diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1e6cb13..53288a9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -45,15 +45,15 @@ jobs: mv build/myapp-darwin-*amd64 pocassist_darwin_amd64 - zip pocassist_windows_386.zip pocassist_windows_386.exe pocassist.db pocassist.sql config.yaml - zip pocassist_windows_amd64.zip pocassist_windows_amd64.exe pocassist.db pocassist.sql config.yaml + zip pocassist_windows_386.zip pocassist_windows_386.exe + zip pocassist_windows_amd64.zip pocassist_windows_amd64.exe - zip pocassist_linux_386.zip pocassist_linux_386 pocassist.db pocassist.sql config.yaml - zip pocassist_linux_amd64.zip pocassist_linux_amd64 pocassist.db pocassist.sql config.yaml - zip pocassist_linux_arm64.zip pocassist_linux_arm64 pocassist.db pocassist.sql config.yaml - zip pocassist_linux_arm.zip pocassist_linux_arm pocassist.db pocassist.sql config.yaml + zip pocassist_linux_386.zip pocassist_linux_386 + zip pocassist_linux_amd64.zip pocassist_linux_amd64 + zip pocassist_linux_arm64.zip pocassist_linux_arm64 + zip pocassist_linux_arm.zip pocassist_linux_arm - zip pocassist_darwin_amd64.zip pocassist_darwin_amd64 pocassist.db pocassist.sql config.yaml + zip pocassist_darwin_amd64.zip pocassist_darwin_amd64 - name: Create Release id: create_release diff --git a/README.md b/README.md index 7db0b66..6044b96 100755 --- a/README.md +++ b/README.md @@ -1,161 +1,103 @@ -

- pocassist -

- - * [pocassist](#pocassist) - * [特性](#特性) - * [规则体系](#规则体系) - * [性能](#性能) - * [资源](#资源) - * [易用](#易用) - * [Demo](#demo) - * [poc管理](#poc管理) - * [漏洞管理](#漏洞管理) - * [快速开始](#快速开始) - * [下载](#下载) - * [运行](#运行) - * [web端](#web端) - * [cli](#cli) - * [使用手册](#使用手册) - * [常见问题](#常见问题) - * [todo](#todo) - * [微信](#微信) - * [免责声明](#免责声明) - * [参考项目](#参考项目) - -## pocassist +

POCASSIST

-pocassist是一个 Go (Golang) 编写的全新的开源漏洞测试框架,实现对poc的在线编辑、管理、测试。 +![pocassist](https://socialify.git.ci/jweny/pocassist/image?description=1&font=Inter&forks=1&issues=1&language=1&logo=https%3A%2F%2Favatars1.githubusercontent.com%2Fu%2F26767398&owner=1&pattern=Floating%20Cogs&pulls=1&stargazers=1&theme=Dark) -如果你不想撸代码,又想实现poc的逻辑,又想在线对靶机快速测试,那就使用pocassist吧。 -## 特性 -### 规则体系 +pocassist是一个 Golang 编写的全新开源漏洞测试框架。 -- pocassist借鉴了xray优秀的规则体系。通过基于CEL表达式定义poc规则。 +- 简单易用 + - 只需要在前端编辑,即可生成poc对批量目标进行测试 + - 单二进制文件,无依赖,也无需安装 +- 性能优秀 + - 支持高并发,通过使用 `ants`实例化协程池,复用 goroutine + - 多重内存复用,尽可能小的内存占用 +- 规则体系 + - 完全兼容xray,但又不仅仅是xray。除了支持定义目录级漏洞poc,还支持服务器级漏洞、参数级漏洞、url级漏洞以及对页面内容检测,如果以上还不满足你的需求,还支持加载自定义脚本。 -- 完全兼容xray现有规则。 +使用之前务必先阅读使用文档! -- 不仅仅是xray。pocassist除了支持定义目录级漏洞poc,还支持服务器级漏洞、参数级漏洞、url级漏洞以及对页面内容检测,如果以上还不满足你的需求,还支持加载自定义脚本。 +🏠[使用文档](https://pocassist.jweny.top/) ⬇️[下载最新版本](https://github.com/jweny/pocassist/releases) -### 性能 +## 快速开始 -高并发:支持批量运行poc,通过使用 `ants`实例化协程池,复用 goroutine ,节省资源,提升性能。 +### 像数 1, 2, 3 一样容易 -### 资源 +```bash +# 启动服务 +./pocassist -小内存占用:使用内存复用机制。每个poc / 请求 / 响应 均使用`sync.Pool` 来缓存对象,减轻GC消耗。 +# 浏览器访问 +http://127.0.0.1:1231 +``` -### 易用 +建议使用[pocassistdb](https://github.com/jweny/pocassistdb)作为漏洞库。