config

package

v1.51.0 Latest Latest Go to latest Published: Nov 18, 2025 License: Apache-2.0 Imports: 9 Imported by: 11

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vulncheck-oss/go-exploit

Links

Open Source Insights

Documentation ¶

Index ¶

type Config
type ExploitType
- func (eType ExploitType) String() string
type ImplementedFeatures
type RhostTriplet
type SSLSupport

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {

	// implemented features describes which three stages the exploit implements
	Impl ImplementedFeatures
	// the vendor of the targeted product
	Vendor string
	// the targeted products
	Products []string
	// A combination of the Vendor and Products strings
	Product string
	// the CPE for the targeted product
	CPE []string
	// the CVE being tested
	CVE string
	// the protocol being targeted
	Protocol string
	// the type of exploit being executed
	ExType ExploitType
	// the c2 supported by the exploit
	SupportedC2 []c2.Impl

	StringFlagsMap map[string]*string
	IntFlagsMap    map[string]*int
	UintFlagsMap   map[string]*uint
	BoolFlagsMap   map[string]*bool

	// target host, the target address/name the exploit will work on
	Rhost string
	// target port, the target port the exploit will work on
	Rport int
	// a list of specific targets
	RhostsNTuple []RhostTriplet
	// local host for remote exploits
	Lhost string
	// local port
	Lport int
	// bind port
	Bport int
	// indicates if the framework should autodetect ssl/plain
	DetermineSSL bool
	// indicates if ssl is used in comms
	SSL bool
	// indicates if we run the target verify
	DoVerify bool
	// indicates if we run the version check
	DoVersionCheck bool
	// indicates if we run the exploit
	DoExploit bool
	// automatically start the c2 or not
	C2AutoStart bool
	// the user requested c2 to use
	C2Type c2.Impl
	// C2 server timeout
	C2Timeout int
	// Indicates if the c2 server will be handled elsewhere
	ThirdPartyC2Server bool
	// The database we are working with
	DBName string
	// File format template
	FileTemplateData string
	// File format exploit output
	FileFormatFilePath string
}

The config struct contains a mix of module specified configurations and user specified configurations. The Config struct is first generated by the exploit implementation and then modified by option parsing.

func New deprecated

func New(extype ExploitType, supportedC2 []c2.Impl, product string, cve string, defaultPort int) *Config

Deprecated: New does not affectively describe the affected/targeted product. Use NewRemoteExploit.

func NewLocal deprecated added in v1.23.0

func NewLocal(extype ExploitType, supportedC2 []c2.Impl, product string, cve string) *Config

Deprecated: NewLocal does not affectively describe the affected/targeted product. Use NewLocalExploit.

func NewLocalExploit ¶ added in v1.24.0

func NewLocalExploit(implemented ImplementedFeatures, extype ExploitType, supportedC2 []c2.Impl, vendor string,
	product []string, cpe []string, cve string,
) *Config

Defines a new remote exploit and associates with CVE/Product/Protocol metadata. Usage example:.

func NewRemoteExploit ¶ added in v1.24.0

func NewRemoteExploit(implemented ImplementedFeatures, extype ExploitType, supportedC2 []c2.Impl, vendor string,
	product []string, cpe []string, cve string, protocol string, defaultPort int,
) *Config

Defines a new remote exploit and associates with CVE/Product/Protocol metadata. Usage example:

conf := config.NewRemoteExploit(
  config.ImplementedFeatures{AssetDetection: true, VersionScanning: true, Exploitation: true},
  config.CodeExecution, []c2.Impl{c2.SimpleShellServer},
  "Atlassian", []string{"Confluence"}, []string{"cpe:2.3:a:atlassian:confluence"},
  "CVE-2023-22527", "HTTP", 8090)

func (*Config) ApplyTemplate ¶ added in v1.36.0

func (conf *Config) ApplyTemplate(name string) string

Apply the configuration settings to a Go text template. This will take the `Config` struct and apply it to a `text/template`, allowing for strings to be built directly from the already set configuration variables.

s := conf.ApplyTemplate(`CVE: {{.CVE}} - {{.Product}}`)
output.PrintStatus(s) // Output: CVE: CVE-2024-1337 - OFBiz

Flags that are user defined with CreateStringFlag and other types are directly accessible from their map values, for example if a command line argument is added with conf.CreateStringFlag("output", "do output", "instructions") it will be accessible via the following ApplyTemplate call:

conf.ApplyTemplate(`Output flag {{.StringFlagsMap.output}}`)

This function only returns the processed string and if a templating error occurs the function emits a framework error and sets the string to an empty string. This makes it harder to process any dynamic content and properly catch errors, but simplifies the return value to only provide a string.

This should not be used with potentially attacker controlled input.

