fierce-fish是由TCC(斗象能力中心)出品并维护的开源漏洞检测框架osprey的改写,去掉臃肿功能的精简版本poc框架
-
PS:真的用不惯其它臃肿的功能,不过作为一个收集漏洞poc && exp的框架还是非常不错的!!!
-
For beginners friendly (script kiddos would like it !)
fierce-fish ------ 凶鱼,一种比鱼鹰还要凶猛的鱼,由于是osprey的改写版所以取此命名漏洞盒子PoC框架,寓意快,精,准,凶。
fierce-fish 是一个可无限扩展自定义poc的开源漏洞检测与利用框架(Python3开发),是osprey的修改版。 fierce-fish框架可供使用者在渗透测试、漏洞检测、漏洞扫描等场景中应用。框架提供了命令行接口,可供灵活调用,也可用于构建自己的扫描器, 构建自己的通用型漏洞库。
持续添加POC && EXP
从Git上获取最新版本的osprey代码
$ git clone https://github.com/FDlucifer/firece-fish.git
$ cd firece-fish
$ pip3 install -r requirements.txt
- 若执行脚本还是报错,可以根据报错信息提示缺失的模块,手动执行命令(pip3 install ‘缺失模块名'),进行安装...
- 获取帮助列表:
$ python osprey.py --help
- 最简单的用法,针对一个目标URL,发起一个PoC做检测:
$ python osprey.py -t URL -v POC_ID
漏洞名 | poc名称 | poc链接 |
---|---|---|
Metinfo 5.3.17 X-Rewrite-url SQL Injection | vb_2017_0060 | Metinfo_5_3_17_X_Rewrite_url_Sql_Injection |
Landray-OA Arbitrary File Read | vb_2021_0001 | Landray-OA Arbitrary File Read |
Yy-OA A6 Disclosure of sensitive information | vb_2021_0002 | Yy-OA A6 Disclosure of sensitive information |
LionfishCMS ApiController.class.php SQL Injection | vb_2021_0003 | LionfishCMS ApiController.class.php SQL Injection |
LionfishCMS ApigoodsController.class.php SQL Injection | vb_2021_0004 | LionfishCMS ApigoodsController.class.php SQL Injection |
Kingsoft V8 Arbitrary file read | vb_2021_0005 | Kingsoft V8 Arbitrary file read |
Kingsoft V8 pdf_maker.php RCE | vb_2021_0006 | Kingsoft V8 pdf_maker.php RCE |
Kingsoft V8 Default Weak Password | vb_2021_0007 | Kingsoft V8 Default Weak Password |
Weaver OA 8 SQL injection | vb_2021_0008 | Weaver OA 8 SQL injection |
Weaver OA Bsh RCE | vb_2021_0009 | Weaver OA Bsh RCE |
Citrix XenMobile Read FIle | vb_2021_0010 | Citrix XenMobile Read FIle |
Weblogic RCE CVE-2020-14882 | vb_2021_0011 | Weblogic RCE CVE-2020-14882 |
Hanming Video Conferencing File Read | vb_2021_0012 | Hanming Video Conferencing File Read |
Jinher OA Arbitrary File Read | vb_2021_0013 | Jinher OA Arbitrary File Read |
LanProxy Server Read File | vb_2021_0014 | LanProxy Server Read File |
YApi Remote Code Execute | vb_2021_0015 | YApi Remote Code Execute |
SaltStack RCE CVE-2020-11651 | vb_2021_0016 | SaltStack RCE CVE-2020-11651 |
Coremail Server Information Leakage | vb_2021_0017 | Coremail Server Information Leakage |
AonarQube Api Information Leakage | vb_2021_0018 | AonarQube Api Information Leakage |
Alibaba Canal Accesskey Information Leakage | vb_2021_0019 | Alibaba Canal Accesskey Information Leakage |
MessageSolution Email System Information Leakage | vb_2021_0020 | MessageSolution Email System Information Leakage |
ICEFlow VPN Information Leakage | vb_2021_0021 | ICEFlow VPN Information Leakage |
IceWarp WebClient Basic RCE | vb_2021_0022 | IceWarp WebClient Basic RCE |
ShowDoc File Upload | vb_2021_0023 | ShowDoc File Upload |
Duoke-Web-Server-SQLInjection | vb_2021_0024 | Duoke-Web-Server-SQLInjection |
yonyou-UFIDA-NC-file-read | vb_2021_0025 | yonyou-UFIDA-NC-file-read |
zhongqingnabo_information_leak | vb_2021_0026 | zhongqingnabo_information_leak |
Apache Druid RCE | vb_2021_0027 | Apache Druid RCE |
Apache Kylin Xielou ReadFile | vb_2021_0028 | Apache Kylin Xielou ReadFile |
Apache Flink Read File | vb_2021_0029 | Apache Flink Read File |
Apache Flink Rce | vb_2021_0030 | Apache Flink Rce |
3C HG659 Lib An Arbitrary FileRead | vb_2021_0031 | 3C HG659 Lib An Arbitrary FileRead |
IceWarp WebClient Basic RCE | vb_2021_0032 | IceWarp WebClient Basic RCE |
亿赛通命令执行漏洞 | vb_2021_0033 | 亿赛通命令执行漏洞 |
Atlassian Jira Information disclosure | vb_2021_0034 | Atlassian Jira Information disclosure |
LANLING OA file read | vb_2021_0035 | LANLING OA file read |
CISCO Read-Only Path Traversal Vuln | vb_2021_0036 | CISCO Read-Only Path Traversal Vuln |
Seeyon_Ajax_Getshell | vb_2021_0037 | Seeyon_Ajax_Getshell |
vb_2021_0038_iis6_webdav_CVE_2017_7269 | vb_2021_0038 | vb_2021_0038_iis6_webdav_CVE_2017_7269 |
dedecms57_cve_2018_6910 | vb_2021_0039 | dedecms57_cve_2018_6910 |
Weaver_OA_e_Bridge_fileread | vb_2021_0040 | Weaver_OA_e_Bridge_fileread |
huayu_reporter_rce | vb_2021_0041 | huayu_reporter_rce |
zyxel_nbg2105_bypass_auth | vb_2021_0042 | zyxel_nbg2105_bypass_auth |
HIKVISION_file_read | vb_2021_0043 | HIKVISION_file_read |
CVE_2021_41773_poc_and_exploit | vb_2021_0044 | CVE_2021_41773_poc_and_exploit |
CVE_2021_42013_poc_and_exploit | vb_2021_0045 | CVE_2021_42013_poc_and_exploit |
CVE_2021_38647_omigod_RCE | vb_2021_0046 | CVE_2021_38647_omigod_RCE |
CVE_2021_26855_proxylogon | vb_2021_0047 | CVE_2021_26855_proxylogon |
CVE_2021_22005_VMWare_vCenter_Server_File_Upload | vb_2021_0048 | CVE_2021_22005_VMWare_vCenter_Server_File_Upload |
CVE_2021_22205_gitlab_unauth_rce | vb_2021_0049 | CVE_2021_22205_gitlab_unauth_rce |
coremail_information_leak | vb_2021_0050 | coremail_information_leak |
CVE_2021_40870_Aviatrix_Controller | vb_2021_0051 | CVE_2021_40870_Aviatrix_Controller |
CVE_2021_40845_Authenticated_File_Upload_RCE | vb_2021_0052 | CVE_2021_40845_Authenticated_File_Upload_RCE |
CVE_2021_26084_Confluence_OGNL_injection | vb_2021_0053 | CVE_2021_26084_Confluence_OGNL_injection |
haoshitong_video_fileread | vb_2021_0054 | haoshitong_video_fileread |
wanhuoa_file_download | vb_2021_0055 | wanhuoa_file_download |
NS_NGFW_RCE | vb_2021_0056 | NS_NGFW_RCE |
Confluence_SSTI_CVE_2019_3396 | vb_2021_0057 | Confluence_SSTI_CVE_2019_3396 |
Metabase_fileread_CVE_2021_41277 | vb_2021_0058 | Metabase_fileread_CVE_2021_41277 |
fanwei_cnvd_2021_49104 | vb_2021_0059 | 泛微e-office 任意文件上传 |
- 体积小
- 检测效果精准,可自己持续按照框架模版添加poc, 方便高效
基于Osprey编写PoC,请参考 osprey编写规范和要求说明