README
¶
Go Go Gadget
GoGoGadget provides a set of tools useful for cyber security testing packaged in a statically compiled binary. Have you ever been on an engagement and compromised a system only to find the system provides none of the tools you need? Even worse the system is running on ARM or PPC and you have no time to set up a cross-compiler to get something working... GoGoGadget is here to solve all your problems. Want to move files off the machine? gogogoadget server will start a web server. Need to pull something from your attack box? gogogadget download is what you want. Did you find a juicy target on the inside of the network? Check out gogogadget pivot. To add gadgets of your own check out CONTRIBUTING.md.
Current Gadgets
- download - a wget style download utility
- escalate - user escalation on Linux using dirtypipe
- pivot - recieve traffic on a port and forward to another host
- portscan - an nmap-like tcp scanner
- screenshot - take screenshots of any displays open on the device
- search - a grep style utility for searching file contents
- server - a web server allowing file downloading and uploading
- telnet - a telnet client
Build
GoGoGadget uses the standard Go toolchain to target a bunch of different architectures and processor types. To see a full list of available operating systems and processor architectures type go tool dist list. Provide the operating system and processor architecture on the command line by typing GOOS=<operating system> GOARCH=<architecture> go build.
Usage
Once you have GoGoGadget on a target machine you can use any of the gadgets by typing gogogadget <gadget>. For specific usage information you can read help for each gadget using gogogadget help <gadget>.
Reduced Size Binary
To reduce the size of the GoGoGadget binary we can strip the debugging symbols from the binary by appending the following build flag:
-ldflags="-s -w"
-s - Omit the symbol table and debug information
-w - Omit the DWARF symbol table
Additionally the binary can be compressed using the Ultimate Packer for Executables which compresses the binary into a self-decompressing binary.
upx -9 gogogadget
-9 - Maximum compression
To ensure that upx supports the architecture that you're targeting type upx -h to see all supported architectures.
Documentation
¶
Overview ¶
Copyright © 2022 Vigilant Cyber Systems, Inc. Sean Heath <[email protected]> Marc Bohler <[email protected]> Dylan Harbaugh <[email protected]>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Source Files
Directories