Cirrusgo – A Fast Tool To Scan SAAS, PAAS App Written In Go

Comments Off on Cirrusgo – A Fast Tool To Scan SAAS, PAAS App Written In Go
Cirrusgo - A Fast Tool To Scan SAAS, PAAS App Written In Go

A fast tool to scan SAAS,PAAS App written in Go

SAAS App Support :

  • salesforce
  • contentful (next version)

Note flag -o output not working

install : golang 1.18Ver

go install -v github.com/Ph33rr/cirrusgo/cmd/[email protected]
or
go install -v github.com/Ph33rr/CirrusGo/cmd/[email protected]


Help:

cirrusgo --help
  ______ _                           ______
 / ____/(_)_____ _____ __  __ _____ / ____/____
/ /    / // ___// ___// / / // ___// / __ / __ 
/ /___ / // /   / /   / /_/ /(__  )/ /_/ // /_/ /
____//_//_/   /_/    __,_//____/ ____/ ____/ v0.0.1

cirrusgo --help

-u, --url <URL>           Define single URL to fuzz
-l, --list		  Show App List
-c, --check               only check endpoint
-V, --version             Show current version
-h, --help                Display its help

[cirrusgo [app] [options] ..]
cirrusgo salesforce --help

-u, --url <URL>           Define single URL
-c, --check               only check endpoint
-lobj, --listobj          pull the object list.
-gobj --getobj            pull the object.
-obj --objects            set the object name. Default value is "User" object.
                          Juicy Objects: Case,Account,User,Contact,Document,Cont
                             entDocument,ContentVersion,ContentBody,CaseComment,Not
                          e,Employee,Attachment,EmailMessage,CaseExternalDocumen
                          t,Attachment,Lead,Name,EmailTemplate,EmailMessageRelation
-gre --getrecord          pull the Record id.
-re --recordid            set the recode id to dump the record
-cw --chkWritable         check all Writable objects
-f, --full                dump all pages of objects.
--dump
-H, --header <HEADER>     Pass custom header to target
-proxy, --proxy <URL>     Use proxy to fuzz

-o, --output <FILE>       File to save results

[flags payload]
[command: cirrusgo salesforce --payload options]
-payload, --payload      Generator payload for test manual Default "ObjectList"

GetItems                -obj set object
                        -page set page
                        -pages set pageSize
GetRecord 	           -re set recoder id 
WritableOBJ             -obj set object  
SearchObj               -obj set object 
                        -page set page
                        -pages set pageSize
AuraContext             -fwuid set UID 
                        -App set AppName
                        -markup set markup                        
ObjectList               no options
Dump                     no options		 
-h, --help               Display its help

Example :

cirrusgo salesforce -u https://loclhost -gobj

dump:

cirrusgo salesforce -u https://localhost/ -f

check Writable Objects:

cirusgo salesforce -u https://localhost/ -cw

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress