5523486 Feb 5, 2018
3 contributors

Users who have contributed to this file

@nixawk @fooying @MarkYu98
255 lines (183 sloc) 7.5 KB


  • pocsuite: a cool and hackable command line program
  • pcs-console: an interactive interface.


Enter into pocsuite directory, execute python It supports double mode:

  • verify
  • attack

You can also use python -h for more details.

$ python -h

Usage: python [options]

optional arguments:
  -h, --help            Show help message and exit
  --version             Show program's version number and exit

  -u URL, --url URL     Target URL (e.g. "")
  -f URLFILE, --file URLFILE
                        Scan multiple targets given in a textual file
  -r POCFILE            Load POC from a file (e.g. "") or directory (e.g. "modules/")

  --verify              Run poc with verify mode
  --attack              Run poc with attack mode

  --cookie COOKIE       HTTP Cookie header value
  --referer REFERER     HTTP Referer header value
  --user-agent AGENT    HTTP User-Agent header value
  --random-agent        Use randomly selected HTTP User-Agent header value
  --proxy PROXY         Use a proxy to connect to the target URL
  --proxy-cred PROXYCRED
                        Proxy authentication credentials (name:password)
  --timeout TIMEOUT     Seconds to wait before timeout connection (default 30)
  --retry RETRY         Time out retrials times.
  --delay DELAY         Delay between two request of one thread
  --headers HEADERS     Extra headers (e.g. "key1: value1\nkey2: value2")
  --host HOST           Host in HTTP headers.

  --extra-params        Extra params (e.g. "{username: '***', password: '***'}")

  --threads THREADS     Max number of concurrent HTTP(s) requests (default 1)
  --report REPORT       Save a html report to file (e.g. "./report.html")
  --batch BATCH         Automatically choose defaut choice without asking
  --requires            Check install_requires
  --quiet               Activate quiet mode, working without logger
  --requires-freeze     Check install_requires after register

Zoomeye or Seebug:
  --dork DORK           Zoomeye dork used for search.
  --max-page MAX_PAGE   Max page used in ZoomEye API(10 targets/Page).
  --search-type SEARCH_TYPE
                        search type used in ZoomEye API, web or host
  --vul-keyword VULKEYWORD
                        Seebug keyword used for search.

-f, --file URLFILE

Scan multiple targets given in a textual file

$ python -r tests/ -f url.txt --verify

Attack batch processing mode only need to replace the --verify as --attack.


POCFILE can be a file or a directory. If a file, it can be placed in it in the tests directory (or anywhere you prefer). If a directory, Pocsuite will load multiple PoCs from special destination.

$ python -r tests/ -u --verify


Run poc with verify mode. PoC(s) will be only used for a vulnerability scanning.

$ python -r tests/ -u --verify


Run poc with attack mode, PoC(s) will be exploitable, and it may allow hackers/researchers break into labs.

$ python -r tests/ -u --attack

--threads THREADS

Using multiple threads, the default number of threads is 1

$ python -r tests/ -f url.txt --verify --threads 10

--report REPORT

Pocsuite default only the execution result is output to the screen, --report [report_file] parameter can generate reports in HTML format.

$ python -r tests/ -u --verify --report /tmp/report.html

--dork DORK

If you are a ZoomEye user, The API is a cool and hackable interface. ex:

Search redis server with port:6379 and redie keyword.

$ python --dork 'port:6379' --vul-keyword 'redis' --max-page 2

                              ,--. ,--.
 ,---. ,---. ,---.,---.,--.,--`--,-'  '-.,---.  {2.0.2-58f6fe6}
| .-. | .-. | .--(  .-'|  ||  ,--'-.  .-| .-. :
| '-' ' '-' \ `--.-'  `'  ''  |  | |  | \   --.
|  |-' `---' `---`----' `----'`--' `--'  `----'

[!] legal disclaimer: Usage of pocsuite for attacking targets without prior mutual consent is illegal.

[*] starting at 19:26:19

[19:26:19] [+] ZoomEye API authorization failed,Please input ZoomEye Email and Password for use ZoomEye API!
ZoomEye Email:
ZoomEye Password:
[19:26:35] [-] ZoomEye API authorization failed, make sure correct credentials provided in "~/.pocsuiterc".


The pcs-console is a interactive interface. It provides an “all-in-one” centralized console and allows you efficient access to virtually all of the options available.


  • Provides a console-based interface to the framework
  • Contains the most features
  • Full readline support, tabbing, and command completion
$ python
Pcs> help
    config          register global configs
    poc             enter pocConsole, basic poc operation
    verify          conducting verification
    attack          conduncting attack
    shell [command] shell command execution system
    hi, history     command history
    show            displays the current system settings
    set             modify system settings
    shortcuts       view short command

Note: PoC(s) should be in pocsuite/modules/ directory.

If you want to test against, please try it step by step.

  • set a target (url, urlFile)
  • load avaliable PoC(s)
$ python

                              ,--. ,--.
 ,---. ,---. ,---.,---.,--.,--`--,-'  '-.,---.  {2.0.2-58f6fe6}
| .-. | .-. | .--(  .-'|  ||  ,--'-.  .-| .-. :
| '-' ' '-' \ `--.-'  `'  ''  |  | |  | \   --.
|  |-' `---' `---`----' `----'`--' `--'  `----'

Pcs> help

   config       : register global configs.
   poc          : enter pocConsole, basic poc operation.

   verify       : conducting verification.
   attack       : conduncting attack.

Pcs> config
Pcs.config> help

   thread       : set multiple threads. (Default 1)
   url          : set target url from stdin.
   urlFile      : set target url from urlFile.
   q            : return upper level.

   header       : set http headers for follow requests.
   proxy        : set proxy. format: '(http|https|socks4|socks5)://address:port'.
   timeout      : set max requests time. (Default 5s)
   show         : show config.

Pcs.Config> url
Pcs.Config> show
|  config |      value      |
|   url   | |
| threads |        1        |
Pcs.config> q

avaliable command will show all PoC(s), one PoC one id. If you want a special PoC, please enter load pocId in the console.

Pcs> poc
Pcs.poc> avaliable
| pocId | avaliablePocName        |
|   1   |      |
|   2   |  |

Pcs.poc> load 1
[*] load poc file(s) success!
Pcs.config> q
[15:13:26] [*] starting 1 threads
[15:13:26] [*] poc:'struts2_dmi_rce' target:''

If you have good ideas, please show them on your way.