Packages and Binaries:

pocsuite3

Pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine, many nice features for the ultimate penetration testers and security researchers.

Installed size: 662 KB
How to install: sudo apt install pocsuite3

Dependencies:
  • binutils
  • nasm
  • python3
  • python3-chardet
  • python3-colorama
  • python3-colorlog
  • python3-fake-factory
  • python3-openssl
  • python3-prettytable
  • python3-pycryptodome
  • python3-requests
  • python3-requests-toolbelt
  • python3-scapy
  • python3-socks
  • python3-termcolor
  • python3-urllib3
poc-console

Console mode of pocsuite3.

root@kali:~# man poc-console
POC-CONSOLE(1)              General Commands Manual              POC-CONSOLE(1)

NAME
       poc-console - console mode of pocsuite3.

Legal Disclaimer
       poc-console  is part of pocsuite3. Usage of pocsuite3 for attacking tar-
       gets without prior mutual consent is illegal.  pocsuite3 is for security
       testing purposes only.

SYNOPSIS
       poc-console

DESCRIPTION
       poc-console is the console mode of pocsuite3.   pocsuite3  is  an  open-
       sourced  remote  vulnerability  testing and proof-of-concept development
       framework developed by the Knownsec 404 Team. It comes with  a  powerful
       proof-of-concept engine, many nice features for the ultimate penetration
       testers and security researchers.

OPTIONS
       poc-console do not have command line options. To see a list of available
       commands, enter help at the console prompt.

SEE ALSO
       The full documentation for pocsuite3 is maintained at:
       https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md

VERSION
       This manual page documents pocsuite3 version 1.9.6

AUTHOR
       (c) 2014-2022 by Knownsec 404 Team
       <[email protected]>

       This program is free software; you may redistribute and/or modify it un-
       der the terms of the GNU General Public License as published by the Free
       Software  Foundation;  Version  2 with the clarifications and exceptions
       described below. This guarantees your right to use, modify,  and  redis-
       tribute  this  software  under  certain conditions. If you wish to embed
       pocsuite3 technology into proprietary software, we sell alternative  li-
       censes (contact [email protected]).

       Manual page started by Tian Qiao <[email protected]>

Manual page for poc-console        July 2022                     POC-CONSOLE(1)

pocsuite

Open-sourced remote vulnerability testing framework.

root@kali:~# pocsuite -h

,------.                        ,--. ,--.       ,----.   {1.9.6-a78da6b}
|  .--. ',---. ,---.,---.,--.,--`--,-'  '-.,---.'.-.  |
|  '--' | .-. | .--(  .-'|  ||  ,--'-.  .-| .-. : .' <
|  | --'' '-' \ `--.-'  `'  ''  |  | |  | \   --/'-'  |
`--'     `---' `---`----' `----'`--' `--'  `----`----'   https://pocsuite.org
usage: pocsuite [options]

options:
  -h, --help            show this help message and exit
  --version             Show program's version number and exit
  --update              Update Pocsuite3
  -n, --new             Create a PoC template
  -v {0,1,2,3,4,5,6}    Verbosity level: 0-6 (default 1)

Target:
  At least one of these options has to be provided to define the target(s)

  -u URL [URL ...], --url URL [URL ...]
                        Target URL/CIDR (e.g.
                        "http://www.site.com/vuln.php?id=1")
  -f URL_FILE, --file URL_FILE
                        Scan multiple targets given in a textual file (one per
                        line)
  -p PORTS, --ports PORTS
                        add additional port to each target (e.g. 8080,8443)
  -r POC [POC ...]      Load PoC file from local or remote from seebug website
  -k POC_KEYWORD        Filter PoC by keyword, e.g. ecshop
  -c CONFIGFILE         Load options from a configuration INI file

Mode:
  Pocsuite running mode options

  --verify              Run poc with verify mode
  --attack              Run poc with attack mode
  --shell               Run poc with shell mode

Request:
  Network request options

  --cookie COOKIE       HTTP Cookie header value
  --host HOST           HTTP Host header value
  --referer REFERER     HTTP Referer header value
  --user-agent AGENT    HTTP User-Agent header value (default random)
  --proxy PROXY         Use a proxy to connect to the target URL
                        (protocol://host:port)
  --proxy-cred PROXY_CRED
                        Proxy authentication credentials (name:password)
  --timeout TIMEOUT     Seconds to wait before timeout connection (default 10)
  --retry RETRY         Time out retrials times (default 0)
  --delay DELAY         Delay between two request of one thread
  --headers HEADERS     Extra headers (e.g. "key1: value1\nkey2: value2")

Account:
  Account options

  --ceye-token CEYE_TOKEN
                        CEye token
  --oob-server OOB_SERVER
                        Interactsh server to use (default "interact.sh")
  --oob-token OOB_TOKEN
                        Authentication token to connect protected interactsh
                        server
  --seebug-token SEEBUG_TOKEN
                        Seebug token
  --zoomeye-token ZOOMEYE_TOKEN
                        ZoomEye token
  --shodan-token SHODAN_TOKEN
                        Shodan token
  --fofa-user FOFA_USER
                        Fofa user
  --fofa-token FOFA_TOKEN
                        Fofa token
  --quake-token QUAKE_TOKEN
                        Quake token
  --hunter-token HUNTER_TOKEN
                        Hunter token
  --censys-uid CENSYS_UID
                        Censys uid
  --censys-secret CENSYS_SECRET
                        Censys secret

Modules:
  Modules options

  --dork DORK           Zoomeye dork used for search
  --dork-zoomeye DORK_ZOOMEYE
                        Zoomeye dork used for search
  --dork-shodan DORK_SHODAN
                        Shodan dork used for search
  --dork-fofa DORK_FOFA
                        Fofa dork used for search
  --dork-quake DORK_QUAKE
                        Quake dork used for search
  --dork-hunter DORK_HUNTER
                        Hunter dork used for search
  --dork-censys DORK_CENSYS
                        Censys dork used for search
  --max-page MAX_PAGE   Max page used in search API
  --search-type SEARCH_TYPE
                        search type used in search API, web or host
  --vul-keyword VUL_KEYWORD
                        Seebug keyword used for search
  --ssv-id SSVID        Seebug SSVID number for target PoC
  --lhost CONNECT_BACK_HOST
                        Connect back host for target PoC in shell mode
  --lport CONNECT_BACK_PORT
                        Connect back port for target PoC in shell mode
  --tls                 Enable TLS listener in shell mode
  --comparison          Compare popular web search engines
  --dork-b64            Whether dork is in base64 format

Optimization:
  Optimization options

  -o OUTPUT_PATH, --output OUTPUT_PATH
                        Output file to write (JSON Lines format)
  --plugins PLUGINS     Load plugins to execute
  --pocs-path POCS_PATH
                        User defined poc scripts path
  --threads THREADS     Max number of concurrent network requests (default
                        150)
  --batch BATCH         Automatically choose defaut choice without asking
  --requires            Check install_requires
  --quiet               Activate quiet mode, working without logger
  --ppt                 Hiden sensitive information when published to the
                        network
  --pcap                use scapy capture flow
  --rule                export suricata rules, default export reqeust and
                        response
  --rule-req            only export request rule
  --rule-filename RULE_FILENAME
                        Specify the name of the export rule file

Poc options:
  definition options for PoC

  --options             Show all definition options

[*] shutting down at 14:02:20


Updated on: 2024-Aug-14