Pocsploit is a lightweight, flexible and novel open source poc verification framework

pocsploit

中文 README


Reapoc

pocsploit is a lightweight, flexible and novel open source poc verification framework

GitHub contributors GitHub Repo stars

Pain points of the POC framework in the market

  1. There are too many params, I don't know how to get started, but only some of them are commonly used.
  2. YAML poc framework(like nuclei & xray) is not flexible enough. the conversion cost is very high when writing poc. Sometimes it's hard when encountering non-http protocols. (only hex can be used)
  3. Sometimes POC has false positives, which can be avoided by accurate fingerprint matching.
  4. It is heavily dependent on the framework. Poc in pocsploit can be used in the framework and can also be used alone.

Advantages of pocsploit

  1. Lighter, does not depend on the framework, a single poc can run
  2. Easier to rewrite Poc
  3. More flexible (compared to nuclei, xray, goby, etc.)
  4. Fewer false positives, providing fingerprint prerequisite judgment, you can first judge whether the site has the fingerprint of a certain component, and then perform POC verification, which is more accurate
  5. There are many ways to use, providing poc / exp
  6. Detailed vulnerability information display
  7. Poc ecological sustainability: I will continue to update the Poc to modules/, and welcome everyone to join us Contribute Poc

Encountered code/poc issues, please Submit issue

Poc Statistics

cve cnnvd others
345 7 102

Usage

Install requirements

pip3 install -r requirements.txt
  • poc to verify single website
python3 pocsploit.py -iS "http://xxxx/" -r "modules/" -t 100 --poc
  • specific poc
python3 pocslpoit.py -iS "http://xxxxx" -r "modules/vulnerabilities/thinkphp/thinkphp-5022-rce.py" --poc
  • exp to exploit many websites (with urls in a file)
python3 pocslpoit.py -iF "urls.txt" -r "modules/vulnerabilities/" --exp
  • Turn on fingerprint pre-verification, verify the fingerprint first, and then enter the poc verification after matching
python3 pocslpoit.py -iS "http://xxxxx" -r "modules/vulnerabilities/thinkphp/thinkphp-5022-rce.py" --poc --fp
  • Output to file & console quiet mode
python3 pocslpoit.py -iS "http://xxxx" -r "modules/vulnerabilities/" --poc -o result/result.log -q
  • Other Usage
python3 pocsploit.py --help

demo

others

OOB

Please config conf/config.py

P.S. How to build your own DNSLog,please visit Hyuga-DNSLog

  • DNSLOG_URI: DNSLog Address
  • DNSLOG_TOKEN: Token
  • DNSLOG_IDENTIFY: your identity

License

pocsploit is distributed under MIT License

Repobeats

Alt

Owner
cckuailong
勇气,友情,爱心,知识,诚实,纯真,希望,光明
cckuailong
Similar Resources

MVGCN: a novel multi-view graph convolutional network (MVGCN) framework for link prediction in biomedical bipartite networks.

MVGCN MVGCN: a novel multi-view graph convolutional network (MVGCN) framework for link prediction in biomedical bipartite networks. Developer: Fu Hait

Dec 1, 2022

LightLog is an open source deep learning based lightweight log analysis tool for log anomaly detection.

LightLog Introduction LightLog is an open source deep learning based lightweight log analysis tool for log anomaly detection. Function description [BG

Nov 2, 2022

Lightweight mmm - Lightweight (Bayesian) Media Mix Model

Lightweight (Bayesian) Media Mix Model This is not an official Google product. L

Dec 4, 2022

SpeechNAS Better Trade off between Latency and Accuracy for Large Scale Speaker Verification

SpeechNAS Better Trade off between Latency and Accuracy for Large Scale Speaker Verification

SpeechNAS Better Trade off between Latency and Accuracy for Large Scale Speaker Verification

May 20, 2022

VGGVox models for Speaker Identification and Verification trained on the VoxCeleb (1 & 2) datasets

VGGVox models for speaker identification and verification This directory contains code to import and evaluate the speaker identification and verificat

