GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → TophantTechnology → Osprey

TophantTechnology / Osprey

Programming Languages

python
139335 projects - #7 most used programming language

Labels

poc

Projects that are alternatives of or similar to Osprey

CVE-2018-7750
an RCE (remote command execution) approach of CVE-2018-7750
Stars: ✭ 18 (-95.82%)
Mutual labels:  poc
Wordpress Xmlrpc Brute Force Exploit
Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
Stars: ✭ 315 (-26.91%)
Mutual labels:  poc
Poc Exp
poc or exp of android vulnerability
Stars: ✭ 362 (-16.01%)
Mutual labels:  poc
Cve 2020 0796 Poc
PoC for triggering buffer overflow via CVE-2020-0796
Stars: ✭ 266 (-38.28%)
Mutual labels:  poc
Poc S
POC-T强化版本 POC-S , 用于红蓝对抗中快速验证Web应用漏洞, 对功能进行强化以及脚本进行分类添加,自带dnslog等, 平台补充来自vulhub靶机及其他开源项目的高可用POC
Stars: ✭ 285 (-33.87%)
Mutual labels:  poc
Cve 2019 0708
3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
Stars: ✭ 350 (-18.79%)
Mutual labels:  poc
NSE-scripts
NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Stars: ✭ 105 (-75.64%)
Mutual labels:  poc
Ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Stars: ✭ 4,808 (+1015.55%)
Mutual labels:  poc
Poccollect
a plenty of poc based on python
Stars: ✭ 289 (-32.95%)
Mutual labels:  poc
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+868.21%)
Mutual labels:  poc
Commodity Injection Signatures
Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT
Stars: ✭ 267 (-38.05%)
Mutual labels:  poc
Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+795.13%)
Mutual labels:  poc
Cve 2020 0796 Rce Poc
CVE-2020-0796 Remote Code Execution POC
Stars: ✭ 359 (-16.71%)
Mutual labels:  poc
Tentacle
Tentacle is a POC vulnerability verification and exploit framework. It supports free extension of exploits and uses POC scripts. It supports calls to zoomeye, fofa, shodan and other APIs to perform bulk vulnerability verification for multiple targets.
Stars: ✭ 258 (-40.14%)
Mutual labels:  poc
Ladongo
Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-15.08%)
Mutual labels:  poc
Exploit-Development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
Stars: ✭ 84 (-80.51%)
Mutual labels:  poc
Cve 2018 7600
💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002
Stars: ✭ 330 (-23.43%)
Mutual labels:  poc
Cve 2017 0785
Blueborne CVE-2017-0785 Android information leak vulnerability
Stars: ✭ 428 (-0.7%)
Mutual labels:  poc
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (-4.18%)
Mutual labels:  poc
Javadeserh2hc
Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).
Stars: ✭ 361 (-16.24%)
Mutual labels:  poc
View All Similar Projects ➔

Osprey Python 3.5

Osprey是由TCC(斗象能力中心)出品并长期维护的开源漏洞检测框架

简介

Osprey——鱼鹰,一种善于捕鱼的猛禽,取此命名漏洞盒子PoC框架,寓意快、精、准。

Osprey是一个可扩展的开源漏洞检测与利用框架(Python3开发),是TCC长期的安全能力与经验的积累形成的一个可用工具,目前被集成应用于企业级安全产品 网藤风险感知-CRS 中。 Osprey框架可供使用者在渗透测试、漏洞检测、漏洞扫描等场景中应用。框架提供了命令行接口和Web接口,可供灵活调用,也可用于构建自己的扫描器。

安装

从Git上获取最新版本的osprey代码

$ git clone https://github.com/TophantTechnology/osprey.git

推荐在Linux环境下使用,并用virtualenv搭建独立的python3环境

$ python3 -m venv venv
$ source venv/bin/activate

最小化安装

最小化安装仅提供命令行和一个交互式的Console接口,可满足大多数场景下的使用。

$ python setup.py install

完全安装

安装osprey的完整功能,包括命令行工具、 交互式Console接口、 Web API接口。

  • 安装配置RabbitMQ
  • 安装配置MongoDB
  • 配置 settings.py
    1. 使用MongoDB作为数据库:use_mongo = True, use_sqlite = False
    2. 填充RabbitMQ和MongoDB的URI:mongo_url, CELERY_BROKER
    3. 填写你的Python3解释器路径:PROGRAM
  • 安装Python包:
$ pip install -r web/requirements.txt

使用

  • 获取帮助列表:
$ python osprey.py --help
  • 最简单的用法,针对一个目标URL,发起一个PoC做检测:
$ python osprey.py -t URL -v POC_ID
  • 使用交互式Console接口:
$ python console/osprey-console.py
  • 使用Web API接口:
$ gunicorn -b 127.0.0.1:5000 osprey-web:app -w 5
$ celery -A osprey-web.celery worker --concurrency=5 -Q poc-queue -n osprey.%h -Ofair

Docker使用

可以使用docker-compose快速搭建完整的Osprey环境(需安装docker和docker-compose)

编译docker环境

$ cd docker
$ docker-compose build

运行完整的osprey环境

$ docker-compose up -d

访问http://YOUR-IP:5000/,可以看到osprey Web部署已完成

利用docker搭建osprey的Web接口下发任务和获取执行结果

$ curl http://127.0.0.1:5000/api/start -d '{"task_id": "TASK_ID", "vid": "vb_ID", "target": "http://x.com/"}'
$ curl http://127.0.0.1:5000/api/result -d '{"task_id": "TASK_ID"}'

osprey镜像拉取到本地之后,也可以直接通过docker run进入容器中(不启用osprey-web),然后使用命令行工具或交互式Console接口

$ docker run -it -v pocs:/opt/osprey/pocs tophant/osprey bash

相关文档

基于Osprey编写PoC,请参考 osprey编写规范和要求说明

要使用Osprey Web接口,请参考 osprey-web接口使用说明文档

Osprey-鱼鹰交流群:483373752

参考链接

欢迎提交POC

欢迎提交有用的新POC,提交的POC我们会进行维护和公布。:)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].