This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
MIT License
If you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE (Remote Code Execution). And also it will help you to get the Reverse shell on the victim server. And for more information you can get a blog on the same Blog on Gopherus
This tool can generate payload for following:
chmod +x install.sh
sudo ./install.sh
Command | Description |
---|---|
gopherus --help | Help |
gopherus --exploit | Arguments can be : |
--exploit mysql | |
--exploit postgresql | |
--exploit fastcgi | |
--exploit redis | |
--exploit zabbix | |
--exploit pymemcache | |
--exploit rbmemcache | |
--exploit phpmemcache | |
--exploit dmpmemcache | |
--exploit smtp |
gopherus --exploit mysql
It only asks username of the MySQL user and it will provide you gopher link.
gopherus --exploit postgresql
It only asks username of the Postgres user and database name then it will provide you gopher link.
gopherus --exploit fastcgi
It only asks for a file which must be present in the victim system(preferable .php file), BTW we have default one.
gopherus --exploit redis
EnableRemoteCommands = 1
then you can run shell commands on the victim system.gopherus --exploit zabbix
gopherus --exploit pymemcache
gopherus --exploit rbmemcache
gopherus --exploit phpmemcache
gopherus --exploit dmpmemcache
gopherus --exploit smtp
Tarunkant Gupta (SpyD3r)