-
Notifications
You must be signed in to change notification settings - Fork 756
内置脚本库
cdxy edited this page Jan 16, 2018
·
15 revisions
免责声明:请在合法范围内使用本程序。任何人因使用本程序造成的意外损失或恶意攻击,项目开发者对此概不负责,亦不承担任何法律责任。
legal disclaimer: Usage of POC-T for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
| 脚本 | 说明 |
|---|---|
activemq-upload.py |
ActiveMQ 文件上传 |
activemq-weakpass.py |
ActiveMQ 弱口令 |
confluence-traversal.py |
Atlassian Confluence 文件读取 |
fastcgi-rce.py |
PHP FastCGI 文件读取/RCE |
phpcms9.6.0-getshell.py |
PHPCMS 9.6.0 member/index.php 文件上传Getshell |
phpcms9.6.0-sqli.py |
PHPCMS 9.6.0 down.php 前台注入 |
fiyo2.0.7-getshell.py |
FiyoCMS 文件上传GetShell |
glassfish-traversal.py |
GlassFish 任意文件读取 |
jboss-rce.py |
JBoss 命令执行 (jexboss去后门版) |
jetspeed-rest-unauth.py |
Apache Jetspeed REST API未授权访问 |
joomla-registrationpro-sqli.py |
Joomla registrationpro组件SQL注入 |
joomla-videoflow-sqli.py |
Joomla videoflow组件SQL注入 |
joomla-videogallerylite-sqli.py |
Joomla Huge-IT videogallerylite 组件注入 |
kubernetes-unauth |
Kubernetes API 未授权访问(作者:Oritz) |
maccms8-rce.py |
MACCMS(苹果CMS) vod-search 组件代码执行 (作者:potapo) |
memcached-unauth.py |
Memcached 未授权访问 |
metinfo-504-sqli.py |
MetInfo 5.0.4 id参数SQL注入 |
mongodb-unauth.py |
MongoDB 未授权访问 (作者:Double8) |
navis-webaccess-sqli.py |
Navis WebAccess SQL注入 |
opensshd-user-enum.py |
Opensshd 用户猜解 |
phpmyadmin-auth-rce.py |
phpMyAdmin 登入后命令执行 |
redis-unauth.py |
Redis 未授权访问 |
redis-cron-getshell.py |
Redis利用之 cron.d |
redis-sshkey-getshell.py |
Redis利用之 ssh-key |
redis-web-probe.py |
Redis利用之 webshell |
resindoc-traversal.py |
resin-doc 文件读取/SSRF |
samsoftech-admin-bypass.py |
SAM Softech后台登录绕过 |
shiro-deserial-rce.py |
Apache Shiro 反序列化命令执行 |
siemens-camera-getpwd.py |
SIEMENS IP-Camrea 密码泄露 |
solr-unauth.py |
Apache Solr 未授权访问 |
struts2-devmode.py |
Struts2 devMode 命令执行 |
struts2-s2032.py |
Struts2 S2-032 命令执行 |
struts2-s2045.py |
Struts2 S2-045 命令执行 (作者:24'') |
vbulletin-ssrf.py |
vBulletin SSRF |
weblogic-wls.py |
WebLogic Server WLS RCE (Author:starnight_cyber) |
wp-4.4-ssrf.py |
WordPress 4.4 SSRF |
wp-4.7-userinfo.py |
WordPress 4.7 REST API信息泄露 |
wp-4.7.1-restapi.py |
WordPress 4.7.1 REST API内容注入 |
wp-bonkersbeat-filedownload.py |
WordPress bonkersbeat theme 任意文件下载 |
wp-forcedownload.py |
WordPress forcedownload 任意文件下载 |
wp-ypo-filedownload.py |
WordPress ypo theme 任意文件下载 |
zabbix-jsrpc-mysql-exp.py |
Zabbix jsrpc.php MySQL注入利用 (作者:B0t0w1) |
zabbix-jsrpc-sqli.py |
Zabbix jsrpc.php SQL注入检测 |
zonetransfer.py |
DNS域传送漏洞 |
| 脚本 | 说明 |
|---|---|
brute-example.py |
表单爆破示例(51idc某站) |
rsync-weakpass.py |
rsync 弱口令爆破 |
zabbix-weakpass.py |
zabbix 弱口令爆破 |
weblogic-ssrf-netmap |
利用SSRF漏洞扫描内网端口(nmap 1000 ports) |
| 脚本 | 说明 |
|---|---|
spider-example.py |
爬虫示例(B站用户签名档爬虫) |
| 脚本 | 说明 |
|---|---|
vote-example.py |
给基友开发的刷票脚本 |
bingc.py |
基于Bing搜索引擎的C段/旁站扫描(支持Bing-API) |
check-cdn.py |
探测网站是否使用CDN/云WAF(多节点Get) |