go-exploit is an exploit development framework for Go. The framework helps exploit developers create small, self-contained, portable, and consistent exploits. The framework was developed to simplify large scale scanning, exploitation, and integration with other tools. For API documentation, check out the package on pkg.go.dev/github.com/vulncheck-oss/go-exploit.
The framework includes the following features:
- Three step attack chain: target verification, version scanning, and exploitation. The phases can be chained or executed independently.
- Auto-detection of SSL/TLS on the remote target.
- Fully proxy-aware.
- Key-value or JSON output for easy integration into other automated systems.
- Builtin Java gadgets, classes, and LDAP infrastructure.
- Many reverse shell and bind shell payloads.
- Functionality that integrates exploitation with other tools or frameworks like Metasploit and Sliver.
- Builtin "c2" for catching encrypted/unencrypted shells or hosting implants.
- Supports multipe target formats including lists, file-based, VulnCheck IP-Intel, and more.
- CVE-2023-51467: A go-exploit implementation of CVE-2023-51467 that lands a Nashorn reverse shell.
- CVE-2023-33246: A go-exploit implementation to hunt for RocketMQ broker configuration IoC. See the VulnCheck blog.
- IOS-XE Implant Scanner: A scanner for the Cisco IOS XE CVE-2023-20198 implant.
Community contributions in the form of issues and features are welcome. When submitting issues, please ensure they include sufficient information to reproduce the problem. For new features, provide a reasonable use case, appropriate unit tests, and ensure compliance with our .golangci.yml without generating any complaints.
Please also ensure that linting comes back clean, and all tests pass.
golangci-lint run --fix
go test ./...go-exploit is licensed under the Apache License, Version 2.0. For more details, refer to the LICENSE file.