Some Config types might be complex and will require usage of range components of text/template, follow the package docs if necessary.

func (*Config) CreateBoolFlag ¶ added in v1.29.0

func (conf *Config) CreateBoolFlag(name string, value bool, usage string)

Create a command line flag for the bool var "name" with the default value of "value" and store the result locally.

func (*Config) CreateBoolVarFlag ¶ added in v1.29.0

func (conf *Config) CreateBoolVarFlag(param *bool, name string, value bool, usage string)

Create a command line flag for the bool var "name" with the default value of "value" and store the result locally *using an external "param" pointer*.

func (*Config) CreateIntFlag ¶ added in v1.29.0

func (conf *Config) CreateIntFlag(name string, value int, usage string)

Create a command line flag for the int var "name" with the default value of "value" and store the result locally.

func (*Config) CreateIntVarFlag ¶ added in v1.29.0

func (conf *Config) CreateIntVarFlag(param *int, name string, value int, usage string)

Create a command line flag for the int var "name" with the default value of "value" and store the result locally *using an external "param" pointer*.

func (*Config) CreateStringFlag ¶ added in v1.29.0

func (conf *Config) CreateStringFlag(name string, value string, usage string)

Create a command line flag for the string var "name" with the default value of "value" and store the result locally.

func (*Config) CreateStringVarFlag ¶ added in v1.29.0

func (conf *Config) CreateStringVarFlag(param *string, name string, value string, usage string)

Create a command line flag for the string var "name" with the default value of "value" and store the result locally *using an external "param" pointer*.

func (*Config) CreateUintFlag ¶ added in v1.29.0

func (conf *Config) CreateUintFlag(name string, value uint, usage string)

Create a command line flag for the uint var "name" with the default value of "value" and store the result locally.

func (*Config) CreateUintVarFlag ¶ added in v1.29.0

func (conf *Config) CreateUintVarFlag(param *uint, name string, value uint, usage string)

Create a command line flag for the uint var "name" with the default value of "value" and store the result locally *using an external "param" pointer*.

func (*Config) DisableC2Start ¶ added in v1.35.0

func (conf *Config) DisableC2Start()

Disable automatic start of c2 servers. Manually starting is required after this function is called. This is useful when you have an exploit that may have multiple stages and you are guaranteed to not need the C2 setup. An example is an exploit that needs to retrieve a CAPTCHA may not want to start up the C2 until the first stage is retrieved and the CAPTCHA is solved.

func (*Config) GenerateURL ¶ added in v1.44.0

func (conf *Config) GenerateURL(path string) string

Generate a URL from a path from the current configuration. This is a way of invoking protocol.GenerateURL for developer ergonomics during exploit development.

func (*Config) GetBoolFlag ¶ added in v1.29.0

func (conf *Config) GetBoolFlag(name string) bool

Fetch the configured uint value for "name".

func (*Config) GetIntFlag ¶ added in v1.29.0

func (conf *Config) GetIntFlag(name string) int

Fetch the configured uint value for "name".

func (*Config) GetStringFlag ¶ added in v1.29.0

func (conf *Config) GetStringFlag(name string) string

Fetch the configured string value for "name".

func (*Config) GetUintFlag ¶ added in v1.29.0

func (conf *Config) GetUintFlag(name string) uint

Fetch the configured uint value for "name".

func (*Config) InitFlagsStructs ¶ added in v1.29.0

func (conf *Config) InitFlagsStructs()

func (*Config) ResolveC2Payload ¶ added in v1.30.1

func (conf *Config) ResolveC2Payload() c2.Impl

Some C2 (ShellTunnel) don't actually care how the payload is generated, but the underlying C2 might be implied depending on how the individual exploit has been developed. It is certainly not a requirement to call this function but it can help simplify the handling of secure shell vs insecure.

type ExploitType ¶

type ExploitType int

const (
	CodeExecution         ExploitType = 0
	InformationDisclosure ExploitType = 1
	Webshell              ExploitType = 2
	FileFormat            ExploitType = 3
	Local                 ExploitType = 4
)

func (ExploitType) String ¶ added in v1.25.0

func (eType ExploitType) String() string

Convert ExploitType to String.

type ImplementedFeatures ¶ added in v1.24.0

type ImplementedFeatures struct {
	AssetDetection  bool
	VersionScanning bool
	Exploitation    bool
}

type RhostTriplet ¶ added in v1.0.14

type RhostTriplet struct {
	Rhost string
	Rport int
	SSL   SSLSupport
}

type SSLSupport ¶ added in v1.0.14

type SSLSupport int

const (
	SSLDisabled     SSLSupport = 0
	SSLEnabled      SSLSupport = 1
	SSLAutodiscover SSLSupport = 2
)

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL