Cirrusgo, Custom Header, Downloads, Generator, Hacking Tools, Payload, Scan

Cirrusgo – A Fast Tool To Scan SAAS, PAAS App Written In Go

217

A fast tool to scan SAAS,PAAS App written in Go

SAAS App Support :

  • salesforce
  • contentful (next version)

Note flag -o output not working

install : golang 1.18Ver

go install -v github.com/Ph33rr/cirrusgo/cmd/[email protected]
or
go install -v github.com/Ph33rr/CirrusGo/cmd/[email protected]


Help:

cirrusgo --help

<div class="highlight highlight-text-shell-session notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content=" ______ _ ______ / ____/(_)_____ _____ __ __ _____ / ____/____ / / / // ___// ___// / / // ___// / __ / __ \ / /___ / // / / / / /_/ /(__ )/ /_/ // /_/ / \____//_//_/ /_/ \__,_//____/ \____/ \____/ v0.0.1 cirrusgo –help -u, –url Define single URL to fuzz -l, –list Show App List -c, –check only check endpoint -V, –version Show current version -h, –help Display its help [cirrusgo [app] [options] ..] cirrusgo salesforce –help -u, –url Define single URL -c, –check only check endpoint -lobj, –listobj pull the object list. -gobj –getobj pull the object. -obj –objects set the object name. Default value is "User" object. Juicy Objects: Case,Account,User,Contact,Document,Cont entDocument,ContentVersion,ContentBody,CaseComment,Not e,Employee,Attachment,EmailMessage,CaseExternalDocumen t,Attachment,Lead,Name,EmailTemplate,EmailMessageRelation -gre –getrecord pull the Record id. -re –recordid set the recode id to dump the record -cw –chkWritable check all Writable objects -f, –full dump all pages of objects. –dump -H, –header

Pass custom header to target -proxy, –proxy Use proxy to fuzz -o, –output File to save results [flags payload] [command: cirrusgo salesforce –payload options] -payload, –payload Generator payload for test manual Default "ObjectList" GetItems -obj set object -page set page -pages set pageSize GetRecord -re set recoder id WritableOBJ -obj set object SearchObj -obj set object -page set page -pages set pageSize AuraContext -fwuid set UID -App set AppName -markup set markup ObjectList no options Dump no options -h, –help Display its help “>

 ______ _ ______
/ ____/(_)_____ _____ __ __ _____ / ____/____
/ / / // ___// ___// / / // ___// / __ / __ \
/ /___ / // / / / / /_/ /(__ )/ /_/ // /_/ /
\____//_//_/ /_/ \__,_//____/ \____/ \____/ v0.0.1
cirrusgo --help
-u, --url <URL> Define single URL to fuzz
-l, --list Show App List
-c, --check only check endpoint
-V, --version Show current version
-h, --help Display its help
[cirrusgo [app] [options] ..]
cirrusgo salesforce --help
-u, --url <URL> Define single URL
-c, --check only check endpoint
-lobj, --listobj pull the object list.
-gobj --getobj pull the object.
-obj --objects set the object name. Default value is "User" object.
Juicy Objects: Case,Account,User,Contact,Document,Cont
entDocument,ContentVersion,ContentBody,CaseComment,Not
e,Employee,Attachment,EmailMessage,CaseExternalDocumen
t,Attachment,Lead,Name,EmailTemplate,EmailMessageRelation
-gre --getrecord pull the Record id.
-re --recordid set the recode id to dump the record
-cw --chkWritable check all Writable objects
-f, --full dump all pages of objects.
--dump
-H, --header <HEADER> Pass custom header to target
-proxy, --proxy <URL> Use proxy to fuzz
-o, --output <FILE> File to save results
[flags payload]
[command: cirrusgo salesforce --payload options]
-payload, --payload Generator payload for test manual Default "ObjectList"
GetItems -obj set object
-page set page
-pages set pageSize
GetRecord -re set recoder id 
WritableOBJ -obj set object 
SearchObj -obj set object 
-page set page
-pages set pageSize
AuraContext -fwuid set UID 
-App set AppName
-markup set markup 
ObjectList no options
Dump no options 
-h, --help Display its help

Example :

cirrusgo salesforce -u https://loclhost -gobj

dump:

cirrusgo salesforce -u https://localhost/ -f

check Writable Objects:

cirusgo salesforce -u https://localhost/ -cw

Source : KitPloit – PenTest Tools!

Previous ArticleNext Article
Send this to a friend