Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/CHYbeta/cmsPoc
CMS渗透测试框架-A CMS Exploit Framework
https://github.com/CHYbeta/cmsPoc
cms discuzx drupal phpcms poc security
Last synced: 21 days ago
JSON representation
CMS渗透测试框架-A CMS Exploit Framework
- Host: GitHub
- URL: https://github.com/CHYbeta/cmsPoc
- Owner: CHYbeta
- Created: 2017-08-04T02:04:57.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2018-03-02T06:41:12.000Z (almost 7 years ago)
- Last Synced: 2024-11-12T22:35:54.193Z (29 days ago)
- Topics: cms, discuzx, drupal, phpcms, poc, security
- Language: Python
- Homepage:
- Size: 553 KB
- Stars: 584
- Watchers: 38
- Forks: 162
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - CHYbeta/cmsPoc - CMS渗透测试框架-A CMS Exploit Framework (Python)
README
# Attention
项目正在重构中:[cmsPoc 2.0](https://github.com/CHYbeta/cmsPoc/tree/2.0)注意:2.0版本的poc库还未更新相应接口,无法调用。若需使用,建议先使用1.0版本。
# cmsPoc 1.0
[![Python 2.7](https://img.shields.io/badge/python-2.7-yellow.svg)](https://www.python.org/)
![License](https://img.shields.io/badge/license-GPLv2-red.svg)## Requirements
- python2.7
- Works on Linux, Windows## Usage
```
usage: cmspoc.py [-h]
-t TYPE -s SCRIPT -u URLoptional arguments:
-h, --help show this help message and exit
-t TYPE, --type TYPE e.g.,phpcms
-s SCRIPT, --script SCRIPT
Select script
-u URL, --url URL Input a target url
```参数说明:
- -t:指定cms的类型,比如 -t beecms
- -s:指定要载入的POC脚本,比如 -s v40_fileupload_getshell
- -u:指定目标cms,比如 -u http://vuln/index.php## Script
完整脚本列表请见:[cmsPoc-Wiki:Scripts](https://github.com/CHYbeta/cmsPoc/wiki/Scripts)For a complete script list,you can see here: [cmsPoc-Wiki:Scripts](https://github.com/CHYbeta/cmsPoc/wiki/Scripts)
## Examples
```
python cmspoc.py -u http://127.0.0.1/beecms/inex.php -t beecms -s v40_fileupload_getshell
```
![](https://github.com/CHYbeta/cmsPoc/blob/master/example.gif?raw=true)# Legal Disclaimer
本项目仅供教育和学习交流使用,请勿用于非法用途恶意攻击,否则后果作者概不负责。This project is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.