A Modified version of TCC's Osprey poc framework......

Related tags

Security related resourcesfirece-fish
Overview

fierce-fish Python 3.9

fierce-fish是由TCC(斗象能力中心)出品并维护的开源漏洞检测框架osprey的改写,去掉臃肿功能的精简版本poc框架

  • PS:真的用不惯其它臃肿的功能,不过作为一个收集漏洞poc && exp的框架还是非常不错的!!!

  • osprey

  • For beginners friendly (script kiddos would like it !)

简介

fierce-fish ------ 凶鱼,一种比鱼鹰还要凶猛的鱼,由于是osprey的改写版所以取此命名漏洞盒子PoC框架,寓意快,精,准,凶。

fierce-fish 是一个可无限扩展自定义poc的开源漏洞检测与利用框架(Python3开发),是osprey的修改版。 fierce-fish框架可供使用者在渗透测试、漏洞检测、漏洞扫描等场景中应用。框架提供了命令行接口,可供灵活调用,也可用于构建自己的扫描器, 构建自己的通用型漏洞库。

持续添加POC && EXP

安装

从Git上获取最新版本的osprey代码

$ git clone https://github.com/FDlucifer/firece-fish.git
$ cd firece-fish
$ pip3 install -r requirements.txt
  • 若执行脚本还是报错,可以根据报错信息提示缺失的模块,手动执行命令(pip3 install ‘缺失模块名'),进行安装...

使用

  • 获取帮助列表:
$ python osprey.py --help
  • 最简单的用法,针对一个目标URL,发起一个PoC做检测:
$ python osprey.py -t URL -v POC_ID

目前已收录漏洞POC及EXP

漏洞名 poc名称 poc链接
Metinfo 5.3.17 X-Rewrite-url SQL Injection vb_2017_0060 Metinfo_5_3_17_X_Rewrite_url_Sql_Injection
Landray-OA Arbitrary File Read vb_2021_0001 Landray-OA Arbitrary File Read
Yy-OA A6 Disclosure of sensitive information vb_2021_0002 Yy-OA A6 Disclosure of sensitive information
LionfishCMS ApiController.class.php SQL Injection vb_2021_0003 LionfishCMS ApiController.class.php SQL Injection
LionfishCMS ApigoodsController.class.php SQL Injection vb_2021_0004 LionfishCMS ApigoodsController.class.php SQL Injection
Kingsoft V8 Arbitrary file read vb_2021_0005 Kingsoft V8 Arbitrary file read
Kingsoft V8 pdf_maker.php RCE vb_2021_0006 Kingsoft V8 pdf_maker.php RCE
Kingsoft V8 Default Weak Password vb_2021_0007 Kingsoft V8 Default Weak Password
Weaver OA 8 SQL injection vb_2021_0008 Weaver OA 8 SQL injection
Weaver OA Bsh RCE vb_2021_0009 Weaver OA Bsh RCE
Citrix XenMobile Read FIle vb_2021_0010 Citrix XenMobile Read FIle
Weblogic RCE CVE-2020-14882 vb_2021_0011 Weblogic RCE CVE-2020-14882
Hanming Video Conferencing File Read vb_2021_0012 Hanming Video Conferencing File Read
Jinher OA Arbitrary File Read vb_2021_0013 Jinher OA Arbitrary File Read
LanProxy Server Read File vb_2021_0014 LanProxy Server Read File
YApi Remote Code Execute vb_2021_0015 YApi Remote Code Execute
SaltStack RCE CVE-2020-11651 vb_2021_0016 SaltStack RCE CVE-2020-11651
Coremail Server Information Leakage vb_2021_0017 Coremail Server Information Leakage
AonarQube Api Information Leakage vb_2021_0018 AonarQube Api Information Leakage
Alibaba Canal Accesskey Information Leakage vb_2021_0019 Alibaba Canal Accesskey Information Leakage
MessageSolution Email System Information Leakage vb_2021_0020 MessageSolution Email System Information Leakage
ICEFlow VPN Information Leakage vb_2021_0021 ICEFlow VPN Information Leakage
IceWarp WebClient Basic RCE vb_2021_0022 IceWarp WebClient Basic RCE
ShowDoc File Upload vb_2021_0023 ShowDoc File Upload
Duoke-Web-Server-SQLInjection vb_2021_0024 Duoke-Web-Server-SQLInjection
yonyou-UFIDA-NC-file-read vb_2021_0025 yonyou-UFIDA-NC-file-read
zhongqingnabo_information_leak vb_2021_0026 zhongqingnabo_information_leak
Apache Druid RCE vb_2021_0027 Apache Druid RCE
Apache Kylin Xielou ReadFile vb_2021_0028 Apache Kylin Xielou ReadFile
Apache Flink Read File vb_2021_0029 Apache Flink Read File
Apache Flink Rce vb_2021_0030 Apache Flink Rce
3C HG659 Lib An Arbitrary FileRead vb_2021_0031 3C HG659 Lib An Arbitrary FileRead
IceWarp WebClient Basic RCE vb_2021_0032 IceWarp WebClient Basic RCE
亿赛通命令执行漏洞 vb_2021_0033 亿赛通命令执行漏洞
Atlassian Jira Information disclosure vb_2021_0034 Atlassian Jira Information disclosure
LANLING OA file read vb_2021_0035 LANLING OA file read
CISCO Read-Only Path Traversal Vuln vb_2021_0036 CISCO Read-Only Path Traversal Vuln
Seeyon_Ajax_Getshell vb_2021_0037 Seeyon_Ajax_Getshell
待补充 vb_2021_0038 待补充
待补充 vb_2021_0039 待补充
待补充 vb_2021_0040 待补充
待补充 vb_2021_0041 待补充
zyxel_nbg2105_bypass_auth vb_2021_0042 zyxel_nbg2105_bypass_auth
HIKVISION_file_read vb_2021_0043 HIKVISION_file_read
CVE_2021_41773_poc_and_exploit vb_2021_0044 CVE_2021_41773_poc_and_exploit
CVE_2021_42013_poc_and_exploit vb_2021_0045 CVE_2021_42013_poc_and_exploit

