diff --git a/CHANGELOG.md b/CHANGELOG.md index b7653030..d714b03c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -109,4 +109,13 @@ Cross-platform shell code generation # version 1.4.3 --------------- -* 加入PPT模式 \ No newline at end of file +* 加入PPT模式 + +# version 1.4.5 +--------------- +* update usage.md + +# version 1.4.6 +--------------- +* 修复`-v`出现的问题 +* 修复加载多个poc可能出现的问题 \ No newline at end of file diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 3ae84f78..76bf6e36 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -21,4 +21,7 @@ Ro0tk1t hawoosec * for reporting a bug -* for contributing a minor patch \ No newline at end of file +* for contributing a minor patch + +Explorer1092 +* update usage.md \ No newline at end of file diff --git a/docs/CODING.md b/docs/CODING.md index a78fb08e..72371592 100644 --- a/docs/CODING.md +++ b/docs/CODING.md @@ -627,8 +627,8 @@ from pocsuite3.api import get_results def run_pocsuite(): # config 配置可参见命令行参数, 用于初始化 pocsuite3.lib.core.data.conf config = { - 'url': 'http://127.0.0.1:8080', - 'poc': 'ecshop_rce', + 'url': ['http://127.0.0.1:8080', 'http://127.0.0.1:21'] + 'poc': ['ecshop_rce', 'ftp_burst'] } init_pocsuite(config) diff --git a/docs/USAGE.md b/docs/USAGE.md index 22136286..10ef9f46 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -13,81 +13,98 @@ Enter into `pocsuite` directory, execute `python cli.py`. It supports double mod You can also use ```python cli.py -h``` for more details. ``` -Usage: pocsuite [options] +usage: pocsuite [options] -Options: +optional arguments: -h, --help show this help message and exit --version Show program's version number and exit --update Update Pocsuite - -v VERBOSE Verbosity level: 0-6 (default 1) + -v {0,1,2,3,4,5,6} Verbosity level: 0-6 (default 1) - Target: - At least one of these options has to be provided to define the - target(s) +Target: + At least one of these options has to be provided to define the target(s) - -u URL, --url=URL Target URL (e.g. "http://www.site.com/vuln.php?id=1") - -f URL_FILE, --file=URL_FILE + -u URL [URL ...], --url URL [URL ...] + Target URL (e.g. "http://www.site.com/vuln.php?id=1") + -f URL_FILE, --file URL_FILE Scan multiple targets given in a textual file - -r POC Load POC file from local or remote from seebug website - - Mode: - Pocsuite running mode options - - --verify Run poc with verify mode - --attack Run poc with attack mode - --shell Run poc with shell mode - - Request: - Network request options - - --cookie=COOKIE HTTP Cookie header value - --host=HOST HTTP Host header value - --referer=REFERER HTTP Referer header value - --user-agent=AGENT HTTP User-Agent header value - --random-agent Use randomly selected HTTP User-Agent header value - --proxy=PROXY Use a proxy to connect to the target URL - --proxy-cred=PROXY_CRED + -r POC [POC ...] Load POC file from local or remote from seebug website + -c CONFIGFILE Load options from a configuration INI file + +Mode: + Pocsuite running mode options + + --verify Run poc with verify mode + --attack Run poc with attack mode + --shell Run poc with shell mode + +Request: + Network request options + + --cookie COOKIE HTTP Cookie header value + --host HOST HTTP Host header value + --referer REFERER HTTP Referer header value + --user-agent AGENT HTTP User-Agent header value + --random-agent Use randomly selected HTTP User-Agent header value + --proxy PROXY Use a proxy to connect to the target URL + --proxy-cred PROXY_CRED Proxy authentication credentials (name:password) - --timeout=TIMEOUT Seconds to wait before timeout connection (default 30) - --retry=RETRY Time out retrials times. - --delay=DELAY Delay between two request of one thread - --headers=HEADERS Extra headers (e.g. "key1: value1\nkey2: value2") + --timeout TIMEOUT Seconds to wait before timeout connection (default 30) + --retry RETRY Time out retrials times. + --delay DELAY Delay between two request of one thread + --headers HEADERS Extra headers (e.g. "key1: value1\nkey2: value2") - Account: - Telnet404 account options +Account: + Telnet404 account options - --login-user=LOGIN_USER + --login-user LOGIN_USER Telnet404 login user - --login-pass=LOGIN_PASS + --login-pass LOGIN_PASS Telnet404 login password - - Modules: - Modules(Seebug Zoomeye CEye Listener) options - - --dork=DORK Zoomeye dork used for search. - --max-page=MAX_PAGE - Max page used in ZoomEye API(10 targets/Page). - --search-type=SEARCH_TYPE + --shodan-token SHODAN_TOKEN + Shodan token + --censys-uid CENSYS_UID + Censys uid + --censys-secret CENSYS_SECRET + Censys secret + +Modules: + Modules(Seebug Zoomeye CEye Listener) options + + --dork DORK Zoomeye dork used for search. + --dork-zoomeye DORK_ZOOMEYE + Zoomeye dork used for search. + --dork-shodan DORK_SHODAN + Shodan dork used for search. + --dork-censys DORK_CENSYS + Censys dork used for search. + --max-page MAX_PAGE Max page used in ZoomEye API(10 targets/Page). + --search-type SEARCH_TYPE search type used in ZoomEye API, web or host - --vul-keyword=VUL_KEYWORD + --vul-keyword VUL_KEYWORD Seebug keyword