gozuul

package module
v0.0.0-...-d32db49 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2021 License: MIT Imports: 14 Imported by: 1

README

Gozuul

Build Status

Go library and cli that provides methods to scan Netflix Zuul instances in relation to the Netflix nflx-2016-003 Security Advisory.

It has two methods: PassiveScan and ActiveScan. The first one is safe because it only tries to POST to a specific URL without uploading a file, but the second method makes modifications in the target server (if it is vulnerable), because it uploads a payload that when executed by the server makes a callback to the specified callback URL.

To install it just execute:

go get -v github.com/adevinta/gozuul.git
Examples
Passive Scan
package main

func main() {
	rs, err := gozuul.PassiveScan("http://test.example.com")
	if err != nil {
		panic(err)
	}

	fmt.Printf("%+v\n")
}
Active Scan
package main

func main() {
	c := make(chan bool)
	
	// If a callback is received in the endpoint you control, you should write `true` to the channel. 
	rs, err := gozuul.ActiveScan("http://test.example.com", "http://endpoint-you-control-for-callback.example.com", c)
	if err != nil {
		panic(err)
	}

	fmt.Printf("%+v\n")
}
CLI
$ gozuul
Provides methods to scan Netflix Zuul instances in relation to the Netflix nflx-2016-003 Security Advisory

Usage:
  gozuul [command]

Available Commands:
  help        Help about any command
  passive     Executes a new passive scan against the specified targets
  passivebulk Executes a new passive scan against the specified targets

Flags:
  -h, --help      help for gozuul
  -v, --verbose   prints verbose information during command execution

Use "gozuul [command] --help" for more information about a command.

$ gozuul passive http://www.adevinta.com

Documentation

Overview

Package gozuul provides methods to scan Netflix Zuul instances in relation to the Netflix nflx-2016-003 Security Advisory.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ResultSet 

type ResultSet struct {
	PrevEnabled     bool
	AdminDisabled   bool
	Vulnerable      bool
	MightVulnerable bool
}

ResultSet contains the resulting details of a passive or active scan. PrevEnabled indicates whether the Vulncheck.groovy filter was previously enabled in the scanned target or not. AdminDisabled indicates if HTTP POSTing to the filter upload endpoint is forbidden. Vulnerable indicates wheter the target endpoint is vulnerable or not, while MightVulnerable indicates that the target is possibly vulnerable but can not be confirmed.

func ActiveScan 

func ActiveScan(target, callback string, callbackRec chan bool) (rs ResultSet, err error)

Active executes a new active scan against the specified target. The callback parameter is also a URL that wll be injected in the filter that will be uploaded to the target. The objective is to see whether a callback is received or not (what would be an evidence of RCE). The callback reception must be handled by the caller and, when a callback is received, the caller should write in the callbackRec channel.

func PassiveScan 

func PassiveScan(target string) (ResultSet, error)

PassiveScan executes a new passive scan against the specified target.

Source Files

View all Source files

Directories

Path Synopsis
cmd
gozuul

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.