CMS渗透测试框架-A CMS Exploit Framework
Switch branches/tags
Nothing to show
Clone or download
Latest commit 64f927b Mar 2, 2018
Permalink
Failed to load latest commit information.
data cmsPoc Aug 4, 2017
lib update SITE Jan 17, 2018
scripts add siteserver: v364_unauth_getpasswd Jan 17, 2018
.gitignore [*] Update .gitignore Sep 12, 2017
README.md Update README.md Mar 2, 2018
cmspoc.py delete redundant information Dec 5, 2017
example.gif update README.md & example.gif Nov 30, 2017

README.md

Attention

项目正在重构中:cmsPoc 2.0

注意:2.0版本的poc库还未更新相应接口,无法调用。若需使用,建议先使用1.0版本。

cmsPoc 1.0

Python 2.7 License

Requirements

  • python2.7
  • Works on Linux, Windows

Usage

usage: cmspoc.py [-h]
 -t TYPE -s SCRIPT -u URL

optional arguments:
  -h, --help            show this help message and exit
  -t TYPE, --type TYPE  e.g.,phpcms
  -s SCRIPT, --script SCRIPT
                        Select script
  -u URL, --url URL     Input a target url

参数说明:

  • -t:指定cms的类型,比如 -t beecms
  • -s:指定要载入的POC脚本,比如 -s v40_fileupload_getshell
  • -u:指定目标cms,比如 -u http://vuln/index.php

Script

完整脚本列表请见:cmsPoc-Wiki:Scripts

For a complete script list,you can see here: cmsPoc-Wiki:Scripts

Examples

python cmspoc.py -u http://127.0.0.1/beecms/inex.php -t beecms -s v40_fileupload_getshell

Legal Disclaimer

本项目仅供教育和学习交流使用,请勿用于非法用途恶意攻击,否则后果作者概不负责。

This project is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.