Coder Social home page Coder Social logo

jweny / pocassist Goto Github PK

View Code? Open in Web Editor NEW
1.4K 28.0 246.0 42.92 MB

傻瓜式漏洞PoC测试框架

Home Page: https://pocassist.jweny.top/

License: Apache License 2.0

Go 97.65% HTML 1.25% JavaScript 1.10%
poc penetration-testing-poc vulnerability vulnerability-scanners security-tools security cve pocassist

pocassist's Introduction

Welcome Here

  • 🔭 this is jweny
  • 👻 web security reseacher & developer

GitHub Stats

pocassist's People

Contributors

chris-ju avatar ibreaker avatar jweny avatar moond4rk avatar testwill avatar zuoyou0 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

kaka77 mortals-tx lekkoo douglas88 j5s crackercat harry1080 popmedd org-mars d2550 zring101 ryuzusunc conanjun 5l1v3r1 k0bee ne0ke718 zerone0x01 thinks520 thomasking2014 leeasina lcamry rgzn-aiyun safebaseline ershu1 ztohacker thinkergod daboquan hcjcn joker2333 jeromeyoung austfish deepwebhacker shackle-he kosakd gysf666 yizhimanpadewoniu dk47os3r uuuunotfound traxsw loveshell fnmsd mxm-tools chennqqi darkkid0 1u0hun samy1937 dskho securitycomplicance nszy007 xiaoaliha qingyun00 wule108 afwu wisejayer wha000tif istoliving boluoha cyhellolab fooxi myblackmanba kenuosec 360850826 murkuo sobinge hackdou re-expoc rockmelodies ibreaker redwifiteam bollwarm jaie0801 fhgzs aqimmm medasz gitttttbottttt sesyi ta0ing techris45 xuehua312741499 chris-ju immortal-autumn mazhazi wivd agilesecurity adnama55 showsmall iotsecty a08030605 xsec-team gh-jy test2504 cronos996 yinhui1150 p611148aadsl ssdtielyb24gtwfu keac j0hn30n izj007 avgirl plumsoup

pocassist's Issues

提议!

既然是一个漏洞测试框架,我想能不能实现一个提供go包给使用者使用,就是单独把漏洞测试的部分开放一个接口,供使用者导入到自己的go程序中,这样会更加方便,且有益于漏洞库的生态更新

设置代理后,扫描结果不同

哈喽,我这边在测试sonar-cve-2020-27896漏洞。
不设置代理,返回包有乱码,系统扫描判断为“不存在漏洞”;而设置代理后,返回包数据正常,系统扫描判断为“存在漏洞”。是不是代表可能存在“设置代理会影响扫描结果”的情况?

PS:直接使用浏览器访问时,返回数据正常,sonar是存在漏洞的。

POC优化建议

建议增加POC批评导入和导出的功能,便于POC文件增补;

POST存在换行和发包速率问题

application/x-www-form-urlencoded格式的POST数据,有换行的情况,需要strings.Replace(postdata, "\n", "\r\n", -1),否则发包不完整。
rate.NewLimiter()函数设置值有问题,第一个值应为MaxQps,第二个为瞬间并发数值。

Release 1.0.5 or 1.0.4?

发布版本是 Release 1.0.5
实际下载[pocassist_darwin_amd64.zip ,解压后运行发现提示版本是
1.0.4,是忘记修改了?

任务卡在running状态

1、创建任务
2、选择自定义多个规则,选定多个weblogic相关poc
3、导入url列表文件,几百个左右的测试url
4、开始任务

这样开始任务后所有任务都会卡在running状态,但是流量监控中并没有出入站流量。

导入规则后,提示成功,但规则没有增加

导入yaml规则后,提示上传成功,但实际没有成功写入库中,举个例子
poc-yaml-aspcms-id-sqli.yml
name: poc-yaml-aspcms-id-sqli manual: true transport: http rules: r0: request: method: GET path: /plug/comment/commentList.asp?id=-1%20unmasterion%20semasterlect%20top%201%20UserID,GroupID,LoginName,Password,now(),null,1%20%20frmasterom%20{prefix}user follow_redirects: true expression: response.status == 200 && response.body.bcontains(bytes((string("line1"))))&&response.body.bcontains(bytes((string("line2")))) expression: r0() detail: author: xiao1hu links: - https://www.yuque.com/peiqiwiki/peiqi-poc-wiki/bg59x4 Affected Version: ASPCMS

【功能优化建议】

  1. POC模板能否支持 变量+raw模式(nuclei)
  2. 支持nuclei插件(已经有issues, 强烈支持哈哈)
  3. 漏洞描述,影响组件可以和并到一个模板页面,然后POC编辑可以放为单独页面
  4. 任务列表提交任务后,可以将任务划分到一个组,要不然删除的时候太多了,还有就是没有继续扫描,重新扫描等功能
  5. 程序启动Banner,可以提醒下初始默认的账号密码(简单且有丢丢用)

