Cirrusgo is a fast tool to scan SAAS,PAAS App written in Go
SAAS App Support :
Note flag -o output not working
install : golang 1.18Ver
go install -v github.com/Ph33rr/cirrusgo/cmd/cirrusgo@latest
or
go install -v github.com/Ph33rr/CirrusGo/cmd/cirrusgo@latest
Help
cirrusgo –help
_ _
/ /() _ _ / /
/ / / // // // / / // // / / _ \
/ / / // / / / / // /(_ )/ // // // /
____///// // _,/// _/ ____/ v0.0.1
cirrusgo –help
-u, –url Define single URL to fuzz
-l, –list Show App List
-c, –check only check endpoint
-V, –version Show current version
-h, –help Display its help
[cirrusgo [app] [options] ..]
cirrusgo salesforce –help
-u, –url Define single URL
-c, –check only check endpoint
-lobj, –listobj pull the object list.
-gobj –getobj pull the object.
-obj –objects set the object name. Default value is “User” object.
Juicy Objects: Case,Account,User,Contact,Document,Cont
entDocument,ContentVersion,ContentBody,CaseComment,Not
e,Employee,Attachment,EmailMessage,CaseExternalDocumen
t,Attachment,Lead,Name,EmailTemplate,EmailMessageRelation
-gre –getrecord pull the Record id.
-re –recordid set the recode id to dump the record
-cw –chkWritable check all Writable objects
-f, –full dump all pages of objects.
–dump
-H, –header Pass custom header to target
-proxy, –proxy Use proxy to fuzz
-o, –output File to save results
[flags payload]
[command: cirrusgo salesforce –payload options]
-payload, –payload Generator payload for test manual Default “ObjectList”
GetItems -obj set object
-page set page
-pages set pageSize
GetRecord -re set recoder id
WritableOBJ -obj set object
SearchObj -obj set object
-page set page
-pages set pageSize
AuraContext -fwuid set UID
-App set AppName
-markup set markup
ObjectList no options
Dump no options
-h, –help Display its help
Example
cirrusgo salesforce -u https://loclhost -gobj
dump
cirrusgo salesforce -u https://localhost/ -f
check Writable Objects
cirusgo salesforce -u https://localhost/ -cw
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…