Showing posts with label testing_framework. Show all posts
Showing posts with label testing_framework. Show all posts

Tuesday, January 22, 2019

Open-Sourced Remote Vulnerability Testing Framework - Pocsuite

Pocsuite:

                 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team.


It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers.

Features

  • PoC scripts can running with `attack`,`verify`, `shell` mode in different way
  • Plugin ecosystem
  • Dynamic loading PoC script from any where (local file, redis , database, Seebug ...)
  • Load multi-target from any where (CIDR, local file, redis , database, Zoomeye ...)
  • Results can be easily exported
  • Dynamic patch and hook requests
  • Both command line tool and python package import to use
  • IPV6 support
  • Global HTTP/HTTPS/SOCKS proxy support
  • Simple spider API for PoC script to use
  • Integrate with [Seebug](https://www.seebug.org) (for load PoC from Seebug website)
  • Integrate with [ZoomEye](https://www.zoomeye.org) (for load target from ZoomEye `Dork`)
  • Integrate with [Ceye](http://ceye.io/) (for verify blind DNS and HTTP request)
  • More ...

Functions

Vulnerability Testing Framework

Written in Python and supported both validation and exploitation two plugin-invoked modes, Pocsuite could import batch targets from files and test those targets against multiple exploit-plugins in advance.(See "Pocsuite usage"

PoC/Exp Development Kit

Like Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.

Integratable Module

Users could utilize some auxiliary modules packaged in Pocsuite to extend their exploit functions or integrate Pocsuite to develop other vulnerability assesment tools.

Integrated ZoomEye And Seebug APIs

Pocsuite is also an extremely useful tool to integrate Seebug and ZoomEye APIs in a collaborative way. Vulnerablity assessment can be done automatically and effectively by searching targets through ZoomEye and acquiring PoC scripts from Seebug or locally.

Installation

pocsuite3 works out of the box with Python version 3.x on any platform.
You can use Git to clone the latest source code repository

    $ git clone git@github.com:knownsec/pocsuite3.git
 
Or click here to download the latest source zip package, and extract

    $ wget https://github.com/knownsec/pocsuite3/archive/master.zip
    $ unzip master.zip
    $ cd Pocsuite
    $ python cli.py --version
 
 
 
Or use pip

    $ pip install pocsuite
    $ pocsuite --version

More Videos : https://asciinema.org/a/133345

Download / Ref Link :

https://github.com/knownsec/Pocsuite
https://pocsuite.org/index-en.html