fierce-fish 
fierce-fish是由TCC(斗象能力中心)出品并维护的开源漏洞检测框架osprey的改写,去掉臃肿功能的精简版本poc框架
-
PS:真的用不惯其它臃肿的功能,不过作为一个收集漏洞poc && exp的框架还是非常不错的!!!
-
For beginners friendly (script kiddos would like it !)
简介
fierce-fish ------ 凶鱼,一种比鱼鹰还要凶猛的鱼,由于是osprey的改写版所以取此命名漏洞盒子PoC框架,寓意快,精,准,凶。
fierce-fish 是一个可无限扩展自定义poc的开源漏洞检测与利用框架(Python3开发),是osprey的修改版。 fierce-fish框架可供使用者在渗透测试、漏洞检测、漏洞扫描等场景中应用。框架提供了命令行接口,可供灵活调用,也可用于构建自己的扫描器, 构建自己的通用型漏洞库。
持续添加POC && EXP
安装
从Git上获取最新版本的osprey代码
$ git clone https://github.com/FDlucifer/firece-fish.git
$ cd firece-fish
$ pip3 install -r requirements.txt
- 若执行脚本还是报错,可以根据报错信息提示缺失的模块,手动执行命令(pip3 install ‘缺失模块名'),进行安装...
使用
- 获取帮助列表:
$ python osprey.py --help
- 最简单的用法,针对一个目标URL,发起一个PoC做检测:
$ python osprey.py -t URL -v POC_ID
目前已收录漏洞POC及EXP
| 漏洞名 | poc名称 | poc链接 |
|---|---|---|
| Metinfo 5.3.17 X-Rewrite-url SQL Injection | vb_2017_0060 | Metinfo_5_3_17_X_Rewrite_url_Sql_Injection |
| Landray-OA Arbitrary File Read | vb_2021_0001 | Landray-OA Arbitrary File Read |
| Yy-OA A6 Disclosure of sensitive information | vb_2021_0002 | Yy-OA A6 Disclosure of sensitive information |
| LionfishCMS ApiController.class.php SQL Injection | vb_2021_0003 | LionfishCMS ApiController.class.php SQL Injection |
| LionfishCMS ApigoodsController.class.php SQL Injection | vb_2021_0004 | LionfishCMS ApigoodsController.class.php SQL Injection |
| Kingsoft V8 Arbitrary file read | vb_2021_0005 | Kingsoft V8 Arbitrary file read |
| Kingsoft V8 pdf_maker.php RCE | vb_2021_0006 | Kingsoft V8 pdf_maker.php RCE |
| Kingsoft V8 Default Weak Password | vb_2021_0007 | Kingsoft V8 Default Weak Password |
| Weaver OA 8 SQL injection | vb_2021_0008 | Weaver OA 8 SQL injection |
| Weaver OA Bsh RCE | vb_2021_0009 | Weaver OA Bsh RCE |
| Citrix XenMobile Read FIle | vb_2021_0010 | Citrix XenMobile Read FIle |
| Weblogic RCE CVE-2020-14882 | vb_2021_0011 | Weblogic RCE CVE-2020-14882 |
| Hanming Video Conferencing File Read | vb_2021_0012 | Hanming Video Conferencing File Read |
| Jinher OA Arbitrary File Read | vb_2021_0013 | Jinher OA Arbitrary File Read |
| LanProxy Server Read File | vb_2021_0014 | LanProxy Server Read File |
| YApi Remote Code Execute | vb_2021_0015 | YApi Remote Code Execute |
| SaltStack RCE CVE-2020-11651 | vb_2021_0016 | SaltStack RCE CVE-2020-11651 |
| Coremail Server Information Leakage | vb_2021_0017 | Coremail Server Information Leakage |
| AonarQube Api Information Leakage | vb_2021_0018 | AonarQube Api Information Leakage |
| Alibaba Canal Accesskey Information Leakage | vb_2021_0019 | Alibaba Canal Accesskey Information Leakage |
| MessageSolution Email System Information Leakage | vb_2021_0020 | MessageSolution Email System Information Leakage |
| ICEFlow VPN Information Leakage | vb_2021_0021 | ICEFlow VPN Information Leakage |
| IceWarp WebClient Basic RCE | vb_2021_0022 | IceWarp WebClient Basic RCE |
| ShowDoc File Upload | vb_2021_0023 | ShowDoc File Upload |
| Duoke-Web-Server-SQLInjection | vb_2021_0024 | Duoke-Web-Server-SQLInjection |
| yonyou-UFIDA-NC-file-read | vb_2021_0025 | yonyou-UFIDA-NC-file-read |
| zhongqingnabo_information_leak | vb_2021_0026 | zhongqingnabo_information_leak |
| Apache Druid RCE | vb_2021_0027 | Apache Druid RCE |
| Apache Kylin Xielou ReadFile | vb_2021_0028 | Apache Kylin Xielou ReadFile |
| Apache Flink Read File | vb_2021_0029 | Apache Flink Read File |
| Apache Flink Rce | vb_2021_0030 | Apache Flink Rce |
| 3C HG659 Lib An Arbitrary FileRead | vb_2021_0031 | 3C HG659 Lib An Arbitrary FileRead |
| IceWarp WebClient Basic RCE | vb_2021_0032 | IceWarp WebClient Basic RCE |
| 亿赛通命令执行漏洞 | vb_2021_0033 | 亿赛通命令执行漏洞 |
| Atlassian Jira Information disclosure | vb_2021_0034 | Atlassian Jira Information disclosure |
| LANLING OA file read | vb_2021_0035 | LANLING OA file read |
| CISCO Read-Only Path Traversal Vuln | vb_2021_0036 | CISCO Read-Only Path Traversal Vuln |
| Seeyon_Ajax_Getshell | vb_2021_0037 | Seeyon_Ajax_Getshell |
| 待补充 | vb_2021_0038 | 待补充 |
| 待补充 | vb_2021_0039 | 待补充 |
| 待补充 | vb_2021_0040 | 待补充 |
| 待补充 | vb_2021_0041 | 待补充 |
| zyxel_nbg2105_bypass_auth | vb_2021_0042 | zyxel_nbg2105_bypass_auth |
| HIKVISION_file_read | vb_2021_0043 | HIKVISION_file_read |
| CVE_2021_41773_poc_and_exploit | vb_2021_0044 | CVE_2021_41773_poc_and_exploit |
| CVE_2021_42013_poc_and_exploit | vb_2021_0045 | CVE_2021_42013_poc_and_exploit |
特点
- 体积小
- 检测效果精准,可自己持续按照框架模版添加poc, 方便高效
poc编写说明相关文档
基于Osprey编写PoC,请参考 osprey编写规范和要求说明
56 Mar 03, 2021
37 Dec 06, 2022
3 Apr 09, 2022
20 Apr 07, 2022
2 Oct 27, 2022
15 May 21, 2022
165 Dec 28, 2022
559 Jan 03, 2023
30 Jan 17, 2022
27 Dec 31, 2022
1 Feb 07, 2022
2 Dec 16, 2021
7 Oct 22, 2022
6 Feb 21, 2022
4 Oct 24, 2022
3 Jan 08, 2022
14 Dec 23, 2022
10 Oct 29, 2022
13 Oct 28, 2022
4 Sep 03, 2022