Merge pull request #210 from 13ph03nix/master

Bug fix & update docs

CHANGELOG.md

@@ -244,3 +244,8 @@ Cross-platform shell code generation
 -----------------
 * fix the timeout problem in shell mode leads to confusing results
 * made some improvements with network address related issues
+
+# version 1.8.1
+-----------------
+* fix check_requires() can not handle dependent version correctly # 208
+* update docs

README.md

@@ -7,8 +7,8 @@ Usage of pocsuite for attacking targets without prior mutual consent is illegal.
 pocsuite is for security testing purposes only
 
 ## 法律免责声明
-未经事先双方同意，使用pocsuite攻击目标是非法的。  
-pocsuite仅用于安全测试目的
+未经事先双方同意，使用 pocsuite 攻击目标是非法的。
+pocsuite 仅用于安全测试目的
 
 ## Overview
 
@@ -18,8 +18,8 @@ It comes with a powerful proof-of-concept engine, many powerful features for the
 ## Features
 * PoC scripts can running with `attack`,`verify`, `shell` mode in different way
 * Plugin ecosystem
-* Dynamic loading PoC script from any where (local file, redis , database, Seebug ...)
-* Load multi-target from any where (CIDR, local file, redis , database, Zoomeye, Shodan ...)
+* Dynamic loading PoC script from any where (local file, redis, database, Seebug ...)
+* Load multi-target from any where (CIDR, local file, redis, database, Zoomeye, Shodan ...)
 * Results can be easily exported
 * Dynamic patch and hook requests 
 * Both command line tool and python package import to use
@@ -74,7 +74,7 @@ $ pip3 install -r requirements.txt
 ```
 
 
-The latest version of this software is available from: http://pocsuite.org
+The latest version of this software is available at: http://pocsuite.org
 
 ## Documentation
 

docs/USAGE.md

@@ -1,16 +1,16 @@
 # Usage
 
-- **pocsuite**: a cool and hackable commane line program
+- **pocsuite**: a cool and hackable command line program
 
 ## pocsuite
 
-Enter into `pocsuite` directory, execute `python cli.py`. It supports double mode:
+It supports three modes:
 
  - ```verify```
  - ```attack```
  - ```shell```
 
-You can also use ```python cli.py -h``` for more details.
+You can also use ```pocsuite -h``` for more details.
 
 ```
 usage: pocsuite [options]
@@ -67,16 +67,17 @@ Account:
                         fofa user
   --fofa-token FOFA_TOKEN
                         fofa token
+  --quake-token QUAKE_TOKEN
+                        quake token
   --censys-uid CENSYS_UID
                         Censys uid
   --censys-secret CENSYS_SECRET
                         Censys secret
 
 Modules:
-  Modules(Seebug、Zoomeye、CEye、Fofa Listener) options
+  Modules(Seebug、Zoomeye、CEye、Fofa、Quake Listener) options
 
   --dork DORK           Zoomeye dork used for search.
-  --dork-b64            Whether dork is in base64 format
   --dork-zoomeye DORK_ZOOMEYE
                         Zoomeye dork used for search.
   --dork-shodan DORK_SHODAN
@@ -85,6 +86,8 @@ Modules:
                         Censys dork used for search.
   --dork-fofa DORK_FOFA
                         Fofa dork used for search.
+  --dork-quake DORK_QUAKE
+                        Quake dork used for search.
   --max-page MAX_PAGE   Max page used in ZoomEye API(10 targets/Page).
   --search-type SEARCH_TYPE
                         search type used in ZoomEye API, web or host
@@ -96,7 +99,7 @@ Modules:
   --lport CONNECT_BACK_PORT
                         Connect back port for target PoC in shell mode
   --comparison          Compare popular web search engines
-  --pcap                capture package in verify mode 
+  --dork-b64            Whether dork is in base64 format
 
 Optimization:
   Optimization options
@@ -108,65 +111,70 @@ Optimization:
   --batch BATCH         Automatically choose defaut choice without asking.
   --requires            Check install_requires
   --quiet               Activate quiet mode, working without logger.
-  --rule                Export rules, default export reqeust and response.
-  --rule-req            Only export request rule.
-  --rule-filename       Specify the name of the export rule file.
   --ppt                 Hiden sensitive information when published to the
                         network
+  --pcap                use scapy capture flow
+  --rule                export rules, default export reqeust and response
+  --rule-req            only export request rule
+  --rule-filename RULE_FILENAME
+                        Specify the name of the export rule file
 
 Poc options:
   definition options for PoC
+
+  --options             Show all definition options
+
 ```
 
 **-f, --file URLFILE**
 
 Scan multiple targets given in a textual file
 
 ```
-$ python cli.py -r tests/poc_example.py -f url.txt --verify
+$ pocsuite -r pocs/poc_example.py -f url.txt --verify
 ```
 
-> Attack batch processing mode only need to replace the ```--verify``` as ``` --attack```.
+> Attack batch processing mode only need to replace the ```--verify``` to ``` --attack```.
 
