{"id":17998104,"url":"https://github.com/cookiengineer/goroot","last_synced_at":"2025-04-04T06:25:12.246Z","repository":{"id":237446943,"uuid":"762387316","full_name":"cookiengineer/goroot","owner":"cookiengineer","description":":cactus: golang (linux) root exploitation framework","archived":false,"fork":false,"pushed_at":"2024-02-23T20:00:11.000Z","size":5,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-28T12:11:35.303Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cookiengineer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-23T17:12:08.000Z","updated_at":"2024-09-26T20:10:55.000Z","dependencies_parsed_at":"2024-05-02T00:46:00.618Z","dependency_job_id":null,"html_url":"https://github.com/cookiengineer/goroot","commit_stats":null,"previous_names":["cookiengineer/groot","cookiengineer/goroot"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fgoroot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fgoroot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fgoroot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cookiengineer%2Fgoroot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cookiengineer","download_url":"https://codeload.github.com/cookiengineer/goroot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247130785,"owners_count":20888653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-29T21:24:02.542Z","updated_at":"2025-04-04T06:25:12.226Z","avatar_url":"https://github.com/cookiengineer.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# g(o)root Exploitation Framework\n\nGeneral-purpose local exploitation framework for GNU/Linux. (WIP)\n\n\n## Motivation\n\nMost other languages suck when it comes to reusability of exploits.\n\nThe only thing that comes close to a reusable exploitation framework is\nMetasploit, but Ruby sucks, too, and it's pretty much impossible to deploy\non target systems for any kind of killchain. I'm gonna spare you the\ndetails of the proprietary corporate BS about ClownStrike.\n\nThe idea behind this framework is that it's intelligent enough for\nautomated privilege escalation purposes and that it iterates through\nthe most likely possible exploits incrementally, depending on the current\nsystem's environment.\n\n\n## Features (WIP)\n\n- [x] Support for DirtyCow [CVE-2016-5195](https://nvd.nist.gov/vuln/detail/cve-2016-5195)\n- [ ] Support for DirtyPipe [CVE-2022-0847](https://nvd.nist.gov/vuln/detail/cve-2022-0847)\n- [ ] Support for DirtyEBPF [CVE-2022-23222](https://nvd.nist.gov/vuln/detail/cve-2022-23222)\n- [ ] Support for Sudo Bypass [CVE-2019-14287](https://nvd.nist.gov/vuln/detail/CVE-2019-14287)\n- [ ] Support for Mempod Dipper [CVE-2012-0056](https://nvd.nist.gov/vuln/detail/CVE-2012-0056)\n- [ ] Support for Full Nelson [CVE-2010-4258](https://nvd.nist.gov/vuln/detail/CVE-2010-4258)\n- [ ] Support for RDS [CVE-2010-3904](https://nvd.nist.gov/vuln/detail/CVE-2010-3904)\n- [ ] Support for Sudo Inject\n- [ ] Support for `LD_PRELOAD` injection of `SUID` binaries\n- [ ] Support for `RPATH` injection of `SUID` binaries\n- [ ] Support for [GTFOBins](https://gtfobins.github.io/)\n- [ ] Support for writeable `/etc/cron.d` and `/etc/cron.{monthly,weekly,daily,hourly}`\n- [ ] Support for writeable `/etc/NetworkManager/system-connections`\n- [ ] Support for writeable `/etc/systemd/system`\n- [ ] Support for writeable `/etc/passwd`\n- [ ] Support for writeable `/etc/sudoers`\n\n\n## TODO (WIP)\n\n- [ ] Embedded x86 shellcode to spawn process\n- [ ] Embedded x86 shellcode to spawn shell\n- [ ] Embedded x64 shellcode to spawn process\n- [ ] Embedded x64 shellcode to spawn shell\n\n\n## License\n\nAGPL3\n\n(Bonus points if you use this in a web service)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcookiengineer%2Fgoroot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcookiengineer%2Fgoroot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcookiengineer%2Fgoroot/lists"}