc)
+                if poc_ext in ['.py', '.pyc']:
+                    file_path = os.path.join(paths.POCSUITE_POCS_PATH, poc)
+                else:
+                    file_path = os.path.join(paths.POCSUITE_POCS_PATH, poc+exists_pocs.get(poc))
+                if file_path:
+                    info_msg = "loading PoC script '{0}'".format(file_path)
                     logger.info(info_msg)
-                    load_poc_sucess = load_file_to_module(found)
+                    load_poc_sucess = load_file_to_module(file_path)
 
-        # step2. load poc from given file path
-        try:
-            if not load_poc_sucess:
-                for poc in conf.poc:
+            # step2. load poc from given file path
+            try:
+                if not load_poc_sucess:
                     if not poc.startswith('ssvid-') and check_file(poc):
                         info_msg = "loading PoC script '{0}'".format(poc)
                         logger.info(info_msg)
                         load_poc_sucess = load_file_to_module(poc)
-        except PocsuiteSystemException:
-            logger.error('PoC file "{0}" not found'.format(repr(conf.poc)))
-            raise SystemExit
+            except PocsuiteSystemException:
+                logger.error('PoC file "{0}" not found'.format(repr(poc)))
+                continue
 
-        # step3. load poc from seebug website using plugin 'poc_from_seebug'
-        if not load_poc_sucess:
-            for poc in conf.poc:
+            # step3. load poc from seebug website using plugin 'poc_from_seebug'
+            if not load_poc_sucess:
                 if poc.startswith('ssvid-'):
                     info_msg = "loading Poc script 'https://www.seebug.org/vuldb/{0}'".format(poc)
                     logger.info(info_msg)
                     if "poc_from_seebug" not in conf.plugins:
                         conf.plugins.append('poc_from_seebug')
                     load_poc_sucess = True
 
+    load_keyword_poc_sucess = False
     if conf.vul_keyword:
         # step4. load poc with vul_keyword search seebug website
         info_msg = "loading PoC script from seebug website using search keyword '{0}' ".format(conf.vul_keyword)
         logger.info(info_msg)
 
         conf.plugins.append('poc_from_seebug')
-        load_poc_sucess = True
+        load_keyword_poc_sucess = True
 
-    if (conf.poc or conf.vul_keyword) and not load_poc_sucess:
-        error_msg = ""
+    if all([not kb.registered_pocs, not load_keyword_poc_sucess]):
+        error_msg = "no PoC loaded, please check your PoC file"
         logger.error(error_msg)
-        raise PocsuiteSyntaxException(error_msg)
+        raise PocsuiteSystemException(error_msg)
 
 
 def _set_plugins():