{"id":13845376,"url":"https://github.com/tr0uble-mAker/POC-bomber","last_synced_at":"2025-07-12T02:31:04.287Z","repository":{"id":37401348,"uuid":"432052287","full_name":"tr0uble-mAker/POC-bomber","owner":"tr0uble-mAker","description":"利用大量高威胁poc/exp快速获取目标权限，用于渗透和红队快速打点","archived":false,"fork":false,"pushed_at":"2023-06-09T13:20:09.000Z","size":53753,"stargazers_count":2274,"open_issues_count":37,"forks_count":379,"subscribers_count":38,"default_branch":"main","last_synced_at":"2024-11-21T06:37:20.853Z","etag":null,"topics":["cve","exp","getshell","poc","poc-bomber","rce","redteam","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tr0uble-mAker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-26T04:21:02.000Z","updated_at":"2024-11-20T18:55:48.000Z","dependencies_parsed_at":"2024-10-01T01:40:31.266Z","dependency_job_id":null,"html_url":"https://github.com/tr0uble-mAker/POC-bomber","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tr0uble-mAker%2FPOC-bomber","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tr0uble-mAker%2FPOC-bomber/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tr0uble-mAker%2FPOC-bomber/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tr0uble-mAker%2FPOC-bomber/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tr0uble-mAker","download_url":"https://codeload.github.com/tr0uble-mAker/POC-bomber/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225784456,"owners_count":17523652,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","exp","getshell","poc","poc-bomber","rce","redteam","vulnerability-scanner"],"created_at":"2024-08-04T17:03:22.124Z","updated_at":"2024-11-21T18:31:27.118Z","avatar_url":"https://github.com/tr0uble-mAker.png","language":"Python","funding_links":[],"categories":["其他_安全与渗透","Python","LLM分析过程"],"sub_categories":["网络服务_其他"],"readme":"# 🔥 POC-bomber\n🦄 **POC bomber 是一款漏洞检测/利用工具，旨在利用大量高危害漏洞的POC/EXP快速获取目标服务器权限**\n                                  \n本项目收集互联网各种危害性大的 RCE · 任意文件上传 · 反序列化 · sql注入 等高危害且能够获取到服务器核心权限的漏洞POC/EXP，并集成在 POC bomber 武器库中，利用大量高危害POC对单个或多个目标进行模糊测试，以此在大量资产中快速获取发现脆弱性目标，获取目标服务器权限。适用场景包括但不仅限于以下:\n1. hvv快速打点\n2. 漏洞资产测绘\n3. 维护个人漏洞扫描器\n\n## 📝 简介\nPOC bomber 的poc支持weblogic，tomcat，apache，jboss，nginx，struct2，thinkphp2x3x5x，spring，redis，jenkins，php语言漏洞，shiro，泛微OA，致远OA，通达OA等易受攻击组件的漏洞检测，支持调用dnslog平台检测无回显的rce(包括log4j2的检测)，支持单个目标检测和批量检测，程序采用高并发线程池，支持自定义导入poc/exp，并能够生成漏洞报告  \nPOC bomber默认使用验证模式进行poc的验证，如返回结果中attack的值为True时，可以加参数(--attack)进入攻击模式直接调用exp进行攻击(需要指定poc文件名)，达到一键getshell\n\n## 😄 红队专版-RedTeam 3.0\nPOC-bomber的 v3.0.0 版本，拥有更快的扫描效率，修复因单个poc造成的卡顿问题和各若干bug，增加彩色输出和进度显示，支持指定poc目录，适合hvv快节奏，增加2022部分已公开漏洞的poc。支持自建dnslog服务器，在配置自己的域名后可以利用pocbomber在vps开启一个dnslog平台，进行部分漏洞dns带外检测。\n\n\n\n## 💻 Screenshots    \n#### 🏆 验证模式\n        python3 pocbomber.py -u http://xxx.xxx\n        \n\n![image](https://github.com/tr0uble-mAker/POC-bomber/assets/71172892/92c7af5b-b9b1-4339-93fb-e7cf96acde1b.png)\n\u003cimg width=\"1079\" alt=\"image\" src=\"https://github.com/tr0uble-mAker/POC-bomber/assets/71172892/c5530be4-d5aa-452b-8c95-11aaabf3a681\"\u003e\n\n![verify模试演示](https://user-images.githubusercontent.com/71172892/148684886-98b0f1ff-76f5-48d3-8d2d-932635392a33.gif)\n\n\n#### ⚡️ 攻击模式\n        python3 pocbomber.py -u http://xxx.xxx --poc=\"thinkphp2_rce.py\" --attack\n        \n\n\u003cimg width=\"1161\" alt=\"image\" src=\"https://github.com/tr0uble-mAker/POC-bomber/assets/71172892/29cd33d1-fb53-4b68-8f4c-5d85b9ce02a4\"\u003e\n\n![image](https://user-images.githubusercontent.com/71172892/148206720-86f77246-301c-481f-a16c-b36047f72d7c.png)\n![attack模式演示](https://user-images.githubusercontent.com/71172892/148684097-67b59320-6758-458d-ac6b-ae219c327924.gif)\n\n\n\n## 🔧 安装\n      git clone https://github.com/tr0uble-mAker/POC-bomber.git            \n      cd POC-bomber\n      pip install -r requirements.txt\n## 🚀 用法      \n        查看用法:     python3 pocbomber.py\n        \n        模式:\n                获取poc/exp信息:   python3 pocbomber.py --show\n                单目标检测:        python3 pocbomber.py -u http://xxx.xxx.xx\n                批量检测:          python3 pocbomber.py -f url.txt -o report.txt \n                指定poc检测:       python3 