pocsuite3 is an open source program remote devices and a test development framework developed by the team Knownsec 404. It comes with a powerful proof-of-concept system and many powerful features for pentesters and bug hunters.
Specifications
- Scripts PoC can run with attack, verify, shell state in a different way
- Addition system
- Dynamic loading script PoC from anywhere (local file, redis, database, Seebug…)
- Load multiple targets from anywhere (CIDR, local file, redis, database, Zoomeye, Shodan…)
- The results can be easily extracted
- Dynamic patch and hook requests
- Both the command line tool and the import of python packages for use
- IPv6 support
- Global HTTP / HTTPS / SOCKS proxy support
- Simple spider API for using PoC script
- Integration with Seebug (for PoC upload from Seebug)
- Integration with ZoomEye (for loading purpose from ZoomEye Dork)
- Integration with Shodan (for loading purpose by Shodan Dork)
- Integration with Cey (for DNS and HTTP blind request verification)
- Friendly PoC debugger with IDE
Installation
$ pip install pocsuite3
Use
usage: pocsuite [options] optional arguments: -h, --help show this help message and exit --version Show program's version number and exit --update Update Pocsuite -v {0,1,2,3,4,5,6, 0} Verbosity level: 6-1 (default XNUMX) Target: At least one of these options has to be provided to define the target (s) -u URL [URL ...], --url URL [URL ... ] Target URL (eg "http://www.site.com/vuln.php?id=1") -f URL_FILE, --file URL_FILE Scan multiple targets given in a textual file -r POC [POC ...] Load POC file from local or remote from seebug website -c CONFIGFILE Load options from a configuration INI file Mode: Pocsuite running mode options --verify Run poc with verify mode --attack Run poc with attack mode --shell Run poc with shell mode Request: Network request options --cookie COOKIE HTTP Cookie header value --host HOST HTTP Host header value --referer REFERER HTTP Referer header value --user-agent AGENT HTTP User-Agent header value --random-agent Use randomly selected HTTP User-Agent header value --proxy PROXY Use a proxy to connect to the target URL --proxy-cred PROXY_CRED Proxy authentication credentials (name: password) --timeout TIMEOUT Seconds to wait before timeout connection (default 30) --retry RETRY Time out retrials times.
--delay DELAY Delay between two request of one thread --headers HEADERS Extra headers (eg "key1: value1 \ nkey2: value2") Account: Telnet404 、 Shodan 、 CEye 、 Fofa account options --login-user LOGIN_USER Telnet404 login user --login-pass LOGIN_PASS Telnet404 login password --shodan-token SHODAN_TOKEN Shodan token --fofa -user FOFA_USER fofa user --fofa-token FOFA_TOKEN fofa token --censys-uid CENSYS_UID Censys uid --censys-secret CENSYS_SECRET Censys secret Modules: Modules (Seebug 、 Zoomeye 、 CEyeor options options Z used for search.
--dork-zoomeye DORK_ZOOMEYE Zoomeye dork used for search.
--dork-shodan DORK_SHODAN Shodan dork used for search.
--dork-censys DORK_CENSYS Censys dork used for search.
--dork-fofa DORK_FOFA Fofa dork used for search.
--max-page MAX_PAGE Max page used in ZoomEye API (10 targets / Page).
--search-type SEARCH_TYPE search type used in ZoomEye API, web or host --vul-keyword VUL_KEYWORD Seebug keyword used for search.
--ssv-id SSVID Seebug SSVID number for target PoC.
--lhost CONNECT_BACK_HOST Connect back host for target PoC in shell mode --lport CONNECT_BACK_PORT Connect back port for target PoC in shell mode --comparison Compare popular web search engines Optimization: Optimization options --plugins PLUGINS Load plugins to execute --pocs- path POCS_PATH User defined poc scripts path --threads THREADS Max number of concurrent network requests (default 1) --batch BATCH Automatically choose defaut choice without asking.
--requires Check install_requires --quiet Activate quiet mode, working without logger.
Application snapshots
Videos: guide
https://www.youtube.com/channel/UCKKmeW6hUa4cc935Jd8eijg/videos