仅为建议,择优采纳

优化建议

优化建议
建议提升加载文件速度 测试了许多次 大约都在500条url或者1000条ip以上 导入txt都会卡死 服务器16g的内存直接满 也不算卡死 只能说 页面卡着不动。但是添加完之后 运行主程序的cmd会一直抛出报错的问题 并不会扫描

请给点排错建议

linux部署出现问题,报错:cannot execute binary file,root登录,文件chmod 777,部署Linux64包,机器环境centos7.4 ,数据库用宝塔搭建,目前无法排错,希望给点建议;Windows本机 部署,没问题。

关于script规则

师傅您好,我想问下关于这个script的缺陷有修复吗,或者有啥思路可以分享一下吗

功能建议

建议添加批量删除任务与扫描结果

优化建议

1、批量删除不存在漏洞的结果
2、存在漏洞结果支持批量导出

对于大量的poc请求导致服务的饱和从而出现timeout的现象

发现一个问题,单个运行POC可以扫出漏洞,如果运行所有的POC,能扫出漏洞的那个poc会出现
{"level":"error","time":"2022-04-20 14:56:28.136","linenum":"/root/croto/poc/rule/controller.go:173","msg":",POC: poc-yaml-Disclosure_dsStore [rule/controller.go: DoSingleRuleRequest error] dialing to the given TCP address timed out"}
猜测是
// Warning: DoTimeout does not terminate the request itself. The request will
// continue in the background and the response will be discarded.
// If requests take too long and the connection pool gets filled up please
// try using a Client and setting a ReadTimeout.
可是设置了ReadTimeout 还是会出现问题
不得其解???

小部分poc报错no such host问题原因

controller.go中DoSingleRuleRequest函数有点问题,fixedFastReq.URI().Update(curPath)这里执行之后应该是丢掉了host头,我这里测试都是丢掉了然后报错no such host,需要手动fixedFastReq.URI().SetHost(curHost),不知道为什么你程序大部分都能正常发包而只有小部分POC才会报错。

优化建议

批量扫描后发现漏洞不直观,建议增加保存结果功能

优化建议

  • 移除https://github.com/jweny/pocassist/blob/master/pic.assets/.DS_Store;
  • 添加完整nginx参考配置文件;
  • 优化web使用体验,如登录之后页面空白,需刷新,添加poc和漏洞说明完成后页面自动关闭;
  • 添加docker自动化部署;
  • 添加poc的表达式 expression添加选择功能或添加帮助信息;
  • 数据库密码加密存储;
  • 增加重置管理员密码的功能。

加载 thinkphp 5.* 插件报错

报错信息:

2021/10/06 18:33:10 [Recovery] 2021/10/06 - 18:33:10 panic recovered:
runtime error: invalid memory address or nil pointer dereference
/usr/local/go/src/runtime/panic.go:221 (0x4516c6)
panicmem: panic(memoryError)
/usr/local/go/src/runtime/signal_unix.go:735 (0x451696)
sigpanic: panicmem()
/home/myh0st/tools/pocassist/api/routers/v1/scan/scan/scan.go:206 (0xc48573)
List: c.JSON(msg.ErrResp("插件加载失败" + err.Error()))
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/context.go:165 (0x9f175e)
(*Context).Next: c.handlersc.index
/home/myh0st/tools/pocassist/api/middleware/jwt/jwt.go:47 (0x9f15d3)
JWT.func1: c.Next()
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/context.go:165 (0x8b4981)
(*Context).Next: c.handlersc.index
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/recovery.go:99 (0x8b496c)
CustomRecoveryWithWriter.func1: c.Next()
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/context.go:165 (0x8b3be6)
(*Context).Next: c.handlersc.index
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/logger.go:241 (0x8b3bc9)
LoggerWithConfig.func1: c.Next()
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/context.go:165 (0x8b311d)
(*Context).Next: c.handlersc.index
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/gin.go:489 (0x8b2da5)
(*Engine).handleHTTPRequest: c.Next()
/root/go/pkg/mod/github.com/gin-gonic/[email protected]/gin.go:445 (0x8b2904)
(*Engine).ServeHTTP: engine.handleHTTPRequest(c)
/usr/local/go/src/net/http/server.go:2878 (0x6a255a)
serverHandler.ServeHTTP: handler.ServeHTTP(rw, req)
/usr/local/go/src/net/http/server.go:1929 (0x69dc07)
(*conn).serve: serverHandler{c.server}.ServeHTTP(w, w.req)
/usr/local/go/src/runtime/asm_amd64.s:1581 (0x46c0c0)
goexit: BYTE $0x90 // NOP

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.