pocbomber.py -f url.txt --poc=\"thinkphp2_rce.py\"\n                exp攻击模式:       python3 pocbomber.py -u 目标url --poc=\"指定poc文件\" --attack\n        参数:\n                -u  --url      目标url\n                -f  --file     指定目标url文件   \n                -o  --output   指定生成报告的文件(默认不生成报告)\n                -p  --poc      指定单个或多个poc进行检测, 直接传入poc文件名, 多个poc用(,)分开\n                -t  --thread   指定线程池最大并发数量(默认30)\n                --show         展示poc/exp详细信息\n                --attack       使用poc文件中的exp进行攻击\n                --dnslog       使用dnslog平台检测无回显漏洞(默认不启用dnslog,可在配置文件中启用)\n                \n## 🔆 配置文件    \n      /inc/config.py   \n      \n          \n\n\n## ⚠️ 常见问题\n1. 程序不安装requirements.txt就可以直接运行，只依赖requests第三方库，其他库安装不上不影响程序运行，但有些poc会不能检测\n2. log4j2命令执行漏洞的检测：需要添加 --dnslog  参数 \n3. 无回显漏洞检测默认使用 dnslog.cn 平台且默认关闭, 要开启需前往配置文件将 dnslog_flag 开关置为True  \n4. 需要指定一个poc才能调用--attack攻击模式\n\n\n## 📁 目录结构:\n       \n      +--------- poc_bomber.py (启动 POC-bomber)\n      | \n      +--------- inc(存放支撑 POC-bomber 框架运行的核心文件)\n      |\n      \\--------- pocs(POC存放列表)----------- framework(存放框架漏洞POC)\n                                      |\n                                      |------ middleware(存放中间件漏洞POC)\n                                      |\n                                      |------ ports(存放常见端口漏洞,主机服务漏洞POC)\n                                      |\n                                       \\----- webs(存放常见web页面漏洞POC)\n      \n      \n\n\n## 📖 POC编写规则     \nPOC bomber支持自定义编写poc          \npoc统一要求python3编写，具有verify和attack(非必须)两个函数分别进行验证和攻击,                     \n#### 👻 漏洞验证函数(verify)编写应该满足以下条件:                   \n1. 函数名为 verify ， 参数接收目标url的参数           \n2. 函数的返回结果以字典的形式返回并且具有name和vulnerable两个键值，name说明漏洞名称，vulnerable通过True和False的状态表明漏洞是否存在\n3. 如果存在漏洞要将返回字典中vulnerable的值置为True, 并添加目标url, 漏洞利用相关网页等信息\n4. 用try方法尝试验证，使用request等发送数据包时要设置超时时间, 避免poc会卡死                              \n  \n        def verify(url):                        \n            relsult = {                                            \n                'name': 'Thinkphp5 5.0.22/5.1.29 Remote Code Execution Vulnerability',                          \n                'vulnerable': False，\n                'attack'： False，        # 如果有exp支持attack模式将attack的值置为True\n            }              \n            try:                    \n                ......        \n                (用任意方法检测漏洞)             \n                ......\n                if 存在漏洞:\n                    relsult['vulnerable'] = True     # 将relsult的vulnerable的值置为True\n                    relsult['url'] = url             # 返回验证的url\n                    relust['xxxxx'] = 'xxxxx'        # 可以添加该漏洞相关来源等信息   \n                    ......           \n                    return relsult     # 将vulnerable值为True的relsult返回                   \n                else:  # 不存在漏洞           \n                    return relsult    # 若不存在漏洞将vulnerable值为False的relsult返回\n\n            execpt:\n                return relsult\n\n如果有exp可以编写 attack 函数作为exp攻击函数，\n#### 🎃 漏洞攻击函数(attack)编写应该满足以下条件：\n1. 函数名为 attack ， 参数接收目标url的参数  \n2. 并在try中编写exp代码进行攻击, 可以与用户交互输入       \n3. 编写完成后将该漏洞的verify函数返回字典中attack值置为True \n4. 攻击成功后返回True，其他原因失败的话返回False即可        \n      \n        def attack(url):    \n          try:            \n              ........................................            \n                攻击代码(执行命令或反弹shell上传木马等)             \n              ........................................\n              return True\n          except:               \n              return False    \n                      \n                      \n编写完成后的poc直接放入 /pocs 目录下任意位置即可被递归调用!    \n\n\n项目持续更新中，欢迎各位师傅贡献poc共筑网络安全！  \n有问题欢迎issues留言: https://github.com/tr0uble-mAker/POC-bomber/issues    \n联系: 929305053@qq.com    \n## 免责声明\n本工具仅面向合法授权的企业安全建设行为，如您需要测试本工具的可用性，请自行搭建靶机环境。\n在使用本工具进行检测时，您应确保该行为符合当地的法律法规，并且已经取得了足够的授权。请勿对非授权目标进行扫描。\n如您在使用本工具的过程中存在任何非法行为，您需自行承担相应后果，我们将不承担任何法律及连带责任。\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftr0uble-mAker%2FPOC-bomber","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftr0uble-mAker%2FPOC-bomber","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftr0uble-mAker%2FPOC-bomber/lists"}