Merge pull request #41 from knownsec/dev

合并dev, 更新版本号

README.md

@@ -4,7 +4,7 @@
 | .-. | .-. | .--(  .-'|  ||  ,--'-.  .-| .-. :
 | '-' ' '-' \ `--.-'  `'  ''  |  | |  | \   --.
 |  |-' `---' `---`----' `----'`--' `--'  `----'
-`--'                                   sebug.net
+`--'                                   seebug.org
 
 ```
 Pocsuite 使用帮助文档
@@ -30,7 +30,7 @@ Pocsuite 是知道创宇安全研究团队打造的一款基于漏洞与 PoC 的
 
 在获取到相关漏洞详情后，任何有一定 Python 开发基础的人都可以基于 Pocsuite 开发出对应漏洞的 PoC 或者 Exp ，轻而易举的就可以直接使用 Pocsuite 进行相关的验证和调用，而无需考虑底层代码架构等。
 
-在 Sebug 重新改版上线之际，知道创宇安全研究团队正式对外开放 Pocsuite 框架，任何安全研究人员都可以基于 Pocsuite 进行 PoC 或者 Exp 的开发，同时也可以加入 Sebug 漏洞社区，为 Pocsuite 提供贡献或者贡献相关的 PoC。
+在 Seebug 重新改版上线之际，知道创宇安全研究团队正式对外开放 Pocsuite 框架，任何安全研究人员都可以基于 Pocsuite 进行 PoC 或者 Exp 的开发，同时也可以加入 Seebug 漏洞社区，为 Pocsuite 提供贡献或者贡献相关的 PoC。
 
 
 <h2 id="install">安装</h2>
@@ -260,5 +260,5 @@ PoC 支持 Python 和 JSON 两种格式，详情参见[PoC 编写规范](./docs/
 
 <h2 id="links">相关链接</h2>
 
-* Sebug [http://sebug.net](http://sebug.net)
-* 知道创宇 [http://www.knownsec.com](http://sebug.net)
+* Seebug [http://seebug.org](http://seebug.org)
+* 知道创宇 [http://www.knownsec.com](http://seebug.org)

docs/CHANGLOG.md

@@ -1,17 +1,26 @@
-#####1. 修改入口函数 -\-headers 的 help 信息, 表述更清晰.
+##### 1. 修改入口函数 -\-headers 的 help 信息, 表述更清晰.
 
-#####2. 增加运行结束后的计数, 成功多少, 总共多少.
+##### 2. 增加运行结束后的计数, 成功多少, 总共多少.
 
-#####3. 入口函数增加 -\-retry, 超时重试次数, 重试途中有成功则不继续重试.
+##### 3. 入口函数增加 -\-retry, 超时重试次数, 重试途中有成功则不继续重试.
 
-#####4. 增加 IO 操作 api
+##### 4. 增加 IO 操作 api
 
-#####5. 增加自定义参数 extra_params 获取 api, 修复字符串转 python 内置类型时产生的错误.
+##### 5. 增加自定义参数 extra_params 获取 api, 修复字符串转 python 内置类型时产生的错误.
 
-#####6. 增加每个现成两个请求直接的delay, 毫秒计.
+##### 6. 增加每个现成两个请求直接的delay, 毫秒计.
 
-#####7. 完善入口参数 url 格式, 支持多个 url 用逗号分隔, 和 c 段的 /24 形式
+##### 7. 完善入口参数 url 格式, 支持多个 url 用逗号分隔, 和 c 段的 /24 形式
 
-#####8. 增加从 urllib2 - opener 获取 headers 的 api
+##### 8. 增加从 urllib2 - opener 获取 headers 的 api
 
-#####9. 增加 report 的显示条目, 对于 verify 也增加 report 的 detail 内容
+##### 9. 增加 report 的显示条目, 对于 verify 也增加 report 的 detail 内容
+
+---
+
+### 需要增加测试的位置:
+```
+1. /24 处, -u 提供的 /24, 和 -f 文件里的 /24
+2. load 文件夹处
+3. url 的逗号分隔处
+```

docs/COPYING

@@ -1,15 +1,15 @@
 COPYING -- Describes the terms under which pocsuite is distributed. A copy
 of the GNU General Public License (GPL) is appended to this file.
 
-pocsuite is (C) 2014-2015 pocsuite@sebug.net
+pocsuite is (C) 2014-2015 pocsuite@seebug.org
 
 This program is free software; you may redistribute and/or modify it under
 the terms of the GNU General Public License as published by the Free
 Software Foundation; Version 2 (or later) with the clarifications and
 exceptions described below. This guarantees your right to use, modify, and
 redistribute this software under certain conditions. If you wish to embed
 pocsuite technology into proprietary software, we sell alternative licenses
-(contact pocsuite@sebug.net).
+(contact pocsuite@seebug.org).
 
 
 ****************************************************************************

docs/POCAPI.md

@@ -4,7 +4,7 @@
 | .-. | .-. | .--(  .-'|  ||  ,--'-.  .-| .-. : 
 | '-' ' '-' \ `--.-'  `'  ''  |  | |  | \   --. 
 |  |-' `---' `---`----' `----'`--' `--'  `----'  
-`--'                                   sebug.net
+`--'                                   seebug.org
 
