go-exploit is an exploit development framework for Go. The framework helps exploit developers create small, self-contained, portable, and consistent exploits. The framework was developed to simplify large scale scanning, exploitation, and integration with other tools. For API documentation, check out the package on pkg.go.dev/github.com/vulncheck-oss/go-exploit.
The Go Exploit Framework includes the following Phases which can be chained or executed independently:
- Go Exploit Framework Phases
- Step 1 - Target Verification
- Step 2 - Version Scanning
- Step 3 - Exploitation
- Step 4 - Command & Control
The Go Exploit Framework includes these additional features:
- Auto-detection of SSL/TLS on the remote target.
- Fully proxy-aware.
- Key-value or JSON output for easy integration into other automated systems.
- Builtin Java gadgets, classes, and LDAP infrastructure.
- Many reverse shell, dropper, and bind shell payloads.
- Functionality that integrates exploitation with other tools or frameworks like Metasploit and Sliver.
- Builtin "c2" for catching encrypted/unencrypted shells or hosting implants.
- Supports multipe target formats including lists, file-based, VulnCheck IP-Intel, and more.
- CVE-2023-22527: Three go-exploit implementations taking unique approaches to Atlassian Confluence CVE-2023-22527.
- CVE-2023-25194: Demonstrates exploiting CVE-2023-25194 against Apache Druid (using Kafka).
- CVE-2023-46604: Demonstrates exploiting CVE-2023-46604 and using the go-exploit HTTPServeFile c2.
- CVE-2023-36845: Scans for Juniper firewalls to determine if they are vulnerable to CVE-2023-36845.
- CVE-2023-51467: A go-exploit implementation of CVE-2023-51467 that lands a Nashorn reverse shell.
Community contributions in the form of issues and features are welcome. When submitting issues, please ensure they include sufficient information to reproduce the problem. For new features, provide a reasonable use case, appropriate unit tests, and ensure compliance with our .golangci.yml without generating any complaints.
Please also ensure that linting comes back clean, and all tests pass.
golangci-lint run --fix
go test ./...go-exploit is licensed under the Apache License, Version 2.0. For more details, refer to the LICENSE file.