Nov 27, 2022

Temporal Dynamic Convolutional Neural Network for Text-Independent Speaker Verification and Phonemetic Analysis

Temporal Dynamic Convolutional Neural Network for Text-Independent Speaker Verification and Phonemetic Analysis

TDY-CNN for Text-Independent Speaker Verification Official implementation of Temporal Dynamic Convolutional Neural Network for Text-Independent Speake

Oct 17, 2022

FEDn is an open-source, modular and ML-framework agnostic framework for Federated Machine Learning

FEDn is an open-source, modular and ML-framework agnostic framework for Federated Machine Learning

FEDn is an open-source, modular and ML-framework agnostic framework for Federated Machine Learning (FedML) developed and maintained by Scaleout Systems. FEDn enables highly scalable cross-silo and cross-device use-cases over FEDn networks.

Nov 9, 2022

Contrastive Fact Verification

VitaminC This repository contains the dataset and models for the NAACL 2021 paper: Get Your Vitamin C! Robust Fact Verification with Contrastive Evide

Nov 17, 2022

Codes for ACL-IJCNLP 2021 Paper "Zero-shot Fact Verification by Claim Generation"

Codes for ACL-IJCNLP 2021 Paper

Zero-shot-Fact-Verification-by-Claim-Generation This repository contains code and models for the paper: Zero-shot Fact Verification by Claim Generatio

Nov 27, 2022
Comments
  • Most of the time it throws an error

    Most of the time it throws an error

    Which is

    /usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py:842: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html
    

    Screenshot_43

    Please fix it!

    It generates lot of unwanted logs.

  • ModuleNotFoundError

    ModuleNotFoundError

    ┌──(root💀kali)-[~/pocsploit] └─# python3 pocsploit.py -iS "https://testphp.vulnweb.com/" -r "modules/" -t 100 --poc Traceback (most recent call last): File "/root/pocsploit/pocsploit.py", line 3, in from lib.cli import main ModuleNotFoundError: No module named 'lib.cli'

    How to fix it

  • face probelm

    face probelm

    module = _load(spec)                                                                                                                                              
    

    File "", line 711, in _load
    File "", line 680, in _load_unlocked
    File "", line 850, in exec_module
    File "", line 228, in _call_with_frames_removed
    File "/root/Desktop/pocsploit/modules/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.py", line 2, in
    from plugins.oob import verify_request, gen_oob_domain
    ModuleNotFoundError: No module named 'plugins.oob'

  • Issue on install

    Issue on install

    python3 pocsploit.py -iF example.txt -r modules/ --poc

      if len(self.targets) is 0:
    
                                     __      _ __ 
        ____  ____  ______________  / /___  (_) /_
       / __ \/ __ \/ ___/ ___/ __ \/ / __ \/ / __/
      / /_/ / /_/ / /__(__  ) /_/ / / /_/ / / /_  
     / .___/\____/\___/____/ .___/_/\____/_/\__/  
    /_/                   /_/                     
        { Version 0.0.1 by cckuailong }
    
    
    2022-03-30 15:49:09.054 | INFO     | lib.core.option:EngineRegister:33 - Threads Num: 10
    2022-03-30 15:49:09.054 | INFO     | lib.controller.loader:loadModule:16 - Initialize modules...
    2022-03-30 15:49:09.346 | WARNING  | lib.cli:main:44 - Traceback (most recent call last):
      File "/opt/pocsploit/lib/cli.py", line 23, in main
        loadModule()
      File "/opt/pocsploit/lib/controller/loader.py", line 28, in loadModule
        tmp_module_objs.add(imp.load_module(module_name, fp, pathname, description))
      File "/usr/lib/python3.9/imp.py", line 234, in load_module
        return load_source(name, filename, file)
      File "/usr/lib/python3.9/imp.py", line 171, in load_source
        module = _load(spec)
      File "<frozen importlib._bootstrap>", line 711, in _load
      File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
      File "<frozen importlib._bootstrap_external>", line 790, in exec_module
      File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
      File "/opt/pocsploit/modules/vulnerabilities/wordpress/wp-xmlrpc-pingback-detection.py", line 2, in <module>
        from plugins.oob import verify_request, gen_oob_domain
    ModuleNotFoundError: No module named 'plugins.oob'
    
    2022-03-30 15:49:09.346 | WARNING  | lib.cli:main:45 - It seems like you reached a unhandled exception, please raise a issue via:<https://github.com/cckuailong/pocsploit/issues/new>. ```
    
    I literally just installed (Yes, I installed requirements.txt) mind having a look?
    
