pocassist
pocassist copied to clipboard
jweny
傻瓜式漏洞PoC测试框架
application/x-www-form-urlencoded格式的POST数据,有换行的情况,需要strings.Replace(postdata, "\n", "\r\n", -1),否则发包不完整。 rate.NewLimiter()函数设置值有问题,第一个值应为MaxQps,第二个为瞬间并发数值。
controller.go中DoSingleRuleRequest函数有点问题,fixedFastReq.URI().Update(curPath)这里执行之后应该是丢掉了host头,我这里测试都是丢掉了然后报错no such host,需要手动fixedFastReq.URI().SetHost(curHost),不知道为什么你程序大部分都能正常发包而只有小部分POC才会报错。
reverse.go中GetReverseResp函数没有考虑ceye响应503状态,导致503时返回true,尤其批量扫描时非常容易误报。
发现一个问题,单个运行POC可以扫出漏洞,如果运行所有的POC,能扫出漏洞的那个poc会出现 {"level":"error","time":"2022-04-20 14:56:28.136","linenum":"/root/croto/poc/rule/controller.go:173","msg":",POC: poc-yaml-Disclosure_dsStore [rule/controller.go: DoSingleRuleRequest error] dialing to the given TCP address timed out"} 猜测是 // Warning: DoTimeout does not terminate the request itself. The request will // continue...
导入yaml规则后,提示上传成功,但实际没有成功写入库中,举个例子 poc-yaml-aspcms-id-sqli.yml `name: poc-yaml-aspcms-id-sqli manual: true transport: http rules: r0: request: method: GET path: /plug/comment/commentList.asp?id=-1%20unmasterion%20semasterlect%20top%201%20UserID,GroupID,LoginName,Password,now(),null,1%20%20frmasterom%20{prefix}user follow_redirects: true expression: response.status == 200 && response.body.bcontains(bytes((string("line1"))))&&response.body.bcontains(bytes((string("line2")))) expression: r0() detail: author: xiao1hu links: -...
发布版本是 Release 1.0.5 实际下载[pocassist_darwin_amd64.zip ,解压后运行发现提示版本是 1.0.4,是忘记修改了?
db.Setup err: pocassist.db not exist, download at https://gi thub.com/jweny/pocassistdb/releases