 **-r POCFILE**
 
 POCFILE can be a file or Seebug SSVID. pocsuite plugin can load poc codes from any where.
 
 
 ```
-$ python cli.py -r ssvid-97343 -u http://www.example.com --shell
+$ pocsuite -r ssvid-97343 -u http://www.example.com --shell
 ```
 
 **--verify**
 
 Run poc with verify mode. PoC(s) will be only used for a vulnerability scanning.
 
 ```
-$ python cli.py -r pocs/poc_example.py -u http://www.example.com/ --verify
+$ pocsuite -r pocs/poc_example.py -u http://www.example.com/ --verify
 ```
 
 **--attack**
 
 Run poc with attack mode, PoC(s) will be exploitable, and it may allow hackers/researchers break into labs.
 
 ```
-$ python cli.py -r pocs/poc_example.py -u http://www.example.com/ --attack
+$ pocsuite -r pocs/poc_example.py -u http://www.example.com/ --attack
 ```
 
 **--shell**
 
 Run poc with shell mode, PoC will be exploitable, when PoC shellcode successfully executed, pocsuite3 will drop into interactive shell.
 
 ```
-$ python cli.py -r pocs/poc_example.py -u http://www.example.com/ --shell
+$ pocsuite -r pocs/poc_example.py -u http://www.example.com/ --shell
 ```
 
 **--threads THREADS**
 
 Using multiple threads, the default number of threads is 1
 
 ```
-$ python cli.py -r tests/ -f url.txt --verify --threads 10
+$ pocsuite -r pocs/poc_example.py -f url.txt --verify --threads 10
 ```
 
 **--dork DORK**
@@ -177,7 +185,7 @@ Search redis server with ```port:6379``` and ```redis``` keyword.
 
 
 ```
-$ python cli.py --dork 'port:6379' --vul-keyword 'redis' --max-page 2
+$ pocsuite --dork 'port:6379' --vul-keyword 'redis' --max-page 2
 
 ```
 **--dork-shodan DORK**
@@ -187,7 +195,7 @@ $ python cli.py --dork 'port:6379' --vul-keyword 'redis' --max-page 2
  Search libssh server  with  `libssh` keyword.
 
  ```
- python3 cli.py -r pocs/libssh_auth_bypass.py --dork-shodan libssh --thread 10
+ pocsuite -r pocs/libssh_auth_bypass.py --dork-shodan libssh --thread 10
  ```
 
 **--dork-fofa DORK**
@@ -198,7 +206,7 @@ $ python cli.py --dork 'port:6379' --vul-keyword 'redis' --max-page 2
 
 
  ```
- $ python3 cli.py -r pocs/check_http_status.py --dork-fofa 'body="thinkphp"' --search-type web  --thread 10
+ $ pocsuite -r pocs/check_http_status.py --dork-fofa 'body="thinkphp"' --search-type web --thread 10
  ```
 
 **--dork-quake DORK**
@@ -209,7 +217,7 @@ $ python cli.py --dork 'port:6379' --vul-keyword 'redis' --max-page 2
 
 
  ```
- $ python3 cli.py -r pocs/check_http_status.py --dork-quake 'app:"ThinkPHP"' --thread 10
+ $ pocsuite -r pocs/check_http_status.py --dork-quake 'app:"ThinkPHP"' --thread 10
  ```
 
 **--dork-b64**
@@ -218,7 +226,7 @@ $ python cli.py --dork 'port:6379' --vul-keyword 'redis' --max-page 2
 
 
 ```
-$ python cli.py --dork cG9ydDo2Mzc5 --vul-keyword 'redis' --max-page 2 --dork-b64
+$ pocsuite --dork cG9ydDo2Mzc5 --vul-keyword 'redis' --max-page 2 --dork-b64
 ```
 