used for search. - --ssv-id=SSVID Seebug SSVID number for target PoC. - --rhost=CONNECT_BACK_HOST + --ssv-id SSVID Seebug SSVID number for target PoC. + --lhost CONNECT_BACK_HOST Connect back host for target PoC in shell mode - --rport=CONNECT_BACK_PORT + --lport CONNECT_BACK_PORT Connect back port for target PoC in shell mode + --comparison Compare popular web search engines - Optimization: - Optimization options +Optimization: + Optimization options - --plugins=PLUGINS Load plugins to execute - --pocs-path=POCS_PATH + --plugins PLUGINS Load plugins to execute + --pocs-path POCS_PATH User defined poc scripts path - --threads=THREADS Max number of concurrent network requests (default 1) - --batch=BATCH Automatically choose defaut choice without asking. - --requires Check install_requires - --quiet Activate quiet mode, working without logger. - + --threads THREADS Max number of concurrent network requests (default 1) + --batch BATCH Automatically choose defaut choice without asking. + --requires Check install_requires + --quiet Activate quiet mode, working without logger. + --ppt Hiden sensitive information when published to the + network + +Poc options: + definition options for PoC ``` **-f, --file URLFILE** diff --git a/pocsuite3/__init__.py b/pocsuite3/__init__.py index 70bd020e..76862c86 100644 --- a/pocsuite3/__init__.py +++ b/pocsuite3/__init__.py @@ -1,5 +1,5 @@ __title__ = 'pocsuite' -__version__ = '1.4.4' +__version__ = '1.4.6' __author__ = 'Knownsec Security Team' __author_email__ = 's1@seebug.org' __license__ = 'GPL 2.0' diff --git a/pocsuite3/lib/core/option.py b/pocsuite3/lib/core/option.py index 37225088..c5fa0e13 100644 --- a/pocsuite3/lib/core/option.py +++ b/pocsuite3/lib/core/option.py @@ -57,10 +57,13 @@ def set_verbosity(): elif conf.verbose == 2: logger.setLevel(logging.DEBUG) elif conf.verbose == 3: + logger.setLevel(logging.DEBUG) logger.setLevel(CUSTOM_LOGGING.SYSINFO) elif conf.verbose == 4: + logger.setLevel(logging.DEBUG) logger.setLevel(CUSTOM_LOGGING.WARNING) elif conf.verbose >= 5: + logger.setLevel(logging.DEBUG) logger.setLevel(CUSTOM_LOGGING.ERROR) @@ -308,34 +311,35 @@ def _set_pocs_modules(): # TODO # load poc scripts .pyc file support if conf.poc: - load_poc_sucess = False # step1. load system packed poc from pocsuite3/pocs folder - for found in glob.glob(os.path.join(paths.POCSUITE_POCS_PATH, "*.py*")): - dirname, filename = os.path.split(found) - poc_name = os.path.splitext(filename)[0] - for poc in conf.poc: - if found.endswith(('__init__.py', '__init__.pyc')): - continue - if poc in (filename, poc_name): - info_msg = "loading PoC script '{0}'".format(found) + exists_poc_with_ext = list(filter(lambda x: x not in ['__init__.py', '__init__.pyc'], os.listdir(paths.POCSUITE_POCS_PATH))) + exists_pocs = dict([os.path.splitext(x) for x in exists_poc_with_ext]) + for poc in conf.poc: + load_poc_sucess = False + if any([poc in exists_poc_with_ext, poc in exists_pocs]): + poc_name, poc_ext = os.path.splitext(poc) + if poc_ext in ['.py', '.pyc']: + file_path = os.path.join(paths.POCSUITE_POCS_PATH, poc) + else: + file_path = os.path.join(paths.POCSUITE_POCS_PATH, poc+exists_pocs.get(poc)) + if file_path: + info_msg = "loading PoC script '{0}'".format(file_path) logger.info(info_msg) - load_poc_sucess = load_file_to_module(found) + load_poc_sucess = load_file_to_module(file_path) - # step2. load poc from given file path - try: - if not load_poc_sucess: - for poc in conf.poc: + # step2. load poc from given file path + try: + if not load_poc_sucess: if not poc.startswith('ssvid-') and check_file(poc): info_msg = "loading PoC script '{0}'".format(poc) logger.info(info_msg) load_poc_sucess = load_file_to_module(poc) - except PocsuiteSystemException: - logger.error('PoC file "{0}" not found'.format(repr(conf.poc))) - raise SystemExit + except PocsuiteSystemException: + logger.error('PoC file "{0}" not found'.format(repr(poc))) + continue - # step3. load poc from seebug website using plugin 'poc_from_seebug' - if not load_poc_sucess: - for poc in conf.poc: + # step3. load poc from seebug website using plugin 'poc_from_seebug' + if not load_poc_sucess: if poc.startswith('ssvid-'): info_msg = "loading Poc script 'https://www.seebug.org/vuldb/{0}'".format(poc) logger.info(info_msg) @@ -343,18 +347,19 @@ def _set_pocs_modules(): conf.plugins.append('poc_from_seebug') load_poc_sucess = True + load_keyword_poc_sucess = False if conf.vul_keyword: # step4. load poc with vul_keyword search seebug website info_msg = "loading PoC script from seebug website using search keyword '{0}' ".format(conf.vul_keyword) logger.info(info_msg) conf.plugins.append('poc_from_seebug') - load_poc_sucess = True + load_keyword_poc_sucess = True - if (conf.poc or conf.vul_keyword) and not load_poc_sucess: - error_msg = "" + if all([not kb.registered_pocs, not load_keyword_poc_sucess]): + error_msg = "no PoC loaded, please check your PoC file" logger.error(error_msg) - raise PocsuiteSyntaxException(error_msg) + raise PocsuiteSystemException(error_msg) def _set_plugins():