feat: add -s option to skip target port

manpages/pocsuite.1

@@ -53,6 +53,9 @@ Scan multiple targets given in a textual file (one per line)
 \fB\-p\fR PORTS, \fB\-\-ports\fR PORTS
 add additional port to each target ([proto:]port, e.g. 8080,https:10000)
 .TP
+\fB\-s\fR
+Skip target's port, only use additional port
+.TP
 \fB\-r\fR POC [POC ...]
 Load POC file from local or remote from seebug website
 .TP

pocsuite.ini

@@ -5,6 +5,8 @@ url = https://www.google.com
 url_file = 
 ; add additional port to each target ([proto:]port, e.g. 8080,https:10000)
 ports =
+; Skip target's port, only use additional port
+skip_target_port =
 ; load poc file from local or remote from seebug website
 poc =
 ; filter poc by keyword, e.g. cve-2021-22005

pocsuite3/lib/core/common.py

@@ -384,7 +384,7 @@ def get_file_items(filename, comment_prefix='#', unicode=True, lowercase=False,
     return ret if not unique else ret.keys()
 
 
-def parse_target(address, additional_ports=[]):
+def parse_target(address, additional_ports=[], skip_target_port=False):
     # parse IPv4/IPv6 CIDR
     targets = OrderedSet()
     is_ipv6 = False
@@ -408,9 +408,11 @@ def parse_target(address, additional_ports=[]):
             if is_ipv6 and 'ipv6' in conf:
                 conf.ipv6 = True
 
-            targets.add(str(ip))
+            if not skip_target_port:
+                targets.add(str(ip))
 
             for probe in additional_ports:
+                probe = str(probe)
                 # [proto:]port
                 scheme, port = '', probe
                 if len(probe.split(':')) == 2:
@@ -435,11 +437,13 @@ def parse_target(address, additional_ports=[]):
     except ValueError:
         pass
 
-    targets.add(address)
+    if not skip_target_port:
+        targets.add(address)
 
     try:
         pr = urlparse(address)
         for probe in additional_ports:
+            probe = str(probe)
             # [proto:]port
             scheme, port = '', probe
             if len(probe.split(':')) == 2:

pocsuite3/lib/core/option.py

@@ -198,12 +198,12 @@ def _set_multiple_targets():
     # set multi targets to kb
     if conf.url:
         for url in conf.url:
-            for target in parse_target(url, conf.ports):
+            for target in parse_target(url, conf.ports, conf.skip_target_port):
                 kb.targets.add(target)
 
     if conf.url_file:
         for line in get_file_items(conf.url_file, lowercase=False, unique=True):
-            for target in parse_target(line, conf.ports):
+            for target in parse_target(line, conf.ports, conf.skip_target_port):
                 kb.targets.add(target)
 
     if conf.dork:
@@ -518,6 +518,7 @@ def _set_conf_attributes():
     conf.url = None
     conf.url_file = None
     conf.ports = []
+    conf.skip_target_port = False
     conf.mode = 'verify'
     conf.poc = None
     conf.poc_keyword = None

pocsuite3/lib/core/optiondict.py

@@ -7,6 +7,7 @@
         'url': 'string',
         'url_file': 'string',
         'ports': 'string',
+        'skip_target_port': 'boolean',
         'poc': 'string',
         'poc_keyword': 'string',
         'configFile': 'string'

pocsuite3/lib/core/settings.py

@@ -117,6 +117,7 @@
     "url",
     "url_file",
     "ports",
+    "skip_target_port",
     "file",
     "poc_keyword",
     "verify",

pocsuite3/lib/parse/cmd.py

@@ -41,6 +41,8 @@ def cmd_line_parser(argv=None):
                             help="Scan multiple targets given in a textual file (one per line)")
         target.add_argument("-p", "--ports", dest="ports",
                             help="add additional port to each target ([proto:]port, e.g. 8080,https:10000)")
+        target.add_argument("-s", dest="skip_target_port", action="store_true",
+                            help="Skip target's port, only use additional port")
         target.add_argument("-r", dest="poc", nargs='+', help="Load PoC file from local or remote from seebug website")
         target.add_argument("-k", dest="poc_keyword", help="Filter PoC by keyword, e.g. ecshop")
         target.add_argument("-c", dest="configFile", help="Load options from a configuration INI file")

test.py

@@ -5,7 +5,7 @@
 if __name__ == '__main__':
     loader = TestLoader()
     tests_dir = os.path.join(os.path.dirname(__file__), 'tests')
-    tests = loader.discover(tests_dir, pattern='test_*.py')
+    tests = loader.discover(tests_dir, pattern='test_parse_target.py')
     runner = TextTestRunner()
     result = runner.run(tests)
     if result.failures or result.errors:

tests/test_configfile.py

@@ -43,6 +43,8 @@ def test_build_ini(self):
                               help="Scan multiple targets given in a textual file (one per line)")
             target.add_option("-p", "--ports", dest="ports",
                               help="add additional port to each target ([proto:]port, e.g. 8080,https:10000)")
+            target.add_option("-s", dest="skip_target_port", action="store_true",
+                              help="Skip target's port, only use additional port")
             target.add_option("-r", dest="poc", help="Load PoC file from local or remote from seebug website")
             target.add_option("-k", dest="poc_keyword", help="Filter PoC by keyword, e.g. ecshop")
             target.add_option("-c", dest="configFile", help="Load options from a configuration INI file")

tests/test_parse_target.py

@@ -25,12 +25,11 @@ def test_domain_url(self):
 
     def test_domain_url_with_additional_ports(self):
         result = OrderedSet()
-        result.add('https://example.com/cgi-bin/test.cgi?a=b&c=d')
         result.add('https://example.com:8080/cgi-bin/test.cgi?a=b&c=d')
         result.add('https://example.com:8443/cgi-bin/test.cgi?a=b&c=d')
         result.add('http://example.com:10000/cgi-bin/test.cgi?a=b&c=d')
         self.assertEqual(parse_target('https://example.com/cgi-bin/test.cgi?a=b&c=d',
-                                      [8080, 8443, 'http:10000']), result)
+                                      [8080, 8443, 'http:10000'], True), result)
 
     def test_ipv4_url(self):
         result = OrderedSet()
@@ -60,16 +59,14 @@ def test_ipv4_cidr_with_host_32(self):
 
     def test_ipv4_with_additional_ports(self):
         result = OrderedSet()
-        result.add('172.16.218.0')
         result.add('172.16.218.0:8080')
         result.add('172.16.218.0:8443')
         result.add('https://172.16.218.0:10000')
-        result.add('172.16.218.1')
         result.add('172.16.218.1:8080')
         result.add('172.16.218.1:8443')
         result.add('172.16.218.1:8443')
         result.add('https://172.16.218.1:10000')
-        self.assertEqual(parse_target('172.16.218.1/31', [8080, 8443, 'https:10000']), result)
+        self.assertEqual(parse_target('172.16.218.1/31', [8080, 8443, 'https:10000'], True), result)
 
     def test_ipv6(self):
         result = OrderedSet()