fierce-fish

fierce-fish是由TCC(斗象能力中心)出品并维护的开源漏洞检测框架osprey的改写，去掉臃肿功能的精简版本poc框架

PS：真的用不惯其它臃肿的功能，不过作为一个收集漏洞poc && exp的框架还是非常不错的！！！
osprey
For beginners friendly (script kiddos would like it !)

简介

fierce-fish ------ 凶鱼，一种比鱼鹰还要凶猛的鱼，由于是osprey的改写版所以取此命名漏洞盒子PoC框架，寓意快，精，准，凶。

fierce-fish 是一个可无限扩展自定义poc的开源漏洞检测与利用框架(Python3开发)，是osprey的修改版。 fierce-fish框架可供使用者在渗透测试、漏洞检测、漏洞扫描等场景中应用。框架提供了命令行接口，可供灵活调用，也可用于构建自己的扫描器, 构建自己的通用型漏洞库。

持续添加POC && EXP

安装

从Git上获取最新版本的osprey代码

$ git clone https://github.com/FDlucifer/firece-fish.git
$ cd firece-fish
$ pip3 install -r requirements.txt

若执行脚本还是报错，可以根据报错信息提示缺失的模块，手动执行命令(pip3 install ‘缺失模块名')，进行安装...

使用

获取帮助列表：

$ python osprey.py --help

最简单的用法，针对一个目标URL，发起一个PoC做检测：

$ python osprey.py -t URL -v POC_ID

目前已收录漏洞POC及EXP

漏洞名	poc名称	poc链接
Metinfo 5.3.17 X-Rewrite-url SQL Injection	vb_2017_0060	Metinfo_5_3_17_X_Rewrite_url_Sql_Injection
Landray-OA Arbitrary File Read	vb_2021_0001	Landray-OA Arbitrary File Read
Yy-OA A6 Disclosure of sensitive information	vb_2021_0002	Yy-OA A6 Disclosure of sensitive information
LionfishCMS ApiController.class.php SQL Injection	vb_2021_0003	LionfishCMS ApiController.class.php SQL Injection
LionfishCMS ApigoodsController.class.php SQL Injection	vb_2021_0004	LionfishCMS ApigoodsController.class.php SQL Injection
Kingsoft V8 Arbitrary file read	vb_2021_0005	Kingsoft V8 Arbitrary file read
Kingsoft V8 pdf_maker.php RCE	vb_2021_0006	Kingsoft V8 pdf_maker.php RCE
Kingsoft V8 Default Weak Password	vb_2021_0007	Kingsoft V8 Default Weak Password
Weaver OA 8 SQL injection	vb_2021_0008	Weaver OA 8 SQL injection
Weaver OA Bsh RCE	vb_2021_0009	Weaver OA Bsh RCE
Citrix XenMobile Read FIle	vb_2021_0010	Citrix XenMobile Read FIle
Weblogic RCE CVE-2020-14882	vb_2021_0011	Weblogic RCE CVE-2020-14882
Hanming Video Conferencing File Read	vb_2021_0012	Hanming Video Conferencing File Read
Jinher OA Arbitrary File Read	vb_2021_0013	Jinher OA Arbitrary File Read
LanProxy Server Read File	vb_2021_0014	LanProxy Server Read File
YApi Remote Code Execute	vb_2021_0015	YApi Remote Code Execute
SaltStack RCE CVE-2020-11651	vb_2021_0016	SaltStack RCE CVE-2020-11651
Coremail Server Information Leakage	vb_2021_0017	Coremail Server Information Leakage
AonarQube Api Information Leakage	vb_2021_0018	AonarQube Api Information Leakage
Alibaba Canal Accesskey Information Leakage	vb_2021_0019	Alibaba Canal Accesskey Information Leakage
MessageSolution Email System Information Leakage	vb_2021_0020	MessageSolution Email System Information Leakage
ICEFlow VPN Information Leakage	vb_2021_0021	ICEFlow VPN Information Leakage
IceWarp WebClient Basic RCE	vb_2021_0022	IceWarp WebClient Basic RCE
ShowDoc File Upload	vb_2021_0023	ShowDoc File Upload
Duoke-Web-Server-SQLInjection	vb_2021_0024	Duoke-Web-Server-SQLInjection
yonyou-UFIDA-NC-file-read	vb_2021_0025	yonyou-UFIDA-NC-file-read
zhongqingnabo_information_leak	vb_2021_0026	zhongqingnabo_information_leak
Apache Druid RCE	vb_2021_0027	Apache Druid RCE
Apache Kylin Xielou ReadFile	vb_2021_0028	Apache Kylin Xielou ReadFile
Apache Flink Read File	vb_2021_0029	Apache Flink Read File
Apache Flink Rce	vb_2021_0030	Apache Flink Rce
3C HG659 Lib An Arbitrary FileRead	vb_2021_0031	3C HG659 Lib An Arbitrary FileRead
IceWarp WebClient Basic RCE	vb_2021_0032	IceWarp WebClient Basic RCE
亿赛通命令执行漏洞	vb_2021_0033	亿赛通命令执行漏洞
Atlassian Jira Information disclosure	vb_2021_0034	Atlassian Jira Information disclosure
LANLING OA file read	vb_2021_0035	LANLING OA file read
CISCO Read-Only Path Traversal Vuln	vb_2021_0036	CISCO Read-Only Path Traversal Vuln
Seeyon_Ajax_Getshell	vb_2021_0037	Seeyon_Ajax_Getshell
待补充	vb_2021_0038	待补充
待补充	vb_2021_0039	待补充
待补充	vb_2021_0040	待补充
待补充	vb_2021_0041	待补充
zyxel_nbg2105_bypass_auth	vb_2021_0042	zyxel_nbg2105_bypass_auth
HIKVISION_file_read	vb_2021_0043	HIKVISION_file_read
CVE_2021_41773_poc_and_exploit	vb_2021_0044	CVE_2021_41773_poc_and_exploit
CVE_2021_42013_poc_and_exploit	vb_2021_0045	CVE_2021_42013_poc_and_exploit

特点

体积小

检测效果精准，可自己持续按照框架模版添加poc, 方便高效

poc编写说明相关文档

基于Osprey编写PoC，请参考 osprey编写规范和要求说明

后续会在本仓库长期更新最新的POC & EXP。:)

You might also like...

On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

ApacheRCE ApacheRCE is a small little python script that will allow you to input the apache version 2.4.49-2.4.50 and then input a list of ip addresse