go-exploit
is an exploit development framework for Go. The framework helps exploit developers create small, self-contained, portable, and consistent exploits. The framework was developed to simplify large scale scanning, exploitation, and integration with other tools. For API documentation, check out the package on pkg.go.dev/github.com/vulncheck-oss/go-exploit.
The Go Exploit Framework includes the following Phases which can be chained or executed independently:
- Go Exploit Framework Phases
- Step 1 - Target Verification
- Step 2 - Version Scanning
- Step 3 - Exploitation
- Step 4 - Command & Control
The Go Exploit Framework includes these additional features:
- Auto-detection of SSL/TLS on the remote target.
- Fully proxy-aware.
- Key-value or JSON output for easy integration into other automated systems.
- Builtin Java gadgets, classes, and LDAP infrastructure.
- Many reverse shell, dropper, and bind shell payloads.
- Functionality that integrates exploitation with other tools or frameworks like Metasploit and Sliver.
- Builtin "c2" for catching encrypted/unencrypted shells or hosting implants.
- Supports multipe target formats including lists, file-based, VulnCheck IP-Intel, and more.
- CVE-2023-22527: Three go-exploit implementations taking unique approaches to Atlassian Confluence CVE-2023-22527.
- CVE-2023-51467: A go-exploit implementation of CVE-2023-51467 that lands a Nashorn reverse shell.
- CVE-2023-33246: A go-exploit implementation to hunt for RocketMQ broker configuration IoC. See the VulnCheck blog.
- IOS-XE Implant Scanner: A scanner for the Cisco IOS XE CVE-2023-20198 implant.
Community contributions in the form of issues and features are welcome. When submitting issues, please ensure they include sufficient information to reproduce the problem. For new features, provide a reasonable use case, appropriate unit tests, and ensure compliance with our .golangci.yml
without generating any complaints.
Please also ensure that linting comes back clean, and all tests pass.
golangci-lint run --fix
go test ./...
go-exploit
is licensed under the Apache License, Version 2.0. For more details, refer to the LICENSE file.