A Modified version of TCC's Osprey poc framework......

Last update: Dec 30, 2022

Related tags

Security related resources firece-fish

Overview

fierce-fish

fierce-fish是由TCC(斗象能力中心)出品并维护的开源漏洞检测框架osprey的改写，去掉臃肿功能的精简版本poc框架

PS：真的用不惯其它臃肿的功能，不过作为一个收集漏洞poc && exp的框架还是非常不错的！！！
osprey
For beginners friendly (script kiddos would like it !)

简介

fierce-fish ------ 凶鱼，一种比鱼鹰还要凶猛的鱼，由于是osprey的改写版所以取此命名漏洞盒子PoC框架，寓意快，精，准，凶。

fierce-fish 是一个可无限扩展自定义poc的开源漏洞检测与利用框架(Python3开发)，是osprey的修改版。 fierce-fish框架可供使用者在渗透测试、漏洞检测、漏洞扫描等场景中应用。框架提供了命令行接口，可供灵活调用，也可用于构建自己的扫描器, 构建自己的通用型漏洞库。

持续添加POC && EXP

安装

从Git上获取最新版本的osprey代码

$ git clone https://github.com/FDlucifer/firece-fish.git
$ cd firece-fish
$ pip3 install -r requirements.txt

若执行脚本还是报错，可以根据报错信息提示缺失的模块，手动执行命令(pip3 install ‘缺失模块名')，进行安装...

使用

获取帮助列表：

$ python osprey.py --help

最简单的用法，针对一个目标URL，发起一个PoC做检测：

$ python osprey.py -t URL -v POC_ID

目前已收录漏洞POC及EXP

漏洞名	poc名称	poc链接
Metinfo 5.3.17 X-Rewrite-url SQL Injection	vb_2017_0060	Metinfo_5_3_17_X_Rewrite_url_Sql_Injection
Landray-OA Arbitrary File Read	vb_2021_0001	Landray-OA Arbitrary File Read
Yy-OA A6 Disclosure of sensitive information	vb_2021_0002	Yy-OA A6 Disclosure of sensitive information
LionfishCMS ApiController.class.php SQL Injection	vb_2021_0003	LionfishCMS ApiController.class.php SQL Injection
LionfishCMS ApigoodsController.class.php SQL Injection	vb_2021_0004	LionfishCMS ApigoodsController.class.php SQL Injection
Kingsoft V8 Arbitrary file read	vb_2021_0005	Kingsoft V8 Arbitrary file read
Kingsoft V8 pdf_maker.php RCE	vb_2021_0006	Kingsoft V8 pdf_maker.php RCE
Kingsoft V8 Default Weak Password	vb_2021_0007	Kingsoft V8 Default Weak Password
Weaver OA 8 SQL injection	vb_2021_0008	Weaver OA 8 SQL injection
Weaver OA Bsh RCE	vb_2021_0009	Weaver OA Bsh RCE
Citrix XenMobile Read FIle	vb_2021_0010	Citrix XenMobile Read FIle
Weblogic RCE CVE-2020-14882	vb_2021_0011	Weblogic RCE CVE-2020-14882
Hanming Video Conferencing File Read	vb_2021_0012	Hanming Video Conferencing File Read
Jinher OA Arbitrary File Read	vb_2021_0013	Jinher OA Arbitrary File Read
LanProxy Server Read File	vb_2021_0014	LanProxy Server Read File
YApi Remote Code Execute	vb_2021_0015	YApi Remote Code Execute
SaltStack RCE CVE-2020-11651	vb_2021_0016	SaltStack RCE CVE-2020-11651
Coremail Server Information Leakage	vb_2021_0017	Coremail Server Information Leakage
AonarQube Api Information Leakage	vb_2021_0018	AonarQube Api Information Leakage
Alibaba Canal Accesskey Information Leakage	vb_2021_0019	Alibaba Canal Accesskey Information Leakage
MessageSolution Email System Information Leakage	vb_2021_0020	MessageSolution Email System Information Leakage
ICEFlow VPN Information Leakage	vb_2021_0021	ICEFlow VPN Information Leakage
IceWarp WebClient Basic RCE	vb_2021_0022	IceWarp WebClient Basic RCE
ShowDoc File Upload	vb_2021_0023	ShowDoc File Upload
Duoke-Web-Server-SQLInjection	vb_2021_0024	Duoke-Web-Server-SQLInjection
yonyou-UFIDA-NC-file-read	vb_2021_0025	yonyou-UFIDA-NC-file-read
zhongqingnabo_information_leak	vb_2021_0026	zhongqingnabo_information_leak
Apache Druid RCE	vb_2021_0027	Apache Druid RCE
Apache Kylin Xielou ReadFile	vb_2021_0028	Apache Kylin Xielou ReadFile
Apache Flink Read File	vb_2021_0029	Apache Flink Read File
Apache Flink Rce	vb_2021_0030	Apache Flink Rce
3C HG659 Lib An Arbitrary FileRead	vb_2021_0031	3C HG659 Lib An Arbitrary FileRead
IceWarp WebClient Basic RCE	vb_2021_0032	IceWarp WebClient Basic RCE
亿赛通命令执行漏洞	vb_2021_0033	亿赛通命令执行漏洞
Atlassian Jira Information disclosure	vb_2021_0034	Atlassian Jira Information disclosure
LANLING OA file read	vb_2021_0035	LANLING OA file read
CISCO Read-Only Path Traversal Vuln	vb_2021_0036	CISCO Read-Only Path Traversal Vuln
Seeyon_Ajax_Getshell	vb_2021_0037	Seeyon_Ajax_Getshell
待补充	vb_2021_0038	待补充
待补充	vb_2021_0039	待补充
待补充	vb_2021_0040	待补充
待补充	vb_2021_0041	待补充
zyxel_nbg2105_bypass_auth	vb_2021_0042	zyxel_nbg2105_bypass_auth
HIKVISION_file_read	vb_2021_0043	HIKVISION_file_read
CVE_2021_41773_poc_and_exploit	vb_2021_0044	CVE_2021_41773_poc_and_exploit
CVE_2021_42013_poc_and_exploit	vb_2021_0045	CVE_2021_42013_poc_and_exploit

特点

体积小

检测效果精准，可自己持续按照框架模版添加poc, 方便高效

poc编写说明相关文档

基于Osprey编写PoC，请参考 osprey编写规范和要求说明

A Modified version of TCC's Osprey poc framework......

Related tags

Overview

fierce-fish

简介

安装

使用

目前已收录漏洞POC及EXP

特点

poc编写说明相关文档

后续会在本仓库长期更新最新的POC & EXP。:)

Owner

lUc1f3r11

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Whois-Python - Get Whois Domain with Python GUI

Vuln Scanner With Python

Guess the password for Tik Tok accounts

A piece of software that shows a traceroute of a URL redirect path

使用golang重写开源工具wafw00f

Password-Manager GUI

A black hole for Internet advertisements

Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

This a simple tool XSS Detection Suite for CTFs games

#whois it? Let's find out!

Scan your logs for CVE-2021-44228 related activity and report the attackers

Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

The probability of having the password you want in the PassMaker is +90%!!

A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps

PassLock is a medium-security password manager that encrypts passwords using Advanced Encryption Standards (AES)

An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

A Python & JavaScript Obfuscator made in Python 3.