lunar (1) pocsuite.1.gz

Provided by: pocsuite3_1.9.6-1_all bug

NAME

       pocsuite3 - open-sourced remote vulnerability testing framework.

       Usage  of  pocsuite3  for  attacking  targets  without  prior  mutual  consent is illegal.
       pocsuite3 is for security testing purposes only.

SYNOPSIS

       pocsuite -h[elp]
       pocsuite [options]

DESCRIPTION

       pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development
       framework  developed  by  the Knownsec 404 Team. It comes with a powerful proof-of-concept
       engine, many nice features for the ultimate penetration testers and security researchers.

OPTIONS

   optional arguments:
       -h, --help
              show this help message and exit

       --version
              Show program's version number and exit

       --update
              Update Pocsuite3

       -n, --new
              Create a PoC template

       -v {0,1,2,3,4,5,6}
              Verbosity level: 0-6 (default 1)

   Target:
              At least one of these options has to be provided to define the target(s)

       -u URL [URL ...], --url URL [URL ...]
              Target URL/CIDR (e.g. "http://www.site.com/vuln.php?id=1")

       -f URL_FILE, --file URL_FILE
              Scan multiple targets given in a textual file (one per line)

       -p PORTS, --ports PORTS
              add additional port to each target (e.g. 8080,8443)

       -r POC [POC ...]
              Load POC file from local or remote from seebug website

       -k POC_KEYWORD
              Filter PoC by keyword, e.g. ecshop

       -c CONFIGFILE
              Load options from a configuration INI file

   Mode:
              Pocsuite running mode options

       --verify
              Run poc with verify mode

       --attack
              Run poc with attack mode

       --shell
              Run poc with shell mode

   Request:
              Network request options

       --cookie COOKIE
              HTTP Cookie header value

       --host HOST
              HTTP Host header value

       --referer REFERER
              HTTP Referer header value

       --user-agent AGENT
              HTTP User-Agent header value (default random)

       --proxy PROXY
              Use a proxy to connect to the target URL (protocol://host:port)

       --proxy-cred PROXY_CRED
              Proxy authentication credentials (name:password)

       --timeout TIMEOUT
              Seconds to wait before timeout connection (default 10)

       --retry RETRY
              Time out retrials times (default 0)

       --delay DELAY
              Delay between two request of one thread

       --headers HEADERS
              Extra headers (e.g. "key1: value1\nkey2: value2")

   Account:
              Account options

       --ceye-token CEYE_TOKEN
              CEye token

       --oob-server OOB_SERVER
              Interactsh server to use (default "interact.sh")

       --oob-token OOB_TOKEN
              Authentication token to connect protected interactsh server

       --seebug-token SEEBUG_TOKEN
              Seebug token

       --zoomeye-token ZOOMEYE_TOKEN
              ZoomEye token

       --shodan-token SHODAN_TOKEN
              Shodan token

       --fofa-user FOFA_USER
              fofa user

       --fofa-token FOFA_TOKEN
              fofa token

       --quake-token QUAKE_TOKEN
              quake token

       --hunter-token HUNTER_TOKEN
              hunter token

       --censys-uid CENSYS_UID
              Censys uid

       --censys-secret CENSYS_SECRET
              Censys secret

   Modules:
              Modules options

       --dork DORK
              Zoomeye dork used for search

       --dork-zoomeye DORK_ZOOMEYE
              Zoomeye dork used for search

       --dork-shodan DORK_SHODAN
              Shodan dork used for search

       --dork-fofa DORK_FOFA
              Fofa dork used for search

       --dork-quake DORK_QUAKE
              Quake dork used for search

       --dork-hunter DORK_HUNTER
              Hunter dork used for search

       --dork-censys DORK_CENSYS
              Censys dork used for search

       --max-page MAX_PAGE
              Max page used in search API

       --search-type SEARCH_TYPE
              search type used in search API, web or host

       --vul-keyword VUL_KEYWORD
              Seebug keyword used for search

       --ssv-id SSVID
              Seebug SSVID number for target PoC

       --lhost CONNECT_BACK_HOST
              Connect back host for target PoC in shell mode

       --lport CONNECT_BACK_PORT
              Connect back port for target PoC in shell mode

       --tls  Enable TLS listener in shell mode

       --comparison
              Compare popular web search engines

       --dork-b64
              Whether dork is in base64 format

   Optimization:
              Optimization options

       -o OUTPUT_PATH, --output OUTPUT_PATH
              Output file to write (JSON Lines format)

       --plugins PLUGINS
              Load plugins to execute

       --pocs-path POCS_PATH
              User defined poc scripts path

       --threads THREADS
              Max number of concurrent network requests (default 150)

       --batch BATCH
              Automatically choose defalut choice without asking

       --requires
              Check install_requires

       --quiet
              Activate quiet mode, working without logger

       --ppt  Hiden sensitive information when published to the network

       --pcap use scapy capture flow

       --rule export rules, default export request and response

       --rule-req
              only export request rule

       --rule-filename RULE_FILENAME
              Specify the name of the export rule file

   Poc options:
              definition options for PoC

       --options
              Show all definition options

EXAMPLES

       Run poc with verify mode, poc will be only used for vulnerability scanning.

       % pocsuite -r poc_example.py -u http://example.com/ --verify

       Run poc with attack mode, and it may allow hackers/researchers break into labs.

       % pocsuite -r poc_example.py -u http://example.com/ --attack

       Run poc with shell mode, if executed successfully, pocsuite  will  drop  into  interactive
       shell.

       % pocsuite -r poc_example.py -u http://example.com/ --shell

       Using multiple threads, the default number of threads is 150.

       % pocsuite -r poc_example.py -u http://example.com/ --verify --threads 20

       Scan multiple targets given in a textual file.

       % pocsuite -r poc_example.py -f url.txt --verify

SEE ALSO

       The full documentation for pocsuite3 is maintained at:
       https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md

VERSION

       This manual page documents pocsuite3 version 1.9.6

AUTHOR

       (c) 2014-2022 by Knownsec 404 Team
       <404-team@knownsec.com>

       This  program  is  free software; you may redistribute and/or modify it under the terms of
       the GNU General Public License as published by the Free  Software  Foundation;  Version  2
       with the clarifications and exceptions described below. This guarantees your right to use,
       modify, and redistribute this software under certain conditions.  If  you  wish  to  embed
       pocsuite3  technology  into  proprietary  software,  we sell alternative licenses (contact
       404-team@knownsec.com).

       Manual page started by Tian Qiao <abcnsxyz@gmail.com>