特点

  1. 体积小
  1. 检测效果精准,可自己持续按照框架模版添加poc, 方便高效

poc编写说明相关文档

基于Osprey编写PoC,请参考 osprey编写规范和要求说明

后续会在本仓库长期更新最新的POC & EXP。:)

Owner
lUc1f3r11
trapped in the darkest nightmare...
lUc1f3r11
GitHub Repository
Tools ini digunakan untuk krekk pacebuk:v

E-Crack By Aang-XD Fitur Login • Login via token facebook • Login via cookie facebook Install On Termux $ pkg update && pkg upgrade $ pkg install pyth

Aang Ardiansyah-XD 2 Dec 24, 2021
A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

Black Hat Ethical Hacking 5 Aug 09, 2022
This tool was created in order to automate some basic OSINT tasks for penetration testing assingments.

This tool was created in order to automate some basic OSINT tasks for penetration testing assingments. The main feature that I haven't seen much anywhere is the downloadd google dork function where t

Tobias 5 May 31, 2022
This repository consists of the python scripts for execution and automation of vivid tasks.

Scripting.py is a repository being maintained to keep log of the python scripts that I create for automating and executing some of my boring manual task.

Prakriti Regmi 1 Feb 07, 2022
Lite - Lite cracker tool for python

Wellcome to tools Results Install Tools

Jeeck X Nano 23 Dec 17, 2022
A bitcoin private keys brute-forcing tool. Educational purpose only.

BitForce A bitcoin private keys brute-forcing tool. If you have an average computer, his will take decades to find a private key with balance. Run Mak

Gilad Leef 2 Dec 20, 2022
Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of neste

STACS 81 Dec 27, 2022
Tor Relay availability checker, for using it as a bridge in countries with censorship

Tor Relay Availability Checker This small script downloads all Tor Relay IP addresses from onionoo.torproject.org and checks whether random Relays are

ValdikSS 161 Dec 30, 2022
Bilgi Sistemleri Projesi için yapılan keylogger

Keylogger Bilgi Sistemleri Projesi için yapılan keylogger Projede kullanılan kütüphanelere sahip olmasanız da python dosyası çalıştığında kendisi gere

Tarik Bulut 1 Jan 07, 2022
Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari

Ryan 5 Sep 12, 2022
Use FOFA automatic vulnerability scanning tool

AutoSRC Use FOFA automatic vulnerability scanning tool Usage python3 autosrc.py -e FOFA EMAIL -k TOKEN Screenshots License MIT Dev 6613GitHub6613

PwnWiki 48 Oct 25, 2022
Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

👑 Recon 👑 The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my ow

Dirso 171 Dec 31, 2022
Raphael is a vulnerability scanning tool based on Python3.

Raphael Raphael是一款基于Python3开发的插件式漏洞扫描工具。 Raphael is a vulnerability scanning too

b4zinga 5 Mar 21, 2022
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

之乎者也 2.8k Dec 29, 2022
Python & JavaScript Obfuscator made in Python 3.

Python Code Obfuscator A script that converts code into full on random numerical expressions. Simple Scripts: Python Mode... Input: Function that deco

rzx. 1 Dec 29, 2021
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting.🎭

This is A Python & Bash Programming Based Termux-Tool Created By CRACKER911181. This Tool Created For Hacking and Pentesting. If You Use This Tool To Evil Purpose,The Owner Will Never be Responsible

CRACKER911181 1 Jan 10, 2022
Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts.

🕷️ Scarecrow 🕷️ Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts. It looks for processes with specific names to v

Billy 33 Sep 28, 2022
A python script written for lazy people to hack their school systen ;D

F-ck-the-system A python script written for lazy people to hack their school systen ;D Python voice notes writer This is a python script to record you

Sachit 2 Jan 09, 2022
Brainly-Scrambler - Brainly Scrambler With Python

Brainly-Scrambler Untuk admin brainly jangan lupa pasang captcha mu Note: Kamu

8 Feb 24, 2022
Springboot directory scanning

Springboot directory scanning

WINEZERO 87 Dec 28, 2022