    Thanks
    
ObjectDetNet is an easy, flexible, open-source object detection framework

Getting started with the ObjectDetNet ObjectDetNet is an easy, flexible, open-source object detection framework which allows you to easily train, resu

Aug 25, 2020
Open source repository for the code accompanying the paper 'Non-Rigid Neural Radiance Fields Reconstruction and Novel View Synthesis of a Deforming Scene from Monocular Video'.
Open source repository for the code accompanying the paper 'Non-Rigid Neural Radiance Fields Reconstruction and Novel View Synthesis of a Deforming Scene from Monocular Video'.

Non-Rigid Neural Radiance Fields This is the official repository for the project "Non-Rigid Neural Radiance Fields: Reconstruction and Novel View Synt

Nov 27, 2022
TACTO: A Fast, Flexible and Open-source Simulator for High-Resolution Vision-based Tactile Sensors
TACTO: A Fast, Flexible and Open-source Simulator for High-Resolution Vision-based Tactile Sensors

TACTO: A Fast, Flexible and Open-source Simulator for High-Resolution Vision-based Tactile Sensors This package provides a simulator for vision-based

Nov 23, 2022
Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more
Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more

Apache MXNet (incubating) for Deep Learning Apache MXNet is a deep learning framework designed for both efficiency and flexibility. It allows you to m

Nov 28, 2022
Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more
Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more

Apache MXNet (incubating) for Deep Learning Apache MXNet is a deep learning framework designed for both efficiency and flexibility. It allows you to m

Dec 4, 2022
Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more
Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more

Apache MXNet (incubating) for Deep Learning Apache MXNet is a deep learning framework designed for both efficiency and flexibility. It allows you to m

Feb 12, 2021
Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more
Lightweight, Portable, Flexible Distributed/Mobile Deep Learning with Dynamic, Mutation-aware Dataflow Dep Scheduler; for Python, R, Julia, Scala, Go, Javascript and more

Apache MXNet (incubating) for Deep Learning Master Docs License Apache MXNet (incubating) is a deep learning framework designed for both efficiency an

Nov 16, 2022
PaddleRobotics is an open-source algorithm library for robots based on Paddle, including open-source parts such as human-robot interaction, complex motion control, environment perception, SLAM positioning, and navigation.

简体中文 | English PaddleRobotics paddleRobotics是基于paddle的机器人开源算法库集,包括人机交互、复杂运动控制、环境感知、slam定位导航等开源算法部分。 人机交互 主动多模交互技术TFVT-HRI 主动多模交互技术是通过视觉、语音、触摸传感器等输入机器人

Nov 26, 2022
Pytorch reimplement of the paper "A Novel Cascade Binary Tagging Framework for Relational Triple Extraction" ACL2020. The original code is written in keras.

CasRel-pytorch-reimplement Pytorch reimplement of the paper "A Novel Cascade Binary Tagging Framework for Relational Triple Extraction" ACL2020. The o

Dec 1, 2022
ZSL-KG is a general-purpose zero-shot learning framework with a novel transformer graph convolutional network (TrGCN) to learn class representation from common sense knowledge graphs.
ZSL-KG is a general-purpose zero-shot learning framework with a novel transformer graph convolutional network (TrGCN) to learn class representation from common sense knowledge graphs.

ZSL-KG is a general-purpose zero-shot learning framework with a novel transformer graph convolutional network (TrGCN) to learn class representa

Nov 21, 2022