gozuul

package module

v0.0.0-...-d32db49 Latest Latest Go to latest Published: Mar 19, 2021 License: MIT Imports: 14 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/adevinta/gozuul

Links

Open Source Insights

README ¶

Gozuul

Go library and cli that provides methods to scan Netflix Zuul instances in relation to the Netflix nflx-2016-003 Security Advisory.

It has two methods: PassiveScan and ActiveScan. The first one is safe because it only tries to POST to a specific URL without uploading a file, but the second method makes modifications in the target server (if it is vulnerable), because it uploads a payload that when executed by the server makes a callback to the specified callback URL.

To install it just execute:

go get -v github.com/adevinta/gozuul.git

Examples

Passive Scan

package main

func main() {
	rs, err := gozuul.PassiveScan("http://test.example.com")
	if err != nil {
		panic(err)
	}

	fmt.Printf("%+v\n")
}

Active Scan

package main

func main() {
	c := make(chan bool)
	
	// If a callback is received in the endpoint you control, you should write `true` to the channel. 
	rs, err := gozuul.ActiveScan("http://test.example.com", "http://endpoint-you-control-for-callback.example.com", c)
	if err != nil {
		panic(err)
	}

	fmt.Printf("%+v\n")
}

CLI

$ gozuul
Provides methods to scan Netflix Zuul instances in relation to the Netflix nflx-2016-003 Security Advisory

Usage:
  gozuul [command]

Available Commands:
  help        Help about any command
  passive     Executes a new passive scan against the specified targets
  passivebulk Executes a new passive scan against the specified targets

Flags:
  -h, --help      help for gozuul
  -v, --verbose   prints verbose information during command execution

Use "gozuul [command] --help" for more information about a command.

$ gozuul passive http://www.adevinta.com

Documentation ¶

Overview ¶

Package gozuul provides methods to scan Netflix Zuul instances in relation to the Netflix nflx-2016-003 Security Advisory.

Index ¶

type ResultSet
- func ActiveScan(target, callback string, callbackRec chan bool) (rs ResultSet, err error)
- func PassiveScan(target string) (ResultSet, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ResultSet ¶

type ResultSet struct {
	PrevEnabled     bool
	AdminDisabled   bool
	Vulnerable      bool
	MightVulnerable bool
}

ResultSet contains the resulting details of a passive or active scan. PrevEnabled indicates whether the Vulncheck.groovy filter was previously enabled in the scanned target or not. AdminDisabled indicates if HTTP POSTing to the filter upload endpoint is forbidden. Vulnerable indicates wheter the target endpoint is vulnerable or not, while MightVulnerable indicates that the target is possibly vulnerable but can not be confirmed.

func ActiveScan ¶

func ActiveScan(target, callback string, callbackRec chan bool) (rs ResultSet, err error)

Active executes a new active scan against the specified target. The callback parameter is also a URL that wll be injected in the filter that will be uploaded to the target. The objective is to see whether a callback is received or not (what would be an evidence of RCE). The callback reception must be handled by the caller and, when a callback is received, the caller should write in the callbackRec channel.

func PassiveScan ¶

func PassiveScan(target string) (ResultSet, error)

PassiveScan executes a new passive scan against the specified target.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
gozuul
resources

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL