chore: code style & docs

CHANGELOG.md

@@ -272,3 +272,8 @@ Cross-platform shell code generation
 -----------------
 * support encrypted shell (TLS) in shell mode
 * fix #228
+
+# version 1.8.7
+* fix bug
+* optimize code style & docs
+* delete the exe tool for compatibility with dfsg

CONTRIBUTORS.md

@@ -16,7 +16,6 @@ phithon <root(at)leavesongs.com>
 longofo
 * for contributing http server module
 
-
 Ro0tk1t <https://github.com/Ro0tk1t>
 * for contributing multi-ip multi-poc execution features
 * fix some issues
@@ -44,7 +43,7 @@ hex0wn <https://github.com/hex0wn>
 * bugfix #139
 
 MrMetatron <https://github.com/MrMetatron>
-* console模式，添加系统命令执行，添加pocuite3命令clear清除屏幕功能
+* console模式，添加系统命令执行，添加pocsuite3命令clear清除屏幕功能
 
 z3r0yu <https://github.com/zer0yu>
-* Add quake dork for pocsuite3
+* Add quake dork for pocsuite3

COPYING

@@ -1,11 +1,11 @@
 COPYING -- Describes the terms under which pocsuite is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.
 
-pocsuite is (C) 2014-2018 [email protected]
+pocsuite3 is (C) 2014-2021 [email protected]
 
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
-Software Foundation; Version 2 (or later) with the clarifications and
+Software Foundation; Version 2 with the clarifications and
 exceptions described below. This guarantees your right to use, modify, and
 redistribute this software under certain conditions. If you wish to embed
 pocsuite technology into proprietary software, we sell alternative licenses

README.md

@@ -3,20 +3,20 @@
 [![Python 3.x](https://img.shields.io/badge/python-3.x-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/knownsec/Pocsuite/master/docs/COPYING) [![Twitter](https://img.shields.io/badge/[email protected])](https://twitter.com/seebug_team) [![build](https://api.travis-ci.org/knownsec/pocsuite3.svg)](https://travis-ci.org/knownsec/pocsuite3)
 
 ## Legal Disclaimer
-Usage of pocsuite for attacking targets without prior mutual consent is illegal.  
-pocsuite is for security testing purposes only
+Usage of pocsuite3 for attacking targets without prior mutual consent is illegal.
+pocsuite3 is for security testing purposes only
 
 ## 法律免责声明
-未经事先双方同意，使用 pocsuite 攻击目标是非法的。
-pocsuite 仅用于安全测试目的
+未经事先双方同意，使用 pocsuite3 攻击目标是非法的。
+pocsuite3 仅用于安全测试目的
 
 ## Overview
 
 pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the [**Knownsec 404 Team**](http://www.knownsec.com/). 
-It comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security researchers.
+It comes with a powerful proof-of-concept engine, many nice features for the ultimate penetration testers and security researchers.
 
 ## Features
-* PoC scripts can running with `attack`,`verify`, `shell` mode in different way
+* PoC scripts can running with `verify`, `attack`, `shell` mode in different way
 * Plugin ecosystem
 * Dynamic loading PoC script from any where (local file, redis, database, Seebug ...)
 * Load multi-target from any where (CIDR, local file, redis, database, Zoomeye, Shodan ...)
@@ -54,7 +54,7 @@ It comes with a powerful proof-of-concept engine, many powerful features for the
 ## Requirements
 
 - Python 3.6+
-- Works on Linux, Windows, Mac OSX, BSD
+- Works on Linux, Windows, Mac OSX, BSD, etc.
 
