Merge pull request #293 from 13ph03nix/master

 Some improvements & Bug fixes

Author: 13ph03nix

CHANGELOG.md

@@ -343,3 +343,10 @@ Cross-platform shell code generation
 * target url support cidr, user can use -p provide additional ports
 * support local mode, local mode do not need any targets, e.g. LPE
 * bug fixes
+
+# version 1.9.6
+----------------
+* support -o parameter, save the result in json lines format
+* optimize timeout for cyberspace search engine plugins
+* optimize the handling of the url protocol
+* docs update

Dockerfile

@@ -31,7 +31,7 @@ RUN sh -c "$(wget -O- https://raw.githubusercontent.com/13ph03nix/zsh-in-docker/
     && sudo apt-get clean -y \
     && sudo rm -rf /var/lib/apt/lists/*
 
-RUN sudo pip3 install --upgrade pip && sudo pip3 install --upgrade pocsuite3==1.9.5
+RUN sudo pip3 install --upgrade pip && sudo pip3 install --upgrade pocsuite3==1.9.6
 
 WORKDIR /home/pocsuite3
 CMD ["zsh"]

README.md

@@ -130,7 +130,7 @@ cli mode
 	# run poc with shell mode
 	pocsuite -u http://example.com -r example.py -v 2 --shell
 
-	# search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The thread is set to 20
+	# search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The threads is set to 20
 	pocsuite -r redis.py --dork service:redis --threads 20
 
 	# load all poc in the poc directory and save the result as html

docs/USAGE.md

@@ -49,7 +49,7 @@ Request:
   --host HOST           HTTP Host header value
   --referer REFERER     HTTP Referer header value
   --user-agent AGENT    HTTP User-Agent header value (default random)
-  --proxy PROXY         Use a proxy to connect to the target URL
+  --proxy PROXY         Use a proxy to connect to the target URL (protocol://host:port)
   --proxy-cred PROXY_CRED
                         Proxy authentication credentials (name:password)
   --timeout TIMEOUT     Seconds to wait before timeout connection (default 10)
@@ -118,6 +118,8 @@ Modules:
 Optimization:
   Optimization options
 
+  -o OUTPUT_PATH, --output OUTPUT_PATH
+                        Output file to write (JSON Lines format)
   --plugins PLUGINS     Load plugins to execute
   --pocs-path POCS_PATH
                         User defined poc scripts path
@@ -208,7 +210,7 @@ $ pocsuite --dork 'port:6379' --vul-keyword 'redis' --max-page 2
  Search libssh server  with  `libssh` keyword.
 
  ```
- pocsuite -r pocs/libssh_auth_bypass.py --dork-shodan libssh --thread 10
+ pocsuite -r pocs/libssh_auth_bypass.py --dork-shodan libssh --threads 10
  ```
 
 **--dork-fofa DORK**
@@ -219,7 +221,7 @@ $ pocsuite --dork 'port:6379' --vul-keyword 'redis' --max-page 2
 
 
  ```
- $ pocsuite -r pocs/check_http_status.py --dork-fofa 'body="thinkphp"' --search-type web --thread 10
+ $ pocsuite -r pocs/check_http_status.py --dork-fofa 'body="thinkphp"' --search-type web --threads 10
  ```
 
 **--dork-quake DORK**
@@ -230,7 +232,7 @@ $ pocsuite --dork 'port:6379' --vul-keyword 'redis' --max-page 2
 
 
  ```
- $ pocsuite -r pocs/check_http_status.py --dork-quake 'app:"ThinkPHP"' --thread 10
+ $ pocsuite -r pocs/check_http_status.py --dork-quake 'app:"ThinkPHP"' --threads 10
  ```
 
 **--dork-b64**
@@ -271,7 +273,7 @@ cli mode
 	# run poc with shell mode
 	pocsuite -u http://example.com -r example.py -v 2 --shell
 
-	# search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The thread is set to 20
+	# search for the target of redis service from ZoomEye and perform batch detection of vulnerabilities. The threads is set to 20
 	pocsuite -r redis.py --dork service:redis --threads 20
 
 	# load all poc in the poc directory and save the result as html

manpages/poc-console.1

@@ -1,6 +1,6 @@
-.TH POC-CONSOLE "1" "May 2022" "Manual page for poc-console"
+.TH POC-CONSOLE "1" "July 2022" "Manual page for poc-console"
 .\"
-.\" 24st May 2022
+.\" July 6, 2022
 .\" Man page author:
 .\"   Tian Qiao <[email protected]>
 .\"
@@ -31,7 +31,7 @@ is maintained at:
 .I https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md
 .PP
 .SH VERSION
-This manual page documents pocsuite3 version 1.9.5
+This manual page documents pocsuite3 version 1.9.6
 .SH AUTHOR
 .br
 (c) 2014-2022 by Knownsec 404 Team

manpages/pocsuite.1

@@ -1,6 +1,6 @@
-.TH POCSUITE "1" "May 2022" "Manual page for pocsuite"
+.TH POCSUITE "1" "July 2022" "Manual page for pocsuite"
 .\"
-.\" 24st May 2022
+.\" July 6, 2022
 .\" Man page author:
 .\"   Tian Qiao <[email protected]>
 .\"
@@ -90,7 +90,7 @@ HTTP Referer header value
 HTTP User\-Agent header value (default random)
 .TP
 \fB\-\-proxy\fR PROXY
-Use a proxy to connect to the target URL
+Use a proxy to connect to the target URL (protocol://host:port)
 .TP
 \fB\-\-proxy\-cred\fR PROXY_CRED
 Proxy authentication credentials (name:password)
@@ -200,6 +200,9 @@ Whether dork is in base64 format
 .IP
 Optimization options
 .TP
+\fB\-o\fR OUTPUT_PATH, \fB\-\-output\fR OUTPUT_PATH
+Output file to write (JSON Lines format)
+.TP
 \fB\-\-plugins\fR PLUGINS
 Load plugins to execute
 .TP
@@ -280,7 +283,7 @@ is maintained at:
 .I https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md
 .PP
 .SH VERSION
-This manual page documents pocsuite3 version 1.9.5
+This manual page documents pocsuite3 version 1.9.6
 .SH AUTHOR
 .br
 (c) 2014-2022 by Knownsec 404 Team

pocsuite.ini

@@ -25,7 +25,7 @@ host =
 referer = 
 ; http user-agent header value (default random)
 agent = 
-; use a proxy to connect to the target url
+; use a proxy to connect to the target url (protocol://host:port)
 proxy = 
 ; proxy authentication credentials (name:password)
 proxy_cred = 
@@ -99,6 +99,8 @@ comparison = False
 dork_b64 = False
 
 [Optimization]
+; output file to write (json lines format)
+output_path =
 ; load plugins to execute
 plugins =
 ; user defined poc scripts path

pocsuite3/__init__.py

@@ -1,5 +1,5 @@
 __title__ = 'pocsuite3'
-__version__ = '1.9.5'
+__version__ = '1.9.6'
 __author__ = 'Knownsec 404 Team'
 __author_email__ = '[email protected]'
 __license__ = 'GPLv2'

pocsuite3/lib/controller/controller.py

@@ -17,7 +17,7 @@
 
 def runtime_check():
     if not kb.registered_pocs:
-        msg = "try 'pocsuite -h' or 'pocsuite --help' for more information"
+        msg = "No poc specified, try 'pocsuite -h' or 'pocsuite --help' for more information"
         logger.warn(msg)
         raise PocsuiteSystemException(msg)
 

pocsuite3/lib/core/common.py

@@ -252,19 +252,14 @@ def parse_target_url(url):
     """
     Parse target URL
     """
-    ret = url
-
-    if conf.ipv6 and is_ipv6_address_format(url):
-        ret = "[" + ret + "]"
-
-    if not re.search("^http[s]*://", ret, re.I) and not re.search("^ws[s]*://", ret, re.I) and '://' not in ret:
-        port = urlparse(ret).port
-        if port and str(port).endswith('443'):
-            ret = "https://" + ret
-        else:
-            ret = "http://" + ret
+    try:
+        pr = urlparse(url)
+        if pr.scheme.lower() not in ['http', 'https', 'ws', 'wss']:
+            url = pr._replace(scheme='https' if str(pr.port).endswith('443') else 'http').geturl()
+    except ValueError:
+        pass
 
-    return ret
+    return url
 
 
 def is_url_format(value):
@@ -419,13 +414,18 @@ def parse_target(address, additional_ports=[]):
         pass
 
     targets.add(address)
-    pr = urlparse(address)
-    for port in additional_ports:
-        netloc = f'[{pr.hostname}]:{port}' if conf.ipv6 else f'{pr.hostname}:{port}'
-        t = pr._replace(netloc=netloc).geturl()
-        if t.startswith('tcp://'):
-            t = t.lstrip('tcp://')
-        targets.add(t)
+
+    try:
+        pr = urlparse(address)
+        for port in additional_ports:
+            netloc = f'[{pr.hostname}]:{port}' if conf.ipv6 else f'{pr.hostname}:{port}'
+            t = pr._replace(netloc=netloc).geturl()
+            if t.startswith('tcp://'):
+                t = t.lstrip('tcp://')
+            targets.add(t)
+    except ValueError:
+        pass
+
     return targets