CirrusGo
A fast tool to scan SAAS,PAAS App written in Go
SAAS App Support :
- salesforce
- contentful (next version)
Note flag -o output not working
install : golang 1.18Ver
go install -v github.com/Ph33rr/cirrusgo/cmd/[email protected] or go install -v github.com/Ph33rr/CirrusGo/cmd/[email protected]
Help:
cirrusgo --help
______ _ ______ / /()__ _____ __ __ _____ / / / / / // // // / / // // / __ / __ \ / / / // / / / / // /( )/ // // // / _///// // _,/// _/ ____/ v0.0.1 cirrusgo --help -u, --url Define single URL to fuzz -l, --list Show App List -c, --check only check endpoint -V, --version Show current version -h, --help Display its help [cirrusgo [app] [options] …] cirrusgo salesforce --help -u, --url Define single URL -c, --check only check endpoint -lobj, --listobj pull the object list. -gobj --getobj pull the object. -obj --objects set the object name. Default value is “User” object. Juicy Objects: Case,Account,User,Contact,Document,Cont entDocument,ContentVersion,ContentBody,CaseComment,Not e,Employee,Attachment,EmailMessage,CaseExternalDocumen t,Attachment,Lead,Name,EmailTemplate,EmailMessageRelation -gre --getrecord pull the Record id. -re --recordid set the recode id to dump the record -cw --chkWritable check all Writable objects -f, --full dump all pages of objects. --dump -H, --header Pass custom header to target -proxy, --proxy Use proxy to fuzz -o, --output File to save results [flags payload] [command: cirrusgo salesforce --payload options] -payload, --payload Generator payload for test manual Default “ObjectList” GetItems -obj set object -page set page -pages set pageSize GetRecord -re set recoder id WritableOBJ -obj set object SearchObj -obj set object -page set page -pages set pageSize AuraContext -fwuid set UID -App set AppName -markup set markup ObjectList no options Dump no options -h, --help Display its help
Example :
cirrusgo salesforce -u https://loclhost -gobj
dump:
cirrusgo salesforce -u https://localhost/ -f
check Writable Objects:
cirusgo salesforce -u https://localhost/ -cw