 **--rule**
@@ -227,14 +235,14 @@ $ python cli.py --dork cG9ydDo2Mzc5 --vul-keyword 'redis' --max-page 2 --dork-b6
  Use the --pocs-path parameter to set the directory where the poc needs to be ruled
 
 ```
-$ python cli.py --rule
+$ pocsuite --rule
 ```
 
 **--rule-req**
  In some cases, we may only need the request rule, --rule-req only export request rule.
 
 ```
-$ python cli.py --rule-req
+$ pocsuite --rule-req
 ```
 
 If you have good ideas, please show them on your way.
@@ -267,4 +275,4 @@ cli mode
 
 console mode
     poc-console
-```
+```

manpages/poc-console.1

@@ -31,7 +31,7 @@ is maintained at:
 .I https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md
 .PP
 .SH VERSION
-This manual page documents pocsuite version 1.8.0
+This manual page documents pocsuite version 1.8.1
 .SH AUTHOR
 .br
 (c) 2014-2021 by Knownsec 404 Team

manpages/pocsuite.1

@@ -250,7 +250,7 @@ is maintained at:
 .I https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md
 .PP
 .SH VERSION
-This manual page documents pocsuite version 1.8.0
+This manual page documents pocsuite version 1.8.1
 .SH AUTHOR
 .br
 (c) 2014-2021 by Knownsec 404 Team

pocsuite3/__init__.py

@@ -1,5 +1,5 @@
 __title__ = 'pocsuite'
-__version__ = '1.8.0'
+__version__ = '1.8.1'
 __author__ = 'Knownsec Security Team'
 __author_email__ = '[email protected]'
 __license__ = 'GPL 2.0'

pocsuite3/lib/core/option.py

@@ -697,6 +697,8 @@ def _init_target_from_poc_dork():
                 target_source = i
                 break
         # fetch target from target source, add it to kb.targets
+        if not target_source:
+            continue
         conf.dork = poc_class.dork[target_source]
         plugin_name = f'target_from_{target_source}'
         importlib.import_module(f'pocsuite3.plugins.{plugin_name}')

pocsuite3/lib/core/register.py

@@ -1,7 +1,7 @@
+import re
 import importlib.machinery
 import importlib.util
 from importlib.abc import Loader
-
 from pocsuite3.lib.core.common import (
     multiple_replace, get_filename, get_md5,
     is_pocsuite3_poc, get_poc_requires, get_poc_name)
@@ -43,22 +43,21 @@ def check_requires(data):
         requires = [i.strip().strip('"').strip("'") for i in requires.split(',')] if requires else ['']
         if requires[0]:
             poc_name = get_poc_name(data)
-            info_msg = 'PoC script "{0}" requires "{1}" to be installed'.format(poc_name, ','.join(requires))
+            info_msg = 'PoC script "{0}" requires "{1}" to be installed'.format(poc_name, ', '.join(requires))
             logger.info(info_msg)
             try:
                 for r in requires:
-                    if ":" in r:
-                        rows = r.split(":")
-                        if len(rows) == 2:
-                            r, module = rows
-                        else:
-                            module = rows[-1]
-                            r = ''.join(rows[:-1])
-                        __import__(module)
-                    else:
-                        __import__(r)
+                    r = r.replace(' ', '')
+                    install_name, import_name = (r.split(':') + [''])[0:2]
+                    t = re.split('>|<|=|~', install_name)
+                    if len(t) > 1:
+                        install_name = t[0]
+                    if not import_name:
+                        import_name = install_name
+                    m = __import__(import_name)
+                    logger.info(f'{install_name}=={m.__version__} has been installed')
             except ImportError:
-                err_msg = 'try install with "python -m pip install {0}"'.format(r)
+                err_msg = f'{install_name} not found, try install with "python -m pip install {install_name}"'
                 logger.error(err_msg)
                 raise SystemExit
 
@@ -70,7 +69,7 @@ def exec_module(self, module):
         try:
             exec(obj, module.__dict__)
         except Exception as err:
-            logger.error("Poc: '{}' exec arise error: {} ".format(filename,err))
+            logger.error("Poc: '{}' exec arise error: {} ".format(filename, err))
 
 
 def load_file_to_module(file_path, module_name=None):

setup.py

@@ -14,7 +14,7 @@ def find_packages(where='.'):
 
 setup(
     name='pocsuite3',
-    version='1.8.0',
+    version='1.8.1',
     url='http://pocsuite.org',
     description='Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team.',
     long_description="""\