Go Exploit Save

A Go-based Exploit Framework

Project README

go-exploit: Go Exploit Framework

go-exploit is an exploit development framework for Go. The framework helps exploit developers create small, self-contained, portable, and consistent exploits. The framework was developed to simplify large scale scanning, exploitation, and integration with other tools. For API documentation, check out the package on pkg.go.dev/github.com/vulncheck-oss/go-exploit.

Features

The framework includes the following features:

Three step attack chain: target verification, version scanning, and exploitation. The phases can be chained or executed independently.
Auto-detection of SSL/TLS on the remote target.
Fully proxy-aware.
Key-value or JSON output for easy integration into other automated systems.
Builtin Java gadgets, classes, and LDAP infrastructure.
Many reverse shell and bind shell payloads.
Functionality that integrates exploitation with other tools or frameworks like Metasploit and Sliver.
Builtin "c2" for catching encrypted/unencrypted shells or hosting implants.
Supports multipe target formats including lists, file-based, VulnCheck IP-Intel, and more.

Examples

CVE-2023-22527: Three go-exploit implementations taking unique approaches to Atlassian Confluence CVE-2023-22527.
CVE-2023-51467: A go-exploit implementation of CVE-2023-51467 that lands a Nashorn reverse shell.
CVE-2023-33246: A go-exploit implementation to hunt for RocketMQ broker configuration IoC. See the VulnCheck blog.
IOS-XE Implant Scanner: A scanner for the Cisco IOS XE CVE-2023-20198 implant.

Contributing

Community contributions in the form of issues and features are welcome. When submitting issues, please ensure they include sufficient information to reproduce the problem. For new features, provide a reasonable use case, appropriate unit tests, and ensure compliance with our .golangci.yml without generating any complaints.

Please also ensure that linting comes back clean, and all tests pass.

golangci-lint run --fix
go test ./...

License

go-exploit is licensed under the Apache License, Version 2.0. For more details, refer to the LICENSE file.

Open Source Agenda is not affiliated with "Go Exploit" Project. README Source: vulncheck-oss/go-exploit

Stars

219

Open Issues

Last Commit

1 day ago

Repository

vulncheck-oss/go-exploit

License

Apache-2.0

Homepage

https://pkg.go.dev/github.com/vulncheck-oss/go-exploit

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/go-exploit"><img src="https://www.opensourceagenda.com/projects/go-exploit/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022