scripts

package

v0.0.0-...-269099d Latest Latest Go to latest Published: Oct 30, 2023 License: Apache-2.0 Imports: 27 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jweny/pocassist

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func BytesToInt(b []byte) (r int, err error)
func CheckSmbCve20200796(args *ScriptScanArgs) (*util.ScanResult, error)
func ConstructUrl(args *ScriptScanArgs, uri string) string
func CreateOpenSSLHeartBleed(version *openSSLVersion) []byte
func CreateOpenSSLHello(version *openSSLVersion) []byte
func DedecmsBakeUpFileFound(args *ScriptScanArgs) (*util.ScanResult, error)
func EcshopAnyoneLoginVul(args *ScriptScanArgs) (*util.ScanResult, error)
func ElasticSearchPathTraversal(args *ScriptScanArgs) (*util.ScanResult, error)
func EncodeRememberme(reverseUrl, key string) string
func EximOffByOneRCE(args *ScriptScanArgs) (*util.ScanResult, error)
func EximUaf(args *ScriptScanArgs) (*util.ScanResult, error)
func FastCGIFileRead(args *ScriptScanArgs) (*util.ScanResult, error)
func FtpUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)
func GetRandomString(length int) string
func JBossAdminConsoleWeakPass(args *ScriptScanArgs) (*util.ScanResult, error)
func JBossInvokerServletRemoteCodeExec(args *ScriptScanArgs) (*util.ScanResult, error)
func JBossJavaSerializationVul(args *ScriptScanArgs) (*util.ScanResult, error)
func JoomlaSerialization(args *ScriptScanArgs) (*util.ScanResult, error)
func MD5(text string) string
func MS15034(args *ScriptScanArgs) (*util.ScanResult, error)
func MemcachedUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)
func MongoDBUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)
func OpenSSLHeartbleedVul(args *ScriptScanArgs) (*util.ScanResult, error)
func OpenSSLRecvMessage(conn net.Conn) (typ int, ver int, body []byte)
func PKCS7Padding(origData []byte, blockSize int) []byte
func RedisUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)
func RedisWeakPass(args *ScriptScanArgs) (*util.ScanResult, error)
func RsyncAnonymousAccess(args *ScriptScanArgs) (*util.ScanResult, error)
func ScriptRegister(pocName string, handler ScriptScanFunc)
func ShiroJavaUnserilize(args *ScriptScanArgs) (*util.ScanResult, error)
func TomcatWeakPass(args *ScriptScanArgs) (*util.ScanResult, error)
func ZookeeperUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)
type ScriptScanArgs
type ScriptScanFunc
- func GetScriptFunc(pocName string) ScriptScanFunc

Constants ¶

This section is empty.

Variables ¶

View Source

var ShiroKeys = []string{

	"kPH+bIxk5D2deZiIxcaaaA==",
	"Z3VucwAAAAAAAAAAAAAAAA==",
	"4AvVhmFLUs0KTA3Kprsdag==",
	"3AvVhmFLUs0KTA3Kprsdag==",
	"2AvVhdsgUs0FSA3SDFAdag==",
	"U3ByaW5nQmxhZGUAAAAAAA==",
	"wGiHplamyXlVB11UXWol8g==",
	"6ZmI6I2j5Y+R5aSn5ZOlAA==",
}

参考：https://mp.weixin.qq.com/s/NRx-rDBEFEbZYrfnRw2iDw

Functions ¶

func BytesToInt ¶

func BytesToInt(b []byte) (r int, err error)

[]byte 转int BytesToInt([]byte{0,0,3,232}) //1000

func CheckSmbCve20200796 ¶

func CheckSmbCve20200796(args *ScriptScanArgs) (*util.ScanResult, error)

func ConstructUrl ¶

func ConstructUrl(args *ScriptScanArgs, uri string) string

func CreateOpenSSLHeartBleed ¶

func CreateOpenSSLHeartBleed(version *openSSLVersion) []byte

func CreateOpenSSLHello ¶

func CreateOpenSSLHello(version *openSSLVersion) []byte

func DedecmsBakeUpFileFound ¶

func DedecmsBakeUpFileFound(args *ScriptScanArgs) (*util.ScanResult, error)

func EcshopAnyoneLoginVul ¶

func EcshopAnyoneLoginVul(args *ScriptScanArgs) (*util.ScanResult, error)

