Categorygithub.com/vulncheck-oss/go-exploit
modulepackage
1.30.1
Repository: https://github.com/vulncheck-oss/go-exploit.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
13
Dependents
6
Files
266 SLOC

# README

go-exploit: Go Exploit Framework

Go Go Report Card

go-exploit is an exploit development framework for Go. The framework helps exploit developers create small, self-contained, portable, and consistent exploits. The framework was developed to simplify large scale scanning, exploitation, and integration with other tools. For API documentation, check out the package on pkg.go.dev/github.com/vulncheck-oss/go-exploit.

Go Exploit Phases

The Go Exploit Framework includes the following Phases which can be chained or executed independently:

Go Exploit Features

The Go Exploit Framework includes these additional features:

Examples

  • CVE-2023-22527: Three go-exploit implementations taking unique approaches to Atlassian Confluence CVE-2023-22527.
  • CVE-2023-25194: Demonstrates exploiting CVE-2023-25194 against Apache Druid (using Kafka).
  • CVE-2023-46604: Demonstrates exploiting CVE-2023-46604 and using the go-exploit HTTPServeFile c2.
  • CVE-2023-36845: Scans for Juniper firewalls to determine if they are vulnerable to CVE-2023-36845.
  • CVE-2023-51467: A go-exploit implementation of CVE-2023-51467 that lands a Nashorn reverse shell.

Contributing

Community contributions in the form of issues and features are welcome. When submitting issues, please ensure they include sufficient information to reproduce the problem. For new features, provide a reasonable use case, appropriate unit tests, and ensure compliance with our .golangci.yml without generating any complaints.

Please also ensure that linting comes back clean, and all tests pass.

golangci-lint run --fix
go test ./...

License

go-exploit is licensed under the Apache License, Version 2.0. For more details, refer to the LICENSE file.

# Packages

No description provided by the author
No description provided by the author
No description provided by the author
SQLite Caching and Cross-Exploit Database The db package contains the logic to handle a user provided SQLite DB in order to store results and cache HTTP responses.
No description provided by the author
No description provided by the author
No description provided by the author
Package output handles structured logging for the framework and exploits.
Payload related functions and actions The payload package contains a collection of universally applicable functions for payloads, sub-packages containing specific payloads, and any specific payloads that do not fit into the other sub package types.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Functions

Effectively the package main function.
Prints the version to the log file using status VERSION and a parsable version string (version=).

# Constants

CheckVersion() is not implemented.
The target is not vulnerable.
Based on incomplete information, the target might be vulnerable.
Something went wrong during CheckVersion().
The target is vulnerable.

# Interfaces

Exploit is the implementing interface for go-exploit exploits.

# Type aliases

The return type for CheckVersion().