POC-bomber is a high-speed vulnerability detection and exploitation tool that leverages numerous high-risk POCs/EXPs to quickly gain target server privileges for penetration testing and red teaming.
利用大量高威胁poc/exp快速获取目标权限,用于渗透和红队快速打点
This tool is designed for penetration testers and red teamers to rapidly identify and exploit critical vulnerabilities such as RCE, file upload, deserialization, and SQL injection across multiple targets or assets. It supports both verification and attack modes, enabling quick vulnerability mapping and direct exploitation to obtain server access. It is especially useful for high-volume vulnerability scanning and fast-paced red team operations.
POC-bomber primarily depends on the requests library; other dependencies are optional but may affect detection coverage. Attack mode requires explicit POC specification and should be used with caution and proper authorization. DNSLog integration is disabled by default and must be enabled in the config for blind vulnerability detection. The tool is optimized for high concurrency but some POCs may cause delays if not updated. Users can extend functionality by writing custom POCs following the provided Python3 verify/attack interface.
git clone https://github.com/tr0uble-mAker/POC-bomber.git
cd POC-bomber
pip install -r requirements.txtpython3 pocbomber.py
Display general usage information
python3 pocbomber.py --show
Show detailed information about available POC/EXP
python3 pocbomber.py -u http://target.url
Perform vulnerability verification scan on a single target URL
python3 pocbomber.py -f url.txt -o report.txt
Batch scan multiple URLs listed in url.txt and output results to report.txt
python3 pocbomber.py -f url.txt --poc="thinkphp2_rce.py"
Scan multiple URLs using a specified POC file
python3 pocbomber.py -u http://target.url --poc="thinkphp2_rce.py" --attack
Launch exploit attack mode using a specified POC to attempt direct exploitation