Kali Linux

Cirrusgo : A Fast Tool To Scan SAAS, PAAS App Written In Go

Cirrusgo is a fast tool to scan SAAS,PAAS App written in Go

SAAS App Support :

  • salesforce
  • contentful (next version)

Note flag -o output not working

install : golang 1.18Ver

go install -v github.com/Ph33rr/cirrusgo/cmd/cirrusgo@latest
or
go install -v github.com/Ph33rr/CirrusGo/cmd/cirrusgo@latest

Help

cirrusgo –help

_ _
/ /() _ _ / /
/ / / // // // / / // // / / _ \
/ /
/ // / / / / // /(_ )/ // // // /
____///// // _,/// _/ ____/ v0.0.1
cirrusgo –help
-u, –url Define single URL to fuzz
-l, –list Show App List
-c, –check only check endpoint
-V, –version Show current version
-h, –help Display its help
[cirrusgo [app] [options] ..]
cirrusgo salesforce –help
-u, –url Define single URL
-c, –check only check endpoint
-lobj, –listobj pull the object list.
-gobj –getobj pull the object.
-obj –objects set the object name. Default value is “User” object.
Juicy Objects: Case,Account,User,Contact,Document,Cont
entDocument,ContentVersion,ContentBody,CaseComment,Not
e,Employee,Attachment,EmailMessage,CaseExternalDocumen
t,Attachment,Lead,Name,EmailTemplate,EmailMessageRelation
-gre –getrecord pull the Record id.
-re –recordid set the recode id to dump the record
-cw –chkWritable check all Writable objects
-f, –full dump all pages of objects.
–dump
-H, –header Pass custom header to target
-proxy, –proxy Use proxy to fuzz
-o, –output File to save results
[flags payload]
[command: cirrusgo salesforce –payload options]
-payload, –payload Generator payload for test manual Default “ObjectList”
GetItems -obj set object
-page set page
-pages set pageSize
GetRecord -re set recoder id
WritableOBJ -obj set object
SearchObj -obj set object
-page set page
-pages set pageSize
AuraContext -fwuid set UID
-App set AppName
-markup set markup
ObjectList no options
Dump no options
-h, –help Display its help

Example

cirrusgo salesforce -u https://loclhost -gobj

dump

cirrusgo salesforce -u https://localhost/ -f

check Writable Objects

cirusgo salesforce -u https://localhost/ -cw

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago