Pocsuite – Remote Vulnerability Testing Framework

Last Release: 12/10/2018     Last Commit: 12/29/2018

Pocsuite – Remote Vulnerability Testing Framework

Introduction

Pocsuite3 is an open-sourced remote vulnerability testing and PoC development framework developed by the Knownsec 404 Team. It comes with a powerful PoC (proof-of-concept) engine, many features that can help you during pentesting process.

Pocsuite: An Open-sourced Remote Vulnerability Testing & PoC Development Framework

You can use Pocsuite to verify and exploit vulnerabilities or to write PoC/Exploit based on it. In addition, you can integrate this tool in your own vulnerability testing tool.

Features:

  • PoC scripts can running with `attack`,`verify`, `shell` mode in different way
  • Plugin ecosystem
  • Dynamic loading PoC script from any where (local file, redis , database, Seebug …)
  • Load multi-target from any where (CIDR, local file, redis , database, Zoomeye …)
  • Results can be easily exported
  • Dynamic patch and hook requests
  • Both command line tool and python package import to use
  • IPV6 support
  • Global HTTP/HTTPS/SOCKS proxy support
  • Simple spider API for PoC script to use
  • Integrate with Seebug, ZoomEye and Ceye

Functions:

Vulnerability Testing Framework

Pocsuite, written in Python, supports both exploitation and validation modes. It can import batch targets from files and test those targets against multiple exploit-plugins in advance.

PoC/Exp Development Kit

It allows you to develop your own exploits (similar to Metasploit). Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output, etc.

Integratable Module

With Pocsuite you can extend your own exploit functions by utilizing some of the auxiliary modules packaged in it, but you can also integrate it and develop other vulnerability testing tools.

Integrated ZoomEye And Seebug APIs

You can integrate Seebug and ZoomEye APIs in a collaborative way. Vulnerablity assessment can be done automatically and effectively by searching targets through ZoomEye and acquiring PoC scripts from Seebug.

Requirements:

  • Python 2.6+
  • lxml

Supported Platforms:

  • Linux, Windows, OS X, FreeBSD, OpenBSD.

Install

Clone it from the GitHub repo:

$ git clone https://github.com/knownsec/Pocsuite.git

Or you can download the latest source package and extract:

$ wget https://github.com/knownsec/Pocsuite/archive/master.zip 
$ unzip master.zip

Navigate to the working directory and install Pocsuite using pip/pip3:

$ cd Pocsuite/
$ pip3 install pocsuite

Basic Usage

To list all available options/commands use --help:

$ python pocsuite.py --help

usage: pocsuite [options]
optional arguments:
-h, --help Show help message and exit
--version Show program's version number and exit
--update Update Pocsuite
target:
-u URL, --url URL Target URL (e.g. "http://www.targetsite.com/")
-f URLFILE, --file URLFILE
Scan multiple targets given in a textual file
-r POCFILE Load POC from a file (e.g. "_0001_cms_sql_inj.py") or directory (e.g. "modules/")
mode:
--verify Run poc with verify mode
--attack Run poc with attack mode
request:
--cookie COOKIE HTTP Cookie header value
--referer REFERER HTTP Referer header value
--user-agent AGENT HTTP User-Agent header value
--random-agent Use randomly selected HTTP User-Agent header value
--proxy PROXY Use a proxy to connect to the target URL
--proxy-cred PROXYCRED
Proxy authentication credentials (name:password)
--timeout TIMEOUT Seconds to wait before timeout connection (default 30)
--retry RETRY Time out retrials times.
--delay DELAY Delay between two request of one thread
--headers HEADERS Extra headers (e.g. "key1: value1\nkey2: value2")
--host HOST Host in HTTP headers.
...

ZoomEye Dork & Seebug PoC Search Example:

$ python pocsuite.py -–vul-keyword mongodb -–dork  “country:’United States’ app:mongodb” -–threads 10   
  • -–vul-keyword: enter the database name (MongoDB. Redis, MySQL, etc.);
  • country: specifies which country IP addresses to scan;
  • app: search related keywords to target;
  • -–dork: ZoomEye dorks search for specific results;
  • --threads: max number of requests/targets which will be used for scanning;

For more examples and further explanations, click the documentation button below.

Documentation Box
Download Box