Git Product home page Git Product logo

pocscan's Introduction

POCSCAN

Pocscan是一款开源 Poc 调用框架,可轻松调用Pocsuite,Tangscan,Beebeeto,Knowsec老版本POC 按照官方规范编写的 Poc对目标域名进行扫描,通过 Docker 一键部署,麻麻再也不怕搭建麻烦了 。

Pocscan支持被动式扫描,还提供了chrome浏览器插件,插件会自动抓取你访问的网站host进行漏洞扫描。ε=ε=(ノ≧∇≦)ノ

Pocscan 只是扫描框架,不提供Poc!!!
Pocscan 只是扫描框架,不提供Poc!!!
Pocscan 只是扫描框架,不提供Poc!!!

Screenshots

前台

后台

Installation

  1. 安装Docker, 然后下载镜像

     $ curl -sSL https://get.daocloud.io/docker | sh 
 $ sudo systemctl start docker
 $ sudo docker pull daocloud.io/aber/pocscan:1.1

  2. 把源码 clone 到本地,运行 docker 容器,把源码挂载到容器里

     docker run -d -v [代码存放目录]:/www -p 8090:8000 daocloud.io/aber/pocscan:1.1
 
 /*
 -p 8090:8000 是将容器的8000端口映射到宿主机的8090端口
 以上参数根据实际情况自行配置
 */

  3. 把poc文件按找分类放到 /pocscan/pocs/ 下的文件夹

  4. 访问一下 http://127.0.0.1:8090/login. 出现登录界面就是搭建成功了。帐号是root,密码是password.

  5. 安装chrome插件(代码根目录那个crx文件),装好设置好API地址.要扫描时保持插件页面的打开。

     http://192.168.1.2:8081/scan/     #注意scan后面要用"/",注意scan后面要用"/",注意scan后面要用"/"。重要的事情说三次

TO DO

  1. 集成 sqlmapapi 和 XSS 检测.(准备开发完成)

FAQ

Q: 搭建为啥扫不出漏洞啊?(゚Д゚≡゚д゚)!?

A: Pocscan 只是提供一个框架,不提供 Poc (其实还是提供了demo poc的), 扫不出洞说明你的 Poc 不够多不够牛逼。

Q: POC 哪里找?

A:上sebug.net,tangscan.com,beebeeto.com兑换.或者自己写.

问题反馈 当程序出现日天的bug,或者你有更好的建议想法时,请提issue

author : 只有两人bilibili安全团队,erevus, tlskbz

pocscan's People

Contributors

erevus-cn avatar lordlezehaf avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.