Exploitationpocvulnerability-testingproof-of-conceptpenetration-testingsecurity-researchknownsec

Pocsuite3

Pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework. It provides a powerful PoC engine and features for penetration testers and security researchers.

Description

Pocsuite3, developed by the Knownsec 404 Team, is designed for remote vulnerability testing and proof-of-concept development. It equips penetration testers and security researchers with a robust framework featuring a powerful proof-of-concept engine and various utilities for effective security assessments.

The tool supports multiple operational modes including verify, attack, and shell, allowing users to test vulnerabilities in different contexts. It integrates with services like CEye, Interactsh, Zoomeye, Shodan, and Fofa for enhanced reconnaissance and out-of-band testing capabilities.

Pocsuite3 offers console and command-line interfaces, with poc-console providing an interactive environment and pocsuite enabling scripted operations against targets specified via URLs, files, or ports. Usage is restricted to authorized security testing, as attacking targets without consent is illegal.

How It Works

Pocsuite3 operates as a modular framework that executes proof-of-concept scripts against specified targets using HTTP requests with customizable headers, proxies, and authentication. It supports concurrent network requests, Docker integration for isolated PoC execution, and modes like verify (validation), attack (exploitation), and shell (interactive access). Modules leverage dorks from search engines like Zoomeye, Shodan, Fofa for target discovery, and OOB services for blind exploitation detection. Output is generated in JSON Lines format, with plugins and custom PoC paths extending functionality.

Installation

bash

sudo apt install pocsuite3

Flags

-h, --helpshow this help message and exit

--versionShow program's version number and exit

--updateUpdate Pocsuite3

-n, --newCreate a PoC template

-v {0,1,2,3,4,5,6}Verbosity level: 0-6 (default 1)

-u, --url URL [URL ...]Target URL/CIDR (e.g. "http://www.site.com/vuln.php?id=1")

-f, --file URL_FILEScan multiple targets given in a textual file (one per line)

-p, --ports PORTSadd additional port to each target ([proto:]port, e.g. 8080,https:10000)

-sSkip target's port, only use additional port

--verifyRun poc with verify mode

--attackRun poc with attack mode

--shellRun poc with shell mode

--cookie COOKIEHTTP Cookie header value

--host HOSTHTTP Host header value

--referer REFERERHTTP Referer header value

--user-agent AGENTHTTP User-Agent header value (default random)

--proxy PROXYUse a proxy to connect to the target URL (protocol://host:port)

-o, --output OUTPUT_PATHOutput file to write (JSON Lines format)

--threads THREADSMax number of concurrent network requests (default 150)

Examples

Launch the interactive console mode of pocsuite3

poc-console

Display the help message and available options for pocsuite

pocsuite -h

Show the program's version number

pocsuite --version

Update Pocsuite3 to the latest version

pocsuite --update

Create a new PoC template

pocsuite -n

Target a single URL for vulnerability testing

pocsuite -u http://www.site.com/vuln.php?id=1

Scan multiple targets from a file

pocsuite -f urls.txt

Run PoC in verify mode against a target

pocsuite --verify -u http://target.com

Updated 2026-04-16kali.org ↗