Gopherus

If you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE (Remote Code Execution). And also it will help you to get the Reverse shell on the victim server. If you want to brute forcing SSRF parameter you can use the tool called Lorsrf

Payloads

This tool can generate payload for following:

MySQL (Port-3306)
PostgreSQL(Port-5432)
FastCGI (Port-9000)
Memcached (Port-11211)
- If stored data is getting De-serialized by:
  - Python
  - Ruby
  - PHP
Redis (Port-6379)
Zabbix (Port-10050)
SMTP (Port-25)

Installation

git clone https://github.com/tarunkant/Gopherus.git
cd Gopherus
chmod +x install.sh

sudo ./install.sh

Usage

Command	Description
gopherus –help	Help
gopherus –exploit	Arguments can be :
	–exploit mysql
	–exploit postgresql
	–exploit fastcgi
	–exploit redis
	–exploit zabbix
	–exploit pymemcache
	–exploit rbmemcache
	–exploit phpmemcache
	–exploit dmpmemcache
	–exploit smtp

Gopherus Exploit Mysql Database with SSRF - Tool for Exploiting SSRF and gaining RCE

Examples

MySQL: If the user is not protected with password you can dump his database and also you can put malicious files in his system.
- gopherus --exploit mysql

It only asks username of the MySQL user and it will provide you gopher link.

PostgreSQL: If the user is not protected with password you can dump his database and also you can put malicious files in his system.
- gopherus --exploit postgresql

It only asks username of the Postgres user and database name then it will provide you gopher link.

Redis: If redis port is open then we can overwrite the file in the system which is too dangerous.
So here is two things you can get:
a. Reverse Shell
b. PHP Shell
- gopherus --exploit redis

SMTP: If port 25 is open and we can access it then, we can send message to anyone as victim user, So this tool will generate gopher payload for sending mail.
- gopherus --exploit smtp