 ```
 PoC 编写说明文档
@@ -279,7 +279,7 @@ json 格式的 PoC 类似于完形填空,只需要填写相应的字段的值即
 
 <h3 id="pyexample">PoC py代码示例</h3>
 
-[Drupal 7.x /includes/database/database.inc SQL注入漏洞](http://www.sebug.net/vuldb/ssvid-88927) PoC:
+[Drupal 7.x /includes/database/database.inc SQL注入漏洞](http://www.seebug.org/vuldb/ssvid-88927) PoC:
 ```
 #!/usr/bin/env python
 # coding: utf-8
@@ -373,9 +373,9 @@ register(TestPOC)
 ```
 
 <h3 id="jsonexample">PoC json代码示例</h3>
-[phpcms_2008_/ads/include/ads_place.class.php_sql注入漏洞](http://www.sebug.net/vuldb/ssvid-62274) PoC:
+[phpcms_2008_/ads/include/ads_place.class.php_sql注入漏洞](http://www.seebug.org/vuldb/ssvid-62274) PoC:
 
-由于json不支持注释,所以具体字段意义请参考上文，涉及到的靶场请自行根据Sebug漏洞详情搭建。
+由于json不支持注释,所以具体字段意义请参考上文，涉及到的靶场请自行根据Seebug漏洞详情搭建。
 
 ```
 {
@@ -389,7 +389,7 @@ register(TestPOC)
         "protocol": "http",
         "vulType": "SQL Injection",
         "author": "Medici.Yan",
-        "references": ["http://www.sebug.net/vuldb/ssvid-62274"],
+        "references": ["http://www.seebug.org/vuldb/ssvid-62274"],
         "appName": "phpcms",
         "appVersion" : "2008",
         "appPowerLink":"http://www.phpcms.cn",
@@ -576,7 +576,7 @@ result：[
 
 </table>
 
-也可以参见[漏洞类型规范](http://sebug.net/category)
+也可以参见[漏洞类型规范](http://seebug.org/category)
 
 
 <h3 id="webshell">WebShell类</h3>

docs/THANKS.md

@@ -18,3 +18,6 @@ phithon <root(at)leavesongs.com>
 
 GurdZain
 * for contributing a minor patch
+
+1ookup < 377101099(at)qq.com>
+* for contributing a minor patch

pcs-attack.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 import re

pcs-console.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 import re

pcs-verify.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 import re

pocsuite.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 import re

pocsuite/__init__.py

@@ -2,14 +2,13 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 
 __title__ = 'pocsuite'
-__version__ = '1.0.0dev16'
-__author__ = 'sebug.net'
+__version__ = '1.1.0'
+__author__ = 'seebug.org'
 __author_email__ = '[email protected]'
 __license__ = 'GPL 2.0'
 __copyright__ = 'Copyright 2015 Knownsec'
-

pocsuite/api/missile.py

@@ -2,22 +2,33 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 
 from pocsuite.lib.core.data import kb
 from pocsuite.pocsuite_cli import pcsInit
 from pocsuite.lib.core.common import banner
 from pocsuite.lib.core.settings import PCS_OPTIONS
-from pocsuite.lib.settings import HTTP_DEFAULT_HEADER
 
 
 class Missile():
+
     def __init__(self, target, missile_info={}):
         if not missile_info["pocname"].endswith(".py"):
             missile_info["pocname"] += ".py"
-        PCS_OPTIONS.update(missile_info)
+        PCS_OPTIONS.update({
+            "url": target,
+            "host": "",
+            "pocFile": missile_info["pocstring"],
+            "isPocString": True,
+            "pocname": missile_info["pocname"],
+            "headers": "",
+            "extra_params": "",
+            "mode": missile_info["mode"],
+            "retry": False,
+            "delay": 0
+        })
 
     def run(self):
         pcsInit(PCS_OPTIONS)

pocsuite/api/poc.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 

pocsuite/api/request.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 

pocsuite/api/utils.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 

pocsuite/api/webshell.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 

pocsuite/lib/__init__.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 

pocsuite/lib/controller/__init__.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 

pocsuite/lib/controller/check.py

@@ -2,53 +2,86 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """
 
+import re
+from pocsuite.lib.core.data import kb
+from pocsuite.lib.core.data import conf
 from pocsuite.lib.core.data import logger
 from pocsuite.lib.core.enums import CUSTOM_LOGGING
 from pocsuite.lib.core.settings import POC_ATTRS
+from pocsuite.lib.core.settings import POC_REQUIRES_REGEX
 from pocsuite.lib.core.settings import OLD_VERSION_CHARACTER
-from pocsuite.lib.core.data import kb
+
+
+def requiresCheck():
+    if not conf.requires:
+        return
+
+    requires_regex = re.compile(POC_REQUIRES_REGEX)
+    install_requires = []
+    for _, poc in kb.pocs.items():
+        try:
+            requires = requires_regex.search(poc).group(1)
+            install_requires += [require[1:-1] for require in requires.split(",")]
+        except Exception, ex:
+            pass
+
+    infoMsg = "install_requires:\n" + "\n".join(install_requires)
+    logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)
 
 
 def pocViolation():
     violation = False
-    for pocname, pocInstance in kb.registeredPocs.items():
+    if conf.requiresFreeze:
+        install_requires = []
+        for pocName, pocInstance in kb.registeredPocs.items():
+            if isinstance(pocInstance, dict):
+                continue
+            requires = getRequires(pocName, pocInstance)
+            if not requires:
+                continue
+            install_requires += list(requires)
+        infoMsg = "install_requires:\n" + "\n".join(install_requires)
+        logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)
+        return
+
+    for pocName, pocInstance in kb.registeredPocs.items():
         if isinstance(pocInstance, dict):
-            violation = checkJsonInfo(pocname, pocInstance)
+            violation = checkJsonInfo(pocName, pocInstance)
         else:
-            violation = checkPocInfo(pocname, pocInstance)
+            violation = checkPocInfo(pocName, pocInstance)
     return violation
 
 
-def checkJsonInfo(pocname, pocInstance):
+def checkJsonInfo(pocName, pocInstance):
     infos = []
-    infoMsg = "checking %s" % pocname
+    infoMsg = "checking %s" % pocName
     logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)
     if 'pocInfo' in pocInstance:
         for attr in POC_ATTRS:
             if attr in pocInstance['pocInfo'] and pocInstance['pocInfo'].get(attr):
                 continue
             infos.append(attr)
         if infos:
-            warnMsg = "missing %s in %s" % (infos, pocname)
+            warnMsg = "missing %s in %s" % (infos, pocName)
             logger.log(CUSTOM_LOGGING.WARNING, warnMsg)
             return False
         return True
 
 
-def checkPocInfo(pocname, pocInstance):
+def checkPocInfo(pocName, pocInstance):
     infos = []
-    infoMsg = "checking %s" % pocname
+    infoMsg = "checking %s" % pocName
     logger.log(CUSTOM_LOGGING.SYSINFO, infoMsg)
     for attr in POC_ATTRS:
         if hasattr(pocInstance, attr) and getattr(pocInstance, attr):
             continue
         infos.append(attr)
     if infos:
-        warnMsg = "missing %s in %s" % (infos, pocname)
+        warnMsg = "missing %s in %s" % (infos, pocName)
         logger.log(CUSTOM_LOGGING.WARNING, warnMsg)
         return False
     return True
@@ -59,3 +92,8 @@ def isOldVersionPoc(poc):
         if _ not in poc:
             return False
     return True
+
+
+def getRequires(pocName, pocInstance):
+    if hasattr(pocInstance, "install_requires"):
+        return getattr(pocInstance, "install_requires")

pocsuite/lib/controller/controller.py

@@ -2,7 +2,7 @@
 # -*- coding: utf-8 -*-
 
 """
-Copyright (c) 2014-2015 pocsuite developers (http://sebug.net)
+Copyright (c) 2014-2015 pocsuite developers (http://seebug.org)
 See the file 'docs/COPYING' for copying permission
 """