pocsuite(1)
open-sourced remote vulnerability testing framework.
Description
POCSUITE
NAME
pocsuite3 - open-sourced remote vulnerability testing framework.
Legal Disclaimer
Usage of pocsuite3 for attacking targets without prior mutual consent is illegal. pocsuite3 is for security testing purposes only.
SYNOPSIS
pocsuite
-h[elp]
pocsuite [options]
DESCRIPTION
pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many nice features for the ultimate penetration testers and security researchers.
OPTIONS
optional arguments:
-h, --help
show this help message and exit
--version
Show program’s version number and exit
--update
Update Pocsuite3
-n, --new
Create a PoC template
-v {0,1,2,3,4,5,6}
Verbosity level: 0-6 (default 1)
Target:
At least one of these options has to be provided to define the target(s)
-u URL [URL ...], --url URL [URL ...]
Target URL/CIDR (e.g. "http://www.site.com/vuln.php?id=1")
-f URL_FILE, --file URL_FILE
Scan multiple targets given in a textual file (one per line)
-p PORTS, --ports PORTS
add additional port to each target (e.g. 8080,8443)
-r POC [POC ...]
Load POC file from local or remote from seebug website
-k POC_KEYWORD
Filter PoC by keyword, e.g. ecshop
-c CONFIGFILE
Load options from a configuration INI file
Mode:
Pocsuite running mode options
--verify
Run poc with verify mode
--attack
Run poc with attack mode
--shell
Run poc with shell mode
Request:
Network request options
--cookie COOKIE
HTTP Cookie header value
--host HOST
HTTP Host header value
--referer REFERER
HTTP Referer header value
--user-agent AGENT
HTTP User-Agent header value (default random)
--proxy PROXY
Use a proxy to connect to the target URL (protocol://host:port)
--proxy-cred PROXY_CRED
Proxy authentication credentials (name:password)
--timeout TIMEOUT
Seconds to wait before timeout connection (default 10)
--retry RETRY
Time out retrials times (default 0)
--delay DELAY
Delay between two request of one thread
--headers HEADERS
Extra headers (e.g. "key1: value1\nkey2: value2")
Account:
Account options
--ceye-token CEYE_TOKEN
CEye token
--oob-server OOB_SERVER
Interactsh server to use (default "interact.sh")
--oob-token OOB_TOKEN
Authentication token to connect protected interactsh server
--seebug-token SEEBUG_TOKEN
Seebug token
--zoomeye-token ZOOMEYE_TOKEN
ZoomEye token
--shodan-token SHODAN_TOKEN
Shodan token
--fofa-user FOFA_USER
fofa user
--fofa-token FOFA_TOKEN
fofa token
--quake-token QUAKE_TOKEN
quake token
--hunter-token HUNTER_TOKEN
hunter token
--censys-uid CENSYS_UID
Censys uid
--censys-secret CENSYS_SECRET
Censys secret
Modules:
Modules options
--dork DORK
Zoomeye dork used for search
--dork-zoomeye DORK_ZOOMEYE
Zoomeye dork used for search
--dork-shodan DORK_SHODAN
Shodan dork used for search
--dork-fofa DORK_FOFA
Fofa dork used for search
--dork-quake DORK_QUAKE
Quake dork used for search
--dork-hunter DORK_HUNTER
Hunter dork used for search
--dork-censys DORK_CENSYS
Censys dork used for search
--max-page MAX_PAGE
Max page used in search API
--search-type SEARCH_TYPE
search type used in search API, web or host
--vul-keyword VUL_KEYWORD
Seebug keyword used for search
--ssv-id SSVID
Seebug SSVID number for target PoC
--lhost CONNECT_BACK_HOST
Connect back host for target PoC in shell mode
--lport CONNECT_BACK_PORT
Connect back port for target PoC in shell mode
|
--tls |
Enable TLS listener in shell mode |
--comparison
Compare popular web search engines
--dork-b64
Whether dork is in base64 format
Optimization:
Optimization options
-o OUTPUT_PATH, --output OUTPUT_PATH
Output file to write (JSON Lines format)
--plugins PLUGINS
Load plugins to execute
--pocs-path POCS_PATH
User defined poc scripts path
--threads THREADS
Max number of concurrent network requests (default 150)
--batch BATCH
Automatically choose defalut choice without asking
--requires
Check install_requires
--quiet
Activate quiet mode, working without logger
|
--ppt |
Hiden sensitive information when published to the network |
--pcap
use scapy capture flow
--rule
export rules, default export request and response
--rule-req
only export request rule
--rule-filename RULE_FILENAME
Specify the name of the export rule file
Poc options:
definition options for PoC
--options
Show all definition options
EXAMPLES
Run poc with verify mode, poc will be only used for vulnerability scanning.
% pocsuite -r poc_example.py -u http://example.com/ --verify
Run poc with attack mode, and it may allow hackers/researchers break into labs.
% pocsuite -r poc_example.py -u http://example.com/ --attack
Run poc with shell mode, if executed successfully, pocsuite will drop into interactive shell.
% pocsuite -r poc_example.py -u http://example.com/ --shell
Using multiple threads, the default number of threads is 150.
% pocsuite -r poc_example.py -u http://example.com/ --verify --threads 20
Scan multiple targets given in a textual file.
% pocsuite -r poc_example.py -f url.txt --verify
SEE ALSO
The full
documentation for pocsuite3 is maintained at:
https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md
VERSION
This manual page documents pocsuite3 version 1.9.6
AUTHOR
(c) 2014-2022 by
Knownsec 404 Team
<404-team@knownsec.com>
This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2 with the clarifications and exceptions described below. This guarantees your right to use, modify, and redistribute this software under certain conditions. If you wish to embed pocsuite3 technology into proprietary software, we sell alternative licenses (contact 404-team@knownsec.com).
Manual page started by Tian Qiao <abcnsxyz@gmail.com>