├── .gitignore ├── CHANGELOG.md ├── README.md ├── package.json └── src ├── assets └── pocsuite3-logo.png └── extension.js /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## 0.1.0 - 3/4/2021 2 | goby pocsuite3 插件的第一个版本 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # pocsuite3-goby: 远程漏洞测试框架 2 | 3 | ## 0x01 部署 pocsuite3 4 | 还请按照本文档的方式来部署 pocsuite3,避免出现不必要的环境问题 5 | 6 | ```bash 7 | # 直接使用pip安装 8 | pip3 install pocsuite3 9 | # 随后可以使用pip命令查看包的安装位置来放置插件 10 | pip show pocsuite3 11 | # poc批量检测使用的是如下命令 12 | # 加载poc目录下所有poc,并将结果保存为html 13 | pocsuite -u http://example.com --plugins poc_from_pocs,html_report 14 | ``` 15 | 16 | PS: 17 | ```bash 18 | # kali linux 上面安装 pocsuite3 19 | sudo apt update && sudo apt install python3-pip 20 | sudo su # 切换进入root权限 21 | pip install pocsuite3 22 | ``` 23 | 24 | 插件目前在 Windows, macOS 和 Kali Linux 通过了测试 25 | 26 | ## 0x02 pocsuite3 插件 27 | 刚开始进入的话你可以在插件设置里面配置一下`pocsuite`的命令执行路径。 28 | PS: 29 | ```bash 30 | # 对于 macOS 和 Kali Linux不知道pocsuite路径的可以执行如下命令进行查看 31 | which pocsuite 32 | # 对于 Windows 不知道pocsuite路径的可以执行如下命令进行查看 33 | Get-Command pocsuite 34 | ``` 35 | ![image](https://i.loli.net/2021/03/04/rfEcACXBdQsN9ZJ.png) 36 | 37 | 38 | 插件接口在两个地方,一个是在goby的右侧任务栏的"Web检测"中 39 | ![image](https://i.loli.net/2021/03/04/U1rupONxs4dehtW.png) 40 | 另外一个是点击对应资产的IP查看各个接口详情的是时候 41 | ![image](https://i.loli.net/2021/03/04/dWiJNuVf5eXUb93.png) 42 | 43 | 点击 pocsuite 便可进行扫描,再次点击查看扫描结果,目前插件版本 0.1.0 ,对应的 html 格式的结果pocsuite会输出到指定的目录,扫描完成界面上会有显示 44 | ![image](https://i.loli.net/2021/03/04/dRqHpQbiMUjEJse.png) 45 | ![image](https://i.loli.net/2021/03/04/PWK8rx2YLwoBmbQ.png) 46 | 47 | ## 0x03 功能建议或 bug 反馈 48 | goby pocsuite3 插件建议和反馈请前往 [https://github.com/zer0yu/pocsuite3-goby/issues](https://github.com/zer0yu/pocsuite3-goby/issues) 49 | pocsuite3 建议和反馈请前往 [https://github.com/knownsec/pocsuite3/issues](https://github.com/knownsec/pocsuite3/issues) 50 | 51 | ## 0x04 后续开发计划 52 | - [ ] 漏洞利用功能 53 | - [ ] 指定poc检测 54 | - [ ] 指定插件扫描 55 | 56 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "pocsuite3", 3 | "publisher": "z3r0yu", 4 | "description": "pocsuite3 - 远程漏洞测试框架", 5 | "version": "0.1.0", 6 | "icon": "./src/assets/pocsuite3-logo.png", 7 | "engines": "1.8.230", 8 | "initEvents": "", 9 | "main": "./src/extension.js", 10 | "contributes": { 11 | "configuration": { 12 | "pocsuite_location": { 13 | "type": "string", 14 | "default": "/usr/local/bin/pocsuite", 15 | "description": "[INPUT] Plz input pocsuite command path (like:/Users/zeroyu/anaconda3/bin/pocsuite)", 16 | "fromDialog": true 17 | } 18 | }, 19 | "views": { 20 | "ipDetail": { 21 | "bannerTop": [ 22 | { 23 | "command": "poc_scan", 24 | "title": "pocsuite", 25 | "icon": "./src/assets/pocsuite3-logo.png" 26 | } 27 | ] 28 | }, 29 | "webfinder": [ 30 | { 31 | "command": "poc_scan", 32 | "icon": "./src/assets/pocsuite3-logo.png", 33 | "title": "pocsuite" 34 | } 35 | ] 36 | } 37 | }, 38 | "scripts": {}, 39 | "devDependencies": {}, 40 | "dependencies": {} 41 | } 42 | -------------------------------------------------------------------------------- /src/assets/pocsuite3-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/zer0yu/pocsuite3-goby/f6c204449010d21362985e4607298fe419bfceb9/src/assets/pocsuite3-logo.png -------------------------------------------------------------------------------- /src/extension.js: -------------------------------------------------------------------------------- 1 | const fs = require('fs'); 2 | 3 | function activate (content) { 4 | let config = goby.getConfiguration(); 5 | 6 | goby.registerCommand('poc_scan', function (content) { 7 | 8 | let pocsuite3_path = config["pocsuite_location"]["default"]; 9 | if (fs.existsSync(pocsuite3_path)) { 10 | const lines = fs.readFileSync(pocsuite3_path).toString() 11 | if (lines.includes("pocsuite3")) { 12 | console.log("[INFO] Load pocsuite3 success"); 13 | } else { 14 | goby.showErrorMessage(`[ERROR] pocsuite3 path is error: ${pocsuite3_path}`); 15 | return false; 16 | } 17 | } else { 18 | goby.showErrorMessage(`[ERROR] pocsuite3 path is error: ${pocsuite3_path}`); 19 | return false; 20 | } 21 | 22 | // 获取各个参数 23 | let IP = content.ip; 24 | let Port = content.port; 25 | let targetUrl; 26 | // 判断协议头 27 | if (content.protocol == "https") { 28 | targetUrl = "https://" + content.hostinfo; 29 | } else { 30 | targetUrl = "http://" + content.hostinfo; 31 | } 32 | // 指定扫描任务输出文件21 33 | let taskResult = __dirname + "/result/" + goby.getTaskId() + "_" + IP + "_" + Port + ".txt"; 34 | let requires_install = ""; 35 | // goby.showInformationMessage(taskResult); 36 | // 判断扫描结果以及是否进行扫描 37 | if (fs.existsSync(taskResult)) { 38 | const lines = fs.readFileSync(taskResult).toString() 39 | if (lines.includes("[*] shutting down at")) { 40 | if (lines.includes("[+]")) { 41 | goby.showSuccessMessage(`[VULN] pocsuite scan completed and find vuln!`); 42 | } else if (lines.includes("[ERROR] try install with")){ 43 | requires_install = lines.match(/requires "[\S+]*" to be installed/)[0]; 44 | if (requires_install !== null){ 45 | goby.showWarningMessage(`[ERROR] pocsuite ${requires_install}`); 46 | } else { 47 | goby.showWarningMessage(`[ERROR] Match Error`); 48 | } 49 | } else { 50 | goby.showSuccessMessage(`[INFO] pocsuite scan completed and not find vuln ~`); 51 | } 52 | goby.showIframeDia(taskResult, "[INFO] pocsuite scan result", "900", "520"); 53 | } else { 54 | goby.showWarningMessage(`Scanning: ${targetUrl} not to be done, plz wait~`); 55 | goby.showIframeDia(taskResult, "[INFO] pocsuite scan result", "900", "520"); 56 | } 57 | } else { 58 | goby.showInformationMessage(`[INFO] Running pocsuite to scan: ${targetUrl}`); 59 | // 此时开启vulmap扫描 60 | runPocsuite3(targetUrl,taskResult); 61 | } 62 | }); 63 | 64 | function runPocsuite3(targetUrl,taskResult){ 65 | let child_process = require('child_process'); 66 | let command = config["pocsuite_location"]["default"] + " -u " + targetUrl + " --plugins poc_from_pocs,html_report > " + taskResult; 67 | // goby.showInformationMessage(command); 68 | child_process.exec(command, (error, stdout, stderr) => { 69 | console.log(`stdout: ${stdout}`); 70 | console.log(`stderr: ${stderr}`); 71 | if (error) { 72 | console.error(`[ERROR COMMAND]: ${error}`); 73 | goby.showErrorMessage(`[ERROR COMMAND]: ${error}`); 74 | return; 75 | } else { 76 | // console.log(command) 77 | goby.showInformationMessage(`[TASK CREATE SUCCESS]: WAIT FOR A MOMENT`); 78 | } 79 | }) 80 | } 81 | 82 | } 83 | 84 | 85 | 86 | exports.activate = activate; 87 | --------------------------------------------------------------------------------