Giter Site home page Giter Site logo

some_pocsuite's Introduction

some_pocsuite

用于企业内部进行漏洞排查与验证的的pocsuite3验证POC代码(pocsuite3是知道创宇安全团队的开源漏洞测试框架)。

由于原Pocsuite已停止更新,因此将原来的POC代码全部重新改写并迁移到pocsuite3,原POC备份在PocsuiteV2中。

因将POC转向Nuclei的YAML方式,后续不再更新(2022年8月)。

插件代码编写

使用pocsuite3 漏洞测试框架,插件编写请参考 pocsuite3 项目插件编写要求。

PoC 编写规范及要求说明

序号 poc 说明
1 hikvision-2013-4976_web_login-bypass.py 海康威视cve-2013-4976匿名登录验证绕过
2 weblogic-vul-check_all_rce.py weblogic反序列化漏洞(CVE-2016-0638,CVE-2016-3510,CVE-2017-3248,CVE-2018-2628,CVE-2018-2893, CVE-2019-2890)
3 weblogic-wls-2017-10271_all_rce.py weblogic WLS组件反序列化漏洞CVE-2017-10271
4 zookeeper_all_unauthorized.py zookeeper未授权访问
5 redis_all_unauthorized.py redis未授权访问( pocsuite_poc_collect
6 memcached_all_unauthorized.py memchached未授权访问
7 snmp_v2_unauthorized.py snmp未授权访问(需要安装pysnmp模块)
8 iis-ms15-034_7_rce.py IIS(CVE-2015-1635,MS15-034)Check Script
9 iis-shortname_6_disclosure.py IIS Tilde Vulnerability (IIS Shortname) Check
10 rdp-ms12-020_all_rce.py MS12-020/CVE-2012-0002 Vulnerability Tester
11 windows-ms14-066_all_rce.py winshock (MS14-066) Vulnerability Tester
12 weblogic-async-2019-2725_all_rce.py weblogic async反序列化(CVE-2019-2725)Vulnerability Tester (POP: jdk7u21)
13 rdp-2019-0708_all_rce.py windows RDP RCE Vulnerability(CVE-2019-0708)Check (by robertdavidgraham/rdpscan)
14 weblogic-ssrf_all_ssrf.py WebLogic SSRF And XSS(CVE-2014-4241, CVE-2014-4210, CVE-2014-4242) check POC
15 webmin_1.92_rce.py Webmin 1.920 Unauthenticated Remote Code Execution(CVE-2019-15107)check POC by jerome
16 solr_8.3.1_rce.py Apache Solr Velocity 注入远程命令执行漏洞 (CVE-2019-17558) check POC by jerome
17 supervisord-2017-11610_3_rce.py CVE-2017-11610 Supervisord 远程命令执行漏洞 check POC by kcat
18 tomcat-ajp-ghostcat_all_lfi.py CNVD-2020-10487/CVE-2020-1938 TomcatAJP任意文件读取/包含漏洞 check POC by rootk1t
19 f5-CVE-2020-5902_all_rce.py CVE-2020-5902 BIG-IP TMUI RCE漏洞 check POC
20 weblogic-iiop-2020-2551_all_rce.py CVE-2020-2551 Weblogic IIOP反序列化漏洞 check POC by rootk1t
21 weblogic-console-2020-14882_all_rce.py CVE-2020-14882 Weblogic Unauthorized bypass RCE check POC
22 flink-CVE-2020-17519_1.11.2_fileread.py CVE-2020-17519 Apache Flink目录穿越漏洞 check POC
23 flink-CVE-2020-17518_1.11.2_rce.py CVE-2020-17518 Apache Flink任意文件写漏洞导致RCE
24 springboot-actuator_all_unauthorized.py SpringBoot Actuator配置信息未授权访问 check Poc
25 vmware-vcenter-FileUpload_CVE-2021-22005_rce.py VMware vCenter Server未授权任意文件上传漏洞CVE-2021-22005 check Poc by knownsec
26 gitlab-upload-2021-22205_13.10.2_rce.py CVE-2021-22205 Gitlab Upload RCE check Poc by Wing

陆续扩充中...

参考

some_pocsuite's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

0xf4vul w7374520 kingjohntom waynetest hnmadsec lordsky cjjduck peterpeter228 democrc zszhere attackgithub 02bx lw1988 liuchengyan c0010 hdfirewall gayhub-blackerie leoonzhang skskevin microvorld lanceyan123 kilomaster eniac888 benhe119 the8robot longfeide2008 kingnoctis yyanyi213 safecat2018 muyuxx c0d1007 heroanswer underwood12 sagar-jangam limkokholefork broken5 hatjwe conanjun rassec slowmistio explore-c n1f2c3 iw00tr00t webvul ir-st javalangclass 5l1v3r1 smithjat ibey0nd fifee test2504 skybulk uuic baozhazhizi xianyu403 yukar1z0e 303donatello neelakandan-a kkiinnggwweenn k79holm pafh99 exi1sh0w wule108 gkfnf youki992 leiloumou scopion striveben asiaforest t1ger7 earlys whoiszzr shellsec dk47os3r jsdysq want2live233 jeffylapter newbeginning6 halftion haka110 xxcrashnburnxx dkstar111 unchihuoguo guliang123 4o4ntfd souno-io emadshanab

some_pocsuite's Issues

CVE-2019-2725

Hi,

Finally a real PoC for CVE-2019-2725, thank you for sharing! I was wondering if you could add support for the gadget "org.slf4j.ext.EventData" and "com.sun.rowset.JdbcRowSetImpl" since those would support more versions of WebLogic. The "oracle.toplink.internal.sessions.UnitOfWorkChangeSet" only targets WebLogic 10.* version.

Let me know if you need more technical details on those, I've been on that for couple of days.

Thanks.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.