⬇️[下载漏洞库最新版本](https://github.com/jweny/pocassistdb/releases/),并在`config.yaml `的`sqlite`项配置路径。 -pocassist 为单二进制文件,无依赖,也无需安装,下载后直接使用。 +有想一块维护poc的师傅也可直接向该项目提PR。 ## Demo -![登录页](docs/pic/login.jpg) - -### poc管理 - -![poc](docs/pic/poc.jpg) - -poc在线编辑 - -![poc编辑](docs/pic/poc-edit.jpg) - -poc在线运行 - -![poc运行结果](docs/pic/poc-result.jpg) - -### 漏洞管理 - -每个poc可以关联配套的漏洞描述。 +登录页 -![漏洞描述](docs/pic/vul.jpg) +![登录页](docs/pic/登录页.jpg) -![漏洞描述详情](docs/pic/vul-desc.jpg) +规则首页 -## 快速开始 - -### 下载 +![规则首页](docs/pic/规则首页.jpg) -直接下载相应系统构建的二进制文件即可,下载时选择最新的版本。 +规则详情 -下载地址:https://github.com/jweny/pocassist/releases/ +![规则详情](docs/pic/规则详情.jpg) -### 运行 +单挑规则靶机测试 -pocassist分为两种模式: +![单条规则靶机测试](docs/pic/单条规则靶机测试.png) -- web:提供web页面进行在线poc编辑和测试 -- cli:提供批量扫描功能 +漏洞描述首页 -如使用默认配置,可直接运行二进制文件。这里以pocassist_darwin_amd64为例: +![漏洞描述首页](docs/pic/漏洞描述首页.jpg) - `./pocassist_darwin_amd64 -h` +漏洞描述详情 -#### web端 +![漏洞描述详情](docs/pic/漏洞描述详情.png) -运行web端,默认1231端口。: +新建批量扫描任务 -`./pocassist_darwin_amd64 server` +![新建扫描任务](docs/pic/新建扫描任务.png) -自定义端口,如8888: +任务状态 -`./pocassist_darwin_amd64 server -p 8888` +![任务首页](docs/pic/任务首页.png) -默认账号密码:`admin/admin2` +扫描结果 -#### cli +![扫描结果](docs/pic/扫描结果.jpg) -如果想进行批量poc测试,可使用命令行: +结果首页 -`/pocassist_darwin_amd64 cli -h` +![结果首页](docs/pic/结果首页.jpg) -### 使用手册 +组件首页 -命令行参数详细说明、配置文件说明、web端操作可参考[使用手册](https://github.com/jweny/pocassist/wiki/%E4%BD%BF%E7%94%A8%E6%89%8B%E5%86%8C)。 +![组件首页](docs/pic/组件首页.jpg) ## 常见问题 -1. config.yaml 加载失败:config.yaml要与pocassist二进制文件放置于同一目录中。 - -2. 使用mysql时,数据库初始化失败:如果后端使用mysql数据库,一定先创建数据库,导入数据,并将数据库信息更新至config.yaml后,再运行pocassist。 - -3. 目前前端有一个小bug,首次登陆成功之后,跳转至/vul时会显示空,需要强制刷新下。 - -4. `go get ./... connection error` - - 启用goproxy(请参阅此[文章](https://madneal.com/post/gproxy/)以进行golang升级): +1. 自定义配置。pocassist首次运行时将在当前目录生成`config.yaml`,引擎启动后实时监控配置文件变化,配置文件修改后无需重启,即热加载 +2. 用户名密码错误:检查数据库配置,以及数据库auth表。建议使用[pocassistdb](https://github.com/jweny/pocassistdb)作为漏洞库 +5. 支持前后端分离部署。前端源码、nginx配置示例可参考[pocassistweb](https://github.com/jweny/pocassistweb) +4. 其他使用问题请先阅读[使用文档](https://pocassist.jweny.top/) - ``` - go env -w GOPROXY=https://goproxy.cn,direct - go env -w GO111MODULE=on - ``` - -5. 如果使用前后端分离部署的师傅可自行打包前端。 - - https://github.com/jweny/pocassistweb - -## todo - -- 目前cli端的批量快扫功能为临时方案,后续所有批量快扫功能web端都将支持。 -- 发现潜在bug -- json参数解析 -- 修复前端bug - - 初次加载时要强制刷新 - - 参数级扫描:payload列表前端未提供在线编辑 ## 微信 -如果在部署 / 使用过程中遇到问题,或者有好的想法或建议,欢迎添加我的微信进行交流。 +如果在部署 / 使用过程中遇到问题,或者有好的想法或建议,欢迎添加进群沟通,或者添加我的微信进行交流。

jweny wechat: bad-lucifer + jweny wechat: bad-lucifer

- - ## 免责声明 未经授权,使用pocassist攻击目标是非法的。pocassist仅用于安全测试目的。为避免被恶意使用,本项目所有收录的poc均为漏洞的理论判断,不存在漏洞利用过程,不会对目标发起真实攻击和漏洞利用。 @@ -165,4 +107,6 @@ pocassist分为两种模式: - https://github.com/chaitin/xray/tree/master/pocs - https://phith0n.github.io/xray-poc-generation/ - https://github.com/jjf012/gopoc -- https://codelabs.developers.google.com/codelabs/cel-go#0 \ No newline at end of file +- https://codelabs.developers.google.com/codelabs/cel-go#0 +- https://github.com/projectdiscovery/nuclei +- https://github.com/projectdiscovery/nuclei-templates/ \ No newline at end of file diff --git a/docs/pic/architecture.jpg b/docs/pic/architecture.jpg deleted file mode 100644 index e8cf293..0000000 Binary files a/docs/pic/architecture.jpg and /dev/null differ diff --git a/docs/pic/cli-help.png b/docs/pic/cli-help.png deleted file mode 100644 index 90f09a3..0000000 Binary files a/docs/pic/cli-help.png and /dev/null differ diff --git a/docs/pic/database.png b/docs/pic/database.png deleted file mode 100644 index d372858..0000000 Binary files a/docs/pic/database.png and /dev/null differ diff --git a/docs/pic/global-help.png b/docs/pic/global-help.png deleted file mode 100644 index 5b4b1cf..0000000 Binary files a/docs/pic/global-help.png and /dev/null differ diff --git a/docs/pic/logo.png b/docs/pic/logo.png deleted file mode 100644 index 2dcacd5..0000000 Binary files a/docs/pic/logo.png and /dev/null differ diff --git a/docs/pic/poc-add.png b/docs/pic/poc-add.png deleted file mode 100644 index 951269e..0000000 Binary files a/docs/pic/poc-add.png and /dev/null differ diff --git a/docs/pic/poc-edit.jpg b/docs/pic/poc-edit.jpg deleted file mode 100644 index e1549f0..0000000 Binary files a/docs/pic/poc-edit.jpg and /dev/null differ diff --git a/docs/pic/poc-result.jpg b/docs/pic/poc-result.jpg deleted file mode 100644 index 8f1db80..0000000 Binary files a/docs/pic/poc-result.jpg and /dev/null differ diff --git a/docs/pic/poc-script.png b/docs/pic/poc-script.png deleted file mode 100644 index 63ec12d..0000000 Binary files a/docs/pic/poc-script.png and /dev/null differ diff --git a/docs/pic/poc.jpg b/docs/pic/poc.jpg deleted file mode 100644 index d6f9e70..0000000 Binary files a/docs/pic/poc.jpg and /dev/null differ diff --git a/docs/pic/server-help.png b/docs/pic/server-help.png deleted file mode 100644 index aa16562..0000000 Binary files a/docs/pic/server-help.png and /dev/null differ diff --git a/docs/pic/vul-desc.jpg b/docs/pic/vul-desc.jpg deleted file mode 100644 index 8e82844..0000000 Binary files a/docs/pic/vul-desc.jpg and /dev/null differ diff --git a/docs/pic/vul.jpg b/docs/pic/vul.jpg deleted file mode 100644 index 5d7b9bd..0000000 Binary files a/docs/pic/vul.jpg and /dev/null differ diff --git "a/docs/pic/\344\273\273\345\212\241\351\246\226\351\241\265.png" "b/docs/pic/\344\273\273\345\212\241\351\246\226\351\241\265.png" new file mode 100644 index 0000000..bb8c9c5 Binary files /dev/null and "b/docs/pic/\344\273\273\345\212\241\351\246\226\351\241\265.png" differ diff --git "a/docs/pic/\345\215\225\346\235\241\350\247\204\345\210\231\351\235\266\346\234\272\346\265\213\350\257\225.png" "b/docs/pic/\345\215\225\346\235\241\350\247\204\345\210\231\351\235\266\346\234\272\346\265\213\350\257\225.png" new file mode 100644 index 0000000..4c9a58e Binary files /dev/null and "b/docs/pic/\345\215\225\346\235\241\350\247\204\345\210\231\351\235\266\346\234\272\346\265\213\350\257\225.png" differ diff --git "a/docs/pic/\346\211\253\346\217\217\347\273\223\346\236\234.jpg" "b/docs/pic/\346\211\253\346\217\217\347\273\223\346\236\234.jpg" new file mode 100644 index 0000000..e04ae56 Binary files /dev/null and "b/docs/pic/\346\211\253\346\217\217\347\273\223\346\236\234.jpg" differ diff --git "a/docs/pic/\346\226\260\345\273\272\346\211\253\346\217\217\344\273\273\345\212\241.png" "b/docs/pic/\346\226\260\345\273\272\346\211\253\346\217\217\344\273\273\345\212\241.png" new file mode 100644 index 0000000..4619cdc Binary files /dev/null and "b/docs/pic/\346\226\260\345\273\272\346\211\253\346\217\217\344\273\273\345\212\241.png" differ diff --git "a/docs/pic/\346\274\217\346\264\236\346\217\217\350\277\260\350\257\246\346\203\205.png" "b/docs/pic/\346\274\217\346\264\236\346\217\217\350\277\260\350\257\246\346\203\205.png" new file mode 100644 index 0000000..537921d Binary files /dev/null and "b/docs/pic/\346\274\217\346\264\236\346\217\217\350\277\260\350\257\246\346\203\205.png" differ diff --git "a/docs/pic/\346\274\217\346\264\236\346\217\217\350\277\260\351\246\226\351\241\265.jpg" "b/docs/pic/\346\274\217\346\264\236\346\217\217\350\277\260\351\246\226\351\241\265.jpg" new file mode 100644 index 0000000..53d1c0c Binary files /dev/null and "b/docs/pic/\346\274\217\346\264\236\346\217\217\350\277\260\351\246\226\351\241\265.jpg" differ diff --git a/docs/pic/login.jpg "b/docs/pic/\347\231\273\345\275\225\351\241\265.jpg" similarity index 100% rename from docs/pic/login.jpg rename to "docs/pic/\347\231\273\345\275\225\351\241\265.jpg" diff --git "a/docs/pic/\347\273\204\344\273\266\351\246\226\351\241\265.jpg" "b/docs/pic/\347\273\204\344\273\266\351\246\226\351\241\265.jpg" new file mode 100644 index 0000000..82417ec Binary files /dev/null and "b/docs/pic/\347\273\204\344\273\266\351\246\226\351\241\265.jpg" differ diff --git "a/docs/pic/\347\273\223\346\236\234\351\246\226\351\241\265.jpg" "b/docs/pic/\347\273\223\346\236\234\351\246\226\351\241\265.jpg" new file mode 100644 index 0000000..f50556d Binary files /dev/null and "b/docs/pic/\347\273\223\346\236\234\351\246\226\351\241\265.jpg" differ diff --git "a/docs/pic/\347\276\244\344\272\214\347\273\264\347\240\201.jpeg" "b/docs/pic/\347\276\244\344\272\214\347\273\264\347\240\201.jpeg" new file mode 100644 index 0000000..60479f4 Binary files /dev/null and "b/docs/pic/\347\276\244\344\272\214\347\273\264\347\240\201.jpeg" differ diff --git "a/docs/pic/\350\247\204\345\210\231\350\257\246\346\203\205.jpg" "b/docs/pic/\350\247\204\345\210\231\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000..d6c2350 Binary files /dev/null and "b/docs/pic/\350\247\204\345\210\231\350\257\246\346\203\205.jpg" differ diff --git "a/docs/pic/\350\247\204\345\210\231\351\246\226\351\241\265.jpg" "b/docs/pic/\350\247\204\345\210\231\351\246\226\351\241\265.jpg" new file mode 100644 index 0000000..7ca4522 Binary files /dev/null and "b/docs/pic/\350\247\204\345\210\231\351\246\226\351\241\265.jpg" differ