 ## Installation
 
@@ -71,6 +71,7 @@ $ wget https://github.com/knownsec/pocsuite3/archive/master.zip
 $ unzip master.zip
 $ cd pocsuite3-master
 $ pip3 install -r requirements.txt
+$ python3 setup.py install
 ```
 
 

docs/USAGE.md

@@ -54,7 +54,7 @@ Request:
   --headers HEADERS     Extra headers (e.g. "key1: value1\nkey2: value2")
 
 Account:
-  Telnet404、Shodan、CEye、Fofa account options
+  Telnet404, Shodan, CEye, Fofa account options
 
   --login-user LOGIN_USER
                         Telnet404 login user
@@ -74,7 +74,7 @@ Account:
                         Censys secret
 
 Modules:
-  Modules(Seebug、Zoomeye、CEye、Fofa、Quake Listener) options
+  Modules(Seebug, Zoomeye, CEye, Fofa, Quake, Listener) options
 
   --dork DORK           Zoomeye dork used for search.
   --dork-zoomeye DORK_ZOOMEYE
@@ -111,8 +111,7 @@ Optimization:
   --batch BATCH         Automatically choose defaut choice without asking.
   --requires            Check install_requires
   --quiet               Activate quiet mode, working without logger.
-  --ppt                 Hiden sensitive information when published to the
-                        network
+  --ppt                 Hiden sensitive information when published to the network
   --pcap                use scapy capture flow
   --rule                export rules, default export reqeust and response
   --rule-req            only export request rule
@@ -124,6 +123,8 @@ Poc options:
 
   --options             Show all definition options
 
+[*] shutting down at 14:39:27
+
 ```
 
 **-f, --file URLFILE**
@@ -134,7 +135,7 @@ Scan multiple targets given in a textual file
 $ pocsuite -r pocs/poc_example.py -f url.txt --verify
 ```
 
-> Attack batch processing mode only need to replace the ```--verify``` to ``` --attack```.
+> Attack batch processing mode only need to replace the ```--verify``` to ```--attack```.
 
 **-r POCFILE**
 

manpages/poc-console.1

@@ -7,15 +7,15 @@
 .SH NAME
 .I poc-console
 \- console mode of
-.B pocsuite.
+.B pocsuite3.
 .SH Legal Disclaimer
-poc-console is part of pocsuite. Usage of pocsuite for attacking targets without prior mutual consent is illegal.
-pocsuite is for security testing purposes only.
+poc-console is part of pocsuite3. Usage of pocsuite3 for attacking targets without prior mutual consent is illegal.
+pocsuite3 is for security testing purposes only.
 .SH SYNOPSIS
 .B poc-console
 .SH DESCRIPTION
-.I poc-console is the console mode of pocsuite.
-.I pocsuite
+.I poc-console is the console mode of pocsuite3.
+.I pocsuite3
 is an open-sourced remote vulnerability testing and proof-of-concept
 development framework developed by the Knownsec 404 Team. It comes with a
 powerful proof-of-concept engine, many nice features for the ultimate
@@ -25,13 +25,13 @@ poc-console do not have command line options. To see a list of available command
 enter help at the console prompt.
 .SH "SEE ALSO"
 The full documentation for
-.B pocsuite
+.B pocsuite3
 is maintained at:
 .br
 .I https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md
 .PP
 .SH VERSION
-This manual page documents pocsuite version 1.8.6
+This manual page documents pocsuite3 version 1.8.7
 .SH AUTHOR
 .br
 (c) 2014-2021 by Knownsec 404 Team
@@ -40,10 +40,10 @@ This manual page documents pocsuite version 1.8.6
 .LP
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
-Software Foundation; Version 2 (or later) with the clarifications and
+Software Foundation; Version 2 with the clarifications and
 exceptions described below. This guarantees your right to use, modify, and
 redistribute this software under certain conditions. If you wish to embed
-pocsuite technology into proprietary software, we sell alternative licenses
+pocsuite3 technology into proprietary software, we sell alternative licenses
 (contact [email protected]).
 .PP
 Manual page started by Tian Qiao

manpages/pocsuite.1

@@ -5,11 +5,11 @@
 .\"   Tian Qiao <[email protected]>
 .\"
 .SH NAME
-.I pocsuite
+.I pocsuite3
 \- open-sourced remote vulnerability testing framework.
 .SH Legal Disclaimer
-Usage of pocsuite for attacking targets without prior mutual consent is illegal.
-pocsuite is for security testing purposes only.
+Usage of pocsuite3 for attacking targets without prior mutual consent is illegal.
+pocsuite3 is for security testing purposes only.
 .SH SYNOPSIS
 .B pocsuite
 \-h[elp]
@@ -18,7 +18,7 @@ pocsuite is for security testing purposes only.
 [options]
 .br
 .SH DESCRIPTION
-.I pocsuite
+.I pocsuite3
 is an open-sourced remote vulnerability testing and proof-of-concept
 development framework developed by the Knownsec 404 Team. It comes with a
 powerful proof-of-concept engine, many nice features for the ultimate
@@ -244,13 +244,13 @@ Scan multiple targets given in a textual file.
 .br
 .SH "SEE ALSO"
 The full documentation for
-.B pocsuite
+.B pocsuite3
 is maintained at:
 .br
 .I https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md
 .PP
 .SH VERSION
-This manual page documents pocsuite version 1.8.6
+This manual page documents pocsuite3 version 1.8.7
 .SH AUTHOR
 .br
 (c) 2014-2021 by Knownsec 404 Team
@@ -259,10 +259,10 @@ This manual page documents pocsuite version 1.8.6
 .LP
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
-Software Foundation; Version 2 (or later) with the clarifications and
+Software Foundation; Version 2 with the clarifications and
 exceptions described below. This guarantees your right to use, modify, and
 redistribute this software under certain conditions. If you wish to embed
-pocsuite technology into proprietary software, we sell alternative licenses
+pocsuite3 technology into proprietary software, we sell alternative licenses
 (contact [email protected]).
 .PP
 Manual page started by Tian Qiao

pocsuite.ini

@@ -4,7 +4,7 @@ url =
 ; scan multiple targets given in a textual file
 url_file = 
 ; load poc file from local or remote from seebug website
-poc =
+poc = ecshop_rce.py
 
 [Mode]
 ; run poc with verify mode
@@ -41,6 +41,12 @@ login_user =
 login_pass =
 ; Shodan token
 shodan_token =
+; fofa user
+fofa_user =
+; fofa token
+fofa_token =
+; quake token
+quake_token =
 ; Censys uid
 censys_uid =
 ; Censys secret
@@ -55,7 +61,11 @@ dork_zoomeye =
 dork_shodan =
 ; censys dork used for search.
 dork_censys =
-; max page used in search api(10 targets/page).
+; fofa dork used for search.
+dork_fofa =
+; quake dork used for search.
+dork_quake =
+; max page used in search api.
 max_page = 1
 ; search type used in zoomeye api, web or host
 search_type = host
@@ -67,8 +77,12 @@ ssvid =
 connect_back_host =
 ; connect back port for target poc in shell mode
 connect_back_port =
-; sompare popular web search engines
+; enable TLS listener in shell mode
+enable_tls_listener = False
+; compare popular web search engines
 comparison = False
+; whether dork is in base64 format
+dork_b64 = False
 
 [Optimization]
 ; load plugins to execute
@@ -83,6 +97,17 @@ batch =
 check_requires = False
 ; activate quiet mode, working without logger.
 quiet = False
+; hiden sensitive information when published to the network
+ppt = False
+; use scapy capture flow
+pcap = False
+; export suricata rules, default export request and response
+rule = False
+; only export suricata request rule
+rule_req = False
+; specify the name of the export rule file
+rule_filename =
 
 [Poc options]
-
+; show all definition options
+show_options = True

pocsuite3/__init__.py

@@ -1,9 +1,9 @@
-__title__ = 'pocsuite'
-__version__ = '1.8.6'
-__author__ = 'Knownsec Security Team'
-__author_email__ = '[email protected]'
-__license__ = 'GPL 2.0'
-__copyright__ = 'Copyright 2018 Knownsec'
+__title__ = 'pocsuite3'
+__version__ = '1.8.7'
+__author__ = 'Knownsec 404 Team'
+__author_email__ = '[email protected]'
+__license__ = 'GPLv2'
+__copyright__ = 'Copyright 2014-2021 Knownsec 404 Team'
 __name__ = 'pocsuite3'
 __package__ = 'pocsuite3'
 

pocsuite3/lib/core/common.py

@@ -106,7 +106,7 @@ def set_paths(root_path):
     paths.POCSUITE_TMP_PATH = os.path.join(_, "tmp")
     paths.POCSUITE_RC_PATH = os.path.join(paths.POCSUITE_HOME_PATH, ".pocsuiterc")
     paths.POCSUITE_OUTPUT_PATH = paths.get("POCSUITE_OUTPUT_PATH", os.path.join(_, "output"))
-    paths.SHELLCODES_DEV_PATH = os.path.join(paths.POCSUITE_ROOT_PATH, "shellcodes", "tools")
+    paths.SHELLCODES_DEV_PATH = os.path.join(paths.POCSUITE_TMP_PATH, "tools")
 
 
 def banner():

pocsuite3/lib/core/enums.py

@@ -145,10 +145,12 @@ class OPTION_TYPE:
 
 
 class VUL_TYPE:
-    HTTP_PARAMETER_POLLUTION = 'HTTP Parameter Pollution'
     BACKDOOR = 'Backdoor'
     INSECURE_COOKIE_HANDLING = 'Insecure Cookie Handling'
     CSRF = 'CSRF'
+    XSS = 'XSS'
+    UXSS = 'UXSS'
+    SSRF = 'Server-Side Request Forgery'
     SHELLCODE = 'ShellCode'
     SQL_INJECTION = 'SQL Injection'
     ARBITRARY_FILE_DOWNLOAD = 'Arbitrary File Download'
@@ -163,15 +165,13 @@ class VUL_TYPE:
     DENIAL_OF_SERVICE = 'Denial Of service'
     DATABASE_FOUND = 'Database Found'
     UPLOAD_FILES = 'Upload Files'
-    REMOTE_FILE_INCLUSION = 'Remote File Inclusion'
     LOCAL_OVERFLOW = 'Local Overflow'
     PRIVILEGE_ESCALATION = 'Privilege Escalation'
     INFORMATION_DISCLOSURE = 'Information Disclosure'
     LOGIN_BYPASS = 'Login Bypass'
     PATH_TRAVERSAL = 'Path Traversal'
     RESOLVE_ERROR = 'Resolve Error'
     UNAUTHORIZED_ACCESS = 'Unauthorized Access'
-    XSS = 'XSS'
     PATH_DISCLOSURE = 'Path Disclosure'
     CODE_EXECUTION = 'Code Execution'
     REMOTE_PASSWORD_CHANGE = 'Remote Password Change'
@@ -181,17 +181,19 @@ class VUL_TYPE:
     MAN_IN_THE_MIDDLE = 'Man-in-the-middle'
     FORMAT_STRING = 'Format String'
     BUFFER_OVERFLOW = 'Buffer Overflow'
-    HTTP_REQUEST_SPLITTING = 'HTTP Request Splitting'
     CRLF_INJECTION = 'CRLF Injection'
     XML_INJECTION = 'XML Injection'
     LOCAL_FILE_INCLUSION = 'Local File Inclusion'
+    REMOTE_FILE_INCLUSION = 'Remote File Inclusion'
     CREDENTIAL_PREDICTION = 'Credential Prediction'
+    HTTP_PARAMETER_POLLUTION = 'HTTP Parameter Pollution'
+    HTTP_REQUEST_SPLITTING = 'HTTP Request Splitting'
     HTTP_RESPONSE_SPLITTING = 'HTTP Response Splitting'
+    HTTP_RESPONSE_SMUGGLING = 'HTTP Response Smuggling'
+    HTTP_REQUEST_SMUGGLING = 'HTTP Request Smuggling'
     SSI_INJECTION = 'SSI Injection'
     OUT_OF_MEMORY = 'Out of Memory'
     INTEGER_OVERFLOWS = 'Integer Overflows'
-    HTTP_RESPONSE_SMUGGLING = 'HTTP Response Smuggling'
-    HTTP_REQUEST_SMUGGLING = 'HTTP Request Smuggling'
     CONTENT_SPOOFING = 'Content Spoofing'
     XQUERY_INJECTION = 'XQuery Injection'
     BUFFER_OVER_READ = 'Buffer Over-read'
@@ -205,4 +207,4 @@ class VUL_TYPE:
     USE_AFTER_FREE = 'Use After Free'
     DNS_HIJACKING = 'DNS Hijacking'
     IMPROPER_INPUT_VALIDATION = 'Improper Input Validation'
-    UXSS = 'UXSS'
+    UAF = 'Use After Free'