在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:tarunkant/Gopherus开源软件地址:https://github.com/tarunkant/Gopherus开源编程语言:Python 99.2%开源软件介绍:GopherusIf you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE (Remote Code Execution). And also it will help you to get the Reverse shell on the victim server. And for more information you can get a blog on the same Blog on Gopherus AboutThis tool can generate payload for following:
Installationchmod +x install.sh sudo ./install.sh Usage
Examples
gopherus --exploit mysql It only asks username of the MySQL user and it will provide you gopher link.
gopherus --exploit postgresql It only asks username of the Postgres user and database name then it will provide you gopher link.
gopherus --exploit fastcgi It only asks for a file which must be present in the victim system(preferable .php file), BTW we have default one.
gopherus --exploit redis
gopherus --exploit zabbix
gopherus --exploit pymemcache gopherus --exploit rbmemcache gopherus --exploit phpmemcache gopherus --exploit dmpmemcache
gopherus --exploit smtp ScreenshotsAuthorTarunkant Gupta (SpyD3r)
Reference
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论