feat: add Apache Struts2 dockerfile in pocs, add wait container start check.

Author: wh0am1i

pocsuite3/lib/controller/controller.py

@@ -1,5 +1,7 @@
 import copy
 import time
+
+import requests
 from prettytable import PrettyTable
 from pocsuite3.lib.core.common import data_to_stdout, mosaic
 from pocsuite3.lib.core.data import conf, cmd_line_options
@@ -88,12 +90,27 @@ def show_task_result():
     data_to_stdout("\nsuccess : {} / {}\n".format(success_num, total_num))
 
 
+def check_docker_status(target):
+    if conf.docker_start:
+        info_msg = "wait for docker..."
+        logger.info(info_msg)
+        while True:
+            try:
+                resp = requests.get(target)
+                if resp.status_code:
+                    break
+            except Exception:
+                pass
+
+
 def task_run():
     while not kb.task_queue.empty() and kb.thread_continue:
         target, poc_module = kb.task_queue.get()
         if not conf.console_mode:
             poc_module = copy.deepcopy(kb.registered_pocs[poc_module])
         poc_name = poc_module.name
+        # check container status
+        check_docker_status(target)
 
         if conf.pcap:
             # start capture flow

pocsuite3/pocs/Apache_Struts2/20090323_WEB_Apache_Struts2_001_RCE.py

@@ -24,6 +24,7 @@ class DemoPOC(POCBase):
     desc = '''S2-001:影响版本Struts 2.0.0-2.0.8'''
     samples = []
     category = POC_CATEGORY.EXPLOITS.WEBAPP
+    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
 
     def _options(self):
         o = OrderedDict()

pocsuite3/pocs/Apache_Struts2/20090323_WEB_Apache_Struts2_003_RCE_CVE-2008-6504.py

@@ -22,6 +22,7 @@ class DemoPOC(POCBase):
     desc = '''Struts 2.0.0 - Struts 2.1.8.1'''
     samples = []
     category = POC_CATEGORY.EXPLOITS.WEBAPP
+    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
 
     def _options(self):
         o = OrderedDict()

pocsuite3/pocs/Apache_Struts2/20100510_WEB_Apache_Struts2_005_RCE_CVE-2010-1870.py

@@ -23,6 +23,7 @@ class DemoPOC(POCBase):
     desc = '''Struts 2.0.0 - Struts 2.1.8.1'''
     samples = []
     category = POC_CATEGORY.EXPLOITS.WEBAPP
+    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
 
     def _options(self):
         o = OrderedDict()

pocsuite3/pocs/Apache_Struts2/20111001_WEB_Apache_Struts2_009_RCE_CVE-2011-3923.py

@@ -23,6 +23,7 @@ class DemoPOC(POCBase):
     desc = '''S2-009:影响版本Struts 2.0.0-2.3.1.1'''
     samples = []
     category = POC_CATEGORY.EXPLOITS.WEBAPP
+    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
 
     def _options(self):
         o = OrderedDict()

pocsuite3/pocs/Apache_Struts2/20120108_WEB_Apache_Struts2_007_RCE.py

@@ -23,6 +23,7 @@ class DemoPOC(POCBase):
     desc = '''S2-007:影响版本Struts 2.0.0 - Struts 2.2.3'''
     samples = []
     category = POC_CATEGORY.EXPLOITS.WEBAPP
+    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
 
     def _options(self):
         o = OrderedDict()

pocsuite3/pocs/Apache_Struts2/20120108_WEB_Apache_Struts2_008_RCE_CVE-2012-0394.py

@@ -23,6 +23,7 @@ class DemoPOC(POCBase):
     desc = '''[+] S2-008:影响版本Struts 2.1.0-2.3.1; GET请求发送数据; 支持任意命令执行和反弹shell'''
     samples = []
     category = POC_CATEGORY.EXPLOITS.WEBAPP
+    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
 
     def _options(self):
         o = OrderedDict()

pocsuite3/pocs/Apache_Struts2/20130219_WEB_Apache_Struts2_012_RCE_CVE-2013-1965.py

@@ -23,6 +23,7 @@ class DemoPOC(POCBase):
     desc = '''S2-012:影响版本Struts Showcase App 2.0.0 - Struts Showcase App 2.3.14.2'''
     samples = []
     category = POC_CATEGORY.EXPLOITS.WEBAPP
+    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
 
     def _options(self):
         o = OrderedDict()

pocsuite3/pocs/Apache_Struts2/20130219_WEB_Apache_Struts2_013_RCE_CVE-2013-1966.py

@@ -23,6 +23,7 @@ class DemoPOC(POCBase):
     desc = '''S2-013/S2-014:影响版本Struts 2.0.0-2.3.14.1'''
     samples = []
     category = POC_CATEGORY.EXPLOITS.WEBAPP
+    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
 
     def _options(self):
         o = OrderedDict()

pocsuite3/pocs/Apache_Struts2/20130219_WEB_Apache_Struts2_015_RCE_CVE-2013-2134.py

@@ -23,6 +23,7 @@ class DemoPOC(POCBase):
     desc = '''S2-015:影响版本Struts 2.0.0-2.3.14.2;'''
     samples = []
     category = POC_CATEGORY.EXPLOITS.WEBAPP
+    dockerfile = '''FROM isxiangyang/struts2-all-vul-pocsuite:latest'''
 
     def _options(self):
         o = OrderedDict()