EcshopAnyoneLoginVul ecshop 任意登录

func ElasticSearchPathTraversal ¶

func ElasticSearchPathTraversal(args *ScriptScanArgs) (*util.ScanResult, error)

ES路径遍历

func EncodeRememberme ¶

func EncodeRememberme(reverseUrl, key string) string

func EximOffByOneRCE ¶

func EximOffByOneRCE(args *ScriptScanArgs) (*util.ScanResult, error)

exim远程调用

func EximUaf ¶

func EximUaf(args *ScriptScanArgs) (*util.ScanResult, error)

EximUaf

func FastCGIFileRead ¶

func FastCGIFileRead(args *ScriptScanArgs) (*util.ScanResult, error)

FastCGIFileRead fast cgi 文件读取

func FtpUnauthority ¶

func FtpUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)

FtpUnauthority Ftp 未授权

func GetRandomString ¶

func GetRandomString(length int) string

生成随机字符串

func JBossAdminConsoleWeakPass ¶

func JBossAdminConsoleWeakPass(args *ScriptScanArgs) (*util.ScanResult, error)

JBossAdminConsoleWeakPass jboss 管理控制台弱口令

func JBossInvokerServletRemoteCodeExec ¶

func JBossInvokerServletRemoteCodeExec(args *ScriptScanArgs) (*util.ScanResult, error)

JBossInvokerServletRemoteCodeExec jboss 远程执行

func JBossJavaSerializationVul ¶

func JBossJavaSerializationVul(args *ScriptScanArgs) (*util.ScanResult, error)

JBossJavaSerializationVul jboss 序列化

func JoomlaSerialization ¶

func JoomlaSerialization(args *ScriptScanArgs) (*util.ScanResult, error)

JoomlaSerialization joomla 序列化执行

func MD5 ¶

func MD5(text string) string

生成md5

func MS15034 ¶

func MS15034(args *ScriptScanArgs) (*util.ScanResult, error)

MS15034

func MemcachedUnauthority ¶

func MemcachedUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)

MemcachedUnauthority memcached 未授权

func MongoDBUnauthority ¶

func MongoDBUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)

MongoDBUnauthority MongoDB 未授权

func OpenSSLHeartbleedVul ¶

func OpenSSLHeartbleedVul(args *ScriptScanArgs) (*util.ScanResult, error)

OpenSSLHeartbleedVul openssl heartbleed

func OpenSSLRecvMessage ¶

func OpenSSLRecvMessage(conn net.Conn) (typ int, ver int, body []byte)

func PKCS7Padding ¶

func PKCS7Padding(origData []byte, blockSize int) []byte

func RedisUnauthority ¶

func RedisUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)

RedisUnauthority redis 未授权 Poc

func RedisWeakPass ¶

func RedisWeakPass(args *ScriptScanArgs) (*util.ScanResult, error)

RedisWeakPass redis 弱密码

func RsyncAnonymousAccess ¶

func RsyncAnonymousAccess(args *ScriptScanArgs) (*util.ScanResult, error)

RsyncAnonymousAccess rsync 匿名访问

func ScriptRegister ¶

func ScriptRegister(pocName string, handler ScriptScanFunc)

func ShiroJavaUnserilize ¶

func ShiroJavaUnserilize(args *ScriptScanArgs) (*util.ScanResult, error)

Shiro反序列化漏洞

func TomcatWeakPass ¶

func TomcatWeakPass(args *ScriptScanArgs) (*util.ScanResult, error)

tomcat 弱口令

func ZookeeperUnauthority ¶

func ZookeeperUnauthority(args *ScriptScanArgs) (*util.ScanResult, error)

ZookeeperUnauthority zookeeper 未授权

Types ¶

type ScriptScanArgs ¶

type ScriptScanArgs struct {
	Host    string
	Port    uint16
	IsHTTPS bool
}

type ScriptScanFunc ¶

type ScriptScanFunc func(args *ScriptScanArgs) (*util.ScanResult, error)

func GetScriptFunc ¶

func GetScriptFunc(pocName string) ScriptScanFunc

GetScriptFunc 返回 pocName 对应的方法

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL