This script demonstrates a critical flaw in the way the Gofile website handles and stores its files. The main objective of this script is to increase awareness and emphasize the importance of secure file handling practices for developers and website administrators. I learned about this flaw in discussions with @SkeletonMan03.
Disclaimer: This script is provided for educational purposes only. Use it responsibly and ethically. Unauthorized scanning and data access can be illegal.
The script performs the following steps:
- Generates a random 6-character alphanumeric string.
- Uses the Gofile API to check the validity of a constructed Gofile URL.
- If a valid URL is found, it sends a notification to a predefined Discord webhook.
- Ensure you have Python 3.x installed.
- Clone this repository:
git clone https://github.com/RocketGod-git/gofile-vulnerability-exploit-script
- Navigate to the directory and open
main.py
in your preferred text editor.Or if Windows, use your favorite text editor to edit main.py.cd gofile-vulnerability-exploit-script nano main.py
- Locate the
DISCORD_WEBHOOK_URL
constant and replace"YOUR-DISCORD-WEBHOOK-GOES-HERE"
with your own Discord webhook URL.DISCORD_WEBHOOK_URL = "YOUR-DISCORD-WEBHOOK-GOES-HERE"
- Save and close the file.
- Install the required libraries:
pip install requests
Run the script using:
python main.py
Please note:
- You might face rate-limiting issues; consider adjusting the sleep time accordingly. Default sleep is off.
- Make sure to not misuse the script. Only scan or check URLs you have permission to.
Contributions, issues, and feature requests are welcome! Feel free to check issues page. Pull requests are always appreciated.
- Fork the project.
- Create your feature branch (
git checkout -b feature/AmazingFeature
). - Commit your changes (
git commit -m 'Add some AmazingFeature'
). - Push to the branch (
git push origin feature/AmazingFeature
). - Open a pull request.
Distributed under the GPL-3.0 License. See LICENSE
for more information.